Cyber Security
Cybersecurity
Hamburg’s Miniatur Wunderland Hit by Cyberattack Exposing Credit Card Data
Hamburg’s Miniatur Wunderland suffered a cyberattack that compromised its online ticket system, leaking visitors’ credit card data and potentially exposing thousands to fraud and identity ...
Cybersecurity
Data Leak Exposes Francis Frith’s Historic Photo Archive Customers
A misconfigured database exposed over 300,000 Francis Frith customers’ personal details, including names and emails, putting buyers of the UK’s historic photo archive at phishing ...
Application Security
Microsoft Expands Passwordless Security With Third-Party Passkey Manager Support in Windows 11
Windows 11 now supports third-party passkey managers like 1Password and Bitwarden, allowing users to authenticate with FIDO-compliant passkeys beyond Microsoft’s own tools. The update strengthens ...
Cybersecurity
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
The U.K. is overhauling its cybersecurity laws to better protect critical infrastructure from escalating cyberattacks, expanding NIS regulations to cover more sectors and third-party providers. ...
Cybersecurity
CISO Forum 2025: Summit Explores AI, Cloud Risk, and Governance Realities
The 2025 CISO Forum Virtual Summit highlighted how modern CISOs must balance innovation with expanding attack surfaces. Sessions focused on AI governance, cloud security, and ...
Cybersecurity
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
News
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
Cybersecurity
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
News
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
Google has filed a lawsuit against a China-based cybercriminal group behind the “Lighthouse” Phishing-as-a-Service toolkit, used in mass SMS phishing (smishing) attacks. The case seeks ...
Application Security
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers a critical Hyper-V remote code ...
CVE Vulnerability Alerts
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
News
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via malicious WhatsApp messages, Maverick shares ...
Cybersecurity
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
Operations behind the Rhadamanthys infostealer have abruptly gone dark, locking out users from control panels and servers. The disruption—possibly a law enforcement takedown or exit ...
Endpoint Security
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Synology patched a critical RCE flaw (CVE-2025-22082) in its BeeStation storage devices after researchers exploited it live at Pwn2Own 2025. The pre-authentication bug allowed full ...
Cybersecurity
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Application Security
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Application Security
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
Cybersecurity
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
Application Security
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Cybersecurity
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
TOP CYBERSECURITY HEADLINES
This Week’s Security Spotlight
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
The U.K. is overhauling its cybersecurity laws to better protect critical infrastructure from escalating cyberattacks, expanding NIS regulations to cover more sectors and third-party providers. ...
CISO Forum 2025: Summit Explores AI, Cloud Risk, and Governance Realities
The 2025 CISO Forum Virtual Summit highlighted how modern CISOs must balance innovation with expanding attack surfaces. Sessions focused on AI governance, cloud security, and ...
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
Google has filed a lawsuit against a China-based cybercriminal group behind the “Lighthouse” Phishing-as-a-Service toolkit, used in mass SMS phishing (smishing) attacks. The case seeks ...
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers a critical Hyper-V remote code ...
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via malicious WhatsApp messages, Maverick shares ...
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
Operations behind the Rhadamanthys infostealer have abruptly gone dark, locking out users from control panels and servers. The disruption—possibly a law enforcement takedown or exit ...
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Synology patched a critical RCE flaw (CVE-2025-22082) in its BeeStation storage devices after researchers exploited it live at Pwn2Own 2025. The pre-authentication bug allowed full ...
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
The Thayer Hotel at West Point notified customers that unauthorized access compromised names, ID document numbers and, for a small number, Social Security numbers of 33,000+ individuals.
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
APT37 leveraged phishing, credential theft, and Google Find Hub to execute destructive Android wipes from compromised Windows systems, demonstrating an advanced hybrid desktop-to-mobile attack chain.
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.