Main Menu
Cyber Security
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
Burst Statistics CVE-2026-8181 Under Mass Exploitation
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Public PoC Released for Cisco Unified CM SSRF Bug
TheGentlemen and Genesis Ransomware Hit Two US Clinics
CISA Faces $700M More Cuts as Mullin Signals Restructure
DragonForce and Nitrogen Ransomware Hit Three Continents
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
CISA to Issue Binding AI Security Directive This Week
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
Commission Proposes $11 Billion Dedicated US Cyber Force Branch
KillSec Ransomware Hits Indian Teaching Hospital and Mexican Insurer
Nova Ransomware Apologizes for CIS Rule Violation, Bans Affiliate
Trump Signs Executive Order for National Security Review of AI Models
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
Qilin Ransomware Claims Six Victims Across Five Countries in Two Days
APT73 Bashe Ransomware Claims Armenia’s Ministry of Internal Affairs
Russia’s FSB Claims Foreign Spies Installed Phone Surveillance Malware
Europol Operation KRATOS 2 Dismantles 9 Illegal Streaming Crime Groups
CVE-2026-8206 Kirki Plugin Exploited; 500,000 WordPress Sites at Risk
CVE-2026-0826 (CVSS 9.2): Unauthenticated RCE in HP Poly VoIP Phones
Sophos: AI Ransomware Toolkit Uses Claude Opus 4.5 for EDR Evasion
CISA Adds CVE-2024-21182 Oracle WebLogic to KEV; Feds Have 3 Days
CVE-2026-49975 HTTP/2 Bomb Hits nginx, Apache, Envoy, and Cloudflare
VS Code Zero-Day Exposes GitHub OAuth Tokens; No Patch Available
Google Patches Android Zero-Day CVE-2025-48595 Under Active Exploit
Red Hat npm Packages Backdoored with Miasma Credential Worm
Meta AI Chatbot Flaw Lets Attackers Hijack Instagram Accounts
CVE Vulnerability Alerts
CISA Orders Patch for Linux Container Escape CVE-2022-0492
Gabby Lee June 4, 2026
CISA added the Linux kernel CVE-2022-0492 container escape flaw to the KEV catalog, confirming active exploitation with a three-day federal patch deadline.
Application Security
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
Gabby Lee June 4, 2026
CISA added CVE-2026-45247 to its KEV catalog, confirming active exploitation of a CVSS 9.8 Magento RCE flaw that threatens 150,000 e-commerce stores worldwide.
Cybersecurity
CISA, FBI, NSA, DOE Warn of Active Attacks on Fuel Tank Monitors
Mitchell Langley June 4, 2026
CISA, FBI, NSA, and DOE warned of active attacks on internet-exposed fuel tank monitoring systems via authentication bypass and command injection techniques.
Cybersecurity
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
Gabby Lee June 4, 2026
OFAC sanctioned Nobitex and three companion Iranian crypto exchanges for facilitating IRGC transactions and converting ransomware proceeds into usable funds.
Application Security
Burst Statistics CVE-2026-8181 Under Mass Exploitation
Andrew Doyle June 4, 2026
CVE-2026-8181 in Burst Statistics for WordPress is under mass exploitation, with Wordfence blocking 7,400 daily attempts against over 200,000 affected sites.
CVE Vulnerability Alerts
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Mitchell Langley June 4, 2026
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch until end of month.
Application Security
Public PoC Released for Cisco Unified CM SSRF Bug
Andrew Doyle June 4, 2026
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
Cybersecurity
TheGentlemen and Genesis Ransomware Hit Two US Clinics
Andrew Doyle June 4, 2026
TheGentlemen ransomware claimed Michigan Surgical Center while Genesis targeted Family Medical Associates of Raleigh, exposing PHI to double-extortion pressure.
Cybersecurity
CISA Faces $700M More Cuts as Mullin Signals Restructure
Mitchell Langley June 4, 2026
DHS Secretary Mullin testified CISA will target 2,800 employees and face 700 million more in budget cuts, with a new Senate-confirmed director to be nominated.
Cybersecurity
DragonForce and Nitrogen Ransomware Hit Three Continents
Andrew Doyle June 4, 2026
DragonForce claimed Lebanon IT firm SETS Solutions and Mexican manufacturer Copamex, while Nitrogen posted U.S. real estate developer Pyramid in parallel.
Application Security
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
Gabby Lee June 4, 2026
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
Cybersecurity
CISA to Issue Binding AI Security Directive This Week
Andrew Doyle June 4, 2026
CISA will issue a binding directive from the AI executive order, mandating AI vulnerability management rules for all federal civilian executive branch agencies.
Application Security
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
Mitchell Langley June 4, 2026
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
Application Security
Fake Claude Code Installers on Google Sites Steal AI API Keys
Gabby Lee June 4, 2026
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
Application Security
Fake Chrome Web Store DMCA Notices Target Extension Developers
Gabby Lee June 4, 2026
Attackers send fake Chrome Web Store DMCA notices using real extension data to steal developer accounts and push malicious updates to millions of users.
Cybersecurity
Commission Proposes $11 Billion Dedicated US Cyber Force Branch
Gabby Lee June 3, 2026
A CSIS/FDD commission proposed a standalone US Cyber Force with 30,000 troops and an $11 billion startup cost, with Gillibrand's defense amendments pending.
Cybersecurity
KillSec Ransomware Hits Indian Teaching Hospital and Mexican Insurer
Mitchell Langley June 3, 2026
KillSec ransomware posted an Indian teaching hospital and a Mexican insurance firm as victims, exposing patient data under India's DPDPA and Mexico's CNBV.
Cybersecurity
Nova Ransomware Apologizes for CIS Rule Violation, Bans Affiliate
Mitchell Langley June 3, 2026
Nova ransomware publicly apologized and banned an affiliate for attacking Eriell Group, an Uzbekistan oilfield firm, violating the CIS safe harbor rule.
Cybersecurity
Trump Signs Executive Order for National Security Review of AI Models
Andrew Doyle June 3, 2026
Trump signed an executive order directing US national security agencies to assess top AI foundation models for offensive cyber and dual-use threat risks.
Application Security
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
Gabby Lee June 3, 2026
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft declined to patch.
CVE Vulnerability Alerts
CISA Orders Patch for Linux Container Escape CVE-2022-0492
Gabby Lee June 4, 2026
Cybersecurity
TheGentlemen and Genesis Ransomware Hit Two US Clinics
Andrew Doyle June 4, 2026
Cybersecurity
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
Gabby Lee June 4, 2026
Cybersecurity
TheGentlemen and Genesis Ransomware Hit Two US Clinics
Andrew Doyle June 4, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
Application Security
Burst Statistics CVE-2026-8181 Under Mass Exploitation
CVE Vulnerability Alerts
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Application Security
Public PoC Released for Cisco Unified CM SSRF Bug

This Week’s Security Spotlight

Cybersecurity
CISA to Issue Binding AI Security Directive This Week
Andrew Doyle June 4, 2026
Application Security
Fake Claude Code Installers on Google Sites Steal AI API Keys
Gabby Lee June 4, 2026
Application Security
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
Gabby Lee June 2, 2026
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
More In News
Trending
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
October 28, 2025
Podcasts
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
October 28, 2025
Podcasts
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
October 28, 2025

Cyber Security News

CVE Vulnerability Alerts
CISA Orders Patch for Linux Container Escape CVE-2022-0492
June 4, 2026
Application Security
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
June 4, 2026
Cybersecurity
CISA, FBI, NSA, DOE Warn of Active Attacks on Fuel Tank Monitors
June 4, 2026
Cybersecurity
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
June 4, 2026
Application Security
Burst Statistics CVE-2026-8181 Under Mass Exploitation
June 4, 2026
CVE Vulnerability Alerts
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
June 4, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
June 4, 2026
OFAC sanctioned Nobitex and three companion Iranian crypto exchanges for facilitating IRGC transactions and converting ransomware proceeds into usable funds.
Burst Statistics CVE-2026-8181 Under Mass Exploitation
June 4, 2026
CVE-2026-8181 in Burst Statistics for WordPress is under mass exploitation, with Wordfence blocking 7,400 daily attempts against over 200,000 affected sites.
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
June 4, 2026
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch until end of month.
Public PoC Released for Cisco Unified CM SSRF Bug
June 4, 2026
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
TheGentlemen and Genesis Ransomware Hit Two US Clinics
June 4, 2026
TheGentlemen ransomware claimed Michigan Surgical Center while Genesis targeted Family Medical Associates of Raleigh, exposing PHI to double-extortion pressure.
CISA Faces $700M More Cuts as Mullin Signals Restructure
June 4, 2026
DHS Secretary Mullin testified CISA will target 2,800 employees and face 700 million more in budget cuts, with a new Senate-confirmed director to be nominated.
DragonForce and Nitrogen Ransomware Hit Three Continents
June 4, 2026
DragonForce claimed Lebanon IT firm SETS Solutions and Mexican manufacturer Copamex, while Nitrogen posted U.S. real estate developer Pyramid in parallel.
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
June 4, 2026
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
CISA to Issue Binding AI Security Directive This Week
June 4, 2026
CISA will issue a binding directive from the AI executive order, mandating AI vulnerability management rules for all federal civilian executive branch agencies.
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
June 4, 2026
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
Fake Claude Code Installers on Google Sites Steal AI API Keys
June 4, 2026
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
Fake Chrome Web Store DMCA Notices Target Extension Developers
June 4, 2026
Attackers send fake Chrome Web Store DMCA notices using real extension data to steal developer accounts and push malicious updates to millions of users.
Commission Proposes $11 Billion Dedicated US Cyber Force Branch
June 3, 2026
A CSIS/FDD commission proposed a standalone US Cyber Force with 30,000 troops and an $11 billion startup cost, with Gillibrand's defense amendments pending.
KillSec Ransomware Hits Indian Teaching Hospital and Mexican Insurer
June 3, 2026
KillSec ransomware posted an Indian teaching hospital and a Mexican insurance firm as victims, exposing patient data under India's DPDPA and Mexico's CNBV.
Nova Ransomware Apologizes for CIS Rule Violation, Bans Affiliate
June 3, 2026
Nova ransomware publicly apologized and banned an affiliate for attacking Eriell Group, an Uzbekistan oilfield firm, violating the CIS safe harbor rule.
Trump Signs Executive Order for National Security Review of AI Models
June 3, 2026
Trump signed an executive order directing US national security agencies to assess top AI foundation models for offensive cyber and dual-use threat risks.
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
June 3, 2026
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft declined to patch.
Qilin Ransomware Claims Six Victims Across Five Countries in Two Days
June 3, 2026
Qilin ransomware posted six victims across five countries over two days, including Nova Medical Products and MEISA Sines at Portugal's Sines energy port.
APT73 Bashe Ransomware Claims Armenia’s Ministry of Internal Affairs
June 3, 2026
APT73 (Bashe), a LockBit-linked RaaS, posted Armenia's elections.mia.gov.am as a victim, threatening voter registration and electoral administration data.
Russia’s FSB Claims Foreign Spies Installed Phone Surveillance Malware
June 3, 2026
Russia's FSB claimed foreign spies installed surveillance malware on senior officials' smartphones, naming Cloudflare and Fastly as alleged C2 infrastructure.
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
Burst Statistics CVE-2026-8181 Under Mass Exploitation
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Public PoC Released for Cisco Unified CM SSRF Bug
TheGentlemen and Genesis Ransomware Hit Two US Clinics
CISA Faces $700M More Cuts as Mullin Signals Restructure
DragonForce and Nitrogen Ransomware Hit Three Continents
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
CISA to Issue Binding AI Security Directive This Week
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
Commission Proposes $11 Billion Dedicated US Cyber Force Branch
KillSec Ransomware Hits Indian Teaching Hospital and Mexican Insurer
Nova Ransomware Apologizes for CIS Rule Violation, Bans Affiliate
Trump Signs Executive Order for National Security Review of AI Models
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
Qilin Ransomware Claims Six Victims Across Five Countries in Two Days
APT73 Bashe Ransomware Claims Armenia’s Ministry of Internal Affairs
Russia’s FSB Claims Foreign Spies Installed Phone Surveillance Malware