Internal source code and documentation from Target Corporation exposed by a threat actor on the public software development platform Gitea were confirmed to be legitimate by current and former employees of the major U.S. retail firm, Bleeping Computer reports.
The enterprise data perimeter has collapsed. Sensitive data now flows continuously across cloud platforms, SaaS applications, employee endpoints, and generative AI tools — creating blind spots that traditional data security and first-generation DSPM solutions were never designed to address. Static scans, cloud-only visibility, and dashboard-driven...
Discovered in December 2025, VoidLink is a modular framework featuring custom loaders, implants, and rootkits, written in the Zig programming language.
The breach, which occurred between March 19 and June 1 of last year, impacted patients and current or former employees of CMH, an integrated healthcare system serving approximately 400,000 people and managing facilities like Central Maine Medical Center.
Widely used generative AI chatbot service Character.AI and its two founders have been sued by Kentucky Attorney General Russell Coleman for violating the state's Consumer Data Protection Act, which took effect in the New Year, according to The Record, a news site by cybersecurity firm Recorded Future.
Multiple iterations of the Apache Struts 2 open-source web application framework have been impacted by the high-severity XML external entity injection vulnerability, tracked as CVE-2025-68493, which could be exploited to facilitate data exposure, as well as denial-of-service and server-side request forgery intrusions, GBHackers News reports.
More than 100,000 records with legitimate PayPal credentials in a combolist claimed to have been obtained by threat actors last month were dismissed as outdated data gathered from infostealer logs, according to Cybernews.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
