Main Menu
Cyber Security
Sotheby’s Confirms Data Breach Exposing Financial Information
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Discord Breach Exposes 70,000 ID Photos and Raises Questions about Third-Party Age Verification
SimonMed Confirms Data Breach Exposed 1.2 Million Patients in January
Fake “Inflation Refund” Texts Target New Yorkers in Sophisticated Phishing Scam
Zero-Day in Gladinet CentreStack and Triofox Actively Exploited
Spain Dismantles “GXC Team” Crime-as-a-Service Network and Arrests 25-Year-Old Leader
LockBit, Qilin, DragonForce Form Ransomware Cartel to Coordinate Attacks
Hackers Claim Massive Salesforce Breach Allegedly Exposing 1 Billion Records from Global Customers
Quebec HopHop App Leak Exposes Children’s Data Across Hundreds of Schools and Daycares
Threat Actors Abuse Velociraptor DFIR Tool to Deploy Ransomware and Evade Detection
SonicWall Confirms Theft of All Firewall Cloud Backups, Urges Immediate Action
FBI Seizes BreachForums Infrastructure Used in Salesforce Extortion Scheme
ClayRat Spyware Tricks Android Users by Masquerading as WhatsApp, TikTok and YouTube
Microsoft Warns of “Payroll Pirate” Attacks Diverting University Salaries
Discord Confirms Potential Age-Verification Vendor Breach Impacting About 70,000 Users
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Cybersecurity
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Andrew Doyle October 16, 2025
MANGO says a marketing vendor compromise exposed customer first names, countries, postal codes, email and phone data. Core accounts, financials, and credentials were not impacted.
NPM Supply Chain Attack 175 Malicious Packages Target Industrial Firms
Application Security
NPM Supply Chain Attack: 175 Malicious Packages Target Industrial Firms
Gabby Lee October 16, 2025
A wave of coordinated supply chain attacks is targeting the NPM ecosystem, with over 400 malicious packages used to deploy malware, steal credentials, and compromise ...
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
Cybersecurity
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
Mitchell Langley October 16, 2025
F5 disclosed a breach in which threat actors exfiltrated portions of BIG-IP source code and undisclosed vulnerability information. CISA ordered federal agencies to patch and ...
Sotheby’s Confirms Data Breach Exposing Financial Information
Cybersecurity
Sotheby’s Confirms Data Breach Exposing Financial Information
Andrew Doyle October 16, 2025
Sotheby’s confirmed a cyber intrusion in July 2025 that exposed names, Social Security numbers and financial account details. It is offering identity monitoring and investigating.
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Cybersecurity
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Syed Arslan October 16, 2025
Phishing emails impersonating LastPass and Bitwarden lure users to install malicious binaries. The payload deploys Syncro and ScreenConnect for remote PC control, code execution and ...
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
News
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
Gabby Lee October 16, 2025
A 20-year-old college student has been sentenced to four years in prison for hacking PowerSchool and stealing data from more than 70 million students and ...
ICTBroadcast Servers Under Threat Cookie Vulnerability Enables Remote Code Execution
Application Security
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
Andrew Doyle October 16, 2025
A critical vulnerability in ICTBroadcast (CVE-2025-2611) enables unauthenticated remote code execution through malicious session cookies. With public exploits and Metasploit modules available, attackers are actively ...
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Application Security
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Mitchell Langley October 16, 2025
A critical CVSS 10.0 vulnerability in SAP NetWeaver AS Java (CVE-2025-42944) allows unauthenticated attackers to remotely execute OS commands through insecure deserialization in the RMI-P4 ...
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Network Security
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Gabby Lee October 16, 2025
A critical use-after-free vulnerability in Redis (CVE-2025-49844) enables remote code execution via Lua scripting. Affecting all versions up to 8.2.1, the flaw is already being ...
Industrial Control at Risk Red Lion RTU Vulnerabilities Score 10.0 CVSS
Application Security
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Andrew Doyle October 16, 2025
Researchers uncovered two critical Red Lion Sixnet RTU vulnerabilities that allow attackers to bypass authentication and execute root-level commands remotely. Widely used in energy, water, ...
Salesforce Hacks Extortion Group Leaks Millions of Sensitive Records
Information Security
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
Mitchell Langley October 16, 2025
A unified extortion group known as Scattered Lapsus$ Hunters exploited OAuth token leaks from Salesloft integrations to infiltrate Salesforce-connected systems. At least 44 major companies ...
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Data Security
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Gabby Lee October 16, 2025
Capita has been fined £14 million by the UK ICO for failing to prevent a 2023 cyberattack that exposed data from over 6.6 million people. ...
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Cybersecurity
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Andrew Doyle October 15, 2025
U.S. authorities seized $15 billion in bitcoin linked to a major “pig butchering” scam run by Chen Zhi and Prince Holding Group, combining fraud and ...
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Cybersecurity
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Gabby Lee October 15, 2025
Pixnapping is a new Android attack that steals 2FA codes and on-screen data by reading pixel rendering side-channels—no permissions needed, and effective in under 30 ...
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Cybersecurity
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Andrew Doyle October 15, 2025
Vietnam Airlines says a third-party customer-service platform was breached, possibly exposing customer contact data; payments, passwords and passports were not affected, investigation and notifications are ...
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
Cybersecurity
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
Mitchell Langley October 15, 2025
Oracle quietly patched a zero-day exploit leaked by ShinyHunters, enabling remote command execution in enterprise applications. Customers are urged to deploy updates immediately and audit ...
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Cybersecurity
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Andrew Doyle October 15, 2025
Ransom group CoinbaseCartel claims to have stolen SK Telecom source code, build files and cloud keys via a repository compromise and threatens public disclosure this ...
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
Cybersecurity
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
Mitchell Langley October 14, 2025
UK investigators probe Russian involvement after a September cyberattack at Jaguar Land Rover disabled 800 systems and halted production; government underwrites a £1.5bn loan guarantee.
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
Cybersecurity
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
Andrew Doyle October 14, 2025
An internal AI upload exposed the personal and health data of 2,031 Northern Rivers Resilient Homes participants. The NSW Reconstruction Authority opened investigations and issued ...
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Cybersecurity
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Andrew Doyle October 14, 2025
Hackers have leaked data of nearly six million Qantas customers on the dark web after a Salesforce-linked breach, exposing names, contact details, and frequent flyer ...
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Cybersecurity
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Andrew Doyle October 16, 2025
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Data Security
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Gabby Lee October 16, 2025
Clarins Listed by Everest Ransomware Gang on Dark Web Post
Cybersecurity
Clarins Listed by Everest Ransomware Gang on Dark Web Post
Mitchell Langley September 23, 2025
Maryland’s Paratransit Ransomware Strike Cyberattack Disrupts Disabled Transit Services
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley September 2, 2025

TOP CYBERSECURITY HEADLINES

Sotheby’s Confirms Data Breach Exposing Financial Information
Cybersecurity
Sotheby’s Confirms Data Breach Exposing Financial Information
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Cybersecurity
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
News
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
ICTBroadcast Servers Under Threat Cookie Vulnerability Enables Remote Code Execution
Application Security
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution

This Week’s Security Spotlight

PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
News
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
Gabby Lee October 16, 2025
Industrial Control at Risk Red Lion RTU Vulnerabilities Score 10.0 CVSS
Application Security
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Andrew Doyle October 16, 2025
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
Cybersecurity
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
Gabby Lee October 5, 2025
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
Cybersecurity
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
Mitchell Langley September 30, 2025
More In News
Trending
UpCrypter Phishing Campaign Exploits Fake Emails to Deliver RAT Payloads
Deepfake Vishing Incidents Surge by 170% in Q2 2025
ClickFix Phishing Campaign Targets Booking.com Using Infostealers and RATs
Darcula PhaaS 3.0 Auto-Generates Phishing Kits for Any Brand

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
The “Shotgun” Botnet: How RondoDox Hijacks Routers, Cameras, and Servers Worldwide
October 13, 2025
Podcasts
“Inflation Refund” Scam: How Fraudsters Are Stealing Identities Through Texts
October 13, 2025
Podcasts
Juniper Networks Patches 220 Vulnerabilities in Massive October Security Update
October 13, 2025

Cyber Security News

Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Cybersecurity
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
October 16, 2025
NPM Supply Chain Attack 175 Malicious Packages Target Industrial Firms
Application Security
NPM Supply Chain Attack: 175 Malicious Packages Target Industrial Firms
October 16, 2025
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
Cybersecurity
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
October 16, 2025
Sotheby’s Confirms Data Breach Exposing Financial Information
Cybersecurity
Sotheby’s Confirms Data Breach Exposing Financial Information
October 16, 2025
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Cybersecurity
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
October 16, 2025
ICTBroadcast Servers Under Threat Cookie Vulnerability Enables Remote Code Execution
Application Security
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
October 16, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Detection Tools
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
October 16, 2025
F5 disclosed a breach in which threat actors exfiltrated portions of BIG-IP source code and undisclosed vulnerability information. CISA ordered federal agencies to patch and ...
Sotheby’s Confirms Data Breach Exposing Financial Information
October 16, 2025
Sotheby’s confirmed a cyber intrusion in July 2025 that exposed names, Social Security numbers and financial account details. It is offering identity monitoring and investigating.
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
October 16, 2025
Phishing emails impersonating LastPass and Bitwarden lure users to install malicious binaries. The payload deploys Syncro and ScreenConnect for remote PC control, code execution and ...
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
October 16, 2025
A 20-year-old college student has been sentenced to four years in prison for hacking PowerSchool and stealing data from more than 70 million students and ...
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
October 16, 2025
A critical vulnerability in ICTBroadcast (CVE-2025-2611) enables unauthenticated remote code execution through malicious session cookies. With public exploits and Metasploit modules available, attackers are actively ...
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
October 16, 2025
A critical CVSS 10.0 vulnerability in SAP NetWeaver AS Java (CVE-2025-42944) allows unauthenticated attackers to remotely execute OS commands through insecure deserialization in the RMI-P4 ...
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
October 16, 2025
A critical use-after-free vulnerability in Redis (CVE-2025-49844) enables remote code execution via Lua scripting. Affecting all versions up to 8.2.1, the flaw is already being ...
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
October 16, 2025
Researchers uncovered two critical Red Lion Sixnet RTU vulnerabilities that allow attackers to bypass authentication and execute root-level commands remotely. Widely used in energy, water, ...
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
October 16, 2025
A unified extortion group known as Scattered Lapsus$ Hunters exploited OAuth token leaks from Salesloft integrations to infiltrate Salesforce-connected systems. At least 44 major companies ...
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
October 16, 2025
Capita has been fined £14 million by the UK ICO for failing to prevent a 2023 cyberattack that exposed data from over 6.6 million people. ...
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
October 15, 2025
U.S. authorities seized $15 billion in bitcoin linked to a major “pig butchering” scam run by Chen Zhi and Prince Holding Group, combining fraud and ...
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
October 15, 2025
Pixnapping is a new Android attack that steals 2FA codes and on-screen data by reading pixel rendering side-channels—no permissions needed, and effective in under 30 ...
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
October 15, 2025
Vietnam Airlines says a third-party customer-service platform was breached, possibly exposing customer contact data; payments, passwords and passports were not affected, investigation and notifications are ...
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
October 15, 2025
Oracle quietly patched a zero-day exploit leaked by ShinyHunters, enabling remote command execution in enterprise applications. Customers are urged to deploy updates immediately and audit ...
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
October 15, 2025
Ransom group CoinbaseCartel claims to have stolen SK Telecom source code, build files and cloud keys via a repository compromise and threatens public disclosure this ...
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
October 14, 2025
UK investigators probe Russian involvement after a September cyberattack at Jaguar Land Rover disabled 800 systems and halted production; government underwrites a £1.5bn loan guarantee.
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
October 14, 2025
An internal AI upload exposed the personal and health data of 2,031 Northern Rivers Resilient Homes participants. The NSW Reconstruction Authority opened investigations and issued ...
Qantas Customer Data Leaked on Dark Web After July Cyberattack
October 14, 2025
Hackers have leaked data of nearly six million Qantas customers on the dark web after a Salesforce-linked breach, exposing names, contact details, and frequent flyer ...
Discord Breach Exposes 70,000 ID Photos and Raises Questions about Third-Party Age Verification
October 14, 2025
Discord has confirmed that government-issued identification photos belonging to roughly 70,000 users may have been exposed in a third-party breach that impacted a vendor used ...
SimonMed Confirms Data Breach Exposed 1.2 Million Patients in January
October 14, 2025
SimonMed Imaging says a January 2025 breach exposed data for 1.2 million patients. Medusa claimed theft of 212 GB including scanned IDs, medical records, and ...
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
Sotheby’s Confirms Data Breach Exposing Financial Information
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Discord Breach Exposes 70,000 ID Photos and Raises Questions about Third-Party Age Verification
SimonMed Confirms Data Breach Exposed 1.2 Million Patients in January