Cyber Security
Blog
What Is Data Security Posture Management? A Complete DSPM Guide
Data security posture management (DSPM) continuously discovers and classifies sensitive data to reduce breach risk in multi-cloud environments.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Attackers hijacked a dormant npm contributor account and backdoored 144 Mastra AI packages, exposing 1.1 million weekly downloads to a RAT dropper payload.
Application Security
15 JetBrains Plugins Steal AI API Keys in Eight-Month Campaign
Fifteen malicious JetBrains Marketplace plugins stole OpenAI, DeepSeek, and SiliconFlow API keys from 70,000 IDE users across an eight-month campaign.
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
ShinyHunters claimed 2.2 million stolen Kodak records and set a publication deadline; Kodak confirmed a breach and engaged external cybersecurity experts.
Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
CISA added CVE-2026-48907 to its KEV catalog as automated exploit campaigns target the unauthenticated file upload flaw in the Joomla Content Editor plugin.
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Symantec found that DragonForce ransomware deployed Backdoor.Turn, a Go implant that hides C2 traffic inside Microsoft Teams TURN relay infrastructure.
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they then exfiltrated.
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Application Security
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed them.
Cybersecurity
GhostTree NTFS Junctions Paralyze Windows Defender Scans
Varonis disclosed GhostTree, an NTFS junction technique that uses recursive loops to block Windows Defender scans, requiring only standard user permissions.
Application Security
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Blog
Endpoint Security Solutions: How to Protect Every Enterprise Device
Discover what endpoint security solutions are, how EDR and EPP work, and how to implement enterprise endpoint protection.
Cybersecurity
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Google's GTIG disclosed UNC6508, a China-nexus group that maintained silent email forwarding inside US medical and military research networks for more than two years using ...
Application Security
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...
CVE Vulnerability Alerts
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued a 13-day federal deadline.
Application Security
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
Cybersecurity
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
Cybersecurity
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
DOJ seized CFAKE.com and SOCFAKE.com in the first TAKE IT DOWN Act enforcement, following a French arrest of the 31-year-old SOCFAKE operator and 340,000 registered ...
Cybersecurity
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
CybersecurityNews and SOCRadar exposed The Quarry, a PhaaS platform active since April 2026 running IRS and SSA impersonation campaigns that silently install ConnectWise ScreenConnect for ...
Cybersecurity
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
TOP CYBERSECURITY HEADLINES
Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
This Week’s Security Spotlight
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
ShinyHunters claimed 2.2 million stolen Kodak records and set a publication deadline; Kodak confirmed a breach and engaged external cybersecurity experts.
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
CISA added CVE-2026-48907 to its KEV catalog as automated exploit campaigns target the unauthenticated file upload flaw in the Joomla Content Editor plugin.
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Symantec found that DragonForce ransomware deployed Backdoor.Turn, a Go implant that hides C2 traffic inside Microsoft Teams TURN relay infrastructure.
iRhythm Confirms PHI Exfiltration via Social Engineering
iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they then exfiltrated.
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed them.
GhostTree NTFS Junctions Paralyze Windows Defender Scans
Varonis disclosed GhostTree, an NTFS junction technique that uses recursive loops to block Windows Defender scans, requiring only standard user permissions.
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Endpoint Security Solutions: How to Protect Every Enterprise Device
Discover what endpoint security solutions are, how EDR and EPP work, and how to implement enterprise endpoint protection.
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Google's GTIG disclosed UNC6508, a China-nexus group that maintained silent email forwarding inside US medical and military research networks for more than two years using ...
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued a 13-day federal deadline.
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
DOJ seized CFAKE.com and SOCFAKE.com in the first TAKE IT DOWN Act enforcement, following a French arrest of the 31-year-old SOCFAKE operator and 340,000 registered ...
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
CybersecurityNews and SOCRadar exposed The Quarry, a PhaaS platform active since April 2026 running IRS and SSA impersonation campaigns that silently install ConnectWise ScreenConnect for ...
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
ShinyHunters claims 61 million records stolen from Sysco's Salesforce CRM, including pricing schedules and contact data, with a June 18 publication deadline.