Microsoft Office vulnerability (CVE-2026-21509) in active exploitation

Cybersecurity researchers have disclosed two security flaws in Wondershare RepairIt that exposed private user data and potentially exposed the system to artificial intelligence (AI) model tampering and supply chain risks. The critical-rated vulnerabilities in question, discovered by Trend Micro, are listed below – CVE-2025-10643 (CVSS score: 9.1) – An authentication bypass vulnerability that

Scott Pettigrew reports: The Ontario information and privacy commissioner has released a report following a massive privacy breach through technology used by many schools in the province. The PowerSchool incident, which affected millions of Canadians across the country, saw personal information stolen in December of 2024. The company admitted to paying a ransom to recover……

If this were a poll, DataBreaches would vote “yes.” DataBreaches has never really understood why breach notification letters do not have to reveal the name of a business associate or vendor if the breach occurred on their system. Why shouldn’t business associates or vendors risk the same reputation impact that their clients do? Doesn’t failure……

Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why?  It’s not because security teams can’t see enough. Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that. Investigate this. It’s a tsunami of red dots that not…

Brian Krebs reports: Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a communications specialist who was recently stationed in South Korea….

How to make the most of the new features in Sophos Firewall v21.5