Audio streaming platform SoundCloud has confirmed a significant security breach affecting an estimated 20 percent of its global user base. The company disclosed that hackers gained access to limited account information, including email addresses, through an internal service dashboard. The announcement comes after weeks of service disruptions that left many users unable to connect, particularly those relying on VPNs in restricted regions.

Commonwealth Bank of Australia (CommBank) today announced a national technology skills initiative to help Australia’s small businesses build AI, cybersecurity and digital capabilities to lift productivity and drive growth.

A nationwide cyberattack has compromised the OnSolve CodeRED emergency notification system, prompting cities and counties across the United States to warn residents and advise password changes. CodeRED, widely used by local governments, delivers urgent alerts during severe weather, evacuations, missing persons, and other emergencies.

Microsoft closed out 2025 by releasing patches for 56 security vulnerabilities across its Windows platform, including one flaw already being exploited in the wild. Of the total, three were rated Critical and 53 Important, with two publicly known at the time of disclosure.

A serious security vulnerability has recently been uncovered in the underlying technology powering most of the world’s web browsers, placing over four billion devices at risk of a data leak. The flaw was discovered by autonomous security specialist AISLE, which rated the issue as Medium severity (4.3). Despite its rating, the scale of exposure was enormous, as it affected all major browsers built on the Chromium code base—including Google Chrome, Microsoft Edge, Brave, and Opera.

A new Android malware family called Albiriox is being sold under a malware-as-a-service model, offering extensive capabilities for on-device fraud, real-time device control, and screen manipulation. It targets more than 400 financial and cryptocurrency apps and spreads through dropper apps delivered via social engineering and obfuscation techniques.

Financial services firms are being urged to urgently review their IT systems and processes after new independent guidance on managing customer vulnerability was formally adopted by the Financial Ombudsman Service (FOS).

Federal cybersecurity officials have issued a warning about a stealthy backdoor known as Brickstorm, which Chinese state-sponsored hackers are deploying across critical infrastructure environments in the United States and Canada.

OpenAI has disclosed a data breach stemming from Mixpanel, a third-party analytics provider used to track API dashboard activity. The incident did not involve unauthorized access to OpenAI’s own systems; instead, an attacker compromised Mixpanel and exported metadata linked to API users. No passwords, API keys, chat data, or payment information were exposed.

Cybersecurity experts have uncovered four new phishing kits—BlackForce, GhostFrame, InboxPrime AI, and Spiderman—capable of large-scale credential theft and bypassing security defenses.

A severe security flaw in the King Addons for Elementor WordPress plugin has come under active exploitation, putting thousands of websites at risk.

Microsoft Teams has become a staple of corporate communication, prompting companies to invest heavily in tools like Microsoft Defender for Office 365 to protect against phishing, malware, and malicious links.