Google confirmed CVE-2025-48595, a no-interaction privilege escalation flaw in Android 14–16, is under active targeted attack. Patches arrive June 5.
Attackers backdoored 32 Red Hat npm packages with the Miasma worm, stealing CI/CD secrets, cloud keys, and SSH keys across
A confused deputy flaw in Meta’s AI support chatbot let attackers hijack Instagram accounts including @obamawhitehouse, Sephora, and U.S. Space
Pakistan-attributed SideCopy APT used Pashto-language LNK lures against Afghanistan’s Finance Ministry, deploying Xeno RAT for full system access and exfil.
CVE-2026-8633 is a CVSS 9.8 unauthenticated RCE in IBM WebSphere’s Web Server Plug-ins. Patches are available for WebSphere 8.5 and
A NIST Inspector General report finds the NVD backlog has grown to over 27,000 unprocessed CVEs, degrading enterprise vulnerability management
TheGentlemen ransomware posted Suburban Water, a US critical infrastructure water utility, among 14 victims across five sectors in a 46-minute
ShadowByt3$ ransomware claims unauthorized access to Cropwise, Syngenta’s precision agriculture platform, stealing GIS data, yield models, and API keys.
Dashlane now confirms attackers downloaded encrypted password vaults from fewer than 20 accounts by brute-forcing 2FA codes to register unauthorized
Over 5,000 election-themed domains registered between April and May 2026 form phishing infrastructure targeting voters, campaign staff, and election workers.
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.