Main Menu
Cyber Security
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Triple Extortion Ransomware: How It Works and How to Stop It
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
OpenClaw AI Agent Hijacked via Malicious vCard Injection
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
Blog
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Mitchell Langley June 15, 2026
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Application Security
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Andrew Doyle June 15, 2026
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot source code.
Cybersecurity
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Andrew Doyle June 15, 2026
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police Department in Texas.
Cybersecurity
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Andrew Doyle June 15, 2026
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Application Security
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
Mitchell Langley June 15, 2026
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
Application Security
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Gabby Lee June 15, 2026
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Cybersecurity
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
Andrew Doyle June 15, 2026
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.
Application Security
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
Andrew Doyle June 15, 2026
MalExt Sentry found 23 Chrome extensions routing 758,000 users' search queries through attacker relay servers to generate unauthorized advertising revenue.
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
Cybersecurity
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
Gabby Lee June 15, 2026
TheGentlemen ransomware posted 20 new victims across 14 countries, including Croatia's Health Ministry and Denmark's National Museum, using double extortion.
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Two Chrome ad blocker extensions captured conversations from 90,000 users across ChatGPT, Claude, Gemini, and five other AI platforms, researchers found.
Blog
Triple Extortion Ransomware: How It Works and How to Stop It
Andrew Doyle June 12, 2026
Triple extortion ransomware attacks combine encryption, data theft, and DDoS pressure to coerce payment from multiple angles. This guide explains the full attack lifecycle, real-world ...
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Gabby Lee June 12, 2026
Google's Chrome 149 security update patches 28 vulnerabilities, roughly 12 use-after-free bugs, a memory corruption class tied to drive-by code execution.
Application Security
OpenClaw AI Agent Hijacked via Malicious vCard Injection
Mitchell Langley June 12, 2026
Researchers showed OpenClaw AI agents can be hijacked through vCards with embedded instructions, enabling attacker code execution and sensitive data leakage.
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
Mitchell Langley June 12, 2026
Kyushu Electric Power lost a physical storage device containing personal records on 10.9 million customers, exceeding its active customer base of 8 million.
Cybersecurity
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Mitchell Langley June 12, 2026
Anthropic disputed a researcher jailbreak claim against Claude Fable 5, arguing the technique does not constitute a bypass of the model's safety classifiers.
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Mitchell Langley June 12, 2026
Six Proto6 vulnerabilities in protobuf.js enable remote code execution and denial-of-service against Node.js apps via malicious schemas or crafted payloads.
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Gabby Lee June 12, 2026
npm v12 will disable install scripts by default, requiring an explicit allowlist and closing the primary vector used by Miasma and Shai-Hulud attackers.
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Anthropic released Claude Mythos 5 with safety guardrails intentionally removed to vetted security researchers alongside the public Claude Fable 5 launch.
Cybersecurity
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Andrew Doyle June 12, 2026
Novo Nordisk disclosed a breach of clinical trials patient data, triggering GDPR, GCP, and clinical research regulatory obligations across global operations.
Cybersecurity
Europol Dismantles AudiA6 Crypto Laundering Service
Gabby Lee June 12, 2026
Europol dismantled AudiA6, a cryptocurrency laundering service that processed over $380 million in ransomware extortion proceeds for criminal networks.
Application Security
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Andrew Doyle June 15, 2026
Application Security
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Andrew Doyle June 15, 2026
Cybersecurity
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Andrew Doyle June 15, 2026
Cybersecurity
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Andrew Doyle June 15, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
Application Security
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Cybersecurity
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
Application Security
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches

This Week’s Security Spotlight

Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Andrew Doyle June 10, 2026
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Gabby Lee June 10, 2026
More In News
Trending
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
October 28, 2025
Podcasts
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
October 28, 2025
Podcasts
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
October 28, 2025

Cyber Security News

Blog
What Is Scareware? How Fake Security Warnings Lead to Real Malware
June 15, 2026
Application Security
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
June 15, 2026
Cybersecurity
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
June 15, 2026
Cybersecurity
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
June 15, 2026
Application Security
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
June 15, 2026
Application Security
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
June 15, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
June 15, 2026
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
June 15, 2026
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
June 15, 2026
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
June 15, 2026
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
June 15, 2026
MalExt Sentry found 23 Chrome extensions routing 758,000 users' search queries through attacker relay servers to generate unauthorized advertising revenue.
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
June 15, 2026
TheGentlemen ransomware posted 20 new victims across 14 countries, including Croatia's Health Ministry and Denmark's National Museum, using double extortion.
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
June 15, 2026
Two Chrome ad blocker extensions captured conversations from 90,000 users across ChatGPT, Claude, Gemini, and five other AI platforms, researchers found.
Triple Extortion Ransomware: How It Works and How to Stop It
June 12, 2026
Triple extortion ransomware attacks combine encryption, data theft, and DDoS pressure to coerce payment from multiple angles. This guide explains the full attack lifecycle, real-world ...
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
June 12, 2026
Google's Chrome 149 security update patches 28 vulnerabilities, roughly 12 use-after-free bugs, a memory corruption class tied to drive-by code execution.
OpenClaw AI Agent Hijacked via Malicious vCard Injection
June 12, 2026
Researchers showed OpenClaw AI agents can be hijacked through vCards with embedded instructions, enabling attacker code execution and sensitive data leakage.
Kyushu Electric Loses Drive With Data on 10.9M Customers
June 12, 2026
Kyushu Electric Power lost a physical storage device containing personal records on 10.9 million customers, exceeding its active customer base of 8 million.
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
June 12, 2026
Anthropic disputed a researcher jailbreak claim against Claude Fable 5, arguing the technique does not constitute a bypass of the model's safety classifiers.
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
June 12, 2026
Six Proto6 vulnerabilities in protobuf.js enable remote code execution and denial-of-service against Node.js apps via malicious schemas or crafted payloads.
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
June 12, 2026
npm v12 will disable install scripts by default, requiring an explicit allowlist and closing the primary vector used by Miasma and Shai-Hulud attackers.
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
June 12, 2026
Anthropic released Claude Mythos 5 with safety guardrails intentionally removed to vetted security researchers alongside the public Claude Fable 5 launch.
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
June 12, 2026
Novo Nordisk disclosed a breach of clinical trials patient data, triggering GDPR, GCP, and clinical research regulatory obligations across global operations.
Europol Dismantles AudiA6 Crypto Laundering Service
June 12, 2026
Europol dismantled AudiA6, a cryptocurrency laundering service that processed over $380 million in ransomware extortion proceeds for criminal networks.
Three LangGraph Flaws Chain to Remote Code Execution
June 12, 2026
Three patched LangGraph vulnerabilities chain from SQL injection to remote code execution on self-hosted AI agent framework deployments, researchers disclosed.
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
June 12, 2026
OnyxC2, a new MaaS information stealer priced at $250 per month, targets 200-plus applications using DLL sideloading and encryption to evade detection.
Maine AG Portal Abused to Post Fabricated Breach Notices
June 12, 2026
Threat actors filed fraudulent breach notices through Maine's AG portal, publishing false disclosures on a government site; VRChat denied the fabricated claim.
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Triple Extortion Ransomware: How It Works and How to Stop It
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
OpenClaw AI Agent Hijacked via Malicious vCard Injection
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices