Chargebacks only capture a narrow slice of fraud losses, hiding bigger issues that affect revenue, customer experience, and long-term profitability.
SAP released 20 security notes on its April 2026 patch day, led by CVE-2026-27681, a critical 9.9-rated SQL injection vulnerability in Business Planning and Consolidation and Business Warehouse that enables arbitrary code execution.
A joint US report from CSA, SANS, and OWASP warns organizations will be \
Dutch gym chain Basic-Fit has disclosed a data breach affecting approximately 1 million members across six European countries, with exposed data including full names, bank account details, and dates of birth.
A new survey reveals 61% of Australian children aged 12–15 continue using social media despite a ban enacted in December, raising doubts about whether similar measures would work elsewhere.
OpenAI is revoking and rotating signing certificates for its macOS apps after a North Korean hacking group briefly infected the widely-used Axios JavaScript library, forcing all Mac users to update before May 8.
The ShinyHunters extortion gang has published over 78.6 million records allegedly stolen from Rockstar Games through compromised authentication tokens tied to a security incident at analytics firm Anodot.
A critical cryptographic validation bug in the widely deployed wolfSSL library allows improperly weak digests to be accepted during certificate verification, potentially letting attackers impersonate malicious servers. The flaw was patched in wolfSSL 5.9.1 on April 8, 2026.
Operational technology asset owners are being required to attest to post-quantum cryptographic readiness, but the frameworks, tools, and visibility needed to make those attestations meaningful simply don't exist in most OT environments.
The FBI Atlanta Field Office and Indonesian authorities have seized the W3LL phishing kit marketplace and arrested its alleged developer in the first joint US-Indonesia enforcement action targeting a phishing kit creator.