Main Menu
Cyber Security
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
FleetWave Users Left Without Service After Chevin Takes Platform Offline
Authorities Crack a $45 Million Global Cryptocurrency Scam and Recover $12 Million
EngageLab SDK Vulnerability Threatens Millions of Android Cryptocurrency Wallets
Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs
Smart Slider 3 Pro Plugin Update System Was Hijacked to Push Backdoored Versions
Covert PDF Exploitation: Hackers Use Adobe Acrobat Reader for Targeted Payload Delivery
Stolen Credentials Are Turning Authentication Systems Into Attack Surfaces
Microsoft’s Communication Breakdown Leaves Developers Locked Out Without Warning
Google Enhances Chrome Security with Device Bound Session Credentials
New Bypass Technique Bypasses Apple’s AI Safeguards
ChipSoft’s Website Goes Offline After Ransomware Attack While Email Stays Operational
Telehealth Company Hims & Hers Health Discloses Data Breach Involving Support Tickets
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat
Docker Engine Vulnerability CVE-2026-34040 Allows Attackers to Bypass Authorization
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
Anthropic’s Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
Trent AI Emerges From Stealth With $13 Million in Funding
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Automated Pentesting Tools Fall Short Past the “PoC Cliff”
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
Exchange Online Mailbox Access Issues Impact Outlook Users
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
Chinese Hackers from Salt Typhoon Deploy Custom Malware in US Telecom Cyberespionage Campaign
News
Chinese Hackers from Salt Typhoon Deploy Custom Malware in US Telecom Cyberespionage Campaign
Mitchell Langley February 21, 2025
Chinese state-sponsored hackers, the Salt Typhoon group, used custom malware, JumbledPath, to infiltrate US telecom networks, stealing data and monitoring communications.
CISA and FBI Report Ghost Ransomware Breached 70 Countries
News
CISA and FBI Report Ghost Ransomware Breached 70 Countries
Mitchell Langley February 21, 2025
CISA and the FBI warn of a global Ghost ransomware attack impacting organizations across 70 countries, exploiting known vulnerabilities in various software and systems. Immediate ...
Black Basta Ransomware Data Leak Exposes Internal Communications and Targets
News
Black Basta Ransomware Data Leak Exposes Internal Communications and Targets
Andrew Doyle February 21, 2025
The Black Basta ransomware gang's internal chat logs leaked, exposing victims, tactics, and key members. The data leak reveals internal conflicts and potential Russian bank ...
Darcula PhaaS 3.0 Can Now Auto-Generate Phishing Kits for Any Brand
News
Darcula PhaaS 3.0 Auto-Generates Phishing Kits for Any Brand
Andrew Doyle February 21, 2025
Darcula PhaaS, a phishing-as-a-service platform, now offers a DIY phishing kit generator. This allows users to easily create phishing attacks targeting any brand, significantly increasing ...
The Rise of AI Agents: A New Era of AI Cyberthreats
News
The Rise of AI Agents: A New Era of AI Cyberthreats
Andrew Doyle February 20, 2025
AI agents are transforming cybersecurity, enabling autonomous attacks that overwhelm defenses. This new AI cyberthreat demands proactive strategies and advanced defenses to mitigate the risks.
Cayuga Medical Center Suffers Cyberattack, Operations Temporarily Disrupted
News
Cayuga Medical Center Suffers Cyberattack, Operations Temporarily Disrupted
Mitchell Langley February 20, 2025
Cayuga Medical Center experienced a cyberattack on February 19th, temporarily halting ER admissions and diverting ambulances. The hospital is now fully operational.
Australian Fertility Services Giant Genea Hit by Major Security Breach
News
Australian Fertility Services Giant Genea Hit by Major Security Breach
Andrew Doyle February 20, 2025
Australian fertility services giant Genea suffered a significant security breach, exposing potentially sensitive patient data. The company is investigating the extent of the unauthorized ...
NailaoLocker Ransomware Targets EU Healthcare Sector in a Cyberattack
News
NailaoLocker Ransomware Targets EU Healthcare Sector in a Cyberattack
Mitchell Langley February 20, 2025
NailaoLocker ransomware, a newly discovered threat, targeted EU healthcare organizations between June and October 2024, exploiting a Check Point vulnerability. The attack leveraged ShadowPad and ...
Hunters International Ransomware: Hive Ransomware Ressurected
Resources
Hunters International Ransomware: Hive Ransomware Ressurected
Andrew Doyle February 20, 2025
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in October 2023, following the disruption of the Hive ransomware group. They've conducted over 200 attacks ...
Venture Capital Giant Insight Partners Hit by Cyber Attack
News
Venture Capital Giant Insight Partners Hit by Cyber Attack
Mitchell Langley February 19, 2025
Insight Partners, a venture capital giant, suffered a cyber attack in January via social engineering. The firm manages over $90 billion in assets and is ...
BlackLock Ransomware: A Rapidly Rising Cyber Threat
News
BlackLock Ransomware: A Rapidly Rising Cyber Threat
Mitchell Langley February 19, 2025
BlackLock ransomware, emerging in March 2024, has seen a 1425% surge in activity, making it a prominent player in the ransomware-as-a-service (RaaS) ecosystem and a ...
Latvian Document Management System Leak Exposes 25 Million Records
News
Latvian Document Management System Leak Exposes 25 Million Records
Mitchell Langley February 19, 2025
A Latvian document management system leak exposed 25 million records, including names, national IDs, and addresses, highlighting critical data security vulnerabilities.
OpenSSH Flaws Expose SSH Servers to Critical DoS Attacks and MiTM Vulnerabilities
News
OpenSSH Flaws Expose SSH Servers to Critical DoS Attacks and MiTM Vulnerabilities
Andrew Doyle February 19, 2025
Critical OpenSSH vulnerabilities enable devastating DoS attacks and sophisticated MiTM attacks on SSH servers. Immediate updates are crucial to prevent data breaches and service disruptions.
MacOS Malware FrigidStealer Employ Sophisticated Web Injection Attacks
News
MacOS Malware FrigidStealer Employ Sophisticated Web Injection Attacks
Andrew Doyle February 19, 2025
New MacOS malware, FrigidStealer, uses web injection attacks by cybercriminal groups TA2726 and TA2727, distributing malware based on browser and operating system, bypassing security ...
Zacks Investment Research Breach: 12 Million Records Exposed in Latest Cyber Attack
News
Zacks Investment Research Breach: 12 Million Records Exposed in Latest Cyber Attack
Mitchell Langley February 18, 2025
A major Zacks Investment Research Breach exposed 12 million customer records, including sensitive personal and financial data, highlighting the urgent need for enhanced cybersecurity measures.
Coast Guard Data Breach Delays Pay for 1,135 Service Members
News
Coast Guard Data Breach Delays Pay for 1,135 Service Members
Mitchell Langley February 18, 2025
A Coast Guard data breach delayed pay for 1,135 service members. The Coast Guard Investigative Service and Coast Guard Cyber Command are investigating the breach, ...
Lee Enterprises Says It Was Hit By a Ransomware Attack
News
Lee Enterprises Says It Was Hit By a Ransomware Attack
Andrew Doyle February 18, 2025
A ransomware attack against Lee Enterprises, a major US newspaper publisher, caused significant disruptions, impacting print and online operations for over two weeks. The attack ...
Finastra Data Breach: Customer Data Compromised in Cyber Attack
News
Finastra Data Breach: Customer Data Compromised in Cyber Attack
Andrew Doyle February 18, 2025
Finastra's data breach exposed customer names and financial account information after a cyber attack. Law enforcement is involved, and affected individuals are urged to take ...
Italian Websites Under Cyberattack: Pro-Russian Group Claims Responsibility
News
Italian Websites Under Cyberattack: Pro-Russian Group Claims Responsibility
Andrew Doyle February 18, 2025
Pro-Russian hackers launched a cyber attack on Italian websites, including banks and airports, in retaliation for President Mattarella's comments comparing Russia's actions to Nazi Germany.
FinalDraft Malware: New Stealthy Cyber Attack Abuses Outlook for Command and Control
News
FinalDraft Malware: New Stealthy Cyber Attack Abuses Outlook for Command and Control
Andrew Doyle February 17, 2025
FinalDraft malware uses Outlook email drafts for covert command-and-control communication, enabling data exfiltration, process injection, and lateral movement with minimal traces. The malware, part of ...
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Cybersecurity
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Mitchell Langley April 10, 2026
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Cybersecurity
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Gabby Lee April 10, 2026
Chaos Malware Expands Its Reach to Cloud Deployments
Cybersecurity
Chaos Malware Expands Its Reach to Cloud Deployments
Gabby Lee April 10, 2026
Qilin Ransomware Group Targets German Political Party Die Linke
News
Qilin Ransomware Group Targets German Political Party Die Linke
Mitchell Langley April 7, 2026

TOP CYBERSECURITY HEADLINES

Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
Cybersecurity
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Application Security
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
Cybersecurity
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Cybersecurity
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking

This Week’s Security Spotlight

New Bypass Technique Bypasses Apple's AI Safeguards
Application Security
New Bypass Technique Bypasses Apple’s AI Safeguards
Gabby Lee April 10, 2026
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Cybersecurity
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Mitchell Langley April 8, 2026
Bogus Traffic Violation Text Scam Targeting Americans
News
Bogus Traffic Violation Text Scam Targeting Americans
Andrew Doyle April 7, 2026
Apple Rolls Out DarkSword Exploit Protection to More Devices
Cybersecurity
Apple Rolls Out DarkSword Exploit Protection to More Devices
Mitchell Langley April 3, 2026
More In News
Trending
Bogus Traffic Violation Text Scam Targeting Americans
EvilTokens Kit Uses Device Code Phishing to Target Microsoft Accounts
Ukrainian CERT Impersonated in Phishing Campaign Distributing AGEWHEEZE
New Phishing Techniques Threaten TikTok Business Account Security

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
The LexisNexis Breach: 364,000 Records Exposed via GitHub
May 29, 2025
Podcasts
Ransomware Hits MathWorks: Week-Long Outage Disrupts Millions
May 28, 2025
Podcasts
Zscaler Acquires Red Canary: What It Means for AI-Powered Security Operations
May 28, 2025

Cyber Security News

Clickjacking Tactics Exploit SVG and CSS Understanding the New Threat
Cybersecurity
Clickjacking Tactics Exploit SVG and CSS: Understanding the New Threat
December 9, 2025
IDEsaster Uncovering Security Flaws in AI-Powered IDEs
Application Security
IDEsaster: Uncovering Security Flaws in AI-Powered IDEs
December 9, 2025
FBI Warns of Social Media Images Exploited for Virtual Kidnapping Scams
Cybersecurity
FBI Warns of Social Media Images Exploited for Virtual Kidnapping Scams
December 8, 2025
GlobalProtect Logins and SonicWall APIs Come Under Fire from Hacking Campaign
Endpoint Security
GlobalProtect Logins and SonicWall APIs Come Under Fire from Hacking Campaign
December 8, 2025
ASUS Confirms Third-party Breach as Everest Ransomware Group Strikes
Endpoint Security
ASUS Confirms Third-party Breach as Everest Ransomware Group Strikes
December 8, 2025
India Reverses Decision on Mandating Preinstalled Cybersecurity App on Smartphones
Cybersecurity
India Reverses Decision on Mandating Preinstalled Cybersecurity App on Smartphones
December 8, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Scattered Spider Breached M&S via Third-Party TCS Credentials, Sources Confirm
May 20, 2025
Scattered Spider used third-party TCS employee credentials to breach M&S systems, exposing customer data and costing over £1 billion in market value and lost profits. ...
Trojanized KeePass Installer Leads to Ransomware on VMware ESXi Servers
May 20, 2025
Fake KeePass installers promoted via Bing ads delivered Cobalt Strike and stole credentials, ultimately leading to ESXi ransomware attacks linked to Black Basta affiliates.
TeleMessage Breach Exposes U.S. Government Messaging Data, 410GB Archive Published by DDoSecrets
May 20, 2025
Hackers exploited a flaw in TeleMessage’s TM SGNL app, exposing U.S. official communications. DDoSecrets published 410GB of chat logs and metadata from the breach.
Arla Foods Cyberattack Disrupts German Production Site, Causes Delivery Delays
May 20, 2025
Arla Foods confirmed a cyberattack at its Upahl production site in Germany, disrupting operations and causing delivery delays. No data theft has been confirmed.
O2 Flaw Leaked Customer Geolocation Data to Any Caller
May 20, 2025
O2 exposed customers’ real-time locations via VoLTE call metadata. A researcher found SIP headers leaking geolocation and device data. The issue is now resolved.
110,000+ Records Compromised: The NRS Cybersecurity Failure
May 19, 2025
In this episode, we unpack the 2024 cybersecurity incident that rocked the debt collection and healthcare sectors: the massive data breach at Nationwide Recovery Services ...
Coinbase Insider Breach Exposes Customer Data and Government IDs; $20M Ransom Rejected
May 19, 2025
Coinbase Insider Breach revealed that rogue support agents aided a cyberattack stealing customer data and government IDs. The attackers demanded $20 million, but Coinbase refused ...
Hackers Target VMware ESXi and Microsoft SharePoint Zero-Days at Pwn2Own Berlin 2025
May 19, 2025
Researchers at Pwn2Own Berlin 2025 earned $695,000 for exploiting zero-day flaws in VMware ESXi, Microsoft SharePoint, Firefox, and AI platforms.
Adidas and Dior Confirm Customer Data Breaches Following Targeted Cyberattacks
May 19, 2025
Adidas and Dior confirmed data breaches affecting customer information in Korea and China. Both brands reported no financial data exposure and began notifying affected individuals. ...
CISA Flags Chrome Vulnerability CVE-2025-4664: Patch Before June 5th
May 19, 2025
In this episode, we break down the recently discovered and actively exploited Chrome vulnerability CVE-2025-4664—a high-severity flaw stemming from insufficient policy enforcement in Chrome’s Loader ...
Ransomware Gangs Adopt Skitnet Malware for Post-Exploitation Attacks in Enterprise Environments
May 19, 2025
Ransomware groups including BlackBasta and Cactus are using Skitnet malware for stealthy post-exploitation in enterprise networks, enabling persistence, data theft, and remote control.
How Can I Protect Myself from the M&S Cyberattack?
May 19, 2025
Marks & Spencer suffered a data breach. Here’s how customers can protect themselves from phishing, fraud, and future attacks using simple, actionable online safety tips. ...
483,000 Patients at Risk: Catholic Health Vendor Breach Exposes Critical Data
May 19, 2025
In this episode, we dive deep into a newly disclosed healthcare data breach affecting over 483,000 patients of Catholic Health, stemming from a misconfigured Elasticsearch ...
Broadcom Employee Data Leaked After Supply Chain Breach at ADP Partner
May 19, 2025
Broadcom employee data leaked after a ransomware attack on ADP partner Business Systems House. Sensitive files appeared on the dark web, impacting global semiconductor workers. ...
SK Telecom Data Breach Exposes Nearly 27 Million SIM Records
May 19, 2025
SK Telecom suffered a data breach impacting nearly 27 million SIM records, with malware infections across 23 servers and critical personal data left unencrypted.
This Week In Cybersecurity: May 12th to 16th, 2025
May 19, 2025
"This week in cybersecurity highlights significant data breaches, vulnerabilities, and emerging threats impacting various sectors, emphasizing the need for robust security measures."
Legal Aid Agency Data Breach Exposes Sensitive Information of Legal Aid Applicants
May 19, 2025
A cyberattack on the UK’s Legal Aid Agency exposed personal, financial, and criminal data of applicants dating back to 2010, prompting a full shutdown of ...
Chrome’s New Vulnerability CVE-2025-4664: A Security Flaw That Can Lead to Account Takeover
May 16, 2025
In this episode, we take an in-depth look at the newly discovered CVE-2025-4664 vulnerability in Google Chrome’s Loader component. This high-severity security flaw is affecting ...
Scattered Spider Targets UK and US Retailers: The Growing Threat to Major Brands
May 16, 2025
In this episode, we dive deep into the recent wave of cyberattacks plaguing major UK retailers such as Marks & Spencer, Co-op, and Harrods, with ...
Ransomware Gangs Exploit SAP NetWeaver Vulnerability in Ongoing Global Attacks
May 16, 2025
Ransomware groups RansomEXX and BianLian have joined global threat actors exploiting a critical SAP NetWeaver vulnerability, risking full remote system compromise for unpatched servers.
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
FleetWave Users Left Without Service After Chevin Takes Platform Offline
Authorities Crack a $45 Million Global Cryptocurrency Scam and Recover $12 Million
EngageLab SDK Vulnerability Threatens Millions of Android Cryptocurrency Wallets
Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs
New Extortion Crew Uses Phishing to Breach High-Value Corporations
Smart Slider 3 Pro Plugin Update System Was Hijacked to Push Backdoored Versions
Covert PDF Exploitation: Hackers Use Adobe Acrobat Reader for Targeted Payload Delivery
Stolen Credentials Are Turning Authentication Systems Into Attack Surfaces
Microsoft’s Communication Breakdown Leaves Developers Locked Out Without Warning
Google Enhances Chrome Security with Device Bound Session Credentials
New Bypass Technique Bypasses Apple’s AI Safeguards
ChipSoft’s Website Goes Offline After Ransomware Attack While Email Stays Operational
Telehealth Company Hims & Hers Health Discloses Data Breach Involving Support Tickets
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat