In April 2026, the fashion brand Zara was among a number of organisations targeted by the ShinyHunters extortion group as part of their “pay or leak” campaign. The group claimed the breach was related to a compromise of the Anodot analytics platform and subsequently published a terabyte of data allegedly including 95M support ticket records. The data contained 197k unique email addresses alongside product SKUs, order IDs and the market the support ticket originated in. Zara’s parent company Inditex advised that the incident didn’t affect passwords or payment information. – Read more
Latest article
CVE-2026-41526
Information published. - Read more
TCLBANKER Malware Targets Users Through Self-Propagating WhatsApp and Outlook Worm Modules
A highly sophisticated Brazilian banking trojan named TCLBANKER, tracked under the campaign REF3076, this malware represents a major update to the older Maverick and...
ShinyHunters Extorts Universities in New Instructure Canvas Hack
ShinyHunters-linked attackers defaced Canvas portals, disrupting finals week access and exposing SaaS security risks for schools.
The post ShinyHunters Extorts Universities in New Instructure Canvas...
Five new holes, one exploited, found in Ivanti Endpoint Manager Mobile
The five new vulnerabilities discovered in Ivanti’s on-premises mobile endpoint management solution are a “classic example of the legacy trap”...
