Latest news as of 4/4/2026, 7:35:48 PM
Bleeping Computer
Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...]
Bleeping Computer
A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]
Have I Been Pwned
In March 2026, the anime streaming service . The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. Crunchyroll suffered a data breach alleged to have impacted 6.8M users A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.
Have I Been Pwned
In April 2026, the music trivia platform . The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars. SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum
The Register
Ex-CISA official tells The Reg: 'this would weaken the system for managing cyber risk' The US Cybersecurity and Infrastructure Security Agency's budget will see yet another deep cut if Congress approves President Trump's proposal to slash CISA's spending by $707 million in fiscal year 2027.…
Dark Reading
Data privacy labels are a great idea for mobile apps, but the current versions just aren't good enough.
Bleeping Computer
A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]
Dark Reading
Even organizations with users unwilling or unable to adopt iOS 26 can now protect themselves from a severe, OSS mobile cracking tool.
The Hacker News
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda. "This TA416 activity included multiple
Bleeping Computer
Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. [...]