Main Menu
Cyber Security
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
PromptLock Ransomware Uses AI to Encrypt and Steal Data
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
Farmers Insurance Data Breach Impacts 1.1 Million Customers in Salesforce Cyberattack
AI Summary Injection Turns Summaries into Malware Delivery
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Arizona Seeks $10M to Bolster Election Cybersecurity: Post-Attack Response Plan
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
Apple Patches Zero-Day Exploit: Immediate Fix for CVE-2025-43300 Threat
Google to Verify Android Developers: A New Era in App Security Emerges
Okta Raises Annual Forecasts Amid Surging Demand for Cybersecurity Tools
The Dual Role of AI in Cybersecurity: Weapon and Shield
SentinelOne Q3 Revenue Jumps 22 Amid Cybersecurity Surge
Cybersecurity
SentinelOne Q3 Revenue Jumps 22% Amid Cybersecurity Surge
Andrew Doyle September 2, 2025
SentinelOne has raised its annual revenue forecast amid surging demand for AI-driven cybersecurity. With its Singularity platform and growing ARR surpassing $1 billion, the company ...
U.S. and Allies Expose Salt Typhoon Cyber Espionage Network
Cybersecurity
U.S. and Allies Expose Salt Typhoon Cyber Espionage Network
Mitchell Langley September 2, 2025
A sweeping international advisory accuses Chinese tech firms of fueling cyber espionage campaigns tied to Salt Typhoon and related groups. The attacks span telecom networks, ...
Senator Wyden Demands Independent Cybersecurity Review of Federal Courts
Cybersecurity
Senator Wyden Demands Independent Cybersecurity Review of Federal Courts
Gabby Lee September 2, 2025
A wave of breaches exposing sealed court records and confidential informant data has drawn sharp criticism of the judiciary’s outdated IT. Senator Ron Wyden is ...
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Endpoint Security
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Andrew Doyle September 2, 2025
A DHS audit prompted FEMA to fire 24 staff, including top IT leaders, over cybersecurity failures such as weak authentication and outdated protocols, highlighting federal ...
Maryland’s Paratransit Ransomware Strike Cyberattack Disrupts Disabled Transit Services
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley September 2, 2025
A ransomware attack on Maryland’s Mobility paratransit system has disrupted critical transportation for disabled residents, blocking new reservations and rebookings. While core transit services remain ...
Critical SharePoint Zero-Day Exploited Immediate Steps Against CVE-2025-53770 Vulnerability
Application Security
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
Gabby Lee September 2, 2025
A critical zero-day in Microsoft SharePoint, tracked as CVE-2025-53770, is being widely exploited in espionage and ransomware campaigns. Dubbed “ToolShell,” the flaw enables unauthenticated remote ...
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
Cybersecurity
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
Gabby Lee August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
Cybersecurity
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
Andrew Doyle August 28, 2025
CPAP’s systems were breached in December 2024, exposing names, SSNs, and protected health information for over 90,000 individuals including military beneficiaries.
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
Cybersecurity
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
Mitchell Langley August 28, 2025
Healthcare Services Group reports a late-2024 intrusion that exposed personal data for 624,000 people; company offers identity protection and continues forensic investigations.
PromptLock Ransomware Uses AI to Encrypt and Steal Data
Cybersecurity
PromptLock Ransomware Uses AI to Encrypt and Steal Data
Gabby Lee August 28, 2025
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights risks of weaponized AI in ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Application Security
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Andrew Doyle August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Cybersecurity
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Gabby Lee August 28, 2025
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand of 1.5 BTC was reported.
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Cybersecurity
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Mitchell Langley August 28, 2025
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple AI platforms.
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Cybersecurity
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Andrew Doyle August 28, 2025
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not impacted, CNIL was notified.
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
Cybersecurity
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
Gabby Lee August 28, 2025
A critical SSRF in Docker Desktop (CVE-2025-9074) let containers reach the Docker Engine API and bind host storage; Docker issued Docker Desktop 4.44.3 to fix ...
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
CVE Vulnerability Alerts
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
Mitchell Langley August 28, 2025
CISA warns of actively exploited Git vulnerability CVE-2025-48384 that enables arbitrary code execution via crafted submodules; federal patch deadline set for September 15.
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
Application Security
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
Mitchell Langley August 28, 2025
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing credential-based attacks during US back-to-school ...
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
CVE Vulnerability Alerts
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
Gabby Lee August 28, 2025
Citrix patches critical NetScaler RCE CVE-2025-7775 exploited in zero-day attacks; admins must upgrade affected NetScaler ADC and Gateway builds immediately.
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
Application Security
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
Gabby Lee August 28, 2025
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18, with services disrupted for nearly ...
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
Cybersecurity
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
Andrew Doyle August 28, 2025
Forbes found over 370,000 Grok conversations indexed by search engines after users clicked "share," exposing personal data, attachments, passwords, and illicit instructions including assassination plans.
SentinelOne Q3 Revenue Jumps 22 Amid Cybersecurity Surge
Cybersecurity
SentinelOne Q3 Revenue Jumps 22% Amid Cybersecurity Surge
Andrew Doyle September 2, 2025
Critical SharePoint Zero-Day Exploited Immediate Steps Against CVE-2025-53770 Vulnerability
Application Security
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
Gabby Lee September 2, 2025
Maryland’s Paratransit Ransomware Strike Cyberattack Disrupts Disabled Transit Services
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley September 2, 2025
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
News
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
Gabby Lee August 19, 2025

TOP CYBERSECURITY HEADLINES

FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Endpoint Security
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Maryland’s Paratransit Ransomware Strike Cyberattack Disrupts Disabled Transit Services
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Critical SharePoint Zero-Day Exploited Immediate Steps Against CVE-2025-53770 Vulnerability
Application Security
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
Cybersecurity
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion

This Week’s Security Spotlight

PromptLock Ransomware Uses AI to Encrypt and Steal Data
Cybersecurity
PromptLock Ransomware Uses AI to Encrypt and Steal Data
Gabby Lee August 28, 2025
Senator Wyden Demands Independent Review After Federal Court Cyber Breaches
Cybersecurity
Senator Wyden Demands Independent Review After Federal Court Cyber Breaches
Mitchell Langley August 26, 2025
Gmail Breach Exposes 2.5 Billion Accounts in Social Engineering Attack
Cybersecurity
Gmail Breach Exposes 2.5 Billion Accounts in Social Engineering Attack
Andrew Doyle August 25, 2025
Researcher Harvests 270k Employee Records Exploiting Intel Flaw
Cybersecurity
Researcher Harvests 270k Employee Records Exploiting Intel Flaw
Mitchell Langley August 19, 2025
More In News
Trending
Darcula PhaaS 3.0 Auto-Generates Phishing Kits for Any Brand
Sophisticated Gmail Attacks Target Users: FBI Issues “Do Not Click” Alert
This Facebook Phishing Attack Could Steal EVERYTHING!
What is a Whaling Phishing Attack?

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike
August 28, 2025
Podcasts
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime
August 28, 2025
Podcasts
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
August 28, 2025

Cyber Security News

SentinelOne Q3 Revenue Jumps 22 Amid Cybersecurity Surge
Cybersecurity
SentinelOne Q3 Revenue Jumps 22% Amid Cybersecurity Surge
September 2, 2025
U.S. and Allies Expose Salt Typhoon Cyber Espionage Network
Cybersecurity
U.S. and Allies Expose Salt Typhoon Cyber Espionage Network
September 2, 2025
Senator Wyden Demands Independent Cybersecurity Review of Federal Courts
Cybersecurity
Senator Wyden Demands Independent Cybersecurity Review of Federal Courts
September 2, 2025
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Endpoint Security
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
September 2, 2025
Critical SharePoint Zero-Day Exploited Immediate Steps Against CVE-2025-53770 Vulnerability
Application Security
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
September 2, 2025
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
Cybersecurity
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
August 28, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Detection Tools
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
September 2, 2025
A DHS audit prompted FEMA to fire 24 staff, including top IT leaders, over cybersecurity failures such as weak authentication and outdated protocols, highlighting federal ...
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
September 2, 2025
A ransomware attack on Maryland’s Mobility paratransit system has disrupted critical transportation for disabled residents, blocking new reservations and rebookings. While core transit services remain ...
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
September 2, 2025
A critical zero-day in Microsoft SharePoint, tracked as CVE-2025-53770, is being widely exploited in espionage and ransomware campaigns. Dubbed “ToolShell,” the flaw enables unauthenticated remote ...
Chained Zero-Days: WhatsApp and Apple Exploits Used in Sophisticated Spyware Attacks
September 2, 2025
A pair of newly discovered zero-day vulnerabilities—CVE-2025-43300 in Apple’s ImageIO framework and CVE-2025-55177 in WhatsApp—have been confirmed as part of a sophisticated spyware campaign targeting ...
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike
August 28, 2025
Sweden is reeling from one of the largest public sector cyber incidents in its history. A ransomware attack on Miljödata, an IT services provider supporting ...
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime
August 28, 2025
The cybersecurity world has entered a new era: AI-powered ransomware. Researchers recently uncovered PromptLock, a proof-of-concept malware that uses OpenAI’s gpt-oss:20b model and Lua scripting ...
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
August 28, 2025
The 2025 Purple Knight Report paints a stark picture of enterprise identity security: the average security assessment score for hybrid Active Directory (AD) and Entra ...
AI-Powered Polymorphic Phishing: The New Era of Social Engineering
August 28, 2025
Cybercrime is entering a new phase—one marked by AI-powered phishing attacks, the weaponization of legitimate remote access tools, and the rise of professionalized underground markets. ...
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
August 28, 2025
CPAP’s systems were breached in December 2024, exposing names, SSNs, and protected health information for over 90,000 individuals including military beneficiaries.
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
August 28, 2025
Healthcare Services Group reports a late-2024 intrusion that exposed personal data for 624,000 people; company offers identity protection and continues forensic investigations.
PromptLock Ransomware Uses AI to Encrypt and Steal Data
August 28, 2025
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights risks of weaponized AI in ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
August 28, 2025
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand of 1.5 BTC was reported.
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations
August 28, 2025
The recent Salesforce data breach underscores a growing reality in cybersecurity: even when core SaaS platforms are secure, their third-party integrations often aren’t. Between August ...
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
August 28, 2025
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple AI platforms.
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
August 28, 2025
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not impacted, CNIL was notified.
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
August 28, 2025
A critical SSRF in Docker Desktop (CVE-2025-9074) let containers reach the Docker Engine API and bind host storage; Docker issued Docker Desktop 4.44.3 to fix ...
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
August 28, 2025
CISA warns of actively exploited Git vulnerability CVE-2025-48384 that enables arbitrary code execution via crafted submodules; federal patch deadline set for September 15.
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
August 28, 2025
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing credential-based attacks during US back-to-school ...
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
Chained Zero-Days: WhatsApp and Apple Exploits Used in Sophisticated Spyware Attacks
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
AI-Powered Polymorphic Phishing: The New Era of Social Engineering
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
PromptLock Ransomware Uses AI to Encrypt and Steal Data
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers