Cyber Security
Cybersecurity
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
Andrew Doyle
October 2, 2025
WestJet confirmed a June cyberattack exposed passports, IDs, and travel records of 1.2 million customers. The airline is notifying victims and offering two years of ...
Cybersecurity
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
Mitchell Langley
October 2, 2025
The FTC referred a complaint alleging Sendit collected children’s personal data without parental consent and used deceptive subscription practices, prompting a DoJ referral and potential ...
Cybersecurity
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
Syed Arslan
October 2, 2025
China’s Cyberspace Administration will require operators to report major cyber incidents within 60 minutes, or 30 minutes for severe events, with penalties for concealment or ...
Cybersecurity
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
Gabby Lee
October 2, 2025
Klopatra, disguised as an IPTV/VPN app, uses Accessibility abuse and a black-screen VNC to capture credentials and remotely drain over 3,000 Android devices across Europe.
Cybersecurity
Allianz Life Confirms July Breach Exposed SSNs for Nearly 1.5 Million People
Andrew Doyle
October 2, 2025
Allianz Life confirmed a July CRM compromise exposed names, addresses, dates of birth and Social Security numbers for 1,497,036 people and offered two years of ...
Identity and Access Management
Axonius Identities Review 2025: Unified IAM, Governance & Security
Mitchell Langley
October 1, 2025
Axonius Identities delivers unified identity governance, lifecycle automation, and identity security posture for both human and non-human identities across complex enterprise environments, with actionable policy ...
Blog
11 Types of Social Engineering Attacks and How to Prevent Them
Andrew Doyle
October 1, 2025
This detailed guide explores eleven prevalent social engineering attack types, explaining their mechanisms and offering practical preventative measures for individuals and organizations. Understand the psychology ...
Application Security
Cain and Abel: The Classic Cybersecurity Tool for Password Recovery and Network Testing
Andrew Doyle
October 1, 2025
Cain and Abel is a powerful password recovery and penetration testing tool. Learn its features, uses, risks, and best practices for ethical cybersecurity operations.
Cybersecurity
UK Government Backs Jaguar Land Rover With £1.5 Billion Loan Guarantee After Cyberattack
Andrew Doyle
October 1, 2025
The UK guaranteed £1.5bn to stabilise JLR after a major cyberattack; phased restart underway as forensic work, supplier relief and insurance clarity continue.
Cybersecurity
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
Mitchell Langley
September 30, 2025
A third-party compromise exposed 430,000 Harrods customer records; names, contacts and marketing tags were leaked—customers should expect increased phishing risk and follow protective guidance.
Cybersecurity
Friends of NRA Posts Mailing List Online, Exposing Nearly 10,000 Supporter Records
Gabby Lee
September 30, 2025
A 2018 Friends of NRA mailing list containing nearly 10,000 names and addresses was indexed publicly; removal, compliance assessment, and data-handling reforms are now urgent ...
Application Security
How to Enable Kernel-mode Hardware-Enforced Stack Protection in Windows 11
Andrew Doyle
September 30, 2025
Enable Kernel-mode Hardware-enforced Stack Protection in Windows 11
Cybersecurity
Medusa Ransomware Claims Comcast Data Haul; $1.2M Extortion Demand Posted
Mitchell Langley
September 30, 2025
Medusa claims 834.4GB exfiltration from Comcast and demands $1.2M; companies should preserve evidence, hunt IOCs, validate backups, and coordinate with CISA/FBI guidance.
Cybersecurity
Spacecom Breach Claims Questioned Amid Hacktivist Group’s Bold Assertions
Gabby Lee
September 30, 2025
Hacktivist group Handala claimed a major Spacecom breach, but researchers found limited evidence. Analysts warn of social engineering risks and rising hacktivist campaigns targeting critical ...
Cybersecurity
Asahi Group Suspends Operations After Cyberattack Disrupts Japanese Headquarters
Andrew Doyle
September 30, 2025
Asahi has suspended orders, shipments and customer services in Japan after a cyberattack; investigation continues into whether systems were encrypted or sensitive data were exfiltrated.
Cybersecurity
WestJet Notifies U.S. Travelers After June Data Breach
Gabby Lee
September 30, 2025
WestJet warns some passenger and loyalty data were accessed in a June intrusion; travelers should monitor accounts, enable MFA, and watch for phishing or identity-fraud ...
Application Security
Microsoft Warns of New XCSSET macOS Malware Variant Targeting Xcode Devs
Andrew Doyle
September 30, 2025
Microsoft detects a new XCSSET variant targeting Xcode projects with clipboard hijacking, Firefox data theft, and LaunchDaemon persistence—inspect builds, patch systems, and harden CI pipelines.
Cybersecurity
Maryland Department of Transportation Confirms Data Loss in Rhysida Ransomware Attack
Mitchell Langley
September 30, 2025
Rhysida claims to have stolen MDOT employee IDs and background checks and demands 30 BTC; MDOT confirms data loss while investigators and responders work to ...
Cybersecurity
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
Gabby Lee
September 30, 2025
The Co-operative Group has disclosed over $100 million in profit losses from the April 2025 Scattered Spider cyberattack. The breach caused £206 million in lost ...
Cybersecurity
Texas Compliance Vendor Exposes 40K+ Sensitive DOT Records in S3 Leak
Andrew Doyle
September 30, 2025
Misconfigured S3 storage exposed 18,000 Social Security cards and 23,000 driver licenses tied to AJT Compliance’s DOT SHIELD, putting Texas truckers at high risk of ...
Cybersecurity
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
Andrew Doyle
October 2, 2025
Cybersecurity
Clarins Listed by Everest Ransomware Gang on Dark Web Post
Mitchell Langley
September 23, 2025
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley
September 2, 2025
TOP CYBERSECURITY HEADLINES
This Week’s Security Spotlight
Cybersecurity
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
Mitchell Langley
September 30, 2025
Cybersecurity
Congress Struggles to Renew Cyber Threat Sharing Act Amid Rising Cybersecurity Concerns
Mitchell Langley
September 25, 2025
Cybersecurity
VMScape Attack Bypasses Hypervisor Isolation on AMD and Intel CPUs
Mitchell Langley
September 23, 2025
Cybersecurity
UK Arrests Scattered Spider Teens Linked to TfL Cyberattack
Andrew Doyle
September 23, 2025
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Detection Tools
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
October 2, 2025
Klopatra, disguised as an IPTV/VPN app, uses Accessibility abuse and a black-screen VNC to capture credentials and remotely drain over 3,000 Android devices across Europe.
Allianz Life Confirms July Breach Exposed SSNs for Nearly 1.5 Million People
October 2, 2025
Allianz Life confirmed a July CRM compromise exposed names, addresses, dates of birth and Social Security numbers for 1,497,036 people and offered two years of ...
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps
October 1, 2025
The Federal Trade Commission (FTC) has filed a high-profile lawsuit against Sendit, a social media companion app popular among teenagers, and its CEO. The case ...
Broadcom Patches VMware Zero-Day: CVE-2025-41244 Exploited by China-Linked UNC5174
October 1, 2025
Broadcom has released a critical security update addressing six vulnerabilities across VMware products, including four rated high-severity. At the center of the update is CVE-2025-41244, ...
Seven Years, £5.5 Billion, 128,000 Victims – The Case of Yadi Zhang
October 1, 2025
In a historic case that has captured global attention, UK authorities have secured a conviction against Zhimin Qian (also known as Yadi Zhang), the Chinese ...
Axonius Identities Review 2025: Unified IAM, Governance & Security
October 1, 2025
Axonius Identities delivers unified identity governance, lifecycle automation, and identity security posture for both human and non-human identities across complex enterprise environments, with actionable policy ...
11 Types of Social Engineering Attacks and How to Prevent Them
October 1, 2025
This detailed guide explores eleven prevalent social engineering attack types, explaining their mechanisms and offering practical preventative measures for individuals and organizations. Understand the psychology ...
Cisco ASA/FTD Flaws Under Siege: 50,000 Devices at Risk from Active Exploits
October 1, 2025
Two newly disclosed critical vulnerabilities—CVE-2025-20333 and CVE-2025-20362—are wreaking havoc across the global cybersecurity landscape, with nearly 50,000 Cisco ASA and FTD appliances actively under threat. ...
Cain and Abel: The Classic Cybersecurity Tool for Password Recovery and Network Testing
October 1, 2025
Cain and Abel is a powerful password recovery and penetration testing tool. Learn its features, uses, risks, and best practices for ethical cybersecurity operations.
MatrixPDF: The New Phishing Toolkit That Turns Safe PDFs into Cyber Weapons
October 1, 2025
A new cybercrime toolkit called MatrixPDF is changing the phishing landscape by weaponizing one of the most trusted file formats: PDFs. Marketed on cybercrime forums ...
UK Government Backs Jaguar Land Rover With £1.5 Billion Loan Guarantee After Cyberattack
October 1, 2025
The UK guaranteed £1.5bn to stabilise JLR after a major cyberattack; phased restart underway as forensic work, supplier relief and insurance clarity continue.
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
September 30, 2025
A third-party compromise exposed 430,000 Harrods customer records; names, contacts and marketing tags were leaked—customers should expect increased phishing risk and follow protective guidance.
Friends of NRA Posts Mailing List Online, Exposing Nearly 10,000 Supporter Records
September 30, 2025
A 2018 Friends of NRA mailing list containing nearly 10,000 names and addresses was indexed publicly; removal, compliance assessment, and data-handling reforms are now urgent ...
Asahi Brewery Cyberattack Halts Domestic Operations Across Japan
September 30, 2025
Asahi Group Holdings, Ltd.—the brewer behind some of the world’s most iconic beers, including Peroni and Grolsch—has been hit by a crippling cyberattack that froze ...
Akira Ransomware Exploits SonicWall Flaw with Record-Breaking Speed
September 30, 2025
The Akira ransomware group has once again raised the stakes in cybercrime by exploiting a critical SonicWall vulnerability—CVE-2024-40766—to infiltrate corporate networks through SSL VPN accounts, ...
Ex-Hacktivist “Sabu” Backs SafeHill’s $2.6M Bet on Continuous Threat Management
September 30, 2025
A new cybersecurity startup with an infamous name attached is making headlines. SafeHill—formerly known as Tacticly—has secured $2.6 million in pre-seed funding to accelerate the ...
How to Enable Kernel-mode Hardware-Enforced Stack Protection in Windows 11
September 30, 2025
Enable Kernel-mode Hardware-enforced Stack Protection in Windows 11
Medusa Ransomware Claims Comcast Data Haul; $1.2M Extortion Demand Posted
September 30, 2025
Medusa claims 834.4GB exfiltration from Comcast and demands $1.2M; companies should preserve evidence, hunt IOCs, validate backups, and coordinate with CISA/FBI guidance.
Spacecom Breach Claims Questioned Amid Hacktivist Group’s Bold Assertions
September 30, 2025
Hacktivist group Handala claimed a major Spacecom breach, but researchers found limited evidence. Analysts warn of social engineering risks and rising hacktivist campaigns targeting critical ...
Asahi Group Suspends Operations After Cyberattack Disrupts Japanese Headquarters
September 30, 2025
Asahi has suspended orders, shipments and customer services in Japan after a cyberattack; investigation continues into whether systems were encrypted or sensitive data were exfiltrated.