Main Menu
Cyber Security
CISA Warns of Ongoing Cyber Threats to U.S. Oil and Gas Infrastructure
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
The Rising Tide of Supply Chain Cybersecurity Risks in 2025
Fighting AI with AI: Using Artificial Intelligence to Strengthen Enterprise Cybersecurity
27 Million Records Allegedly Leaked from French Retailer Boulanger
13 Cybersecurity Assumptions That Are Getting You Hacked (And What to Do Instead)
Navigating the Complex Intersection of AI and Data Privacy
Cookie-Bite Attack Uses Chrome Extension to Steal Microsoft Session Tokens and Bypass MFA
Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests
FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud
Remote Desktop Protocol (RDP): A Double-Edged Sword for IT Teams
Google Faces £5 Billion UK Antitrust Lawsuit Over Search Advertising Practices
Skyward Specialty Insurance Data Breach Exposes Sensitive Information
Hacker Forum ‘Cracked’ Resurfaces Online After FBI Seizure in Global Cybercrime Operation
Wolters Kluwer Data Breach Claim Raises Alarms Across Fortune 500 Network
Fall River Public Schools Responds to Cybersecurity Breach
COBIT 2019 vs. COBIT 5: What’s New and Why It Matters
The Soaring Cost of Data Breaches for Enterprise Businesses in 2024
ChatGPT is Down Worldwide Impacting Millions
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years
10 Key Benefits of Cyber Tabletop Exercises
Network Security in a Digital World: Understanding and Mitigating Risks
WhatsApp Patches Zero-Day Flaw Exploited by Paragon Spyware
The Mirai Botnet: The Infamous DDoS Weapon
Compliance Isn’t Security: Why a Checklist Alone Won’t Stop Cyberattacks
Outsourcing Cybersecurity Could Save Your Company Millions – Here’s How
CISA Warns of Craft CMS Code Injection Flaw
Top Cyber Threats Facing Enterprise Businesses in 2025: A Comprehensive Guide
State-Sponsored Hackers Abuse Google’s Gemini AI for Attacks
Apple CPU Side-Channel Attacks (SLAP & FLOP) Threaten Safari Browser Security
California Cryobank Data Breach Exposes Sensitive Customer Information
News
California Cryobank Data Breach Exposes Sensitive Customer Information
Mitchell Langley March 19, 2025
California Cryobank, a major US sperm bank, suffered a data breach exposing customer names, bank details, Social Security numbers, and more. The company is offering ...
GitHub Action Hack May Cause Another Supply Chain Attack
News
GitHub Action Hack May Cause Another Supply Chain Attack
Andrew Doyle March 19, 2025
A cascading supply chain attack, starting with a GitHub Action hack, exposed CI/CD secrets across 23,000 repositories, highlighting vulnerabilities in third-party code reliance.
Western Alliance Bank Data Breach Impacts 21,899 Customers
News
Western Alliance Bank Data Breach Impacts 21,899 Customers
Mitchell Langley March 19, 2025
Western Alliance Bank suffered a data breach impacting 21,899 customers, exposing sensitive personal and financial information due to a third-party vendor's software vulnerability exploited by ...
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
News
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
Andrew Doyle March 19, 2025
A critical Windows zero-day exploit, ZDI-CAN-25373, has been exploited by 11 state-sponsored hacking groups since 2017, enabling data theft and espionage. Microsoft initially declined to ...
$6.1 Million Crypto Stolen in WEMIX Hack
News
$6.1 Million Crypto Stolen in WEMIX Hack
Andrew Doyle March 19, 2025
WEMIX, a blockchain gaming platform, suffered a $6.1 million crypto theft. Hackers stole authentication keys, planning the attack for two months before executing 13 successful ...
StilachiRAT Malware Steals Crypto Using Advanced Reconnaissance
News
StilachiRAT Malware Steals Crypto Using Advanced Reconnaissance
Mitchell Langley March 18, 2025
Microsoft discovered StilachiRAT, a new RAT malware using sophisticated techniques to steal cryptocurrency and perform reconnaissance. Its advanced evasion capabilities make proactive defense crucial.
GitHub Action Supply Chain Attack Exposes CI/CD Secrets
News
GitHub Action Supply Chain Attack Exposes CI/CD Secrets
Andrew Doyle March 18, 2025
A supply chain attack on the popular tj-actions/changed-files GitHub Action exposed CI/CD secrets. Attackers compromised a PAT, impacting 23,000 repositories. GitHub has since removed the ...
Critical Apache Tomcat Flaw Actively Exploited in Attacks
News
Critical Apache Tomcat Flaw Actively Exploited in Attacks
Mitchell Langley March 18, 2025
Critical Apache Tomcat RCE vulnerability (CVE-2025-24813) is actively exploited, allowing attackers to take control of servers via simple PUT requests. Immediate patching is crucial.
Fake "Security Alert" on GitHub Used to Hijack OAuth App Accounts
News
Fake “Security Alert” on GitHub Used to Hijack OAuth App Accounts
Andrew Doyle March 18, 2025
A massive GitHub phishing campaign uses fake "Security Alert" issues and a malicious OAuth app to hijack accounts, granting attackers full control. Immediate action is ...
Lingnan University Suffers Cybersecurity Breach: Sensitive Data Exposed
News
Lingnan University Suffers Cybersecurity Breach: Sensitive Data Exposed
Andrew Doyle March 18, 2025
Lingnan University in Hong Kong suffered a data breach exposing thousands of records, including sensitive personal data. The university is taking steps to enhance security.
Florida Hospital Data Breach Impacts Over 120,000 Patients
News
Florida Hospital Data Breach Impacts Over 120,000 Patients
Mitchell Langley March 17, 2025
A Florida hospital, CDH, suffered a data breach impacting over 120,000 patients. Sensitive data, including Social Security numbers and health information, was compromised. The BianLian ...
BlackBasta Ransomware Uses Automated Tool 'BRUTED' to Brute-Force VPNs
News
BlackBasta Ransomware Uses Automated Tool ‘BRUTED’ to Brute-Force VPNs
Andrew Doyle March 17, 2025
The BlackBasta ransomware group uses an automated tool, BRUTED, to brute-force VPNs and firewalls, highlighting the need for robust multi-factor authentication.
JD.com Data Breach: Babuk Ransomware Cartel Claims Massive Data Theft
News
JD.com Data Breach: Babuk Ransomware Cartel Claims Massive Data Theft
Mitchell Langley March 17, 2025
JD.com, a major Chinese retailer, faces a massive data breach after the Babuk ransomware cartel claims to have stolen customer passwords and other sensitive information. ...
UDMI Radiology Firm Suffers Major Data Breach: Fog Ransomware Claims Responsibility
News
UDMI Radiology Firm Suffers Major Data Breach: Fog Ransomware Claims Responsibility
Andrew Doyle March 17, 2025
Fog ransomware group claims responsibility for a major data breach at UDMI, a radiology firm, impacting over 138,000 individuals. The incident underscores the critical need ...
FBI Issues Warning Against Medusa Ransomware for Gmail, Outlook, and VPN Users
News
FBI Issues Warning Against Medusa Ransomware for Gmail, Outlook, and VPN Users
Mitchell Langley March 17, 2025
The FBI warns of escalating Medusa ransomware attacks targeting Gmail, Outlook, and VPN users, urging immediate security enhancements to mitigate the threat.
LockBit Ransomware Developer Extradited to the United States
News
LockBit Ransomware Developer Extradited to the United States
Andrew Doyle March 17, 2025
A key LockBit ransomware developer, Rostislav Panev, has been extradited to the US to face charges for his role in the group's global attacks.
Insider Attack and Extortion at Stram Center, SSK Plastic Surgery and Grove at Valhalla Rehabilitation
News
Insider Attack and Extortion at Stram Center, SSK Plastic Surgery and Grove at Valhalla Rehabilitation
Mitchell Langley March 14, 2025
Three healthcare providers suffered data breaches from insider attacks, extortion, and third-party vulnerabilities, highlighting the need for robust cybersecurity measures.
CISA Reports Medusa Ransomware Attacks Over 300 Critical Infrastructure Organizations
News
CISA Reports Medusa Ransomware Attacks Over 300 Critical Infrastructure Organizations
Mitchell Langley March 14, 2025
A joint advisory from CISA, FBI, and MS-ISAC reveals Medusa ransomware impacted over 300 US critical infrastructure organizations by February 2025. The advisory details mitigation ...
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
News
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
Andrew Doyle March 14, 2025
Facebook disclosed a critical FreeType vulnerability (CVE-2025-27363), allowing arbitrary code execution. All versions up to 2.13 are affected; immediate updates are crucial.
Lazarus Group North Korean Hackers Infect Hundreds via Malicious npm Packages
News
Lazarus Group North Korean Hackers Infect Hundreds via Malicious npm Packages
Mitchell Langley March 14, 2025
The Lazarus Group, a North Korean hacking collective, deployed six malicious npm packages, infecting hundreds of developers. The packages steal credentials and deploy backdoors.
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
News
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
Andrew Doyle May 12, 2025
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
Cybersecurity
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
Syed Arslan May 8, 2025
Ransomware Victims on Dark Web – 04th March, 2025
Ransomware
Ransomware Victims on Dark Web – 04th March, 2025
Gabby Lee April 21, 2025
Interlock Ransomware Gang Deploys ClickFix Attacks Using Fake IT Tools to Compromise Networks
News
Interlock Ransomware Gang Deploys ClickFix Attacks Using Fake IT Tools to Compromise Networks
Andrew Doyle April 21, 2025

TOP CYBERSECURITY HEADLINES

Nucor Shuts Down Production Lines Following Cybersecurity Incident
News
Nucor Shuts Down Production Lines Following Cybersecurity Incident
Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach
News
Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach
HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage
News
HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage
Valve Denies Steam Data Breach, Dismisses Leaked Data as Useless Expired Codes
News
Valve Denies Steam Data Breach, Dismisses Leaked Data as Useless Expired Codes

SECURITYWEEK INDUSTRY EXPERTS

North Korean Hackers TA406 Target Ukraine to Gauge Russia's Military Demands
News
North Korean Hackers TA406 Target Ukraine to Gauge Russia’s Military Demands
Mitchell Langley May 15, 2025
Bank Street College of Education Exposes Half a Million Files with Sensitive Personal Data
News
Bank Street College of Education Exposes Half a Million Files with Sensitive Personal Data
Mitchell Langley May 15, 2025
Dior Confirms Data Breach Exposing Chinese Customer Information
News
Dior Confirms Data Breach Exposing Chinese Customer Information
Mitchell Langley May 15, 2025
Nucor Shuts Down Production Lines Following Cybersecurity Incident
News
Nucor Shuts Down Production Lines Following Cybersecurity Incident
Mitchell Langley May 15, 2025
More In News
Trending
What is a Whaling Phishing Attack?
Phishing Attacks on the Rise: Businesses Face Growing Cyberthreat
Email Spoofing 101: Understanding the Basics and How to Protect Your Enterprise Data
How AI is Revolutionizing Phishing Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
From 1,382 to 4 Million: What VeriSource Didn’t Know (or Say)
April 29, 2025
Podcasts
Actively Exploited: Commvault Web Shells, Active! mail RCE, and Brocade Code Injection Now in KEV
April 29, 2025
Podcasts
Hard-Coded Havoc: The Fatal Flaws in Planet’s Network Devices
April 28, 2025

Cyber Security News

Manufacturers Under Cyberattack An Unprecedented Enterprise Cyberthreat
Blog
Manufacturers Under Cyberattack: An Unprecedented Enterprise Cyberthreat
November 19, 2024
This Week In Cybersecurity: 11th November to 15th November
Cybersecurity
This Week In Cybersecurity: 11th November to 15th November
November 16, 2024
₹2,000 Crore WazirX Cyberattack Culprit Arrested
Cybersecurity
₹2,000 Crore WazirX Cyberattack Culprit Arrested
November 14, 2024
Singtel Data Breach: Volt Typhoon's Test Run Before Targeting US Telecoms
Cybersecurity
Singtel Data Breach: Volt Typhoon’s Test Run Before Targeting US Telecoms
November 6, 2024
Blog
How the Dark Web Has Fueled the 32% Rise in Healthcare Cyberattacks
November 4, 2024
Central Bank Cyprus Says 14.3% of Businesses Hit by Cyberattacks
Cybersecurity
Central Bank Cyprus Says 14.3% of Businesses Hit by Cyberattacks
November 4, 2024
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Threat Actors
  • Threat Detection Tools
  • Uncategorized
Kellogg Data Breached, Clop Ransomware Exploits Cleo Zero-Day Vulnerabilities
April 8, 2025
WK Kellogg confirms a data breach exposing employee names and social security numbers, linked to the Clop ransomware gang's exploitation of Cleo software vulnerabilities.
Superannuation Hack Exposes $4.2 Trillion Sector’s Cybersecurity Vulnerabilities
April 8, 2025
A major superannuation hack exposed critical cybersecurity flaws, impacting major Australian funds and highlighting the urgent need for stronger security measures within the $4.2 trillion ...
Singapore Banks Suffer Ransomware Attack: DBS and Bank of China Affected
April 8, 2025
Singapore's DBS and Bank of China suffered a data breach due to a ransomware attack on their printing services provider, impacting thousands of customers. Funds ...
Vice Society Ransomware: The Anti K-12 RaaS Syndicate
April 8, 2025
Vice Society, a prolific RaaS group, preys on schools and other institutions, deploying readily available ransomware and threatening data leaks unless ransoms are paid. Their ...
Texas State Bar Data Breach Exposes Sensitive Attorney Information
April 8, 2025
Texas State Bar's data breach exposed sensitive attorney information, including SSNs, financial details, and legal case documents. Ransomware group INC claimed responsibility.
Everest Ransomware’s Dark Web Leak Site Defaced and Taken Offline
April 8, 2025
Everest ransomware's dark web leak site was defaced, disrupting their double-extortion scheme. This highlights the vulnerability of even sophisticated cybercriminal operations and the importance of ...
EncryptHub Has a Double Life of a Cybercriminal and Bug Bounty Hunter
April 8, 2025
Threat actor EncryptHub, responsible for compromising 618 organizations, secretly reported two Windows zero-day vulnerabilities to Microsoft, revealing a complex figure operating in both cybercrime and ...
Europcar Data Breach Affects 200,000 Customers
April 7, 2025
Europcar's data breach potentially affects up to 200,000 customers after threat actors accessed GitLab repositories. The company confirms the breach but disputes the full extent ...
WinRAR Vulnerability Bypasses Windows Mark of the Web Security
April 7, 2025
WinRAR vulnerability (CVE-2025-31334) bypasses Windows Mark of the Web security, enabling silent malicious code execution. Update to version 7.11 immediately.
Port of Seattle Ransomware Attack Impacts 90,000 Individuals
April 7, 2025
A ransomware attack on the Port of Seattle exposed the personal data of 90,000 individuals. The Rhysida ransomware group was responsible, and the Port refused ...
E-ZPass Phishing Scam Targets E-ZPass
April 7, 2025
A massive wave of phishing texts impersonating E-ZPass is stealing personal and financial data. Scammers use urgency and encrypted messaging to bypass security measures.
CISA Warns of Fast Flux DNS Evasion Used by Cybercrime Gangs
April 4, 2025
CISA warns of Fast Flux DNS evasion, a technique used by cybercrime gangs to mask malicious activity by rapidly changing DNS records, making detection and ...
COBIT 2019 vs. COBIT 5: What’s New and Why It Matters
April 4, 2025
The IT world is constantly changing, and so are the frameworks that govern it. This blog post delves into the significant differences between COBIT 5 ...
Texas State Bar Data Breach: INC Ransomware Gang Claims Responsibility
April 4, 2025
The Texas State Bar suffered a data breach between January 28 and February 9, 2025, with the INC ransomware gang claiming responsibility and leaking stolen ...
GitHub Supply Chain Attack Traced to Leaked SpotBugs Token
April 4, 2025
A devastating GitHub supply chain attack, targeting Coinbase, stemmed from a leaked SpotBugs token, exposing secrets in 218 repositories and highlighting critical vulnerabilities in open-source ...
Oracle Cloud Breach Confirmed, Data Theft Impacts Legacy Systems
April 4, 2025
Oracle confirms a data breach impacting its legacy Oracle Cloud Classic system, resulting in the theft of client credentials. Investigations are underway, but the company's ...
Hunters International Shifts to Data Extortion and Rebrands as World Leaks
April 4, 2025
Hunters International, a notorious ransomware operation, has rebranded as World Leaks, shifting its focus to data extortion.
$500,000 Lost in Australian Superannuation Fund Data Breach
April 4, 2025
Major Australian superannuation funds experienced a data breach, resulting in $500,000 in losses and impacting thousands of members via a credential stuffing attack.
KillSec: Hacktivists Turned RaaS Syndicate
April 4, 2025
KillSec, a Russia-linked RaaS group, targets healthcare and finance, leveraging OSINT and affiliates for extortion, showing a preference for Asian victims over Western ones.
CVE Vulnerability Alerts – 18th March, 2025
April 4, 2025
This post summarizes various vulnerabilities from recent CVE alerts that could potentially be exploited by malicious actors. Each entry includes brief information on the vulnerability, ...
Nucor Shuts Down Production Lines Following Cybersecurity Incident
Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach
HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage
Valve Denies Steam Data Breach, Dismisses Leaked Data as Useless Expired Codes
Memphis-Shelby County Schools Joins Growing Lawsuit Against PowerSchool After Data Breach
Exploited in the Wild: SAP NetWeaver Zero-Days Hit Fortune 500
Checkout Chaos: Inside the £3.5 Million-a-Day M&S Cyber-Shutdown
Targeted iOS Attacks: The Zero-Days Apple Had to Patch Fast
DragonForce Hackers Disrupt UK Retail Giant Co-op in Geopolitically Charged Cyberattack
EU Launches European Vulnerability Database (EUVD) Amid CVE Funding Crisis
Twilio Denies Breach After Leak Claims to Expose Steam 2FA Codes
Texas vs Google: The $1.4 Billion Wake-Up Call for Data Privacy Violations
Marbled Dust’s Zero-Day Exploit: Unveiling a Türkiye-linked Espionage Campaign Against Kurdish Forces
M&S Confirms Customer Data Breach Following Cyberattack
TeleMessage Exploit: Inside the Messaging Flaw That Hit Coinbase and CBP
VMware Tools Vulnerability Lets Attackers Tamper with Virtual Machines
Thousands of Node Developers Compromised by Malware in Popular npm Packages
Türkiye-Backed Group Exploits Output Messenger Zero-Day in Cyberespionage Attack on Kurdish Targets
Moldovan Authorities Arrest Suspect Tied to DoppelPaymer Ransomware Attacks
rand-user-agent: The NPM Package That Opened a Backdoor