Cyber Security
News
Dior Confirms Data Breach Exposing Chinese Customer Information
Christian Dior confirms a customer data breach affecting Chinese users. Names, contacts, and shopping data were leaked; no financial details were compromised. Investigation ongoing.
News
Nucor Shuts Down Production Lines Following Cybersecurity Incident
Nucor Corporation has shut down select production operations following a cybersecurity incident that compromised internal systems. The company is investigating and restoring operations.
News
Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach
Hackers are selling 89 million Steam user records in an apparent supply chain breach involving vendor access. Valve denies a direct Steam breach but continues ...
News
HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage
HireClick leaked over 5.7 million resume files after leaving an AWS bucket unsecured. The data exposure poses significant risks of fraud, phishing, and identity theft. ...
News
Valve Denies Steam Data Breach, Dismisses Leaked Data as Useless Expired Codes
Valve denies claims of a Steam data breach, stating leaked data consists of expired SMS codes with no account credentials, passwords, or personal information.
News
Memphis-Shelby County Schools Joins Growing Lawsuit Against PowerSchool After Data Breach
Tennessee’s largest school district has filed a federal lawsuit against PowerSchool, citing breach of contract and security failures linked to a December 2023 data breach. ...
News
DragonForce Hackers Disrupt UK Retail Giant Co-op in Geopolitically Charged Cyberattack
Russian-aligned ransomware group DragonForce hit UK retailer Co-op, exposing customer data and disrupting operations, in a hybrid cyberattack blending financial and geopolitical motives.
News
EU Launches European Vulnerability Database (EUVD) Amid CVE Funding Crisis
The EU launches its own vulnerability database (EUVD) to strengthen cybersecurity, reduce reliance on CVE, and ensure greater digital sovereignty across European infrastructure.
News
Twilio Denies Breach After Leak Claims to Expose Steam 2FA Codes
Twilio denies breach after leaked Steam 2FA codes appear online. Experts suspect a third-party SMS provider may be the source of the data exposure.
News
M&S Confirms Customer Data Breach Following Cyberattack
M&S confirms a customer data breach exposing contact details and order history after a cyberattack, but reassures no payment data or passwords were compromised.
News
VMware Tools Vulnerability Lets Attackers Tamper with Virtual Machines
Broadcom patches a critical VMware Tools vulnerability that allows attackers with limited VM access to tamper with files. Affects Windows, Linux, and open-vm-tools versions.
News
Thousands of Node Developers Compromised by Malware in Popular npm Packages
A sophisticated supply chain attack on npm injected malware into widely used packages, exposing thousands of developers to remote access trojans, data theft, and backdoors. ...
News
Türkiye-Backed Group Exploits Output Messenger Zero-Day in Cyberespionage Attack on Kurdish Targets
A Türkiye-linked cyberespionage group exploited a zero-day in Output Messenger, enabling access to sensitive data and communications in targeted attacks on Kurdish-aligned users.
News
Moldovan Authorities Arrest Suspect Tied to DoppelPaymer Ransomware Attacks
A Moldovan suspect has been arrested for a 2021 DoppelPaymer ransomware attack that crippled Dutch research systems and caused €4.5 million in damages.
Cybersecurity
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
Chinese threat group Chaya_004 exploited a zero-day flaw in SAP NetWeaver servers, compromising hundreds of systems using remote code execution and web shell deployments.
Cybersecurity
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
The iClicker website was hacked between April 12–16, 2025, using a fake CAPTCHA to deploy malware via a ClickFix attack targeting students and faculty.
News
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
LockBit's dark web affiliate panels were hacked, exposing thousands of victim negotiation messages, affiliate details, and bitcoin addresses in a leaked MySQL database.
News
Ascension Data Breach Exposes Personal and Health Information of Over 430,000 Patients
Ascension confirms a third-party data breach affecting 437,329 patients, exposing sensitive personal and medical data, including Social Security numbers and health insurance details.
News
PowerSchool Hacker Now Extorting Individual School Districts Using Stolen Data
The PowerSchool hacker is now targeting individual school districts, threatening to leak sensitive student and staff data stolen in the December 2024 breach.
News
NSO Group Fined $167 Million for Pegasus Spyware Attack on WhatsApp Users
A U.S. jury has ordered NSO Group to pay over $167 million in damages for a 2019 Pegasus spyware attack that targeted 1,400 WhatsApp users. ...
Ransomware
INC Ransomware: Master of Double Extortion
TOP CYBERSECURITY HEADLINES
SECURITYWEEK INDUSTRY EXPERTS
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Threat Actors
- Threat Detection Tools
- Uncategorized
Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records
Hackers claim to have breached Cyprus Airways, stealing 41GB of passenger and staff data and maintaining real-time access to flight systems and travel information.
Gunra Ransomware Group Claims Massive Breach at American Hospital Dubai
Gunra ransomware claims to have stolen 450 million records from American Hospital Dubai, threatening to leak the data if ransom demands are not met by ...
Cartier Cyberattack Exposes Customer Data as Retail Sector Faces Ongoing Threats
Cartier confirms a cyberattack exposed customer data as cyber threats rise across the retail sector, affecting brands like Marks & Spencer, Victoria’s Secret, and Harrods. ...
Chrome Under Fire: Three Zero-Days, One Month, and Nation-State Exploits
In this episode, we dive deep into three actively exploited zero-day vulnerabilities discovered in Google Chrome in 2025, each of which was patched in rapid ...
Medical Data Breach Affected Dental Service Infrastructure
An exposed MongoDB database revealed 2.7 million patient records and 8.8 million appointments, likely linked to Gargle, a dental marketing provider, prompting HIPAA scrutiny.
Australia Forces Transparency: The World’s First Mandatory Ransomware Payment Reporting Law
Australia just made cyber history. On May 30, 2025, the nation became the first in the world to enforce mandatory ransomware payment reporting under the ...
$25M for AI Email Security: Trustifi’s Big Bet on the MSP Market
In this episode, we dive into Trustifi’s recent $25 million Series A funding round, led by growth equity firm Camber Partners. Specializing in AI-powered email ...
GhostSec: From Hacktivist Roots to RaaS Powerhouse
GhostSec evolved from anti-ISIS hacktivists into a global ransomware threat, deploying GhostLocker via RaaS and targeting critical infrastructure with sophisticated, multi-stage infiltration tactics.
Malicious RubyGems Impersonate Fastlane Plugins to Steal Telegram Bot Data
Two malicious RubyGems imitating Fastlane plugins redirect Telegram API calls to attacker-controlled proxies, harvesting bot tokens, chat content, and sensitive developer data.
Victoria’s Secret Postpones Q1 Earnings Amid System Restoration After Security Incident
Victoria’s Secret has postponed its Q1 2025 earnings release due to system restoration efforts following a May 24 cyber incident affecting corporate, retail, and online ...
The Exploding Threat of Cybercrime-as-a-Service (CaaS): How it’s Reshaping the Cybercrime Landscape
The rise of Cybercrime-as-a-Service (CaaS) is transforming the threat landscape, democratizing cyberattacks and making them more frequent and diverse. This blog explores the various CaaS ...
Volkswagen Probes Hacker Claims Amid Ongoing Ransomware Threats
Volkswagen is investigating Stormous ransomware group’s breach claims, but internal reviews show no unauthorized access or compromised data within the company’s systems so far.
CISA Issues Alert on Actively Exploited ScreenConnect, ASUS Router, and Craft CMS Vulnerabilities
CISA has warned U.S. agencies of active attacks exploiting a ScreenConnect vulnerability and critical flaws in ASUS routers and Craft CMS. Patches and mitigations are ...
The North Face Discloses April Credential Stuffing Attack Impacting Customer Accounts
The North Face has confirmed a credential stuffing attack in April, exposing customer data including names, addresses, and emails. Payment information remains unaffected.
Nokota Packers Targeted in Ransomware Attack by Emerging J Group Gang
North Dakota-based Nokota Packers has reportedly suffered a ransomware attack by the J Group gang, with hackers claiming to have stolen 50GB of sensitive data. ...
Stormous Ransomware Gang Claims Volkswagen Hack Without Proof
Stormous ransomware gang claims a breach at Volkswagen, but provides no sample data. Researchers find no evidence yet of compromised systems or stolen information.
Google Chrome vs. Failing CAs: The Policy Behind the Distrust
In this episode, we dissect Google’s recent and upcoming decisions to distrust several Certificate Authorities (CAs) within the Chrome Root Store, including Entrust, Chunghwa Telecom, ...
CVE-2025-48827 & 48828: How vBulletin’s API and Template Engine Got Weaponized
Two critical, actively exploited vulnerabilities in vBulletin forum software—CVE-2025-48827 and CVE-2025-48828—have put thousands of websites at immediate risk of full system compromise. In this episode, ...
JINX-0132: How Cryptojackers Hijacked DevOps Infrastructure via Nomad and Docker
In this episode, we dissect the JINX-0132 cryptojacking campaign — a real-world example of how threat actors are exploiting cloud and DevOps environments to mine ...
Cartier Confirms Customer Data Exposure Following Cybersecurity Breach
Cartier has confirmed a cyberattack that exposed limited customer data, including names and email addresses. Sensitive financial and login information was not compromised.