Hundreds of thousands of Americans are now at risk of identity theft and fraud after a major data breach at a human resources firm.

In a new filing with the Office of the Maine Attorney General, Maryland-based Kelly Benefits says it has discovered a significant cybersecurity incident impacting 413,032 people.

The company says an internal investigation revealed that an unknown entity gained unauthorized access to its database and stole sensitive customer information, including names, dates of birth, Social Security numbers, tax ID numbers, medical and health insurance records and financial account datasets.

China-based hackers exploited SAP flaw CVE-2025–31324 since April 29, impacting global industries via web shells.

FreeDrain exploited SEO and free hosting to run 38,000+ phishing pages stealing crypto wallets since 2022.

Europol dismantled six DDoS-for-hire services, arrested four, seized nine domains—disrupting attacks since 2022.

Since the start of the year, the Russian state-backed ColdRiver hacking group has been using new LostKeys malware to steal files in espionage attacks targeting Western governments, journalists, think tanks, and non-governmental organizations.

In December, the United Kingdom and Five Eyes allies linked ColdRiver to Russia’s Federal Security Service (FSB), the country’s counterintelligence and internal security service.

Google Threat Intelligence Group (GTIG) first observed LostKeys being “deployed in highly selective cases” in January as part of ClickFix social engineering attacks, where the threat actors trick targets into running malicious PowerShell scripts.

Two critical CVEs exploited in GeoVision IoT and Samsung MagicINFO allow Mirai botnet deployment via RCE.

Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes).

The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox.

The attacks have been observed to lure victims with bogus platforms, including cryptocurrency exchanges, which are then advertised on social media platforms. An important aspect of these scams is the use of web forms to collect user data.

The work was funded by the NIHR Research Professorship, Meira GTx and Moorfields Eye Charity.

The 4 children were born with a severe impairment to their sight due to a rare genetic deficiency that affects the ‘AIPL1’ gene. The defect causes the retinal cells to malfunction and die. Children affected are only able to distinguish between light and darkness. They are legally certified as blind from birth.

The new treatment is designed to enable the retinal cells to work better and to survive longer. The procedure, developed by UCL scientists, consists of injecting healthy copies of the gene into the retina through keyhole surgery. These copies are contained inside a harmless virus, so they can penetrate the retinal cells and replace the defective gene.

The condition is very rare, and the first children identified were from overseas. To mitigate any potential safety issues, the first 4 children received this novel therapy in only one eye.

The eye gene therapy was delivered via keyhole surgery at Great Ormond Street Hospital. The children were assessed in the NIHR Moorfields Clinical Research Facility, and the NIHR Moorfields Biomedical Research Centre provided infrastructure support for the research.

Complete the security check before continuing. This step verifies that you are not a bot, which helps to protect your account and prevent spam.

Stealth malware MintsLoader delivers GhostWeaver RAT + Evades sandboxes using DGA + Powers data theft via encrypted C2

Microsoft now defaults new accounts to passkeys instead of passwords + Safer logins + Reduced phishing risk.