Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Basic-Fit Data Breach Exposes Personal Information of One Million Members
Cybersecurity
Basic-Fit Data Breach Exposes Personal Information of One Million Members
Gabby Lee April 15, 2026
A data breach at Basic-Fit has exposed sensitive data of one million members, including names, birth dates, and bank details.
McGraw-Hill Data Breach - Salesforce Misconfiguration Exploited by Hackers
Cybersecurity
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
Andrew Doyle April 15, 2026
McGraw-Hill's data breach involved a Salesforce misconfiguration, exposing sensitive information.
Critical Security Flaws in Composer Put PHP Applications at Risk
Application Security
Critical Security Flaws in Composer Put PHP Applications at Risk
Andrew Doyle April 15, 2026
Two severe security vulnerabilities identified in PHP's Composer might allow arbitrary command execution.
Adobe's ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Application Security
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Andrew Doyle April 15, 2026
Adobe patches 55 vulnerabilities across 11 products, with ColdFusion flaws deemed highly exploitable.
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Application Security
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Mitchell Langley April 15, 2026
Microsoft introduces a fast-track process for developers facing sudden account suspensions in the Windows Hardware Program.
Cyberwarfare Within the Underground - Ransomware Gangs Clash
News
Cyberwarfare Within the Underground: Ransomware Gangs Clash
Gabby Lee April 15, 2026
Rival ransomware gangs in a conflict as 0APT warns of exposing Krybit affiliates.
Google Enhances Pixel Security with Rust-Based DNS Parser
Application Security
Google Enhances Pixel Security with Rust-Based DNS Parser
Andrew Doyle April 15, 2026
Google's Rust-based DNS parser improves Pixel security by addressing vulnerabilities through memory-safe code integration.
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
Cybersecurity
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
Mitchell Langley April 15, 2026
International collaboration exposes $45M in stolen cryptocurrency; $12M recovered in law enforcement play.
Stolen Credentials and Zero Trust - Preventing Privilege Escalation in Security Breaches
Cybersecurity
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
Gabby Lee April 15, 2026
Stolen credentials often lead to unchecked privilege escalation and security breaches, but identity-first Zero Trust offers a strategic solution.
Cybersecurity
Cybercriminals Use Ad Fraud With AI and SEO Tactics to Push Scareware
Gabby Lee April 15, 2026
Novel ad fraud scheme employs AI and SEO techniques to push deceptive content and trick users.
JanelaRAT - Continuing Threat to Latin American Financial Institutions
Cybersecurity
JanelaRAT: Continuing Threat to Latin American Financial Institutions
Mitchell Langley April 14, 2026
Latin America's financial sector faces advanced cyber threats from JanelaRAT malware targeting crucial financial data.
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform W3LL
News
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform “W3LL”
Mitchell Langley April 14, 2026
The FBI and Indonesian authorities have dismantled the global phishing platform "W3LL" and arrested its alleged creator in the first joint enforcement...
Phony Root Certificate Scheme Puts Open Source Developers at Risk
News
Phony Root Certificate Scheme Puts Open Source Developers at Risk
Gabby Lee April 14, 2026
Cyber attackers use Google-hosted pages to trick open source developers with fake credentials and take control.
Information Theft Revolutionized - No Local Decryption in This Security Threat
Cybersecurity
Information Theft Revolutionized: No Local Decryption in This Security Threat
Andrew Doyle April 14, 2026
Storm infostealer bypasses local decryption in browsers, hijacks sessions and passwords.
Booking.com Confirms Unauthorized Access Compromising User Data
Application Security
Booking.com Confirms Unauthorized Access Compromising User Data
Mitchell Langley April 14, 2026
Unauthorized access at Booking.com exposes user and reservation data, raising cybersecurity concerns.
LinkedIn's Browser Extension Draws Corporate Espionage Allegations
Application Security
LinkedIn’s Browser Extension Draws Corporate Espionage Allegations
Gabby Lee April 14, 2026
Examination of allegations linking LinkedIn's browser extension to corporate espionage conducted by Microsoft.
OpenAI Responds to Supply Chain Attack Affecting macOS Security
Application Security
OpenAI Responds to Supply Chain Attack Affecting macOS Security
Andrew Doyle April 14, 2026
OpenAI confronts potential compromise of macOS code signing certificate due to North Korean-linked Axios supply chain attack.
Juniper Networks Addresses Critical Junos OS Vulnerabilities
Cybersecurity
Juniper Networks Addresses Critical Junos OS Vulnerabilities
Andrew Doyle April 13, 2026
Remote exploitation of Junos OS flaw could lead to device takeover.
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
Application Security
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
Mitchell Langley April 13, 2026
New Zig dropper in GlassWorm campaign targets IDEs, posing threats to developers.
LucidRook Malware Targets Taiwanese Universities and NGOs
News
LucidRook Malware Targets Taiwanese Universities and NGOs
Gabby Lee April 13, 2026
Exploration of LucidRook, a Lua-based malware targeting NGOs and universities in Taiwan linked to UAT-10362.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Microsoft Blunts “Vanilla Tempest”: 200 Malicious Certificates Revoked
October 17, 2025
Podcasts
The “Shotgun” Botnet: How RondoDox Hijacks Routers, Cameras, and Servers Worldwide
October 13, 2025
Podcasts
“Inflation Refund” Scam: How Fraudsters Are Stealing Identities Through Texts
October 13, 2025

Cyber Security News

CVE Vulnerability Alerts
CISA Orders Patch for Sixth Cisco SD-WAN Zero-Day of 2026
May 19, 2026
Application Security
Exchange Server XSS CVE-2026-42897 Exploited via Crafted Email
May 19, 2026
Cybersecurity
Ghostwriter APT Deploys Cobalt Strike in Geofenced Ukraine Campaign
May 19, 2026
Application Security
OpenAI Confirms Breach via Mini Shai-Hulud npm Supply Chain Attack
May 19, 2026
Cybersecurity
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
May 19, 2026
Application Security
node-ipc npm Package Hid Credential Stealer Across Three Versions
May 19, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
April 15, 2026
Adobe patches 55 vulnerabilities across 11 products, with ColdFusion flaws deemed highly exploitable.
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
April 15, 2026
Microsoft introduces a fast-track process for developers facing sudden account suspensions in the Windows Hardware Program.
Cyberwarfare Within the Underground: Ransomware Gangs Clash
April 15, 2026
Rival ransomware gangs in a conflict as 0APT warns of exposing Krybit affiliates.
Google Enhances Pixel Security with Rust-Based DNS Parser
April 15, 2026
Google's Rust-based DNS parser improves Pixel security by addressing vulnerabilities through memory-safe code integration.
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
April 15, 2026
International collaboration exposes $45M in stolen cryptocurrency; $12M recovered in law enforcement play.
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
April 15, 2026
Stolen credentials often lead to unchecked privilege escalation and security breaches, but identity-first Zero Trust offers a strategic solution.
Cybercriminals Use Ad Fraud With AI and SEO Tactics to Push Scareware
April 15, 2026
Novel ad fraud scheme employs AI and SEO techniques to push deceptive content and trick users.
JanelaRAT: Continuing Threat to Latin American Financial Institutions
April 14, 2026
Latin America's financial sector faces advanced cyber threats from JanelaRAT malware targeting crucial financial data.
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform “W3LL”
April 14, 2026
The FBI and Indonesian authorities have dismantled the global phishing platform "W3LL" and arrested its alleged creator in the first joint enforcement...
Phony Root Certificate Scheme Puts Open Source Developers at Risk
April 14, 2026
Cyber attackers use Google-hosted pages to trick open source developers with fake credentials and take control.
Information Theft Revolutionized: No Local Decryption in This Security Threat
April 14, 2026
Storm infostealer bypasses local decryption in browsers, hijacks sessions and passwords.
Booking.com Confirms Unauthorized Access Compromising User Data
April 14, 2026
Unauthorized access at Booking.com exposes user and reservation data, raising cybersecurity concerns.
LinkedIn’s Browser Extension Draws Corporate Espionage Allegations
April 14, 2026
Examination of allegations linking LinkedIn's browser extension to corporate espionage conducted by Microsoft.
OpenAI Responds to Supply Chain Attack Affecting macOS Security
April 14, 2026
OpenAI confronts potential compromise of macOS code signing certificate due to North Korean-linked Axios supply chain attack.
Juniper Networks Addresses Critical Junos OS Vulnerabilities
April 13, 2026
Remote exploitation of Junos OS flaw could lead to device takeover.
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
April 13, 2026
New Zig dropper in GlassWorm campaign targets IDEs, posing threats to developers.
LucidRook Malware Targets Taiwanese Universities and NGOs
April 13, 2026
Exploration of LucidRook, a Lua-based malware targeting NGOs and universities in Taiwan linked to UAT-10362.
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
April 13, 2026
Public views are invited on radiofrequency jammers to help shape laws targeting cybercrime devices.
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
April 13, 2026
Discover how $100 million in AI resources are being deployed to detect critical vulnerabilities in open source software through Project Glasswing.
AI Browser Extensions Pose a Hidden Risk to Network Security
April 13, 2026
Exploring the overlooked risks AI browser extensions pose to network security.
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2