Cyber Security
All I Want for Christmas is All of Your Data: SantaStealer Malware Spreads for the Holidays
Texas Attorney General Sues Television Giants Over Data Privacy Concerns
ECB Decision Causes Costly Delays for Bank of England’s Payment System Overhaul
Cyber Raid on Jaguar Land Rover: August Attack Leads to Theft of Sensitive Information
Google Finds China and Iran Actors Exploiting React2Shell Flaws
Atlassian Publishes Security Patches for Critical Vulnerabilities in Multiple Products
700Credit Data Breach Exposes Sensitive Information of 5.8 Million Individuals
Google Chrome Extension With Millions of Users May Be Compromising Privacy
Militant Groups Experiment With AI, Amplifying Threats
SoundCloud’s VPN Restrictions Lead to Access Denials for Users
Unsecured 16TB Database Exposes 4.3 Billion Professional Records
Notepad++ Fixes Updater Vulnerability Allowing Attackers to Hijack Update Traffic
Germany Accuses Russia of Cyberattacks on Air Traffic Control and Election Interference
Justice Department Alleges Misleading Compliance in Federal Audit Case
GeoServer Vulnerability Exploitation Facilitates External Entity Attacks
MITRE Highlights XSS and SQL Injection as Top Software Vulnerabilities for 2025
Shadow Spreadsheets’ Stealthy Role in Data Security Risks
Torrent Disguised as Leonardo DiCaprio Film Evades Detection Using Subtle Malware Delivery Technique
Kali Linux Version 2025.4 Introduces New Hacking Tools and Improvements
Fieldtex Ransomware Attack: Akira Group Claims Responsibility
Digital-only eVisa Scheme Faces Scrutiny Over Data Leaks and GDPR Concerns
Gladinet CentreStack Flaw: A Widespread Threat to Organizations
PyStoreRAT: New JavaScript-Based RAT Distributed via GitHub
Pentagon Pushes for Post-Quantum Cryptography Amid Rising Tech Tensions
New Cyber Threats: Movie Downloads and Software Updates Under Siege
Zero-day Vulnerability in Gogs Leads to Hundreds of Compromised Servers
Former Employee Faces Charges Over Alleged Cybersecurity Fraud: DoD Compliance in Question
Microsoft Expands Vulnerability Rewards Program to Third-Party Code
Stealthy Campaign Targets Developers With Malicious VSCode Extensions
Cybercrime as a Service: The New Era of Subscription-Based Attacks
Amazon's Operation Disrupts GRU Hackers Targeting Cloud Infrastructure
Cybersecurity
Amazon’s Operation Disrupts GRU Hackers Targeting Cloud Infrastructure
Amazon's Threat Intelligence team successfully disabled operations related to Russian GRU hackers, focusing on customer cloud infrastructure security and thwarting espionage attempts.
From Open Source to OpenAI Navigating the Evolution of Third-Party Risks
Blog
From Open Source to OpenAI: Navigating the Evolution of Third-Party Risks
Explore how speed-driven development introduces new third-party risks. Understand how threat actors exploit vulnerabilities in open source libraries and AI-driven tools.
AWS Customers Targeted in Cryptocurrency Mining Campaign Using Stolen IAM Credentials
Identity and Access Management
AWS Customers Targeted in Cryptocurrency Mining Campaign Using Stolen IAM Credentials
A cryptocurrency mining campaign targets AWS customers by exploiting stolen Identity and Access Management credentials. Detected by Amazon's GuardDuty, the attack uses novel persistence techniques ...
All I Want for Christmas is All of Your Data SantaStealer Malware Spreads for the Holidays
Cybersecurity
All I Want for Christmas is All of Your Data: SantaStealer Malware Spreads for the Holidays
A cybercriminal's holiday dream, SantaStealer, a new information-stealing malware, promises undetected operation on systems of high-profile targets, advertised on Telegram for $175 monthly.
Texas Attorney General Sues Television Giants Over Data Privacy Concerns
Data Security
Texas Attorney General Sues Television Giants Over Data Privacy Concerns
The Texas Attorney General has taken legal action against five major television manufacturers, alleging violation of data privacy. The lawsuit accuses these companies of using ...
ECB Decision Causes Costly Delays for Bank of England's Payment System Overhaul
Cybersecurity
ECB Decision Causes Costly Delays for Bank of England’s Payment System Overhaul
The European Central Bank's (ECB) 2022 postponement of a new messaging standard forced the Bank of England to delay its payment system launch, incurring £23 ...
Cyber Raid on Jaguar Land Rover August Attack Leads to Theft of Sensitive Information
Information Security
Cyber Raid on Jaguar Land Rover: August Attack Leads to Theft of Sensitive Information
The August cyber raid on Jaguar Land Rover (JLR) had a dual impact, crippling factory operations and resulting in the theft of sensitive employee payroll ...
Google Finds China and Iran Actors Exploiting React2Shell Flaws
Application Security
Google Finds China and Iran Actors Exploiting React2Shell Flaws
Google has reported exploitation of the React2Shell vulnerability by five Chinese threat actor groups and Iranian operatives, aiming to deliver malware. This vulnerability, is becoming ...
Atlassian Publishes Security Patches for Critical Vulnerabilities in Multiple Products
CVE Vulnerability Alerts
Atlassian Publishes Security Patches for Critical Vulnerabilities in Multiple Products
Atlassian has released security updates targeting multiple vulnerabilities, including critical-severity issues in products like Apache Tika. One major flaw is an XML External Entity (XXE) ...
FreePBX Critical Vulnerability Enables Potential Authentication Bypass
CVE Vulnerability Alerts
FreePBX Critical Vulnerability Enables Potential Authentication Bypass
FreePBX, an open-source private branch exchange (PBX) platform, has multiple security vulnerabilities. A critical flaw (CVE-2025-61675) allows authentication bypass under certain configurations.
700Credit Data Breach Exposes Sensitive Information of 5.8 Million Individuals
Data Security
700Credit Data Breach Exposes Sensitive Information of 5.8 Million Individuals
700Credit, a prominent fintech company, reports a significant data breach where sensitive information of 5.8 million individuals has been compromised.
Google Chrome Extension With Millions of Users May Be Compromising Privacy
Application Security
Google Chrome Extension With Millions of Users May Be Compromising Privacy
The Urban VPN Proxy, trusted by over 6 million users on Google Chrome, is suspected of covertly harvesting data entered into AI chatbots. The extension ...
Militant Groups Experiment With AI, Amplifying Threats
Cybersecurity
Militant Groups Experiment With AI, Amplifying Threats
Extremist groups are leveraging AI technologies to enhance their propaganda efforts, according to recent insights. This trend points to a growing challenge in cybersecurity as ...
SoundCloud's VPN Restrictions Lead to Access Denials for Users
Cybersecurity
SoundCloud’s VPN Restrictions Lead to Access Denials for Users
Users attempting to access SoundCloud via VPN connections are encountering a 403 forbidden error, resulting in blocked access to the audio streaming platform. This issue ...
Email Scam Exploits PayPal's Subscriptions Billing Feature
News
Email Scam Exploits PayPal’s Subscriptions Billing Feature
PayPal's legitimate billing feature becomes a tool for scammers sending fraudulent emails, mimicking genuine purchase notifications. This latest financial scam uses deception to its full ...
Unsecured 16TB Database Exposes 4.3 Billion Professional Records
Information Security
Unsecured 16TB Database Exposes 4.3 Billion Professional Records
A massive 16TB MongoDB database containing 4.3 billion professional records was found unsecured, raising concerns about AI-driven social engineering threats. Researchers Bob Diachenko and nexos.ai ...
Notepad++ Fixes Updater Vulnerability Allowing Attackers to Hijack Update Traffic
Application Security
Notepad++ Fixes Updater Vulnerability Allowing Attackers to Hijack Update Traffic
A vulnerability in Notepad++ could have let attackers hijack update traffic. This flaw stemmed from weak file authentication during updates. A report by security researcher ...
Apple Patches Critical Vulnerabilities Across Multiple Platforms
CVE Vulnerability Alerts
Apple Patches Critical Vulnerabilities Across Multiple Platforms
Apple releases crucial security patches for iOS, iPadOS, macOS, watchOS, and more, targeting two actively exploited vulnerabilities. Among these is CVE-2025-43529, a significant use-after-free flaw ...
CISA Alerts on Exploited Vulnerability in Sierra Wireless AirLink ALEOS Routers
CVE Vulnerability Alerts
CISA Alerts on Exploited Vulnerability in Sierra Wireless AirLink ALEOS Routers
The U.S. Cybersecurity and Infrastructure Security Agency has added a flaw in Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities catalog. This follows ...
Germany Accuses Russia of Cyberattacks on Air Traffic Control and Election Interference
Cybersecurity
Germany Accuses Russia of Cyberattacks on Air Traffic Control and Election Interference
Germany has called in Russia's ambassador to address grave concerns about alleged cyberattacks on its air traffic control and a concurrent disinformation campaign designed to ...

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
All I Want for Christmas is All of Your Data: SantaStealer Malware Spreads for the Holidays
A cybercriminal's holiday dream, SantaStealer, a new information-stealing malware, promises undetected operation on systems of high-profile targets, advertised on Telegram for $175 monthly.
Texas Attorney General Sues Television Giants Over Data Privacy Concerns
The Texas Attorney General has taken legal action against five major television manufacturers, alleging violation of data privacy. The lawsuit accuses these companies of using ...
ECB Decision Causes Costly Delays for Bank of England’s Payment System Overhaul
The European Central Bank's (ECB) 2022 postponement of a new messaging standard forced the Bank of England to delay its payment system launch, incurring £23 ...
Cyber Raid on Jaguar Land Rover: August Attack Leads to Theft of Sensitive Information
The August cyber raid on Jaguar Land Rover (JLR) had a dual impact, crippling factory operations and resulting in the theft of sensitive employee payroll ...
Google Finds China and Iran Actors Exploiting React2Shell Flaws
Google has reported exploitation of the React2Shell vulnerability by five Chinese threat actor groups and Iranian operatives, aiming to deliver malware. This vulnerability, is becoming ...
Atlassian Publishes Security Patches for Critical Vulnerabilities in Multiple Products
Atlassian has released security updates targeting multiple vulnerabilities, including critical-severity issues in products like Apache Tika. One major flaw is an XML External Entity (XXE) ...
FreePBX Critical Vulnerability Enables Potential Authentication Bypass
FreePBX, an open-source private branch exchange (PBX) platform, has multiple security vulnerabilities. A critical flaw (CVE-2025-61675) allows authentication bypass under certain configurations.
700Credit Data Breach Exposes Sensitive Information of 5.8 Million Individuals
700Credit, a prominent fintech company, reports a significant data breach where sensitive information of 5.8 million individuals has been compromised.
Google Chrome Extension With Millions of Users May Be Compromising Privacy
The Urban VPN Proxy, trusted by over 6 million users on Google Chrome, is suspected of covertly harvesting data entered into AI chatbots. The extension ...
Phishing Attacks in 2026: Evolution Beyond Email and Its Implications
In 2025, phishing threats evolved beyond traditional email to include social platforms, browser-based attacks, and malicious search ads. Security teams must now grapple with emerging ...
Militant Groups Experiment With AI, Amplifying Threats
Extremist groups are leveraging AI technologies to enhance their propaganda efforts, according to recent insights. This trend points to a growing challenge in cybersecurity as ...
SoundCloud’s VPN Restrictions Lead to Access Denials for Users
Users attempting to access SoundCloud via VPN connections are encountering a 403 forbidden error, resulting in blocked access to the audio streaming platform. This issue ...
Email Scam Exploits PayPal’s Subscriptions Billing Feature
PayPal's legitimate billing feature becomes a tool for scammers sending fraudulent emails, mimicking genuine purchase notifications. This latest financial scam uses deception to its full ...
Unsecured 16TB Database Exposes 4.3 Billion Professional Records
A massive 16TB MongoDB database containing 4.3 billion professional records was found unsecured, raising concerns about AI-driven social engineering threats. Researchers Bob Diachenko and nexos.ai ...
Notepad++ Fixes Updater Vulnerability Allowing Attackers to Hijack Update Traffic
A vulnerability in Notepad++ could have let attackers hijack update traffic. This flaw stemmed from weak file authentication during updates. A report by security researcher ...
Apple Patches Critical Vulnerabilities Across Multiple Platforms
Apple releases crucial security patches for iOS, iPadOS, macOS, watchOS, and more, targeting two actively exploited vulnerabilities. Among these is CVE-2025-43529, a significant use-after-free flaw ...
CISA Alerts on Exploited Vulnerability in Sierra Wireless AirLink ALEOS Routers
The U.S. Cybersecurity and Infrastructure Security Agency has added a flaw in Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities catalog. This follows ...
Germany Accuses Russia of Cyberattacks on Air Traffic Control and Election Interference
Germany has called in Russia's ambassador to address grave concerns about alleged cyberattacks on its air traffic control and a concurrent disinformation campaign designed to ...
Justice Department Alleges Misleading Compliance in Federal Audit Case
Accusations of deception rise as a former senior manager is sued for allegedly misleading the US government about the compliance status of a cloud platform ...
GeoServer Vulnerability Exploitation Facilitates External Entity Attacks
Attackers can exploit a flaw in GeoServer to define external entities within XML requests, resulting in critical security breaches. The vulnerability impacts data security, highlighting ...