Cyber Security
Cybersecurity
TheGentlemen Ransomware Lists US Water Utility Suburban Water
TheGentlemen ransomware posted Suburban Water, a US critical infrastructure water utility, among 14 victims across five sectors in a 46-minute window.
Cybersecurity
ShadowByt3$ Ransomware Hits Syngenta’s Cropwise Platform
ShadowByt3$ ransomware claims unauthorized access to Cropwise, Syngenta's precision agriculture platform, stealing GIS data, yield models, and API keys.
Cybersecurity
UPDATE: Dashlane Confirms Encrypted Vaults Downloaded in Attack
Dashlane now confirms attackers downloaded encrypted password vaults from fewer than 20 accounts by brute-forcing 2FA codes to register unauthorized devices.
Cybersecurity
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
Over 5,000 election-themed domains registered between April and May 2026 form phishing infrastructure targeting voters, campaign staff, and election workers.
Cybersecurity
GTA Cheat Service Atlas Menu Hacked; 64,000 Records Exposed
Atlas Menu, a paid GTA Online cheat service, was breached and 64,000 user records published on GitHub, with the attacker alleging spyware behavior.
Cybersecurity
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
Scammers have spoofed the PSNI's official switchboard number to impersonate officers and pressure victims into buying gift cards in a vishing campaign.
Cybersecurity
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
Cybersecurity
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
Cybersecurity
Play Ransomware Claims US Telecom Hightower Communications
Play ransomware has listed Hightower Communications on its dark web leak site, marking the second US telecom claimed by the group within a ten-day period.
Cybersecurity
Play Ransomware Claims US Telecom Hightower Communications
Play ransomware has listed Hightower Communications on its dark web leak site, marking the second US telecom claimed by the group within a ten-day period.
Cybersecurity
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
Cybersecurity
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
Cybersecurity
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
Scammers have spoofed the PSNI's official switchboard number to impersonate officers and pressure victims into buying gift cards in a vishing campaign.
Cybersecurity
GTA Cheat Service Atlas Menu Hacked; 64,000 Records Exposed
Atlas Menu, a paid GTA Online cheat service, was breached and 64,000 user records published on GitHub, with the attacker alleging spyware behavior.
Cybersecurity
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
Over 5,000 election-themed domains registered between April and May 2026 form phishing infrastructure targeting voters, campaign staff, and election workers.
Cybersecurity
UPDATE: Dashlane Confirms Encrypted Vaults Downloaded in Attack
Dashlane now confirms attackers downloaded encrypted password vaults from fewer than 20 accounts by brute-forcing 2FA codes to register unauthorized devices.
Cybersecurity
ShadowByt3$ Ransomware Hits Syngenta’s Cropwise Platform
ShadowByt3$ ransomware claims unauthorized access to Cropwise, Syngenta's precision agriculture platform, stealing GIS data, yield models, and API keys.
Cybersecurity
TheGentlemen Ransomware Lists US Water Utility Suburban Water
TheGentlemen ransomware posted Suburban Water, a US critical infrastructure water utility, among 14 victims across five sectors in a 46-minute window.
CVE Vulnerability Alerts
NIST Inspector General: NVD Backlog Hits 27,000 CVEs
A NIST Inspector General report finds the NVD backlog has grown to over 27,000 unprocessed CVEs, degrading enterprise vulnerability management programs.
Application Security
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
CVE-2026-8633 is a CVSS 9.8 unauthenticated RCE in IBM WebSphere's Web Server Plug-ins. Patches are available for WebSphere 8.5 and 9.0 and Liberty builds.
Cybersecurity
ShadowByt3$ Ransomware Hits Syngenta’s Cropwise Platform
TOP CYBERSECURITY HEADLINES
Cybersecurity
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
Over 5,000 election-themed domains registered between April and May 2026 form phishing infrastructure targeting voters, campaign staff, and election workers.
GTA Cheat Service Atlas Menu Hacked; 64,000 Records Exposed
Atlas Menu, a paid GTA Online cheat service, was breached and 64,000 user records published on GitHub, with the attacker alleging spyware behavior.
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
Scammers have spoofed the PSNI's official switchboard number to impersonate officers and pressure victims into buying gift cards in a vishing campaign.
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
Play Ransomware Claims US Telecom Hightower Communications
Play ransomware has listed Hightower Communications on its dark web leak site, marking the second US telecom claimed by the group within a ten-day period.
Play Ransomware Claims US Telecom Hightower Communications
Play ransomware has listed Hightower Communications on its dark web leak site, marking the second US telecom claimed by the group within a ten-day period.
Gamaredon Hides USB Worm in NTFS Alternate Data Streams
Sekoia documents an active Gamaredon campaign using NTFS Alternate Data Streams to conceal USB worm modules targeting Ukrainian government networks.
PureLogs Infostealer Uses MSBuild.exe for Fileless Deployment
FortiGuard Labs documents PureLogs infostealer delivered via fake purchase order emails, using MSBuild.exe process hollowing to execute entirely in memory.
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
Scammers have spoofed the PSNI's official switchboard number to impersonate officers and pressure victims into buying gift cards in a vishing campaign.
GTA Cheat Service Atlas Menu Hacked; 64,000 Records Exposed
Atlas Menu, a paid GTA Online cheat service, was breached and 64,000 user records published on GitHub, with the attacker alleging spyware behavior.
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
Over 5,000 election-themed domains registered between April and May 2026 form phishing infrastructure targeting voters, campaign staff, and election workers.
UPDATE: Dashlane Confirms Encrypted Vaults Downloaded in Attack
Dashlane now confirms attackers downloaded encrypted password vaults from fewer than 20 accounts by brute-forcing 2FA codes to register unauthorized devices.
ShadowByt3$ Ransomware Hits Syngenta’s Cropwise Platform
ShadowByt3$ ransomware claims unauthorized access to Cropwise, Syngenta's precision agriculture platform, stealing GIS data, yield models, and API keys.
TheGentlemen Ransomware Lists US Water Utility Suburban Water
TheGentlemen ransomware posted Suburban Water, a US critical infrastructure water utility, among 14 victims across five sectors in a 46-minute window.
NIST Inspector General: NVD Backlog Hits 27,000 CVEs
A NIST Inspector General report finds the NVD backlog has grown to over 27,000 unprocessed CVEs, degrading enterprise vulnerability management programs.
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
CVE-2026-8633 is a CVSS 9.8 unauthenticated RCE in IBM WebSphere's Web Server Plug-ins. Patches are available for WebSphere 8.5 and 9.0 and Liberty builds.
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
Pakistan-attributed SideCopy APT used Pashto-language LNK lures against Afghanistan's Finance Ministry, deploying Xeno RAT for full system access and exfil.
Meta AI Chatbot Flaw Lets Attackers Hijack Instagram Accounts
A confused deputy flaw in Meta's AI support chatbot let attackers hijack Instagram accounts including @obamawhitehouse, Sephora, and U.S. Space Force.
Red Hat npm Packages Backdoored with Miasma Credential Worm
Attackers backdoored 32 Red Hat npm packages with the Miasma worm, stealing CI/CD secrets, cloud keys, and SSH keys across roughly 80,000 weekly downloads.