Latest Internet & Cybersecurity News
Massive Instagram data leak exposes 17.5 million user accounts worldwide
Cybersecurity firm Malwarebytes reported that data on about **17.5 million Instagram accounts** is circulating on hacker forums and the dark web, including usernames, full names, emails, phone numbers and partial physical addresses. The trove is believed to stem from a 2024 Instagram API leak whose dataset was recently reposted for free on BreachForums, significantly increasing risks of phishing, SIM‑swapping, and account‑recovery abuse for affected users.
Ransomware group Qilin claims major attack on French infrastructure firm Bouygues Energies & Services
A recent security analysis highlights that ransomware group **Qilin** has claimed responsibility for a cyberattack on French infrastructure company Bouygues Energies & Services, allegedly stealing 31,000 files totaling 80 GB. The leaked data reportedly includes sensitive information on energy, transportation and industrial systems such as SCADA interfaces and network architectures, raising concerns about potential physical disruptions and national security implications.
Illinois Department of Human Services breach exposes data of nearly 700,000 residents
The Illinois Department of Human Services (IDHS) disclosed that incorrect privacy settings led to a data breach impacting **almost 700,000 individuals**, exposing personal and health information. The misconfiguration allowed unauthorized access to records over an extended period, underscoring how simple configuration errors in public-sector systems can have large‑scale privacy consequences.
New Zealand health portal ‘Manage My Health’ cyber incident affects about 125,000 users
New Zealand digital health platform **Manage My Health** began notifying medical practices after a cyber incident that affected around **125,000 of its 1.8 million users**. While full technical details are still emerging, initial reports indicate compromised data tied to specific practices, prompting coordinated notifications and remediation with healthcare providers.
Critical ‘Ni8mare’ vulnerability in n8n automation platform allows full takeover of instances
Researchers disclosed **CVE‑2026‑21858**, dubbed **Ni8mare**, a maximum‑severity (CVSS 10.0) flaw in the n8n workflow automation platform that lets unauthenticated attackers gain full control of vulnerable instances. Exploitation could allow arbitrary code execution, data exfiltration and manipulation of connected services, driving urgent patching and hardening guidance for organizations using self‑hosted n8n.
Old D-Link DSL routers actively exploited via new remote command execution flaw
Security researchers warned that threat actors are actively exploiting **CVE‑2026‑0625**, a critical remote command execution vulnerability in legacy D‑Link DSL routers. The bug allows remote attackers to run arbitrary commands, potentially conscripting devices into botnets or using them as entry points into home and small‑office networks, particularly where routers are no longer receiving vendor updates.
Trend Micro patches critical Apex Central flaws enabling remote code execution
Trend Micro released fixes for three severe vulnerabilities in **Apex Central (on‑premises)** that could allow remote code execution or denial‑of‑service attacks. Discovered by Tenable, the flaws affect centralized security management deployments, and administrators are being urged to apply patches quickly to prevent attackers from seizing control of security infrastructure itself.
China-linked cyber activity against Taiwan’s critical infrastructure surged in 2025
Taiwan’s National Security Bureau reported that China‑linked groups sharply intensified cyberattacks on the island’s **critical infrastructure**, with energy‑sector attacks rising tenfold in 2025 and incidents spanning nine sectors. Officials say the campaigns targeted systems in transportation, energy and other vital services, reflecting escalating geopolitical tensions manifesting in cyberspace.
Surge in attacks on AI deployments as 91,000+ malicious sessions recorded
Security researchers documented a wave of attacks targeting **AI infrastructure**, logging more than **91,000 malicious sessions** between October 2025 and early 2026. The activity includes prompt injection, model theft attempts and exploitation of weakly secured AI endpoints, underscoring how rapidly deployed AI systems are becoming high‑value targets for both cybercriminals and state‑aligned actors.
Info-stealer infections leaking cloud credentials fuel global enterprise breaches
New reporting shows widespread **info‑stealer malware** infections are harvesting cloud credentials, API keys and session tokens, enabling follow‑on attacks against global companies’ cloud environments. Compromised credentials are then traded or reused to access corporate SaaS and IaaS platforms, often bypassing traditional perimeter defenses and leading to data theft or business email compromise.
Torq raises $140 million Series D to scale AI-driven SOC automation
Security operations automation vendor **Torq** announced a **$140 million Series D** funding round at a **$1.2 billion valuation**, aimed at expanding its AI‑powered SOC platform. The company plans to accelerate adoption of its agentic AI security operations across commercial and U.S. federal markets, reflecting investor confidence in AI‑driven approaches to handling growing alert volumes and complex threats.
CISA retires ten historic emergency directives after federal security improvements
The U.S. Cybersecurity and Infrastructure Security Agency (**CISA**) said it is retiring **ten emergency directives** issued between 2019 and 2024, citing key milestone improvements in federal cybersecurity posture. The move signals that mitigations for earlier critical vulnerabilities—such as those impacting widely used enterprise and government systems—are now sufficiently institutionalized across federal agencies.