Chargebacks only capture a narrow slice of fraud losses, hiding bigger issues that affect revenue, customer experience, and long-term profitability.
OpenAI confirmed its macOS app-signing workflow executed a malicious version of the Axios JavaScript library, published by North Korean-linked threat group UNC1069 after compromising a lead maintainer's NPM account.
European gym chain Basic-Fit confirmed that unknown hackers breached its systems and downloaded personal data belonging to approximately 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain, and Germany.
A joint law enforcement operation involving the United States, United Kingdom, and Canada has identified over $45 million in stolen cryptocurrency and successfully frozen roughly $12 million, which will be returned to victims.
The popular CPUID hardware utility website was breached and manipulated to serve malicious versions of CPU-Z, HWMonitor, and PerfMonitor, deploying a newly identified RAT capable of stealing credentials and cryptocurrency wallets.
A fraudulent website impersonating Anthropic's Claude AI platform was found distributing PlugX, a remote access trojan with deep ties to espionage operations, through a cleverly staged installer chain.
Google has made Gmail end-to-end encryption available on Android and iOS for enterprise users, allowing encrypted messages to be composed and read natively in the mobile app. The feature is powered by client-side encryption and is available now for eligible Google Workspace plans.
A critical pre-authentication remote code execution vulnerability in the Marimo Python notebook platform was actively exploited within 10 hours of public disclosure, with attackers targeting cloud credentials and SSH keys.
Adobe has released out-of-band patches for a critical zero-day vulnerability in Acrobat and Reader, tracked as CVE-2026-34621 with a CVSS score of 9.6, which attackers have been exploiting since at least November 2025.
A multinational law enforcement operation led by the UK's National Crime Agency has identified over 20,000 cryptocurrency fraud victims in Canada, the UK, and the United States, freezing more than $12 million in suspected criminal proceeds.