Security Alerts

ShinyHunters is actively exploiting a zero-day in Oracle PeopleSoft servers worldwide. An emergency patch has been issued for CVE-2026-35273. If your organisation uses PeopleSoft PeopleTools 8.61 or 8.62, act immediately.

AI has compressed the average time-to-exploit from 700 days to 44. Published CVEs hit 48,244 in 2025. Prompt injection rose 540%. Here's what the AI-driven shift in vulnerability management means for your organisation.

Nigerian hacktivist group Nullsec Nigeria claimed to compromise SARS, SITA, and ProWellness as part of OpSouthAfrica. BreachWatcher analysed the leaked data — here's what it means for you.

ShinyHunters has claimed ~48 victims since January 2026, exposing tens of millions of records through credential stuffing, OAuth token hijacking, and vishing attacks against cloud infrastructure.

Customer data from Booking.com has been compromised, leading to a surge in targeted phishing campaigns impersonating the platform. Be wary of any unexpected communications about bookings.

Our annual forecast highlights the most likely breach vectors for 2026: credential stuffing, AI-assisted phishing, and supply chain attacks continue to top the risk register.

Fraudulent mobile apps circulating with urgent push notifications designed to panic users into granting excessive permissions — enabling silent data theft.

A novel technique tricks users into copy-pasting malicious commands into their own terminal by disguising them as browser troubleshooting steps. No exploit needed.

Instagram users are receiving unsolicited password reset emails linked to old user data resurfacing on breach forums. Enable 2FA immediately and review authorised devices.