Cyber Security
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Incransom has claimed a full-network breach of Meirc Training & Consulting on May 25, threatening to publish 1TB of employee and client data within one ...
Cybersecurity
DragonForce Lists Indiana Greenhouse Firm Heartland Growers
DragonForce ransomware listed Indiana wholesale greenhouse firm Heartland Growers on its dark web leak site amid escalating agricultural sector targeting.
Cybersecurity
Nova Ransomware Hits Brazilian Government Agency and Turkish Tech Firm
Nova ransomware claimed Brazil's SECONT and Turkey's Adensa Teknoloji on May 24, its third posting in three days spanning South America, Europe, and Turkey.
Cybersecurity
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
Qilin ransomware disclosed seven victims in a single May 24 batch across five countries, including a Czech financial firm and US accounting services provider.
Cybersecurity
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
Nightspire ransomware posted nine victims on May 24 including US adult day center La Familia, an Egyptian Papa John's franchise, and a consumer lender across ...
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Attackers exploited CVE-2026-26980 in Ghost CMS to compromise 700+ domains including Harvard and Oxford, turning them into ClickFix malware distribution points.
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
Attackers rewrote git tags across four Laravel Lang packages to deploy a PHP credential stealer and Windows executable targeting developer machines and servers.
Application Security
Underminr Flaw Lets Attackers Hide C2 Traffic on 88M Domains
Researcher David Redekop of ADAMnetworks disclosed Underminr, a CDN flaw affecting 88 million domains that routes C2 traffic through trusted hostnames.
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Anthropic's Project Glasswing AI found 10,000+ high-severity CVEs in 1,000 open-source projects in one month, but only 97 patches were deployed upstream.
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
A CVSS 10.0 flaw in the LiteSpeed cPanel plugin lets any authenticated user execute arbitrary scripts as root, compromising all tenants on a shared host.
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
ShinyHunters listed Charter Communications with 42 million claimed records and a May 27 dump deadline; Charter confirmed an investigation with authorities.
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
Dutch FIOD agents seized 800 servers and arrested two at Stark Industries successor WorkTitans for violating EU sanctions tied to Russian cyber operations.
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Baker Distributing Company was added to ShinyHunters' Salesforce extortion campaign with 260,000 CRM records exposed and a May 27 public leak deadline.
CVE Vulnerability Alerts
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Ubiquiti patched three max-severity UniFi OS flaws enabling RCE and unauthorized file access across approximately 100,000 internet-exposed endpoints worldwide.
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Security researcher Louis found that Trump Mobile's HTTP POST API returned 27,000 customer records without any authorization check during the T1 phone launch.
Cybersecurity
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Mysk researchers found WhatsApp stores chat history unencrypted in a file accessible to Facebook and Instagram on iOS and macOS without user permission.
CVE Vulnerability Alerts
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
Wireshark 4.6.6 patches two dissector flaws — a ROHC crash bug and MACsec buffer overflow — that could let attackers crash analyst monitoring sessions.
Cybersecurity
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
The FBI warns Kali365, a PhaaS platform on Telegram, exploits Microsoft device code authentication to bypass MFA entirely and capture persistent OAuth tokens.
CVE Vulnerability Alerts
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Lenovo BootRepair.sys exposes IOCTL 0x222014, letting unprivileged BYOVD attackers terminate CrowdStrike Falcon at kernel level with no administrative rights.
Application Security
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
Splunk CVE-2026-20239 writes active session cookies to the _internal index in plaintext, exposing analyst tokens to any user or process reading that index.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
TOP CYBERSECURITY HEADLINES
Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
This Week’s Security Spotlight
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
Qilin ransomware disclosed seven victims in a single May 24 batch across five countries, including a Czech financial firm and US accounting services provider.
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
Nightspire ransomware posted nine victims on May 24 including US adult day center La Familia, an Egyptian Papa John's franchise, and a consumer lender across ...
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Attackers exploited CVE-2026-26980 in Ghost CMS to compromise 700+ domains including Harvard and Oxford, turning them into ClickFix malware distribution points.
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
Attackers rewrote git tags across four Laravel Lang packages to deploy a PHP credential stealer and Windows executable targeting developer machines and servers.
Underminr Flaw Lets Attackers Hide C2 Traffic on 88M Domains
Researcher David Redekop of ADAMnetworks disclosed Underminr, a CDN flaw affecting 88 million domains that routes C2 traffic through trusted hostnames.
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Anthropic's Project Glasswing AI found 10,000+ high-severity CVEs in 1,000 open-source projects in one month, but only 97 patches were deployed upstream.
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
A CVSS 10.0 flaw in the LiteSpeed cPanel plugin lets any authenticated user execute arbitrary scripts as root, compromising all tenants on a shared host.
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
ShinyHunters listed Charter Communications with 42 million claimed records and a May 27 dump deadline; Charter confirmed an investigation with authorities.
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
Dutch FIOD agents seized 800 servers and arrested two at Stark Industries successor WorkTitans for violating EU sanctions tied to Russian cyber operations.
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Baker Distributing Company was added to ShinyHunters' Salesforce extortion campaign with 260,000 CRM records exposed and a May 27 public leak deadline.
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Ubiquiti patched three max-severity UniFi OS flaws enabling RCE and unauthorized file access across approximately 100,000 internet-exposed endpoints worldwide.
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Security researcher Louis found that Trump Mobile's HTTP POST API returned 27,000 customer records without any authorization check during the T1 phone launch.
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Mysk researchers found WhatsApp stores chat history unencrypted in a file accessible to Facebook and Instagram on iOS and macOS without user permission.
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
Wireshark 4.6.6 patches two dissector flaws — a ROHC crash bug and MACsec buffer overflow — that could let attackers crash analyst monitoring sessions.
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
The FBI warns Kali365, a PhaaS platform on Telegram, exploits Microsoft device code authentication to bypass MFA entirely and capture persistent OAuth tokens.
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Lenovo BootRepair.sys exposes IOCTL 0x222014, letting unprivileged BYOVD attackers terminate CrowdStrike Falcon at kernel level with no administrative rights.
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
Splunk CVE-2026-20239 writes active session cookies to the _internal index in plaintext, exposing analyst tokens to any user or process reading that index.
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
OX Security found DPRK-linked npm packages using postinstall hooks to deploy a keylogging infostealer that exfiltrates credentials via the Hugging Face API.
Deleted Google API Keys Stay Active for Up to 23 Minutes
Aikido Security found deleted Google API legacy keys stay functional up to 23 minutes after revocation, a significant window during active incident response.
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Google published PoC exploit code for an unpatched 42-month Chromium Service Worker flaw enabling persistent JavaScript execution after the browser is closed.