Breaking news and updates from the world of technology.
The world's largest cruise line operator has begun notifying 5,995,277 customers that a social engineering attack in April compromised their names, dates of birth, email addresses, and loyalty program records. ShinyHunters claimed the breach and says it took 8.7 million records in total.
Wiz Research has documented JINX-0164, a previously unknown threat group active since mid-2025 that combines fake LinkedIn recruiter lures, custom macOS malware, and lateral movement into CI/CD infrastructure to drain cryptocurrency wallets and compromise developer environments.
Attackers published a fake npm package that silently exfiltrated every file from Claude AI's working directory to a GitHub repository they controlled. It's the latest in a wave of supply chain attacks specifically targeting AI coding tools.
A four-year-old authentication bypass in Gitea's container registry (CVE-2026-27771) allowed anyone to pull private images without credentials. The fix is in version 1.26.2 — and Forgejo is also affected.
A compromised private key in StablR's 1-of-3 minting multisignature wallet let one attacker mint millions of unbacked USDR and EURR tokens, causing both to depeg sharply. The Malta-based MiCA-regulated issuer has frozen operations and notified regulators.
The European Commission is moving toward the largest DMA penalty ever imposed, targeting Google Search's favoritism toward its own shopping, flights, and hotel results. A decision is expected before the summer recess.
A group operating on behalf of Iran's Ministry of Intelligence targeted LACMTA in March 2026, stealing and then deleting data — forcing a multi-week recovery. The fake hacktivist persona 'Ababil of Minab' was a cover for an MOIS operation, part of a broader Iranian cyber campaign against US infrastructure.
ShinyHunters targeted Charter's Salesforce instance through a vishing attack on an employee's SSO credentials in April, claiming to have extracted 40 million customer records. Charter disputes the scope but confirms the incident.
CVE-2026-48710, dubbed BadHost, allows an attacker to manipulate the HTTP Host header so that Starlette reports a different URL path than the server actually routed — silently bypassing any middleware that inspects request.url.path for access control. FastAPI, vLLM, LiteLLM, and MCP servers are all affected.
Ferrari has unveiled the Luce, its first-ever BEV: a five-seat sedan shaped by LoveFrom, with 330-mile range and an interior that may set a new standard for 2026.
Google has replaced its traditional search engine with a fully AI-powered system built on Gemini 3.5 Flash, eliminating blue links in favor of conversational answers.
Ferrari has unveiled the Luce, its first-ever BEV: a five-seat sedan shaped by LoveFrom, with 330-mile range and an interior that may set a new standard for 2026.