Main Menu
Cyber Security
Gentlemen Ransomware Group’s Internal Data Leaked Publicly
Sri Lanka Arrests 628 in Colombo Crypto Fraud Compound Bust
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
Nitrogen Ransomware Hits Foxconn Wisconsin, Claims 8TB Theft
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
ShinyHunters Sets HMH Extortion Deadline, Student Data at Risk
Public PoC Drops for CVSS 9.8 Android Zero-Click CVE-2026-0073
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
PHP SOAP Extension RCE CVE-2026-6722 Patched Across All Branches
GhostLock Abuses Windows API to Lock 500K Files, Bypassing EDR
WEF: 94% of Organizations Name AI as Top Cybersecurity Change Driver
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
University Student’s TETRA Replay Attack Halts Taiwan Bullet Train
Five Malicious NuGet Packages Target Chinese .NET Developers
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield
Google GTIG Documents First AI-Generated Zero-Day Exploit
Apache CVE-2026-23918: HTTP/2 Double-Free Enables RCE on Debian
SailPoint GitHub Repositories Breached via Third-Party App Flaw
TrickMo Android Banker Routes C2 Traffic Through TON Blockchain
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
JDownloader Website Hacked to Serve Python RAT Malware
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
Cybersecurity
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
Andrew Doyle May 13, 2026
InterLock ransomware posted four new victims in 24 hours on May 11, including Park Dental Research — a US healthcare target flagged in active FBI ...
CVE Vulnerability Alerts
Microsoft May 2026 Patch Tuesday: SharePoint RCE, NTLM Zero-Day
Mitchell Langley May 13, 2026
Microsoft's May 2026 Patch Tuesday fixes two actively exploited flaws including a zero-day NTLM hash leak requiring no user interaction to trigger.
Cybersecurity
ICO Fines South Staffordshire Water £963,900 Over Cl0p Breach
Mitchell Langley May 13, 2026
The UK ICO fined South Staffordshire Water £963,900 after Cl0p ransomware went undetected inside the utility's systems for 20 months, exposing 633,887 records.
Cybersecurity
Gentlemen Ransomware Group’s Internal Data Leaked Publicly
Gabby Lee May 13, 2026
Internal data from the Gentlemen ransomware group — including bitcoin wallets and communications from 300+ victim operations — was posted publicly on MediaFire.
Cybersecurity
Sri Lanka Arrests 628 in Colombo Crypto Fraud Compound Bust
Gabby Lee May 13, 2026
Sri Lankan police arrested 628 foreign nationals running crypto fraud and pig-butchering scam operations from luxury apartments in Colombo in a coordinated sweep.
Application Security
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
Gabby Lee May 13, 2026
SAP's May 2026 Security Patch Day fixes CVE-2026-34260, a CVSS 9.6 SQL injection in S/4HANA Enterprise Search that lets authenticated attackers read or delete ERP ...
Cybersecurity
Nitrogen Ransomware Hits Foxconn Wisconsin, Claims 8TB Theft
Gabby Lee May 13, 2026
Nitrogen ransomware claimed responsibility for an attack on Foxconn's Mount Pleasant, Wisconsin campus, asserting 8TB of data stolen across more than 11 million files.
Cybersecurity
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
Andrew Doyle May 13, 2026
InterLock ransomware posted four new victims in 24 hours on May 11, including Park Dental Research — a US healthcare target flagged in active FBI ...
Cybersecurity
ShinyHunters Sets HMH Extortion Deadline, Student Data at Risk
Mitchell Langley May 13, 2026
ShinyHunters posted Houghton Mifflin Harcourt with a May 12 pay-or-leak deadline, threatening to expose student and educator data from one of the largest US edtech ...
CVE Vulnerability Alerts
Public PoC Drops for CVSS 9.8 Android Zero-Click CVE-2026-0073
Gabby Lee May 13, 2026
Security group BARGHEST released a public PoC for CVE-2026-0073, a CVSS 9.8 zero-click RCE in Android's debug bridge daemon affecting Android 14, 15, and 16.
CVE Vulnerability Alerts
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
Mitchell Langley May 13, 2026
Dell advisory DSA-2026-047 patches a CVSS 9.8 hard-coded credentials flaw in Dell ECS and ObjectScale that grants unauthenticated filesystem access to enterprise storage.
Application Security
PHP SOAP Extension RCE CVE-2026-6722 Patched Across All Branches
Andrew Doyle May 13, 2026
PHP patched CVE-2026-6722, a use-after-free RCE in the SOAP extension, across all active branches (8.2, 8.3, 8.4, 8.5) — exposing any server handling SOAP requests.
Cybersecurity
GhostLock Abuses Windows API to Lock 500K Files, Bypassing EDR
Andrew Doyle May 13, 2026
GhostLock uses Windows CreateFileW to lock 500,000 files in under three minutes, blocking all access without encryption and evading EDR detection.
Cybersecurity
WEF: 94% of Organizations Name AI as Top Cybersecurity Change Driver
Mitchell Langley May 12, 2026
A WEF report finds 94% of enterprise security leaders call AI the top change driver, but warns data quality gaps risk producing false alerts and ...
CVE Vulnerability Alerts
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
Mitchell Langley May 12, 2026
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC page caches. Patches available for ...
Cybersecurity
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
Gabby Lee May 12, 2026
The FCC extended security update support for banned Chinese-made routers to 2029, citing Volt Typhoon threat concerns and risk of unpatched network devices.
Cybersecurity
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
Gabby Lee May 12, 2026
Skoda Auto disclosed a breach of its online shop portal that exposed customer names, addresses, email addresses, and password hashes to unauthorized access.
Cybersecurity
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
Mitchell Langley May 12, 2026
SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and critical infrastructure using GitHub-hosted phishing ...
Application Security
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
Gabby Lee May 12, 2026
cPanel released a second emergency patch in ten days — CVE-2026-29202 and CVE-2026-29203 enable code execution — as Sorry ransomware hits 44,000 servers.
Application Security
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
Gabby Lee May 12, 2026
TeamPCP backdoored the Checkmarx Jenkins AST scanner plugin in a third supply chain wave, following March Trivy and April KICS attacks. Version 2026.5.09 was compromised; ...
Cybersecurity
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
Andrew Doyle May 13, 2026
Cybersecurity
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
Andrew Doyle May 13, 2026
Cybersecurity
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
Andrew Doyle May 13, 2026
Cybersecurity
ICO Fines South Staffordshire Water £963,900 Over Cl0p Breach
Mitchell Langley May 13, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Gentlemen Ransomware Group’s Internal Data Leaked Publicly
Cybersecurity
Sri Lanka Arrests 628 in Colombo Crypto Fraud Compound Bust
Application Security
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
Cybersecurity
Nitrogen Ransomware Hits Foxconn Wisconsin, Claims 8TB Theft

This Week’s Security Spotlight

Application Security
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
Gabby Lee May 13, 2026
CVE Vulnerability Alerts
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
Mitchell Langley May 13, 2026
Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
Andrew Doyle May 11, 2026
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
Andrew Doyle May 11, 2026
More In News
Trending
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
Fake Claude AI Site Delivers New Beagle Windows Backdoor
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
October 28, 2025
Podcasts
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
October 28, 2025
Podcasts
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
October 28, 2025

Cyber Security News

Cybersecurity
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
May 13, 2026
CVE Vulnerability Alerts
Microsoft May 2026 Patch Tuesday: SharePoint RCE, NTLM Zero-Day
May 13, 2026
Cybersecurity
ICO Fines South Staffordshire Water £963,900 Over Cl0p Breach
May 13, 2026
Cybersecurity
Gentlemen Ransomware Group’s Internal Data Leaked Publicly
May 13, 2026
Cybersecurity
Sri Lanka Arrests 628 in Colombo Crypto Fraud Compound Bust
May 13, 2026
Application Security
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
May 13, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Gentlemen Ransomware Group’s Internal Data Leaked Publicly
May 13, 2026
Internal data from the Gentlemen ransomware group — including bitcoin wallets and communications from 300+ victim operations — was posted publicly on MediaFire.
Sri Lanka Arrests 628 in Colombo Crypto Fraud Compound Bust
May 13, 2026
Sri Lankan police arrested 628 foreign nationals running crypto fraud and pig-butchering scam operations from luxury apartments in Colombo in a coordinated sweep.
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
May 13, 2026
SAP's May 2026 Security Patch Day fixes CVE-2026-34260, a CVSS 9.6 SQL injection in S/4HANA Enterprise Search that lets authenticated attackers read or delete ERP ...
Nitrogen Ransomware Hits Foxconn Wisconsin, Claims 8TB Theft
May 13, 2026
Nitrogen ransomware claimed responsibility for an attack on Foxconn's Mount Pleasant, Wisconsin campus, asserting 8TB of data stolen across more than 11 million files.
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
May 13, 2026
InterLock ransomware posted four new victims in 24 hours on May 11, including Park Dental Research — a US healthcare target flagged in active FBI ...
ShinyHunters Sets HMH Extortion Deadline, Student Data at Risk
May 13, 2026
ShinyHunters posted Houghton Mifflin Harcourt with a May 12 pay-or-leak deadline, threatening to expose student and educator data from one of the largest US edtech ...
Public PoC Drops for CVSS 9.8 Android Zero-Click CVE-2026-0073
May 13, 2026
Security group BARGHEST released a public PoC for CVE-2026-0073, a CVSS 9.8 zero-click RCE in Android's debug bridge daemon affecting Android 14, 15, and 16.
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
May 13, 2026
Dell advisory DSA-2026-047 patches a CVSS 9.8 hard-coded credentials flaw in Dell ECS and ObjectScale that grants unauthenticated filesystem access to enterprise storage.
PHP SOAP Extension RCE CVE-2026-6722 Patched Across All Branches
May 13, 2026
PHP patched CVE-2026-6722, a use-after-free RCE in the SOAP extension, across all active branches (8.2, 8.3, 8.4, 8.5) — exposing any server handling SOAP requests.
GhostLock Abuses Windows API to Lock 500K Files, Bypassing EDR
May 13, 2026
GhostLock uses Windows CreateFileW to lock 500,000 files in under three minutes, blocking all access without encryption and evading EDR detection.
WEF: 94% of Organizations Name AI as Top Cybersecurity Change Driver
May 12, 2026
A WEF report finds 94% of enterprise security leaders call AI the top change driver, but warns data quality gaps risk producing false alerts and ...
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
May 12, 2026
Microsoft Defender confirmed limited in-the-wild exploitation of Dirty Frag CVE-2026-43284 in Linux, a deterministic LPE chain targeting xfrm-ESP and RxRPC page caches. Patches available for ...
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
May 12, 2026
The FCC extended security update support for banned Chinese-made routers to 2029, citing Volt Typhoon threat concerns and risk of unpatched network devices.
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
May 12, 2026
Skoda Auto disclosed a breach of its online shop portal that exposed customer names, addresses, email addresses, and password hashes to unauthorized access.
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
May 12, 2026
SOCRadar uncovered Operation HookedWing, a 4-year credential-harvesting campaign that compromised 2,000+ accounts across 500+ organizations in aviation, energy, government, and critical infrastructure using GitHub-hosted phishing ...
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
May 12, 2026
cPanel released a second emergency patch in ten days — CVE-2026-29202 and CVE-2026-29203 enable code execution — as Sorry ransomware hits 44,000 servers.
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
May 12, 2026
TeamPCP backdoored the Checkmarx Jenkins AST scanner plugin in a third supply chain wave, following March Trivy and April KICS attacks. Version 2026.5.09 was compromised; ...
University Student’s TETRA Replay Attack Halts Taiwan Bullet Train
May 12, 2026
A Taiwan university student used cheap radio equipment to replay TETRA signals, disabling the island's high-speed rail network for nearly an hour in 2026.
Five Malicious NuGet Packages Target Chinese .NET Developers
May 12, 2026
Socket discovered five NuGet packages typosquatting Chinese .NET UI libraries — IR.DantUI, IR.OscarUI, and three more — amassing 65,000 downloads while stealing credentials from 12 ...
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor
May 12, 2026
QLNX is a fileless Linux RAT using eBPF rootkit and PAM backdoor to steal npm, PyPI, AWS, and GitHub tokens from developer hosts with near-zero ...
Gentlemen Ransomware Group’s Internal Data Leaked Publicly
Sri Lanka Arrests 628 in Colombo Crypto Fraud Compound Bust
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
Nitrogen Ransomware Hits Foxconn Wisconsin, Claims 8TB Theft
InterLock Claims Park Dental Research in 24-Hour Healthcare Blitz
ShinyHunters Sets HMH Extortion Deadline, Student Data at Risk
Public PoC Drops for CVSS 9.8 Android Zero-Click CVE-2026-0073
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
PHP SOAP Extension RCE CVE-2026-6722 Patched Across All Branches
GhostLock Abuses Windows API to Lock 500K Files, Bypassing EDR
WEF: 94% of Organizations Name AI as Top Cybersecurity Change Driver
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
University Student’s TETRA Replay Attack Halts Taiwan Bullet Train
Five Malicious NuGet Packages Target Chinese .NET Developers
QLNX Fileless Linux RAT Combines eBPF Rootkit, PAM Backdoor