Cyber Security
Sotheby’s Confirms Data Breach Exposing Financial Information
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Discord Breach Exposes 70,000 ID Photos and Raises Questions about Third-Party Age Verification
SimonMed Confirms Data Breach Exposed 1.2 Million Patients in January
Fake “Inflation Refund” Texts Target New Yorkers in Sophisticated Phishing Scam
Zero-Day in Gladinet CentreStack and Triofox Actively Exploited
Spain Dismantles “GXC Team” Crime-as-a-Service Network and Arrests 25-Year-Old Leader
LockBit, Qilin, DragonForce Form Ransomware Cartel to Coordinate Attacks
Hackers Claim Massive Salesforce Breach Allegedly Exposing 1 Billion Records from Global Customers
Quebec HopHop App Leak Exposes Children’s Data Across Hundreds of Schools and Daycares
Threat Actors Abuse Velociraptor DFIR Tool to Deploy Ransomware and Evade Detection
SonicWall Confirms Theft of All Firewall Cloud Backups, Urges Immediate Action
FBI Seizes BreachForums Infrastructure Used in Salesforce Extortion Scheme
ClayRat Spyware Tricks Android Users by Masquerading as WhatsApp, TikTok and YouTube
Microsoft Warns of “Payroll Pirate” Attacks Diverting University Salaries
Discord Confirms Potential Age-Verification Vendor Breach Impacting About 70,000 Users
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Cybersecurity
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
MANGO says a marketing vendor compromise exposed customer first names, countries, postal codes, email and phone data. Core accounts, financials, and credentials were not impacted.
NPM Supply Chain Attack 175 Malicious Packages Target Industrial Firms
Application Security
NPM Supply Chain Attack: 175 Malicious Packages Target Industrial Firms
A wave of coordinated supply chain attacks is targeting the NPM ecosystem, with over 400 malicious packages used to deploy malware, steal credentials, and compromise ...
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
Cybersecurity
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
F5 disclosed a breach in which threat actors exfiltrated portions of BIG-IP source code and undisclosed vulnerability information. CISA ordered federal agencies to patch and ...
Sotheby’s Confirms Data Breach Exposing Financial Information
Cybersecurity
Sotheby’s Confirms Data Breach Exposing Financial Information
Sotheby’s confirmed a cyber intrusion in July 2025 that exposed names, Social Security numbers and financial account details. It is offering identity monitoring and investigating.
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Cybersecurity
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Phishing emails impersonating LastPass and Bitwarden lure users to install malicious binaries. The payload deploys Syncro and ScreenConnect for remote PC control, code execution and ...
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
News
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
A 20-year-old college student has been sentenced to four years in prison for hacking PowerSchool and stealing data from more than 70 million students and ...
ICTBroadcast Servers Under Threat Cookie Vulnerability Enables Remote Code Execution
Application Security
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
A critical vulnerability in ICTBroadcast (CVE-2025-2611) enables unauthenticated remote code execution through malicious session cookies. With public exploits and Metasploit modules available, attackers are actively ...
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Application Security
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
A critical CVSS 10.0 vulnerability in SAP NetWeaver AS Java (CVE-2025-42944) allows unauthenticated attackers to remotely execute OS commands through insecure deserialization in the RMI-P4 ...
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Network Security
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
A critical use-after-free vulnerability in Redis (CVE-2025-49844) enables remote code execution via Lua scripting. Affecting all versions up to 8.2.1, the flaw is already being ...
Industrial Control at Risk Red Lion RTU Vulnerabilities Score 10.0 CVSS
Application Security
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Researchers uncovered two critical Red Lion Sixnet RTU vulnerabilities that allow attackers to bypass authentication and execute root-level commands remotely. Widely used in energy, water, ...
Salesforce Hacks Extortion Group Leaks Millions of Sensitive Records
Information Security
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
A unified extortion group known as Scattered Lapsus$ Hunters exploited OAuth token leaks from Salesloft integrations to infiltrate Salesforce-connected systems. At least 44 major companies ...
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Data Security
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Capita has been fined £14 million by the UK ICO for failing to prevent a 2023 cyberattack that exposed data from over 6.6 million people. ...
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Cybersecurity
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
U.S. authorities seized $15 billion in bitcoin linked to a major “pig butchering” scam run by Chen Zhi and Prince Holding Group, combining fraud and ...
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Cybersecurity
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Pixnapping is a new Android attack that steals 2FA codes and on-screen data by reading pixel rendering side-channels—no permissions needed, and effective in under 30 ...
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Cybersecurity
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Vietnam Airlines says a third-party customer-service platform was breached, possibly exposing customer contact data; payments, passwords and passports were not affected, investigation and notifications are ...
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
Cybersecurity
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
Oracle quietly patched a zero-day exploit leaked by ShinyHunters, enabling remote command execution in enterprise applications. Customers are urged to deploy updates immediately and audit ...
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Cybersecurity
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Ransom group CoinbaseCartel claims to have stolen SK Telecom source code, build files and cloud keys via a repository compromise and threatens public disclosure this ...
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
Cybersecurity
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
UK investigators probe Russian involvement after a September cyberattack at Jaguar Land Rover disabled 800 systems and halted production; government underwrites a £1.5bn loan guarantee.
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
Cybersecurity
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
An internal AI upload exposed the personal and health data of 2,031 Northern Rivers Resilient Homes participants. The NSW Reconstruction Authority opened investigations and issued ...
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Cybersecurity
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Hackers have leaked data of nearly six million Qantas customers on the dark web after a Salesforce-linked breach, exposing names, contact details, and frequent flyer ...

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Detection Tools
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
F5 disclosed a breach in which threat actors exfiltrated portions of BIG-IP source code and undisclosed vulnerability information. CISA ordered federal agencies to patch and ...
Sotheby’s Confirms Data Breach Exposing Financial Information
Sotheby’s confirmed a cyber intrusion in July 2025 that exposed names, Social Security numbers and financial account details. It is offering identity monitoring and investigating.
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Phishing emails impersonating LastPass and Bitwarden lure users to install malicious binaries. The payload deploys Syncro and ScreenConnect for remote PC control, code execution and ...
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
A 20-year-old college student has been sentenced to four years in prison for hacking PowerSchool and stealing data from more than 70 million students and ...
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
A critical vulnerability in ICTBroadcast (CVE-2025-2611) enables unauthenticated remote code execution through malicious session cookies. With public exploits and Metasploit modules available, attackers are actively ...
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
A critical CVSS 10.0 vulnerability in SAP NetWeaver AS Java (CVE-2025-42944) allows unauthenticated attackers to remotely execute OS commands through insecure deserialization in the RMI-P4 ...
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
A critical use-after-free vulnerability in Redis (CVE-2025-49844) enables remote code execution via Lua scripting. Affecting all versions up to 8.2.1, the flaw is already being ...
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Researchers uncovered two critical Red Lion Sixnet RTU vulnerabilities that allow attackers to bypass authentication and execute root-level commands remotely. Widely used in energy, water, ...
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
A unified extortion group known as Scattered Lapsus$ Hunters exploited OAuth token leaks from Salesloft integrations to infiltrate Salesforce-connected systems. At least 44 major companies ...
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Capita has been fined £14 million by the UK ICO for failing to prevent a 2023 cyberattack that exposed data from over 6.6 million people. ...
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
U.S. authorities seized $15 billion in bitcoin linked to a major “pig butchering” scam run by Chen Zhi and Prince Holding Group, combining fraud and ...
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Pixnapping is a new Android attack that steals 2FA codes and on-screen data by reading pixel rendering side-channels—no permissions needed, and effective in under 30 ...
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Vietnam Airlines says a third-party customer-service platform was breached, possibly exposing customer contact data; payments, passwords and passports were not affected, investigation and notifications are ...
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
Oracle quietly patched a zero-day exploit leaked by ShinyHunters, enabling remote command execution in enterprise applications. Customers are urged to deploy updates immediately and audit ...
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Ransom group CoinbaseCartel claims to have stolen SK Telecom source code, build files and cloud keys via a repository compromise and threatens public disclosure this ...
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
UK investigators probe Russian involvement after a September cyberattack at Jaguar Land Rover disabled 800 systems and halted production; government underwrites a £1.5bn loan guarantee.
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
An internal AI upload exposed the personal and health data of 2,031 Northern Rivers Resilient Homes participants. The NSW Reconstruction Authority opened investigations and issued ...
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Hackers have leaked data of nearly six million Qantas customers on the dark web after a Salesforce-linked breach, exposing names, contact details, and frequent flyer ...
Discord Breach Exposes 70,000 ID Photos and Raises Questions about Third-Party Age Verification
Discord has confirmed that government-issued identification photos belonging to roughly 70,000 users may have been exposed in a third-party breach that impacted a vendor used ...
SimonMed Confirms Data Breach Exposed 1.2 Million Patients in January
SimonMed Imaging says a January 2025 breach exposed data for 1.2 million patients. Medusa claimed theft of 212 GB including scanned IDs, medical records, and ...
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
Sotheby’s Confirms Data Breach Exposing Financial Information
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Discord Breach Exposes 70,000 ID Photos and Raises Questions about Third-Party Age Verification
SimonMed Confirms Data Breach Exposed 1.2 Million Patients in January