Main Menu
Cyber Security
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
Microsoft and OpenAI Investigate Data Breach
News
Microsoft and OpenAI Investigate Data Breach
Gabby Lee January 29, 2025
Microsoft and OpenAI are investigating a data breach linked to DeepSeek, a Chinese AI startup, raising concerns about data security and intellectual property in the ...
DeepSeek AI Hit by Cyberattack: American AI Firms Trying to Poke Holes into DeepSeek
News
DeepSeek AI Hit by Cyberattack: American AI Firms Trying to Poke Holes into DeepSeek
Gabby Lee January 28, 2025
DeepSeek AI, a Chinese startup, faces a cyberattack after its AI assistant app skyrockets to the top of the US App Store, raising questions about ...
Subaru Security Flaw Allows Remote Vehicle Tracking and Hijacking
News
Subaru Security Flaw Allows Remote Vehicle Tracking and Hijacking
Mitchell Langley January 28, 2025
A Subaru vulnerability in the Starlink system allowed remote access, enabling tracking, unlocking, and starting vehicles. Ethical hacker Sam Curry discovered the flaw, highlighting significant ...
Smiths Group Hit by Cyber Attack: Shares Drop for the FTSE 100 Firm
News
Smiths Group Hit by Cyber Attack: Shares Drop for the FTSE 100 Firm
Mitchell Langley January 28, 2025
Smiths Group, a FTSE 100 firm, suffered a cyber attack resulting in unauthorized system access. The company isolated affected systems and is working with cybersecurity ...
UnitedHealthcare Data Breach Update: 190 Million Impacted in Change Healthcare Cyber Attack
News
UnitedHealthcare Data Breach Update: 190 Million Impacted in Change Healthcare Cyber Attack
Mitchell Langley January 27, 2025
The UnitedHealthcare data breach, resulting from a Change Healthcare cyberattack, has impacted a staggering 190 million individuals, making it the largest healthcare data breach in ...
TalkTalk Customer Data Breached, Hackers Claim Theft of Millions of Customer Records
News
TalkTalk Customer Data Breached, Hackers Claim Theft of Millions of Customer Records
Mitchell Langley January 27, 2025
TalkTalk investigates a major customer data breach after a hacker claims to have stolen personal information from millions of subscribers, a claim TalkTalk disputes.
British Museum Hit in IT Attack: Ex-Worker Behind Cyberattack
News
British Museum Hit in IT Attack: Ex-Worker Behind Cyberattack
Gabby Lee January 27, 2025
The British Museum faced a severe IT attack, forcing partial closure. A disgruntled ex-IT contractor caused the British Museum cyberattack, leading to system shutdowns and ...
This Week In Cybersecurity: 20th January to 24th January
News
This Week In Cybersecurity: 20th January to 24th January
Mitchell Langley January 24, 2025
This week in cybersecurity, we highlight major breaches, including the PowerSchool incident affecting Canadian schools and a cyberattack on Oregon's Carruth Compliance Consulting. Additionally, the ...
Conduent Confirms Cyberattack Disrupting Services Across Government Agencies
News
Conduent Confirms Cyberattack Disrupting Services Across Government Agencies
Mitchell Langley January 24, 2025
Conduent confirms cyberattack impacting government agencies and causing service disruptions across multiple US states. The company confirmed that it “experienced ...
Big Cheese Studio Game Code Compromised in Cyber Attack
News
Big Cheese Studio Game Code Compromised in Cyber Attack
Gabby Lee January 24, 2025
Polish game developer Big Cheese Studio suffered a cyberattack, with hackers demanding a cryptocurrency ransom and threatening data release. The Big Cheese Studio cyber attack ...
Texas Insider Breach: Theft of Benefit Funds Impacts 61,000
News
Texas Insider Breach: Theft of Benefit Funds Impacts 61,000
Mitchell Langley January 23, 2025
Texas insider breach at HHSC exposed the personal information of 61,000 individuals and resulted in the theft of benefit funds, leading to seven employee firings ...
Cyber Attack on Consultant Exposes Sensitive Data of Oregon School Employees
News
Cyber Attack on Consultant Exposes Sensitive Data of Oregon School Employees
Mitchell Langley January 23, 2025
A cyber attack on Carruth Compliance Consulting, managing retirement plans for Oregon school districts, exposed sensitive employee data including Social Security numbers and financial information. ...
Lessons from Ace Hardware Cyber Attack: A Case Study in Data Security for Enterprise Businesses
News
Lessons from Ace Hardware Cyber Attack: A Case Study in Data Security for Enterprise Businesses
Gabby Lee January 23, 2025
The Ace Hardware cyber attack exposed sensitive data from over 7,000 individuals, resulting in significant financial and reputational damage, highlighting the critical need for robust ...
North Pole Company Data Breach Exposes Sensitive Data of Half a Million Users
News
North Pole Company Data Breach Exposes Sensitive Data of Half a Million Users
Mitchell Langley January 22, 2025
The North Pole Company suffered a data breach, exposing sensitive data of 520,599 customers. The breach, revealed on BreachForums, highlights risks of identity theft and ...
PowerSchool Breach Might Have Exposed Decades of Canadian Students and Powerschool Teachers Data
News
PowerSchool Breach Might Have Exposed Decades of Canadian Students and Teachers Data
Mitchell Langley January 22, 2025
The PowerSchool CMS cyberattack exposed decades of student and Powerschool Teachers Data . Parents and schools urged to monitor personal information closely.
Dallas ISD PowerSchool Data Breach Exposes Student Information
News
Dallas ISD PowerSchool Data Breach Exposes Student Information
Gabby Lee January 22, 2025
Dallas ISD PowerSchool data breach exposes sensitive student information, including social security numbers. Learn about the cybersecurity incident and the risks.
CMS Powerschool Data Breach Confirmed to Have Compromised Charlotte-Mecklenburg Schools Data
News
CMS Powerschool Data Breach Confirmed to Have Compromised Charlotte-Mecklenburg Schools Data
Mitchell Langley January 22, 2025
Charlotte-Mecklenburg Schools (CMS) confirms a data breach affecting its CMS Powerschool system.
List of 15 Networking Certifications by Security Vendors to Supercharge Your Career in 2025
Blog
Top 15 Networking Certifications to Supercharge Your Career in 2025
Mitchell Langley January 22, 2025
Safeguarding networks is no longer a luxury; it’s a necessity. Expertise in cybersecurity is in incredibly high demand. So making ...
Windows BitLocker Vulnerability (CVE-2025-21210) Exploited in Randomization Attack
News
Windows BitLocker Vulnerability (CVE-2025-21210) Exploited in Randomization Attack
Mitchell Langley January 21, 2025
A critical Windows BitLocker vulnerability (CVE-2025-21210) allows attackers with physical access to bypass AES-XTS encryption, exposing sensitive data through a novel randomization attack.
Nash County Public Schools Data Breach Compromised Student Information
News
Nash County Public Schools Data Breach Compromised Student Information
Mitchell Langley January 21, 2025
A data breach at Nash County Public Schools exposed student information via PowerSchool's PowerSource.
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Andrew Doyle May 8, 2026
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Mitchell Langley May 8, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

Dirty Frag Zero-Day Grants Root Access on Most Linux Distributions
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV

This Week’s Security Spotlight

Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
Signed, Sealed, Stolen Hackers Used DigiCert to Certify Malware
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Gabby Lee May 5, 2026
When Amazon Sends the Phishing Email
Cybersecurity
When Amazon Sends the Phishing Email
Andrew Doyle May 5, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Mitchell Langley April 21, 2026
More In News
Trending
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Tax Season Never Really Ends for Hackers
When Amazon Sends the Phishing Email
Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Targeted iOS Attacks: The Zero-Days Apple Had to Patch Fast
May 14, 2025
Podcasts
Texas vs Google: The $1.4 Billion Wake-Up Call for Data Privacy Violations
May 13, 2025
Podcasts
Marbled Dust’s Zero-Day Exploit: Unveiling a Türkiye-linked Espionage Campaign Against Kurdish Forces
May 13, 2025

Cyber Security News

Justice Department Alleges Misleading Compliance in Federal Audit Case
Cybersecurity
Justice Department Alleges Misleading Compliance in Federal Audit Case
December 15, 2025
GeoServer Vulnerability Exploitation Facilitates External Entity Attacks
Endpoint Security
GeoServer Vulnerability Exploitation Facilitates External Entity Attacks
December 15, 2025
MITRE Highlights XSS and SQL Injection as Top Software Vulnerabilities for 2025
Cybersecurity
MITRE Highlights XSS and SQL Injection as Top Software Vulnerabilities for 2025
December 15, 2025
Shadow Spreadsheets' Stealthy Role in Data Security Risks
Data Security
Shadow Spreadsheets’ Stealthy Role in Data Security Risks
December 15, 2025
Torrent Disguised as Leonardo DiCaprio Film Evades Detection Using Subtle Malware Delivery Technique
Cybersecurity
Torrent Disguised as Leonardo DiCaprio Film Evades Detection Using Subtle Malware Delivery Technique
December 15, 2025
Kali Linux Version 2025.4 Introduces New Hacking Tools and Improvements
Cybersecurity
Kali Linux Version 2025.4 Introduces New Hacking Tools and Improvements
December 15, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Trump’s Security Adviser Targeted in Messaging App Breach Linked to Signal Clone
May 6, 2025
A hacked Signal clone used by Trump’s former security adviser Mike Waltz has raised serious concerns over the safety of sensitive government communications.
New York Post X Account Hacked and Hijacked in Targeted Crypto Scam
May 6, 2025
Hackers hijacked the New York Post’s verified X account to target crypto users via direct messages, redirecting victims to a Telegram-based scam under false pretenses. ...
EU Fines TikTok €530 Million For Data Protection Failures
May 6, 2025
TikTok has been fined €530 million by EU regulators over data protection failures and may face a data transfer suspension to China unless it complies ...
TikTok Fined €530M: GDPR Breach Over Data Transfers to China
May 5, 2025
The Irish Data Protection Commission (DPC) has fined TikTok a staggering €530 million ($601 million) for violating the GDPR by transferring European user data to ...
StealC Malware Upgraded With Advanced Data Theft and Stealth Capabilities
May 5, 2025
StealC malware receives major upgrade with advanced stealth, encryption, and data theft tools, including real-time Telegram alerts and full desktop screenshot capabilities.
Endor Labs Raises $93M to Cut AppSec Noise and Secure the Software Supply Chain
May 5, 2025
In this episode, we explore the security challenges of the AI-driven software era and how Endor Labs is reshaping application security for the modern development ...
UK Retailer Co-op Discloses Data Theft After DragonForce Ransomware Compromise
May 5, 2025
UK retailer Co-op has confirmed a data breach impacting millions, following a ransomware attack by DragonForce. Personal details were stolen, but no financial data.
U.S. Indicts Black Kingdom Ransomware Developer Behind 1,500 Microsoft Exchange Attacks
May 5, 2025
The U.S. has indicted a Yemeni national for operating Black Kingdom ransomware, targeting Microsoft Exchange servers in 1,500 global attacks demanding $10,000 in Bitcoin.
CVE-2025-3928: How One Vulnerability Breached Commvault’s Azure Stack
May 5, 2025
In this episode, we take a deep dive into CVE-2025-3928—a critical vulnerability in the Commvault Web Server that enables remote attackers to deploy and execute ...
Sodinokibi/REvil Ransomware: The Evasive Threat
May 5, 2025
Overview Sodinokibi, also known as REvil, is a highly prolific and sophisticated ransomware-as-a-service (RaaS) operation active since at least April 2019. Initially observed primarily in ...
beWanted Exposes Personal Data of 1.1 Million Job Seekers Across Europe and Latin America
May 5, 2025
Employment platform beWanted leaked over 1.1 million CVs containing names, ID numbers, contact details, and employment history.
Nova Scotia Power, a Canadian Utility, Breached: A Global Warning for Critical Infrastructure
May 2, 2025
On April 25, 2025, Nova Scotia Power, the province’s primary electricity provider, confirmed what many suspected: a cyber incident involving unauthorized access had compromised customer ...
SentinelOne Discloses Ongoing Attacks by Nation-State Hackers and Ransomware Gangs
May 2, 2025
In a rare move, SentinelOne has publicly confirmed that it is under persistent attack from nation-state threat actors and ransomware gangs. This episode breaks down ...
Nova Scotia Power Confirms Customer Data Compromised in Cyberattack
May 2, 2025
Nova Scotia Power confirms personal customer data was stolen in a cyberattack on April 25, though electricity services remain unaffected as the investigation continues.
OpenEoX and the Future of End-of-Life Standardization in IT
May 2, 2025
In this episode, we unpack the evolving landscape of Product Lifecycle Management (PLM) and why it’s become a strategic cornerstone in modern IT environments. From ...
Malicious PyPI Packages Exploit Gmail and WebSockets to Hijack Systems
May 2, 2025
Seven malicious PyPI packages exploited Gmail and WebSockets for remote command execution and data theft, with some packages downloaded over 18,000 times.
iHeartMedia Breach Exposes Personal Data Including SSNs and Passport Numbers
May 2, 2025
iHeartMedia confirmed a December data breach exposing names, Social Security, and passport numbers from local station systems. The company is offering identity theft protection.
Ascension Discloses Data Breach Affecting 5.6 Million Individuals
May 2, 2025
Ascension, a major U.S. healthcare provider, confirmed a ransomware breach affecting 5.6 million individuals, compromising medical, financial, and personal data.
Harrods Confirms Cyberattack Amid Growing Wave Targeting UK Retail Sector
May 2, 2025
Harrods joins M&S and Co-op as the latest UK retailer targeted in a cyberattack, prompting immediate security measures amid a surge in retail-focused intrusions.
LayerX Secures $45M Total to Battle Data Leaks, One Browser at a Time
April 30, 2025
LayerX just raised another $11 million — and it’s not to build another antivirus. With $45 million in total funding, the company is betting that ...
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67