Cyber Security
CVE Vulnerability Alerts
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
Progress Software patched a CVSS 9.8 authentication bypass in MOVEit Automation — the same product line that fueled the catastrophic Cl0p ransomware campaign in 2023.
Cybersecurity
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
An adversary-in-the-middle phishing campaign hit 35,000 workers across 13,000 organizations in 48 hours, using fake HR emails to bypass MFA and steal Microsoft tokens.
Cybersecurity
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
VENOMOUS#HELPER spent 13 months inside 80+ organizations using legitimate RMM software — SimpleHelp and ScreenConnect — as undetected persistent access channels.
Application Security
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Cybersecurity
Hacking the Hackers: What a Security Vendor Breach Really Means
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source code enables.
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer malware.
Application Security
Five Intelligence Agencies Agree: Slow Down Your AI Agents
The Five Eyes alliance issued its first joint advisory on agentic AI security, warning that autonomous AI systems introduce novel attack surfaces enterprises are not ...
Cybersecurity
275 Million Students’ Records Allegedly Stolen in Canvas Breach
ShinyHunters claims 3.65 TB of Instructure Canvas data affecting 275 million users at 9,000 schools — with minors' data exposed and a Salesforce pivot involved.
Cybersecurity
Tax Season Never Really Ends for Hackers
China-linked Silver Fox deployed a new ABCDoor backdoor through tax-themed phishing targeting both Indian and Russian filers simultaneously — a significant operational expansion.
Cybersecurity
When Amazon Sends the Phishing Email
Threat actors are systematically abusing Amazon SES to send phishing emails that pass SPF, DKIM, and DMARC checks — turning AWS's own email infrastructure against ...
Application Security
WhatsApp Patches Flaws That Let Hackers Hide Malware in Plain Sight
Meta patched WhatsApp file type spoofing and URL scheme vulnerabilities that could disguise malicious executables as benign files and redirect users to attacker-controlled resources.
Cybersecurity
North Korea Turned a Gaming App Into a Spyware Platform
North Korean APT37 compromised a gaming platform to deliver BirdCall, a new cross-platform spy tool targeting Android and Windows users since 2024.
Application Security
Debug Mode Left Open: Enterprise Platform Hit With Unauthenticated RCE
CVE-2026-22679, a critical unauthenticated RCE in Weaver E-cology, has been actively exploited since March — weeks before public disclosure reached defenders.
Application Security
One Zero-Day, 40,000 Servers: The cPanel Mass-Compromise
A critical cPanel authentication bypass zero-day exploited for two months before disclosure compromised 40,000+ servers and targeted governments in Southeast Asia.
Blog
Confident Posture: Navigating Ransomware Incidents with Expert Guidance
No organization wants to be the next ransomware headline. But every business, from small startups to global enterprises, is at ...
Cybersecurity
Threat Actors Are Ramping Up Microsoft Teams Exploitation for Network Access
Cybercriminals are increasingly targeting Microsoft Teams in enterprise attacks, using the platform alongside legitimate tools to gain unauthorized ac...
Cybersecurity
Cybercriminals Are Bending Trust, Not Breaking Systems
Cyber attackers bypass systems without breaking them, taking advantage of trusted pathways, smartly bending trust.
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Claude Desktop's unauthorized modifications may breach EU laws on clear user consent.
CVE Vulnerability Alerts
Severe Command Injection Flaw Discovered in SGLang
A critical vulnerability in SGLang could allow remote code execution. Tracked as CVE-2026-5760, this flaw scores 9.8 on CVSS.
Cybersecurity
Serial-to-IP Converter Flaws in Lantronix and Silex Products Put Critical Systems at Risk
Vulnerabilities in Lantronix and Silex products risk exploitation in OT and healthcare sectors.
CVE Vulnerability Alerts
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
Application Security
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
TOP CYBERSECURITY HEADLINES
Application Security
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Application Security
Five Intelligence Agencies Agree: Slow Down Your AI Agents
This Week’s Security Spotlight
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Cybersecurity
When Amazon Sends the Phishing Email
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Attackers compromised PyTorch Lightning 2.6.3 on PyPI with ShaiWorm credential stealer, targeting cloud API keys, browser credentials, and AWS/Azure/GCP tokens.
Hacking the Hackers: What a Security Vendor Breach Really Means
Trellix disclosed that attackers accessed its internal source code repositories — raising serious questions about what stolen security vendor source code enables.
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Attackers compromised DigiCert support staff via a chat-delivered screenshot, used their access to obtain code-signing certificates, and signed Zhong Stealer malware.
Five Intelligence Agencies Agree: Slow Down Your AI Agents
The Five Eyes alliance issued its first joint advisory on agentic AI security, warning that autonomous AI systems introduce novel attack surfaces enterprises are not ...
275 Million Students’ Records Allegedly Stolen in Canvas Breach
ShinyHunters claims 3.65 TB of Instructure Canvas data affecting 275 million users at 9,000 schools — with minors' data exposed and a Salesforce pivot involved.
Tax Season Never Really Ends for Hackers
China-linked Silver Fox deployed a new ABCDoor backdoor through tax-themed phishing targeting both Indian and Russian filers simultaneously — a significant operational expansion.
When Amazon Sends the Phishing Email
Threat actors are systematically abusing Amazon SES to send phishing emails that pass SPF, DKIM, and DMARC checks — turning AWS's own email infrastructure against ...
WhatsApp Patches Flaws That Let Hackers Hide Malware in Plain Sight
Meta patched WhatsApp file type spoofing and URL scheme vulnerabilities that could disguise malicious executables as benign files and redirect users to attacker-controlled resources.
North Korea Turned a Gaming App Into a Spyware Platform
North Korean APT37 compromised a gaming platform to deliver BirdCall, a new cross-platform spy tool targeting Android and Windows users since 2024.
Debug Mode Left Open: Enterprise Platform Hit With Unauthenticated RCE
CVE-2026-22679, a critical unauthenticated RCE in Weaver E-cology, has been actively exploited since March — weeks before public disclosure reached defenders.
One Zero-Day, 40,000 Servers: The cPanel Mass-Compromise
A critical cPanel authentication bypass zero-day exploited for two months before disclosure compromised 40,000+ servers and targeted governments in Southeast Asia.
Confident Posture: Navigating Ransomware Incidents with Expert Guidance
No organization wants to be the next ransomware headline. But every business, from small startups to global enterprises, is at risk from disruptive and financially ...
Threat Actors Are Ramping Up Microsoft Teams Exploitation for Network Access
Cybercriminals are increasingly targeting Microsoft Teams in enterprise attacks, using the platform alongside legitimate tools to gain unauthorized ac...
Cybercriminals Are Bending Trust, Not Breaking Systems
Cyber attackers bypass systems without breaking them, taking advantage of trusted pathways, smartly bending trust.
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Claude Desktop's unauthorized modifications may breach EU laws on clear user consent.
Severe Command Injection Flaw Discovered in SGLang
A critical vulnerability in SGLang could allow remote code execution. Tracked as CVE-2026-5760, this flaw scores 9.8 on CVSS.
Serial-to-IP Converter Flaws in Lantronix and Silex Products Put Critical Systems at Risk
Vulnerabilities in Lantronix and Silex products risk exploitation in OT and healthcare sectors.
Seiko USA Faces Ransom Threat After Website Defacement
Attackers reportedly demand ransom from Seiko USA after defacing the website and claiming to possess customer data.
Scottish Man Pleads Guilty in $8 Million Cryptocurrency Heist
A Scottish man pleads guilty in a US court to a cryptocurrency theft using phishing and SIM-swap tactics.
Cyberattacks Are Outpacing MSP and Corporate Defenses
Discover cybersecurity strategies to counter evolving threats in an upcoming webinar focused on security and recovery.