Cyber Security
CVE Vulnerability Alerts
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
Fortinet researchers found C0XMO, a Gafgyt variant exploiting CVE-2021-27137 in DD-WRT routers, that kills rival botnets and supports 19 DDoS attack methods.
Cybersecurity
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
ShinyHunters published 234 GB of DentaQuest healthcare records for 2.6 million patients after ransom talks failed, exposing Medicaid IDs and enrollment data.
Cybersecurity
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Play, Genesis, Nova, Incransom, Blackwater, and Krybit each posted victims on the same day, spanning automotive, dental, higher education, travel, and retail.
Cybersecurity
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
Payload ransomware posted Plaza Lama, Hansoll Textile, and Villea Hotels on its Tor leak site, targeting the Dominican Republic, Vietnam, and Malaysia.
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
SolarWinds patches actively exploited Serv-U DoS bug CVE-2026-28318 while CISA adds it to the KEV catalog and orders remediation at federal civilian agencies.
Application Security
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
Volexity found Chinese APT VerdantBamboo used new PLENET and AGENTPSD malware to maintain 18 months of undetected Microsoft 365 access via MSP compromise.
Cybersecurity
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
CoinbaseCartel posted Cambridge Mobile Telematics on its dark web leak site, threatening to expose driving behavior data for millions of insured drivers.
Cybersecurity
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
Anubis ransomware used its WIPEMODE against a US estate law firm and UK contractor; Nova claimed an Indian hospital and Securotrop hit Kriete Truck Centers.
Blog
DNS Tunneling: How Attacks Work, Detection, and Prevention
DNS tunneling hides malicious traffic inside DNS queries to evade firewalls. Learn how attacks work, how to detect them, and how to stop them.
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Cisco disclosed CVE-2026-20245, a command injection zero-day in Catalyst SD-WAN Manager enabling root access via file upload, with no patch available.
Cybersecurity
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
Five Eyes agencies warn Chinese military intelligence is using fake job listings on LinkedIn to recruit government and military insiders for espionage.
Application Security
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
JFrog researchers discovered IronWorm, a Rust-based infostealer with an eBPF rootkit, injected into 36 npm packages to steal AI API keys and self-propagate.
Application Security
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
AppEsteem found a Monero cryptominer bundled inside Hola Browser's Windows installer, hidden as a Windows service and excluded from Windows Defender scanning.
Cybersecurity
Russia Seeks Extremist Label for Cyber Partisans and Silent Crow
Russia's Supreme Court will consider designating Belarusian Cyber Partisans and Silent Crow as extremist groups following the 2025 Aeroflot cyberattack.
Cybersecurity
Play Ransomware Hits Law Firm, Food Tech, Church, and Factory
Play ransomware posted four US victims in a single day: a food processing manufacturer, a law firm, a religious organization, and a manufacturing company.
Cybersecurity
Akira Threatens to Publish 53 GB from US Parts Maker and Ohio MLS
Akira ransomware posted National Standard Parts Associates and Northern Ohio Regional MLS, threatening 53 GB of employee records, contracts, and financial data.
Cybersecurity
Qilin Ransomware Hits Avcon Jet, Slovenian Food Group, and Trican
Qilin ransomware posted Avcon Jet, SKUPINA Don Don, and Trican in a three-country sweep targeting private aviation, food retail, and Canadian oilfield services.
Cybersecurity
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
TheGentlemen ransomware struck Saudi Arabia, India, Thailand, and Portugal in one day, including a first GCC target, as the group exceeds 330 victims in 2026.
Cybersecurity
WorldLeaks Targets Thai Infrastructure Giant CH Karnchang
WorldLeaks claimed CH Karnchang, Thailand's major infrastructure builder, and United Auto Supply in a pure data extortion operation with no file encryption.
Cybersecurity
Supreme Court Upholds $200M FCC Fines on AT&T and Verizon
The Supreme Court ruled 8-1 to uphold FCC authority to fine AT&T and Verizon for selling subscriber GPS location data to third parties without consent.
CVE Vulnerability Alerts
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
TOP CYBERSECURITY HEADLINES
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
Application Security
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
This Week’s Security Spotlight
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Cybersecurity
CISA to Issue Binding AI Security Directive This Week
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
Payload ransomware posted Plaza Lama, Hansoll Textile, and Villea Hotels on its Tor leak site, targeting the Dominican Republic, Vietnam, and Malaysia.
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
SolarWinds patches actively exploited Serv-U DoS bug CVE-2026-28318 while CISA adds it to the KEV catalog and orders remediation at federal civilian agencies.
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
Volexity found Chinese APT VerdantBamboo used new PLENET and AGENTPSD malware to maintain 18 months of undetected Microsoft 365 access via MSP compromise.
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
CoinbaseCartel posted Cambridge Mobile Telematics on its dark web leak site, threatening to expose driving behavior data for millions of insured drivers.
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
Anubis ransomware used its WIPEMODE against a US estate law firm and UK contractor; Nova claimed an Indian hospital and Securotrop hit Kriete Truck Centers.
DNS Tunneling: How Attacks Work, Detection, and Prevention
DNS tunneling hides malicious traffic inside DNS queries to evade firewalls. Learn how attacks work, how to detect them, and how to stop them.
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Cisco disclosed CVE-2026-20245, a command injection zero-day in Catalyst SD-WAN Manager enabling root access via file upload, with no patch available.
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
Five Eyes agencies warn Chinese military intelligence is using fake job listings on LinkedIn to recruit government and military insiders for espionage.
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
JFrog researchers discovered IronWorm, a Rust-based infostealer with an eBPF rootkit, injected into 36 npm packages to steal AI API keys and self-propagate.
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
AppEsteem found a Monero cryptominer bundled inside Hola Browser's Windows installer, hidden as a Windows service and excluded from Windows Defender scanning.
Russia Seeks Extremist Label for Cyber Partisans and Silent Crow
Russia's Supreme Court will consider designating Belarusian Cyber Partisans and Silent Crow as extremist groups following the 2025 Aeroflot cyberattack.
Play Ransomware Hits Law Firm, Food Tech, Church, and Factory
Play ransomware posted four US victims in a single day: a food processing manufacturer, a law firm, a religious organization, and a manufacturing company.
Akira Threatens to Publish 53 GB from US Parts Maker and Ohio MLS
Akira ransomware posted National Standard Parts Associates and Northern Ohio Regional MLS, threatening 53 GB of employee records, contracts, and financial data.
Qilin Ransomware Hits Avcon Jet, Slovenian Food Group, and Trican
Qilin ransomware posted Avcon Jet, SKUPINA Don Don, and Trican in a three-country sweep targeting private aviation, food retail, and Canadian oilfield services.
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
TheGentlemen ransomware struck Saudi Arabia, India, Thailand, and Portugal in one day, including a first GCC target, as the group exceeds 330 victims in 2026.
WorldLeaks Targets Thai Infrastructure Giant CH Karnchang
WorldLeaks claimed CH Karnchang, Thailand's major infrastructure builder, and United Auto Supply in a pure data extortion operation with no file encryption.
Supreme Court Upholds $200M FCC Fines on AT&T and Verizon
The Supreme Court ruled 8-1 to uphold FCC authority to fine AT&T and Verizon for selling subscriber GPS location data to third parties without consent.
FTC Seeks Public Comment on X Corp Bid to Void Twitter Settlement
The FTC opened a public comment period on X Corp's petition to set aside the $150 million Twitter privacy consent decree, with public comments due ...
CISA Orders Patch for Linux Container Escape CVE-2022-0492
CISA added the Linux kernel CVE-2022-0492 container escape flaw to the KEV catalog, confirming active exploitation with a three-day federal patch deadline.
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
CISA added CVE-2026-45247 to its KEV catalog, confirming active exploitation of a CVSS 9.8 Magento RCE flaw that threatens 150,000 e-commerce stores worldwide.