Aggregator

Basic-Fit, a European gym chain, disclosed that hackers breached one of its internal systems, exposing members’ personal data in several countries. The company operates more than 2,150 clubs in 12 countries under two brands, with more than 5.8 million members. “The unauthorised access was detected by our system monitoring processes and was stopped within minutes of discovery. The members whose data is involved have been informed,” the company said in a statement. An investigation by … More →

The post Basic-Fit hack compromises data of up to 1 million members appeared first on Help Net Security.

You must login to view this content

You must login to view this content

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2009-0238 Microsoft Office Remote Code Execution Vulnerability
• CVE-2026-32201 Microsoft SharePoint Server Improper Input Validation Vulnerability 

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

DataVisor has announced Vera, a suite of conversational AI agents designed to combat financial crime. Vera enables institutions to manage risk using natural language, allowing teams to issue instructions that AI agents execute across the fraud and AML lifecycle. By reducing manual workflows, the platform supports a more efficient and adaptive operating model for modern financial crime prevention. Fraudsters are weaponizing AI, scaling attacks, and exploiting vulnerabilities faster than humans can respond. DataVisor’s 2026 Fraud … More →

The post DataVisor brings conversational AI agents to fraud and AML operations appeared first on Help Net Security.

You must login to view this content

“Unauthorized third parties may have been able to access certain booking information associated with your reservation,” email alerts sent out by Booking.com over the weekend warn. The online travel agency did not say which system(s) were accessed by the unauthorized third parties nor explained the scope of the incident. They only said that they “recently noticed suspicious activity affecting a number of reservations” and that their investigation revealed that the attackers may have accessed name(s), … More →

The post Booking.com data breach: Customer reservation data exposed appeared first on Help Net Security.