Eurostar International Ltd., the operator of the Eurostar trains that cross the English Channel, has been accused of mishandling the responsible disclosure of security flaws in its customer-facing artificial intelligence chatbot after security researchers were allegedly told their actions could be viewed as blackmail. The allegation comes from U.K. security firm Pen Test Partners LLP, ...

Insurance company Aflac Inc. has disclosed that a cyberattack that targeted the company in June resulted in the theft of records relating to 22.65 million individuals, making it one of the largest data breaches reported this year in the U.S. insurance sector. The company first detected unauthorized access to portions of its U.S. network on ...

France’s national postal service,  La Poste and its banking arm, La Banque Postale, were knocked offline on Monday in a distributed denial-of-service attack that disrupted services at the height of the Christmas season. The attack rendered La Poste’s online services, including its website, mobile applications, mail tracking and the Digiposte digital vault, unavailable across France. ...

Frontier artificial intelligence research and product startup Lemon Slice launched today and announced that it had raised $10.5 million in funding. The money will be used to scale up its real-time interactive avatar technology and drive broader commercial adoption of its application programming interface and embedded avatar products. Founded in 2024 and a graduate of ...

A new report out today from managed detection and response company Expel Inc. details a newly identified variant of the Shai Hulud malware that is demonstrating how software supply chain attacks are evolving beyond isolated package compromises into self-propagating campaigns that turn developers themselves into distribution points. Shai Hulud is a malware campaign first observed in ...

The University of Phoenix has confirmed a major data breach affecting nearly 3.5 million current and former students, employees, faculty and suppliers, which followed an exploit by the Clop ransomware group in November. Clop is a prolific cybercrime group known for large-scale data-extortion attacks that focus on exploiting “zero-day” or yet-unpatched vulnerabilities in widely used ...

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team has uncovered a spike in holiday-themed phishing activity that blends impostor Docusign credential harvesting with deceptive loan offer spam that creates a threat for both corporate and consumer targets. The Christmas Docusign-themed phishing campaign abuses the Docusign brand to entice users into ...

A new report out today from Swiss artificial intelligence-powered managed extended detection and response company Ontinue AG warns of the growing abuse of Nezha, a legitimate open-source server monitoring tool, as a stealthy post-exploration remote access trojan. Nezha, initially developed for the Chinese information technology community, has gained nearly 10,000 stars on GitHub and is actively maintained. ...

Cybersecurity and password service provider 1Password LLC today announced a new partnership with artificial intelligence code editor company Cursor Inc. to bring secure, just-in-time secrets to Cursor. The partnership has started with the deployment of a Hooks Script that gives developers a secure, just-in-time way to ensure required secrets are made available to Cursor’s AI agents via ...

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a critical remote code execution vulnerability in Cursor Inc.’s integrated development environment that exposed risks tied to trusted installation workflows and agentic AI tooling. The vulnerability, tracked as CVE-2025-64106 and rated 8.8 in severity, affected Cursor’s Model Context Protocol installation flows and ...