Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
JD.com Data Breach: Babuk Ransomware Cartel Claims Massive Data Theft
News
JD.com Data Breach: Babuk Ransomware Cartel Claims Massive Data Theft
Mitchell Langley March 17, 2025
JD.com, a major Chinese retailer, faces a massive data breach after the Babuk ransomware cartel claims to have stolen customer passwords and other sensitive information. ...
UDMI Radiology Firm Suffers Major Data Breach: Fog Ransomware Claims Responsibility
News
UDMI Radiology Firm Suffers Major Data Breach: Fog Ransomware Claims Responsibility
Andrew Doyle March 17, 2025
Fog ransomware group claims responsibility for a major data breach at UDMI, a radiology firm, impacting over 138,000 individuals. The incident underscores the critical need ...
FBI Issues Warning Against Medusa Ransomware for Gmail, Outlook, and VPN Users
News
FBI Issues Warning Against Medusa Ransomware for Gmail, Outlook, and VPN Users
Mitchell Langley March 17, 2025
The FBI warns of escalating Medusa ransomware attacks targeting Gmail, Outlook, and VPN users, urging immediate security enhancements to mitigate the threat.
LockBit Ransomware Developer Extradited to the United States
News
LockBit Ransomware Developer Extradited to the United States
Andrew Doyle March 17, 2025
A key LockBit ransomware developer, Rostislav Panev, has been extradited to the US to face charges for his role in the group's global attacks.
Compliance Isn’t Security Why a Checklist Alone Won’t Stop Cyberattacks
Blog
Compliance Isn’t Security: Why a Checklist Alone Won’t Stop Cyberattacks
Andrew Doyle March 17, 2025
This blog delves into the critical gap between meeting compliance standards and achieving true cybersecurity resilience. Learn why simply checking boxes isn't enough and how ...
This Week In Cybersecurity: 11th March to 14th March
Cybersecurity Newsletter
This Week In Cybersecurity: 11th March to 14th March
Andrew Doyle March 14, 2025
This week in cybersecurity highlights major incidents, including a $5 million theft from 1inch, a DDoS attack on X, and a significant data breach at ...
Insider Attack and Extortion at Stram Center, SSK Plastic Surgery and Grove at Valhalla Rehabilitation
News
Insider Attack and Extortion at Stram Center, SSK Plastic Surgery and Grove at Valhalla Rehabilitation
Mitchell Langley March 14, 2025
Three healthcare providers suffered data breaches from insider attacks, extortion, and third-party vulnerabilities, highlighting the need for robust cybersecurity measures.
CISA Reports Medusa Ransomware Attacks Over 300 Critical Infrastructure Organizations
News
CISA Reports Medusa Ransomware Attacks Over 300 Critical Infrastructure Organizations
Mitchell Langley March 14, 2025
A joint advisory from CISA, FBI, and MS-ISAC reveals Medusa ransomware impacted over 300 US critical infrastructure organizations by February 2025. The advisory details mitigation ...
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
News
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
Andrew Doyle March 14, 2025
Facebook disclosed a critical FreeType vulnerability (CVE-2025-27363), allowing arbitrary code execution. All versions up to 2.13 are affected; immediate updates are crucial.
Lazarus Group North Korean Hackers Infect Hundreds via Malicious npm Packages
News
Lazarus Group North Korean Hackers Infect Hundreds via Malicious npm Packages
Mitchell Langley March 14, 2025
The Lazarus Group, a North Korean hacking collective, deployed six malicious npm packages, infecting hundreds of developers. The packages steal credentials and deploy backdoors.
Sunflower Medical Group Data Breach: Rhysida Ransomware Attack Exposes 220,968 Records
News
Sunflower Medical Group Data Breach: Rhysida Ransomware Attack Exposes 220,968 Records
Andrew Doyle March 14, 2025
Kansas' Sunflower Medical Group suffered a data breach impacting 220,968 individuals. The Rhysida ransomware group claimed responsibility for the incident in January.
Infostealer Malware Infects 26 Million Devices, Steals Bank Card Data and Passwords
News
Infostealer Malware Infects 26 Million Devices, Steals Bank Card Data and Passwords
Mitchell Langley March 14, 2025
A devastating Infostealer malware campaign has compromised 26 million devices, stealing bank card details and passwords. Kaspersky's report highlights the scale of the threat.
Ransomware Victims on Dark Web – 13th March, 2025
Ransomware Victims
Ransomware Victims on Dark Web – 13th March, 2025
Andrew Doyle March 14, 2025
This report summarizes recent ransomware attacks across various sectors, detailing the victims, threat actors, and available information on the incidents. Due to the nature of ...
LockBit Linked SuperBlack Ransomware Exploits Fortinet Authentication Bypass Flaws
News
LockBit Linked SuperBlack Ransomware Exploits Fortinet Authentication Bypass Flaws
Mitchell Langley March 14, 2025
New SuperBlack ransomware leverages Fortinet authentication bypass flaws (CVE-2024-55591 and CVE-2025-24472), showing strong ties to LockBit. Immediate patching is crucial.
ClickFix Phishing Campaign Targets Booking.com Using Infostealers and RATs
News
ClickFix Phishing Campaign Targets Booking.com Using Infostealers and RATs
Andrew Doyle March 14, 2025
A sophisticated ClickFix phishing campaign uses fake Booking.com emails to deliver infostealers and RATs, targeting hospitality businesses. Strong security measures are crucial.
Volt Typhoon Energy Grid Cyberattack Exposes US Infrastructure Vulnerabilities
News
Volt Typhoon Energy Grid Cyberattack Exposes US Infrastructure Vulnerabilities
Mitchell Langley March 14, 2025
The Volt Typhoon advanced persistent threat (APT) group maintained access to a Massachusetts power utility's OT network for almost a year, highlighting critical infrastructure vulnerabilities.
Australian Financial Firm FIIG Securities Faces Lawsuit After Massive Financial Data Breach
News
Australian Financial Firm FIIG Securities Faces Lawsuit After Massive Financial Data Breach
Andrew Doyle March 14, 2025
FIIG Securities faces legal action from ASIC for inadequate cybersecurity, leading to a data breach exposing 18,000 clients' sensitive information. The breach highlights the critical ...
MassJacker Malware: Clipboard Hijacking Malware Tartgets 778,000 CryptoWallets
News
MassJacker Malware: Clipboard Hijacking Malware Tartgets 778,000 CryptoWallets
Mitchell Langley March 12, 2025
MassJacker malware uses clipboard hijacking to steal cryptocurrency from 778,000 wallets, highlighting sophisticated obfuscation and a potentially massive financial impact.
Cyberattack on Sunflower Medical Group and Multiple Healthcare Providers Suffer Data Breaches
News
Cyberattack on Sunflower Medical Group and Multiple Healthcare Providers Suffer Data Breaches
Andrew Doyle March 12, 2025
Multiple healthcare providers suffered significant cyberattacks and data breaches in 2025, exposing sensitive patient information, highlighting the urgent need for enhanced cybersecurity measures.
Rhode Island's Community Care Alliance Data Breach Exposes 114K Records, Central Texas Pediatric Orthopedics and Whitman Hospital Report Cyberattacks
News
Rhode Island’s Community Care Alliance Data Breach Exposes 114K Records, Central Texas Pediatric Orthopedics and Whitman Hospital Report Cyberattacks
Andrew Doyle March 12, 2025
Community Care Alliance Data Breach with 114,975 Records Exposed, Central Texas Pediatric Orthopedics and Whitman Hospital Report Cyberattacks
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
483,000 Patients at Risk: Catholic Health Vendor Breach Exposes Critical Data
May 19, 2025
Podcasts
Chrome’s New Vulnerability CVE-2025-4664: A Security Flaw That Can Lead to Account Takeover
May 16, 2025
Podcasts
Scattered Spider Targets UK and US Retailers: The Growing Threat to Major Brands
May 16, 2025

Cyber Security News

Vibe Hacking How AI is Transforming Cybercrime's Landscape
Cybersecurity
Vibe Hacking: How AI is Transforming Cybercrime’s Landscape
January 8, 2026
Logitech's macOS Applications Disrupted by Expired Code-Signing Certificate
Application Security
Logitech’s macOS Applications Disrupted by Expired Code-Signing Certificate
January 7, 2026
Ni8mare Vulnerability Threatens N8N Workflow Automation Platform
Application Security
Ni8mare Vulnerability Threatens N8N Workflow Automation Platform
January 7, 2026
OwnCloud Urges Users to Implement Multi-factor Authentication for Enhanced Security
Identity and Access Management
OwnCloud Urges Users to Implement Multi-factor Authentication for Enhanced Security
January 7, 2026
Navigating the Challenges of Fileless Malware in Cybersecurity
Blog
Navigating the Challenges of Fileless Malware in Cybersecurity
January 7, 2026
Microsoft Acknowledges Issues With Outlook Encryption Feature
Application Security
Microsoft Acknowledges Issues With Outlook Encryption Feature
January 7, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Nokota Packers Targeted in Ransomware Attack by Emerging J Group Gang
June 3, 2025
North Dakota-based Nokota Packers has reportedly suffered a ransomware attack by the J Group gang, with hackers claiming to have stolen 50GB of sensitive data. ...
Stormous Ransomware Gang Claims Volkswagen Hack Without Proof
June 3, 2025
Stormous ransomware gang claims a breach at Volkswagen, but provides no sample data. Researchers find no evidence yet of compromised systems or stolen information.
Google Chrome vs. Failing CAs: The Policy Behind the Distrust
June 3, 2025
In this episode, we dissect Google’s recent and upcoming decisions to distrust several Certificate Authorities (CAs) within the Chrome Root Store, including Entrust, Chunghwa Telecom, ...
CVE-2025-48827 & 48828: How vBulletin’s API and Template Engine Got Weaponized
June 3, 2025
Two critical, actively exploited vulnerabilities in vBulletin forum software—CVE-2025-48827 and CVE-2025-48828—have put thousands of websites at immediate risk of full system compromise. In this episode, ...
JINX-0132: How Cryptojackers Hijacked DevOps Infrastructure via Nomad and Docker
June 3, 2025
In this episode, we dissect the JINX-0132 cryptojacking campaign — a real-world example of how threat actors are exploiting cloud and DevOps environments to mine ...
Cartier Confirms Customer Data Exposure Following Cybersecurity Breach
June 3, 2025
Cartier has confirmed a cyberattack that exposed limited customer data, including names and email addresses. Sensitive financial and login information was not compromised.
Russian Market Becomes Leading Hub for Stolen Credentials from Info-Stealer Malware
June 3, 2025
The Russian Market has surged in popularity as a major cybercrime marketplace, offering stolen credentials harvested by info-stealer malware like Lumma and Acreed.
Multi-Stage Phishing Attacks Now Use Google Infrastructure—Here’s How
June 2, 2025
Recent phishing campaigns have entered a new phase—one where trust is weaponized. In this episode, we break down how cybercriminals are exploiting legitimate services like ...
Password Hashes Leaked via Linux Crash Handlers: The Truth Behind CVE-2025-5054 & 4598
June 2, 2025
In this episode, we unpack two newly disclosed Linux vulnerabilities—CVE-2025-5054 and CVE-2025-4598—discovered by the Qualys Threat Research Unit (TRU). These race condition flaws impact Ubuntu’s ...
Inside the AVCheck Takedown: How Law Enforcement Disrupted a Key Cybercrime Tool
June 2, 2025
In this episode, we unpack the international takedown of AVCheck, one of the largest counter antivirus (CAV) services used by cybercriminals to test and fine-tune ...
Kaiser Permanente Recovers from Widespread Network Outage That Disrupted Patient Services Nationwide
June 1, 2025
Kaiser Permanente suffered a major network outage that disrupted electronic health records and patient services across the U.S. System functionality was restored the following day. ...
Latrodectus Malware Infected Over 44,000 IPs Before Operation Endgame Takedown
June 1, 2025
Latrodectus malware infected over 44,000 IP addresses before Operation Endgame's global takedown, with Shadowserver warning of critical ongoing threats across infected systems.
Germany Identifies TrickBot and Conti Ransomware Ringleader as Vitaly Kovalev
June 1, 2025
Germany has named Vitaly Kovalev, aka "Stern," as the leader of the Conti ransomware and TrickBot gangs in a major breakthrough tied to Operation Endgame. ...
Cisco IOS XE Wireless LAN Controller Vulnerability Exposes Enterprises to Remote Code Execution Risks
June 1, 2025
Exploit details for a critical Cisco IOS XE Wireless LAN Controller vulnerability (CVE-2025-20188) are now public, raising urgent concerns about remote code execution risks.
Remote Code Execution Flaw in vBulletin Forum Software Under Active Exploitation
June 1, 2025
Two critical vBulletin vulnerabilities, actively exploited in the wild, allow attackers to execute code remotely by abusing template logic and PHP’s Reflection API.
184 Million Login Credentials Exposed in Major Unprotected Database Leak
June 1, 2025
Over 184 million login credentials were exposed online in plain text, revealing widespread negligence in data protection and the growing threat of credential-based cyberattacks.
Browser vs. GPU: Firefox 139 Collides with NVIDIA Drivers
May 30, 2025
In this episode, we dive into the graphical corruption saga triggered by Firefox version 139, released on May 27, 2025. Aimed at uncovering what went ...
ConnectWise Breach: Nation-State Exploits CVE-2025-3935 in ScreenConnect
May 30, 2025
ConnectWise has confirmed a cyberattack targeting ScreenConnect, its remote access solution used by thousands of Managed Service Providers (MSPs). The breach is reportedly tied to ...
Unbound Raises $4M to Secure Generative AI in the Enterprise
May 30, 2025
In this episode, we break down the recent $4 million seed funding round for Unbound, a startup tackling one of the biggest unsolved problems in ...
This Week In Cybersecurity: 26th to 30th May, 2025
May 30, 2025
"Cybersecurity threats escalate as ransomware attacks target major organizations, exposing sensitive data and highlighting vulnerabilities in systems across various industries. Stay informed."
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2