Main Menu
Cyber Security
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
CVE Vulnerability Alerts
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
Andrew Doyle November 24, 2025
SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and Gen8 firewalls, impacting cybersecurity.
Security Alert Remote Code Execution Vulnerability in Glob Pattern Matching Library
Cybersecurity
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
Mitchell Langley November 24, 2025
A remote code execution vulnerability has been identified in the glob file pattern matching library. Researchers urge swift updates to installations.
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cybersecurity
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Gabby Lee November 24, 2025
Iberia Airlines has disclosed a data breach affecting its customers, traced back to a compromised supplier. This announcement follows claims by threat actors on hacker ...
Deconstructing a Qilin Ransomware Attack How Analysts Overcame Limited Visibility
News
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
Andrew Doyle November 24, 2025
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts, and the ransomware path. Learn ...
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Data Security
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Andrew Doyle November 24, 2025
Cox Enterprises has informed affected individuals about a data breach resulting from a zero-day vulnerability in Oracle E-Business Suite, allowing hackers to access sensitive personal ...
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
News
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
Mitchell Langley November 24, 2025
Cybercriminals have turned to browser notifications as a novel phishing vector using the Matrix Push C2 platform. This sophisticated approach leverages non-traditional browser features to ...
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Cybersecurity
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Gabby Lee November 24, 2025
Avast unveils Scam Guardian, a new AI-based security tool. Using Gen Threat Labs data, it offers continuous online fraud detection and guidance.
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Application Security
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Andrew Doyle November 24, 2025
SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Cybersecurity
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Gabby Lee November 24, 2025
Facing accusations of breaching Transport for London's (TfL) systems, two teenagers appeared in court. This breach, which occurred in August 2024, reportedly resulted in millions ...
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
Application Security
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
Gabby Lee November 24, 2025
Nvidia has acknowledged that its recent security updates have triggered performance issues for gamers using Windows 11 24H2 and 25H2 systems. This acknowledgment highlights the ...
ShinyHunters Claims Responsibility for Gainsight Data Breach
News
ShinyHunters Claims Responsibility for Gainsight Data Breach
Gabby Lee November 24, 2025
ShinyHunters admits to exploiting Gainsight security vulnerabilities, affecting numerous Salesforce users. This breach heightens concerns over data security and ransomware in the tech industry.
Grafana Vulnerability Addressing Critical Security Flaw in SCIM Component
CVE Vulnerability Alerts
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
Andrew Doyle November 24, 2025
Grafana has disclosed a critical vulnerability in its SCIM component, rated CVSS 10.0, potentially allowing privilege escalation. Addressing this is crucial for organizations to secure ...
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Cybersecurity
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Andrew Doyle November 24, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies about the need to patch a vulnerability in Oracle Identity Manager identified as ...
Inside Job CrowdStrike Hacked by Insider Leaking Screenshots
Cybersecurity
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
Mitchell Langley November 23, 2025
CrowdStrike has confirmed an insider leaked internal screenshots to hackers. The incident, involving Scattered Lapsus$ Hunters, underscores the persistent insider threat in cybersecurity. As a ...
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
CVE Vulnerability Alerts
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
Gabby Lee November 23, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Mitchell Langley November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Cybersecurity
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Gabby Lee November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Application Security
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Andrew Doyle November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Mitchell Langley November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
Data Security
Italian Railway Data Breach Traced to Third-Party IT Compromise
Andrew Doyle November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
CVE Vulnerability Alerts
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
Andrew Doyle November 24, 2025
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Data Security
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Andrew Doyle November 24, 2025
Deconstructing a Qilin Ransomware Attack How Analysts Overcame Limited Visibility
News
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
Andrew Doyle November 24, 2025
ShinyHunters Claims Responsibility for Gainsight Data Breach
News
ShinyHunters Claims Responsibility for Gainsight Data Breach
Gabby Lee November 24, 2025

TOP CYBERSECURITY HEADLINES

Deconstructing a Qilin Ransomware Attack How Analysts Overcame Limited Visibility
News
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Data Security
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
News
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Cybersecurity
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats

This Week’s Security Spotlight

Inside Job CrowdStrike Hacked by Insider Leaking Screenshots
Cybersecurity
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
Mitchell Langley November 23, 2025
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Network Security
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Andrew Doyle November 18, 2025
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
News
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
Gabby Lee November 18, 2025
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Information Security
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Mitchell Langley November 18, 2025
More In News
Trending
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
October 28, 2025
Podcasts
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
October 28, 2025
Podcasts
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
October 28, 2025

Cyber Security News

SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
CVE Vulnerability Alerts
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
November 24, 2025
Security Alert Remote Code Execution Vulnerability in Glob Pattern Matching Library
Cybersecurity
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
November 24, 2025
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cybersecurity
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
November 24, 2025
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Data Security
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
November 24, 2025
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Cybersecurity
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
November 24, 2025
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Application Security
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
November 24, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
November 24, 2025
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts, and the ransomware path. Learn ...
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
November 24, 2025
Cox Enterprises has informed affected individuals about a data breach resulting from a zero-day vulnerability in Oracle E-Business Suite, allowing hackers to access sensitive personal ...
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
November 24, 2025
Cybercriminals have turned to browser notifications as a novel phishing vector using the Matrix Push C2 platform. This sophisticated approach leverages non-traditional browser features to ...
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
November 24, 2025
Avast unveils Scam Guardian, a new AI-based security tool. Using Gen Threat Labs data, it offers continuous online fraud detection and guidance.
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
November 24, 2025
SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...
British Teenagers in Court for TfL Cybersecurity Breach Allegations
November 24, 2025
Facing accusations of breaching Transport for London's (TfL) systems, two teenagers appeared in court. This breach, which occurred in August 2024, reportedly resulted in millions ...
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
November 24, 2025
Nvidia has acknowledged that its recent security updates have triggered performance issues for gamers using Windows 11 24H2 and 25H2 systems. This acknowledgment highlights the ...
ShinyHunters Claims Responsibility for Gainsight Data Breach
November 24, 2025
ShinyHunters admits to exploiting Gainsight security vulnerabilities, affecting numerous Salesforce users. This breach heightens concerns over data security and ransomware in the tech industry.
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
November 24, 2025
Grafana has disclosed a critical vulnerability in its SCIM component, rated CVSS 10.0, potentially allowing privilege escalation. Addressing this is crucial for organizations to secure ...
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
November 24, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies about the need to patch a vulnerability in Oracle Identity Manager identified as ...
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
November 23, 2025
CrowdStrike has confirmed an insider leaked internal screenshots to hackers. The incident, involving Scattered Lapsus$ Hunters, underscores the persistent insider threat in cybersecurity. As a ...
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
November 23, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
November 21, 2025
APT24, a China-linked threat group, used a custom malware called BadAudio in a three-year surveillance operation, now evolving with advanced techniques.
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
November 21, 2025
Thai authorities, helped by a tip from the FBI, have arrested a Russian hacking suspect in Phuket, linking the individual to major cyber breaches.
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
November 21, 2025
The new Android malware dubbed Sturnus bypasses strong encryption in secure messaging apps by recording on-screen content and enabling full device control.
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
ShinyHunters Claims Responsibility for Gainsight Data Breach
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture