Main Menu
Cyber Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Mitchell Langley November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Cybersecurity
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Gabby Lee November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Application Security
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Andrew Doyle November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Mitchell Langley November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
Data Security
Italian Railway Data Breach Traced to Third-Party IT Compromise
Andrew Doyle November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
News
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Mitchell Langley November 21, 2025
APT24, a China-linked threat group, used a custom malware called BadAudio in a three-year surveillance operation, now evolving with advanced techniques.
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
News
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
Gabby Lee November 21, 2025
Thai authorities, helped by a tip from the FBI, have arrested a Russian hacking suspect in Phuket, linking the individual to major cyber breaches.
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
Application Security
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
Mitchell Langley November 21, 2025
The new Android malware dubbed Sturnus bypasses strong encryption in secure messaging apps by recording on-screen content and enabling full device control.
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Application Security
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Andrew Doyle November 21, 2025
A vulnerability in WhatsApp's contact discovery protocol exposed the risk of mass account enumeration, allowing attackers to confirm up to 3.5 billion accounts.
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Cybersecurity
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Gabby Lee November 21, 2025
The U.S. Securities and Exchange Commission has ended its litigation against SolarWinds and its CISO, closing a controversial chapter stemming from the 2020 SUNBURST attack.
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Cybersecurity
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Andrew Doyle November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat Palo Alto Networks CEO Predicts Security Overhaul by 2029
Cybersecurity
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Mitchell Langley November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
News
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
Andrew Doyle November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Cybersecurity
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Mitchell Langley November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
News
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
Gabby Lee November 21, 2025
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
News
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
Andrew Doyle November 21, 2025
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Application Security
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Mitchell Langley November 21, 2025
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
News
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Andrew Doyle November 21, 2025
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Cybersecurity
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Gabby Lee November 21, 2025
Cybersecurity startup Mate has emerged from stealth with a $15.5M seed round to accelerate its enterprise-focused cloud security platform. The company plans to expand engineering, ...
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Cybersecurity
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Mitchell Langley November 21, 2025
Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Mitchell Langley November 21, 2025
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Mitchell Langley November 21, 2025
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
News
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Andrew Doyle November 21, 2025
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Cybersecurity
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Andrew Doyle November 18, 2025

TOP CYBERSECURITY HEADLINES

Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
Data Security
Italian Railway Data Breach Traced to Third-Party IT Compromise
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
News
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
News
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off

This Week’s Security Spotlight

Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Network Security
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Andrew Doyle November 18, 2025
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
News
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
Gabby Lee November 18, 2025
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Information Security
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Mitchell Langley November 18, 2025
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Application Security
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Gabby Lee November 17, 2025
More In News
Trending
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
October 28, 2025
Podcasts
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
October 28, 2025
Podcasts
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
October 28, 2025

Cyber Security News

Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
November 21, 2025
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Cybersecurity
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
November 21, 2025
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Application Security
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
November 21, 2025
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
November 21, 2025
Italian Railway Data Breach Traced to Third-Party IT Compromise
Data Security
Italian Railway Data Breach Traced to Third-Party IT Compromise
November 21, 2025
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
Application Security
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
November 21, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
November 21, 2025
APT24, a China-linked threat group, used a custom malware called BadAudio in a three-year surveillance operation, now evolving with advanced techniques.
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
November 21, 2025
Thai authorities, helped by a tip from the FBI, have arrested a Russian hacking suspect in Phuket, linking the individual to major cyber breaches.
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
November 21, 2025
The new Android malware dubbed Sturnus bypasses strong encryption in secure messaging apps by recording on-screen content and enabling full device control.
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
November 21, 2025
A vulnerability in WhatsApp's contact discovery protocol exposed the risk of mass account enumeration, allowing attackers to confirm up to 3.5 billion accounts.
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
November 21, 2025
The U.S. Securities and Exchange Commission has ended its litigation against SolarWinds and its CISO, closing a controversial chapter stemming from the 2020 SUNBURST attack.
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
November 21, 2025
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
November 21, 2025
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
November 21, 2025
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
November 21, 2025
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
November 21, 2025
Cybersecurity startup Mate has emerged from stealth with a $15.5M seed round to accelerate its enterprise-focused cloud security platform. The company plans to expand engineering, ...
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
November 21, 2025
Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
November 21, 2025
Amazon’s threat intelligence team has linked Iranian state-backed hackers to cyber intrusions that directly supported physical military operations. The findings show Tehran merging digital espionage ...
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
November 21, 2025
The U.S., U.K., and Australia have jointly sanctioned Russian nationals Aleksandr Ermakov and Aleksandr Rakitin, along with several bulletproof hosting providers, for enabling ransomware groups ...
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
November 21, 2025
Operation WrtHug is hijacking tens of thousands of outdated ASUS routers worldwide by exploiting old firmware flaws and default credentials. The botnet is growing rapidly, ...
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion