Cyber Security
Cybersecurity
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Andrew Doyle
October 16, 2025
MANGO says a marketing vendor compromise exposed customer first names, countries, postal codes, email and phone data. Core accounts, financials, and credentials were not impacted.
Application Security
NPM Supply Chain Attack: 175 Malicious Packages Target Industrial Firms
Gabby Lee
October 16, 2025
A wave of coordinated supply chain attacks is targeting the NPM ecosystem, with over 400 malicious packages used to deploy malware, steal credentials, and compromise ...
Cybersecurity
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
Mitchell Langley
October 16, 2025
F5 disclosed a breach in which threat actors exfiltrated portions of BIG-IP source code and undisclosed vulnerability information. CISA ordered federal agencies to patch and ...
Cybersecurity
Sotheby’s Confirms Data Breach Exposing Financial Information
Andrew Doyle
October 16, 2025
Sotheby’s confirmed a cyber intrusion in July 2025 that exposed names, Social Security numbers and financial account details. It is offering identity monitoring and investigating.
Cybersecurity
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Syed Arslan
October 16, 2025
Phishing emails impersonating LastPass and Bitwarden lure users to install malicious binaries. The payload deploys Syncro and ScreenConnect for remote PC control, code execution and ...
News
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
Gabby Lee
October 16, 2025
A 20-year-old college student has been sentenced to four years in prison for hacking PowerSchool and stealing data from more than 70 million students and ...
Application Security
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
Andrew Doyle
October 16, 2025
A critical vulnerability in ICTBroadcast (CVE-2025-2611) enables unauthenticated remote code execution through malicious session cookies. With public exploits and Metasploit modules available, attackers are actively ...
Application Security
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Mitchell Langley
October 16, 2025
A critical CVSS 10.0 vulnerability in SAP NetWeaver AS Java (CVE-2025-42944) allows unauthenticated attackers to remotely execute OS commands through insecure deserialization in the RMI-P4 ...
Network Security
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Gabby Lee
October 16, 2025
A critical use-after-free vulnerability in Redis (CVE-2025-49844) enables remote code execution via Lua scripting. Affecting all versions up to 8.2.1, the flaw is already being ...
Application Security
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Andrew Doyle
October 16, 2025
Researchers uncovered two critical Red Lion Sixnet RTU vulnerabilities that allow attackers to bypass authentication and execute root-level commands remotely. Widely used in energy, water, ...
Information Security
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
Mitchell Langley
October 16, 2025
A unified extortion group known as Scattered Lapsus$ Hunters exploited OAuth token leaks from Salesloft integrations to infiltrate Salesforce-connected systems. At least 44 major companies ...
Data Security
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Gabby Lee
October 16, 2025
Capita has been fined £14 million by the UK ICO for failing to prevent a 2023 cyberattack that exposed data from over 6.6 million people. ...
Cybersecurity
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Andrew Doyle
October 15, 2025
U.S. authorities seized $15 billion in bitcoin linked to a major “pig butchering” scam run by Chen Zhi and Prince Holding Group, combining fraud and ...
Cybersecurity
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Gabby Lee
October 15, 2025
Pixnapping is a new Android attack that steals 2FA codes and on-screen data by reading pixel rendering side-channels—no permissions needed, and effective in under 30 ...
Cybersecurity
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Andrew Doyle
October 15, 2025
Vietnam Airlines says a third-party customer-service platform was breached, possibly exposing customer contact data; payments, passwords and passports were not affected, investigation and notifications are ...
Cybersecurity
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
Mitchell Langley
October 15, 2025
Oracle quietly patched a zero-day exploit leaked by ShinyHunters, enabling remote command execution in enterprise applications. Customers are urged to deploy updates immediately and audit ...
Cybersecurity
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Andrew Doyle
October 15, 2025
Ransom group CoinbaseCartel claims to have stolen SK Telecom source code, build files and cloud keys via a repository compromise and threatens public disclosure this ...
Cybersecurity
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
Mitchell Langley
October 14, 2025
UK investigators probe Russian involvement after a September cyberattack at Jaguar Land Rover disabled 800 systems and halted production; government underwrites a £1.5bn loan guarantee.
Cybersecurity
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
Andrew Doyle
October 14, 2025
An internal AI upload exposed the personal and health data of 2,031 Northern Rivers Resilient Homes participants. The NSW Reconstruction Authority opened investigations and issued ...
Cybersecurity
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Andrew Doyle
October 14, 2025
Hackers have leaked data of nearly six million Qantas customers on the dark web after a Salesforce-linked breach, exposing names, contact details, and frequent flyer ...
Cybersecurity
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Andrew Doyle
October 16, 2025
Data Security
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Gabby Lee
October 16, 2025
Cybersecurity
Clarins Listed by Everest Ransomware Gang on Dark Web Post
Mitchell Langley
September 23, 2025
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley
September 2, 2025
TOP CYBERSECURITY HEADLINES
This Week’s Security Spotlight
News
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
Gabby Lee
October 16, 2025
Application Security
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Andrew Doyle
October 16, 2025
Cybersecurity
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
Gabby Lee
October 5, 2025
Cybersecurity
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
Mitchell Langley
September 30, 2025
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Detection Tools
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
October 16, 2025
F5 disclosed a breach in which threat actors exfiltrated portions of BIG-IP source code and undisclosed vulnerability information. CISA ordered federal agencies to patch and ...
Sotheby’s Confirms Data Breach Exposing Financial Information
October 16, 2025
Sotheby’s confirmed a cyber intrusion in July 2025 that exposed names, Social Security numbers and financial account details. It is offering identity monitoring and investigating.
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
October 16, 2025
Phishing emails impersonating LastPass and Bitwarden lure users to install malicious binaries. The payload deploys Syncro and ScreenConnect for remote PC control, code execution and ...
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
October 16, 2025
A 20-year-old college student has been sentenced to four years in prison for hacking PowerSchool and stealing data from more than 70 million students and ...
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
October 16, 2025
A critical vulnerability in ICTBroadcast (CVE-2025-2611) enables unauthenticated remote code execution through malicious session cookies. With public exploits and Metasploit modules available, attackers are actively ...
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
October 16, 2025
A critical CVSS 10.0 vulnerability in SAP NetWeaver AS Java (CVE-2025-42944) allows unauthenticated attackers to remotely execute OS commands through insecure deserialization in the RMI-P4 ...
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
October 16, 2025
A critical use-after-free vulnerability in Redis (CVE-2025-49844) enables remote code execution via Lua scripting. Affecting all versions up to 8.2.1, the flaw is already being ...
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
October 16, 2025
Researchers uncovered two critical Red Lion Sixnet RTU vulnerabilities that allow attackers to bypass authentication and execute root-level commands remotely. Widely used in energy, water, ...
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
October 16, 2025
A unified extortion group known as Scattered Lapsus$ Hunters exploited OAuth token leaks from Salesloft integrations to infiltrate Salesforce-connected systems. At least 44 major companies ...
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
October 16, 2025
Capita has been fined £14 million by the UK ICO for failing to prevent a 2023 cyberattack that exposed data from over 6.6 million people. ...
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
October 15, 2025
U.S. authorities seized $15 billion in bitcoin linked to a major “pig butchering” scam run by Chen Zhi and Prince Holding Group, combining fraud and ...
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
October 15, 2025
Pixnapping is a new Android attack that steals 2FA codes and on-screen data by reading pixel rendering side-channels—no permissions needed, and effective in under 30 ...
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
October 15, 2025
Vietnam Airlines says a third-party customer-service platform was breached, possibly exposing customer contact data; payments, passwords and passports were not affected, investigation and notifications are ...
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
October 15, 2025
Oracle quietly patched a zero-day exploit leaked by ShinyHunters, enabling remote command execution in enterprise applications. Customers are urged to deploy updates immediately and audit ...
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
October 15, 2025
Ransom group CoinbaseCartel claims to have stolen SK Telecom source code, build files and cloud keys via a repository compromise and threatens public disclosure this ...
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
October 14, 2025
UK investigators probe Russian involvement after a September cyberattack at Jaguar Land Rover disabled 800 systems and halted production; government underwrites a £1.5bn loan guarantee.
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
October 14, 2025
An internal AI upload exposed the personal and health data of 2,031 Northern Rivers Resilient Homes participants. The NSW Reconstruction Authority opened investigations and issued ...
Qantas Customer Data Leaked on Dark Web After July Cyberattack
October 14, 2025
Hackers have leaked data of nearly six million Qantas customers on the dark web after a Salesforce-linked breach, exposing names, contact details, and frequent flyer ...
Discord Breach Exposes 70,000 ID Photos and Raises Questions about Third-Party Age Verification
October 14, 2025
Discord has confirmed that government-issued identification photos belonging to roughly 70,000 users may have been exposed in a third-party breach that impacted a vendor used ...
SimonMed Confirms Data Breach Exposed 1.2 Million Patients in January
October 14, 2025
SimonMed Imaging says a January 2025 breach exposed data for 1.2 million patients. Medusa claimed theft of 212 GB including scanned IDs, medical records, and ...