Main Menu
Cyber Security
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
Critical Security Flaws in Composer Put PHP Applications at Risk
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Google Enhances Pixel Security with Rust-Based DNS Parser
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
Cybercriminals Use Ad Fraud With AI and SEO Tactics to Push Scareware
JanelaRAT: Continuing Threat to Latin American Financial Institutions
Information Theft Revolutionized: No Local Decryption in This Security Threat
Booking.com Confirms Unauthorized Access Compromising User Data
LinkedIn’s Browser Extension Draws Corporate Espionage Allegations
OpenAI Responds to Supply Chain Attack Affecting macOS Security
Juniper Networks Addresses Critical Junos OS Vulnerabilities
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
AI Browser Extensions Pose a Hidden Risk to Network Security
Critical Marimo Vulnerability Is Now Being Actively Exploited for Credential Theft
Cybercriminals Target Venice’s Flood Control Systems, Exposing Dangerous Gaps in Urban Security
Adobe Addresses Critical Flaw in Acrobat Reader with Emergency Updates
Emerging Threats in Malware: Recent Developments in Software Vulnerabilities
U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs
CPUID Website Was Briefly Compromised to Spread Remote Access Trojan
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Chaos Malware Expands Its Reach to Cloud Deployments
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
Application Security
Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
Mitchell Langley April 15, 2026
Microsoft addresses critical Windows 10 vulnerabilities with its April 2026 security patches.
Fake Ledger Live App on macOS Drains $9.5 Million From Victims
Application Security
Fake Ledger Live App on macOS Drains $9.5 Million From Victims
Gabby Lee April 15, 2026
Fake Ledger Live app drains $9.5 million from 50 victims via Apple's App Store. Investigating infiltration tactics.
Basic-Fit Data Breach Exposes Personal Information of One Million Members
Cybersecurity
Basic-Fit Data Breach Exposes Personal Information of One Million Members
Gabby Lee April 15, 2026
A data breach at Basic-Fit has exposed sensitive data of one million members, including names, birth dates, and bank details.
McGraw-Hill Data Breach - Salesforce Misconfiguration Exploited by Hackers
Cybersecurity
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
Andrew Doyle April 15, 2026
McGraw-Hill's data breach involved a Salesforce misconfiguration, exposing sensitive information.
Critical Security Flaws in Composer Put PHP Applications at Risk
Application Security
Critical Security Flaws in Composer Put PHP Applications at Risk
Andrew Doyle April 15, 2026
Two severe security vulnerabilities identified in PHP's Composer might allow arbitrary command execution.
Adobe's ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Application Security
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Andrew Doyle April 15, 2026
Adobe patches 55 vulnerabilities across 11 products, with ColdFusion flaws deemed highly exploitable.
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Application Security
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Mitchell Langley April 15, 2026
Microsoft introduces a fast-track process for developers facing sudden account suspensions in the Windows Hardware Program.
Cyberwarfare Within the Underground - Ransomware Gangs Clash
News
Cyberwarfare Within the Underground: Ransomware Gangs Clash
Gabby Lee April 15, 2026
Rival ransomware gangs in a conflict as 0APT warns of exposing Krybit affiliates.
Google Enhances Pixel Security with Rust-Based DNS Parser
Application Security
Google Enhances Pixel Security with Rust-Based DNS Parser
Andrew Doyle April 15, 2026
Google's Rust-based DNS parser improves Pixel security by addressing vulnerabilities through memory-safe code integration.
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
Cybersecurity
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
Mitchell Langley April 15, 2026
International collaboration exposes $45M in stolen cryptocurrency; $12M recovered in law enforcement play.
Stolen Credentials and Zero Trust - Preventing Privilege Escalation in Security Breaches
Cybersecurity
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
Gabby Lee April 15, 2026
Stolen credentials often lead to unchecked privilege escalation and security breaches, but identity-first Zero Trust offers a strategic solution.
Cybersecurity
Cybercriminals Use Ad Fraud With AI and SEO Tactics to Push Scareware
Gabby Lee April 15, 2026
Novel ad fraud scheme employs AI and SEO techniques to push deceptive content and trick users.
JanelaRAT - Continuing Threat to Latin American Financial Institutions
Cybersecurity
JanelaRAT: Continuing Threat to Latin American Financial Institutions
Mitchell Langley April 14, 2026
Latin America's financial sector faces advanced cyber threats from JanelaRAT malware targeting crucial financial data.
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform W3LL
News
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform “W3LL”
Mitchell Langley April 14, 2026
The FBI and Indonesian authorities have dismantled the global phishing platform "W3LL" and arrested its alleged creator in the first joint enforcement...
Phony Root Certificate Scheme Puts Open Source Developers at Risk
News
Phony Root Certificate Scheme Puts Open Source Developers at Risk
Gabby Lee April 14, 2026
Cyber attackers use Google-hosted pages to trick open source developers with fake credentials and take control.
Information Theft Revolutionized - No Local Decryption in This Security Threat
Cybersecurity
Information Theft Revolutionized: No Local Decryption in This Security Threat
Andrew Doyle April 14, 2026
Storm infostealer bypasses local decryption in browsers, hijacks sessions and passwords.
Booking.com Confirms Unauthorized Access Compromising User Data
Application Security
Booking.com Confirms Unauthorized Access Compromising User Data
Mitchell Langley April 14, 2026
Unauthorized access at Booking.com exposes user and reservation data, raising cybersecurity concerns.
LinkedIn's Browser Extension Draws Corporate Espionage Allegations
Application Security
LinkedIn’s Browser Extension Draws Corporate Espionage Allegations
Gabby Lee April 14, 2026
Examination of allegations linking LinkedIn's browser extension to corporate espionage conducted by Microsoft.
OpenAI Responds to Supply Chain Attack Affecting macOS Security
Application Security
OpenAI Responds to Supply Chain Attack Affecting macOS Security
Andrew Doyle April 14, 2026
OpenAI confronts potential compromise of macOS code signing certificate due to North Korean-linked Axios supply chain attack.
Juniper Networks Addresses Critical Junos OS Vulnerabilities
Cybersecurity
Juniper Networks Addresses Critical Junos OS Vulnerabilities
Andrew Doyle April 13, 2026
Remote exploitation of Junos OS flaw could lead to device takeover.
Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
Application Security
Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
Mitchell Langley April 15, 2026
Basic-Fit Data Breach Exposes Personal Information of One Million Members
Cybersecurity
Basic-Fit Data Breach Exposes Personal Information of One Million Members
Gabby Lee April 15, 2026
JanelaRAT - Continuing Threat to Latin American Financial Institutions
Cybersecurity
JanelaRAT: Continuing Threat to Latin American Financial Institutions
Mitchell Langley April 14, 2026
LucidRook Malware Targets Taiwanese Universities and NGOs
News
LucidRook Malware Targets Taiwanese Universities and NGOs
Gabby Lee April 13, 2026

TOP CYBERSECURITY HEADLINES

McGraw-Hill Data Breach - Salesforce Misconfiguration Exploited by Hackers
Cybersecurity
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
Critical Security Flaws in Composer Put PHP Applications at Risk
Application Security
Critical Security Flaws in Composer Put PHP Applications at Risk
Adobe's ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Application Security
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Application Security
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions

This Week’s Security Spotlight

OpenAI Responds to Supply Chain Attack Affecting macOS Security
Application Security
OpenAI Responds to Supply Chain Attack Affecting macOS Security
Andrew Doyle April 14, 2026
U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs
Cybersecurity
U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs
Mitchell Langley April 13, 2026
New Bypass Technique Bypasses Apple's AI Safeguards
Application Security
New Bypass Technique Bypasses Apple’s AI Safeguards
Gabby Lee April 10, 2026
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Cybersecurity
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Mitchell Langley April 8, 2026
More In News
Trending
Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs
New Extortion Crew Uses Phishing to Breach High-Value Corporations
Bogus Traffic Violation Text Scam Targeting Americans
EvilTokens Kit Uses Device Code Phishing to Target Microsoft Accounts

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
October 28, 2025
Podcasts
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
October 28, 2025
Podcasts
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
October 28, 2025

Cyber Security News

Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
Application Security
Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
April 15, 2026
Fake Ledger Live App on macOS Drains $9.5 Million From Victims
Application Security
Fake Ledger Live App on macOS Drains $9.5 Million From Victims
April 15, 2026
Basic-Fit Data Breach Exposes Personal Information of One Million Members
Cybersecurity
Basic-Fit Data Breach Exposes Personal Information of One Million Members
April 15, 2026
McGraw-Hill Data Breach - Salesforce Misconfiguration Exploited by Hackers
Cybersecurity
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
April 15, 2026
Critical Security Flaws in Composer Put PHP Applications at Risk
Application Security
Critical Security Flaws in Composer Put PHP Applications at Risk
April 15, 2026
Adobe's ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Application Security
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
April 15, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
April 15, 2026
McGraw-Hill's data breach involved a Salesforce misconfiguration, exposing sensitive information.
Critical Security Flaws in Composer Put PHP Applications at Risk
April 15, 2026
Two severe security vulnerabilities identified in PHP's Composer might allow arbitrary command execution.
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
April 15, 2026
Adobe patches 55 vulnerabilities across 11 products, with ColdFusion flaws deemed highly exploitable.
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
April 15, 2026
Microsoft introduces a fast-track process for developers facing sudden account suspensions in the Windows Hardware Program.
Cyberwarfare Within the Underground: Ransomware Gangs Clash
April 15, 2026
Rival ransomware gangs in a conflict as 0APT warns of exposing Krybit affiliates.
Google Enhances Pixel Security with Rust-Based DNS Parser
April 15, 2026
Google's Rust-based DNS parser improves Pixel security by addressing vulnerabilities through memory-safe code integration.
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
April 15, 2026
International collaboration exposes $45M in stolen cryptocurrency; $12M recovered in law enforcement play.
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
April 15, 2026
Stolen credentials often lead to unchecked privilege escalation and security breaches, but identity-first Zero Trust offers a strategic solution.
Cybercriminals Use Ad Fraud With AI and SEO Tactics to Push Scareware
April 15, 2026
Novel ad fraud scheme employs AI and SEO techniques to push deceptive content and trick users.
JanelaRAT: Continuing Threat to Latin American Financial Institutions
April 14, 2026
Latin America's financial sector faces advanced cyber threats from JanelaRAT malware targeting crucial financial data.
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform “W3LL”
April 14, 2026
The FBI and Indonesian authorities have dismantled the global phishing platform "W3LL" and arrested its alleged creator in the first joint enforcement...
Phony Root Certificate Scheme Puts Open Source Developers at Risk
April 14, 2026
Cyber attackers use Google-hosted pages to trick open source developers with fake credentials and take control.
Information Theft Revolutionized: No Local Decryption in This Security Threat
April 14, 2026
Storm infostealer bypasses local decryption in browsers, hijacks sessions and passwords.
Booking.com Confirms Unauthorized Access Compromising User Data
April 14, 2026
Unauthorized access at Booking.com exposes user and reservation data, raising cybersecurity concerns.
LinkedIn’s Browser Extension Draws Corporate Espionage Allegations
April 14, 2026
Examination of allegations linking LinkedIn's browser extension to corporate espionage conducted by Microsoft.
OpenAI Responds to Supply Chain Attack Affecting macOS Security
April 14, 2026
OpenAI confronts potential compromise of macOS code signing certificate due to North Korean-linked Axios supply chain attack.
Juniper Networks Addresses Critical Junos OS Vulnerabilities
April 13, 2026
Remote exploitation of Junos OS flaw could lead to device takeover.
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
April 13, 2026
New Zig dropper in GlassWorm campaign targets IDEs, posing threats to developers.
LucidRook Malware Targets Taiwanese Universities and NGOs
April 13, 2026
Exploration of LucidRook, a Lua-based malware targeting NGOs and universities in Taiwan linked to UAT-10362.
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
April 13, 2026
Public views are invited on radiofrequency jammers to help shape laws targeting cybercrime devices.
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
Critical Security Flaws in Composer Put PHP Applications at Risk
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Cyberwarfare Within the Underground: Ransomware Gangs Clash
Google Enhances Pixel Security with Rust-Based DNS Parser
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
Cybercriminals Use Ad Fraud With AI and SEO Tactics to Push Scareware
JanelaRAT: Continuing Threat to Latin American Financial Institutions
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform “W3LL”
Phony Root Certificate Scheme Puts Open Source Developers at Risk
Information Theft Revolutionized: No Local Decryption in This Security Threat
Booking.com Confirms Unauthorized Access Compromising User Data
LinkedIn’s Browser Extension Draws Corporate Espionage Allegations
OpenAI Responds to Supply Chain Attack Affecting macOS Security
Juniper Networks Addresses Critical Junos OS Vulnerabilities
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
LucidRook Malware Targets Taiwanese Universities and NGOs
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation