Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Freddie Mac Data Breach: Social Security Numbers Compromised
News
Freddie Mac Data Breach: Social Security Numbers Compromised
Andrew Doyle March 3, 2025
Freddie Mac confirms a significant data breach exposing customer names and Social Security numbers. The extent of the breach and its cause remain under investigation. ...
Belgian Intelligence Service Breach: Chinese Hackers Under Investigation
News
Belgian Intelligence Service Breach: Chinese Hackers Under Investigation
Andrew Doyle March 3, 2025
Belgian authorities investigate a potential Chinese state-sponsored cyberattack on its State Security Service (VSSE), compromising sensitive data and emails between 2021 and 2023. The breach ...
Via Credit Union Data Breach Impacts Thousands: Indiana Credit Unions Face Cybersecurity Challenges
News
Via Credit Union Data Breach Impacts Thousands: Indiana Credit Unions Face Cybersecurity Challenges
Mitchell Langley March 3, 2025
Via Credit Union suffered a significant data breach affecting over 60,000 members, exposing sensitive personal and financial data. Interra Credit Union also experienced a smaller ...
Angel One Data Leak: AWS Breach Exposes User Data
News
Angel One Data Leak: AWS Breach Exposes User Data
Andrew Doyle March 3, 2025
Angel One, a leading stockbroking firm, suffered a data leak. Unauthorized access to AWS resources exposed client data. An investigation is underway.
This Week In Cybersecurity: 24th February to 28th February
Cybersecurity Newsletter
This Week In Cybersecurity: 24th February to 28th February
Mitchell Langley March 3, 2025
Explore the latest cybersecurity incidents, including the EncryptHub ransomware affecting 618 organizations, a Jasper network breach, and the $1.5 billion Bybit hack. Southern Water faced ...
State of Code Security in 2025: A Wiz Report Reveals Critical Vulnerabilities
News
State of Code Security in 2025: A Wiz Report Reveals Critical Vulnerabilities
Mitchell Langley March 3, 2025
Wiz's 2025 State of Code Security Report exposes alarming vulnerabilities in code repositories: 61% of organizations have secrets exposed in public repositories, leaving sensitive data ...
Serbian Police Exploit Cellebrite Zero-Day to Unlock Android Phones
News
Serbian Police Exploit Cellebrite Zero-Day to Unlock Android Phones
Andrew Doyle March 3, 2025
Serbian authorities exploited Cellebrite's zero-day Android vulnerabilities (CVE-2024-53104, CVE-2024-53197, CVE-2024-50302) to unlock a phone, raising serious security concerns for enterprises.
Ransomware Groups Use BYOVD Attacks Exploiting Paragon Partition Manager Bug
News
Ransomware Groups Use BYOVD Attacks Exploiting Paragon Partition Manager Bug
Andrew Doyle March 3, 2025
Critical Paragon Partition Manager vulnerabilities are being exploited in BYOVD attacks, allowing ransomware gangs SYSTEM-level access and execution of malicious code. Urgent patching is advised. ...
Major Data Breach Exposes 33,000+ Users of Flat Earth Zodiac App
News
Major Data Breach Exposes 33,000+ Users of Flat Earth Zodiac App
Andrew Doyle March 3, 2025
A significant data breach impacting the "Flat Earth Sun, Moon and Zodiac" mobile application has exposed the personal information of over 33,000 users. This incident ...
Akira Ransomware: The Extortion Ghost in a Shell
Resources
Akira Ransomware: The Extortion Ghost in a Shell
Andrew Doyle March 2, 2025
Akira has targeted a range of organizations, including universities (Stanford), major IT service providers (Tietoevry), and numerous businesses across various sectors. Critical infrastructure, including healthcare ...
EncryptHub Ransomware and Infostealer Campaign Targets 618 Organizations Globally
News
EncryptHub Ransomware and Infostealer Campaign Targets 618 Organizations Globally
Andrew Doyle February 27, 2025
EncryptHub Breach Affects 618 Organizations Hit Using Infostealers and Ransomware
Genea IVF Data Breach Claimed by Termite Ransomware Gang
News
Genea IVF Data Breach Claimed by Termite Ransomware Gang
Mitchell Langley February 27, 2025
Australian IVF provider Genea suffered a major data breach. The Termite ransomware gang stole 940GB of sensitive patient data. This includes medical histories, personal details, ...
Lazarus Group Stole $1.5 Billion in Bybit Hack by Exploiting a Safe{Wallet} Developer Machine
News
Lazarus Group Stole $1.5 Billion in Bybit Hack by Exploiting a Safe{Wallet} Developer Machine
Mitchell Langley February 27, 2025
Lazarus hackers stole $1.5 billion from Bybit by compromising a Safe{Wallet} developer machine. The attack involved malicious JavaScript, highlighting vulnerabilities in multisig wallet platforms.
Black Basta Ransomware Costs Southern Water £4.5 Million
News
Black Basta Ransomware Costs Southern Water £4.5 Million
Andrew Doyle February 27, 2025
Southern Water reveals a £4.5 million cost from a Black Basta ransomware attack in February 2024. The attack, while not impacting operations, triggered significant expenses ...
Jasper Network Breach: City Investigates Cybersecurity Incident
News
Jasper Network Breach: City Investigates Cybersecurity Incident
Mitchell Langley February 27, 2025
Jasper, Alabama, is investigating a network security breach. Experts are working to determine the extent of the unauthorized access. No personal data is believed compromised.
GitVenom Malware Campaign Targets Crypto Users via GitHub
News
GitVenom Malware Campaign Targets Crypto Users via GitHub
Mitchell Langley February 26, 2025
The GitVenom malware campaign uses hundreds of compromised GitHub repositories to distribute info-stealers, RATs, and clipboard hijackers, stealing cryptocurrency and credentials.
Auto-Color Linux Backdoor Malware Targets Governments and Universities
News
Auto-Color Linux Backdoor Malware Targets Governments and Universities
Andrew Doyle February 26, 2025
A new, highly evasive Auto-Color Linux backdoor targets North American and Asian governments and universities. The malware uses custom encryption and rootkit-like features for persistence.
Data Breach at DISA Impacts 3.3 Million Compromising Social Security Numbers and Financial Data
News
Data Breach at DISA Impacts 3.3 Million Compromising Social Security Numbers and Financial Data
Mitchell Langley February 26, 2025
DISA Global Solutions, a US drug testing firm, suffered a data breach exposing the sensitive data of 3.3 million individuals. Social Security numbers and financial ...
Have You Been Pwned As Well? The Data Breach Notification Service Adds 284 Million Accounts as Stolen by Infostealer Malware
News
Have You Been Pwned As Well? The Data Breach Notification Service Adds 284 Million Accounts as Stolen by Infostealer Malware
Andrew Doyle February 26, 2025
Have I Been Pwned added 284 million accounts compromised by infostealer malware found on a Telegram channel. The breach includes emails, passwords, and website data.
Orange Group Confirms Data Breach, Hacker Leaks Internal Documents
News
Orange Group Confirms Data Breach, Hacker Leaks Internal Documents
Mitchell Langley February 25, 2025
A hacker leaked thousands of Orange Group's internal documents. The breach compromised user records and employee data. Orange Group confirmed the incident.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
TeleMessage Exploit: Inside the Messaging Flaw That Hit Coinbase and CBP
May 13, 2025
Podcasts
rand-user-agent: The NPM Package That Opened a Backdoor
May 12, 2025
Podcasts
160,000 Victims Later: The Aspire USA Breach Under Valsoft’s Watch
May 12, 2025

Cyber Security News

Kimwolf Botnet A New Threat to Millions of Android Devices
Cybersecurity
Kimwolf Botnet: A New Threat to Millions of Android Devices
January 6, 2026
Ledger Breach Due to Global-e Attack Compromises Customer Data
Data Security
Ledger Breach Due to Global-e Attack Compromises Customer Data
January 6, 2026
Russia-Aligned Threat Actor UAC-0184 Utilizes Viber to Target Ukrainian Military and Government
Application Security
Russia-Aligned Threat Actor UAC-0184 Utilizes Viber to Target Ukrainian Military and Government
January 6, 2026
Sedgwick Breach Raises Concerns Over Security of Government Data Transfers
Data Security
Sedgwick Breach Raises Concerns Over Security of Government Data Transfers
January 6, 2026
Brightspeed Experiences Large-Scale Data Breach Claimed by Crimson Collective
Cybersecurity
Brightspeed Experiences Large-Scale Data Breach Claimed by Crimson Collective
January 6, 2026
The Trump Administration Lifts Sanctions With Implications for Spyware Distribution
Information Security
The Trump Administration Lifts Sanctions With Implications for Spyware Distribution
January 6, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
From TikTok to Total Compromise: The Rise of Social Media Infostealers
May 23, 2025
In this episode, we dive into the alarming surge of infostealer malware campaigns leveraging social media platforms, particularly TikTok, as their distribution vector. Threat actors ...
BlackLock Ransomware Group Claims Breach of Toho, But Evidence Falls Short
May 23, 2025
Cybercriminal group BlackLock claims to have breached Japanese film giant Toho, but researchers found no credible data, casting doubt on the authenticity of the attack. ...
Chinese Hackers Exploit Ivanti EPMM Zero-Day to Breach Government Agencies
May 23, 2025
Chinese hackers exploited a zero-day flaw in Ivanti EPMM to breach global government systems. Immediate patching and security monitoring are strongly advised.
Coca-Cola Investigates Alleged Data Breach Tied to Everest Ransomware Group
May 23, 2025
Hackers from the Everest group claim to have leaked Coca-Cola employee and HR data, including PII and internal documents, potentially tied to a Middle East ...
iOS Sleep App Exposes Personal and Health Data of Over 25,000 Users
May 23, 2025
Sleep Journey iOS app exposed over 25,000 users' personal and health data due to a misconfigured Firebase database, posing significant privacy and security risks.
Chinese Hackers Exploit Cityworks Zero-Day to Breach U.S. Local Government Systems
May 23, 2025
Hackers from the Everest group claim to have leaked Coca-Cola employee and HR data, including PII and internal documents, potentially tied to a Middle East ...
Kettering Health Breached: What the Interlock Ransomware Group Did and Why It Matters
May 22, 2025
In this episode, we dive into the ransomware attack that struck Kettering Health, a major healthcare provider, and the evolving tactics of the Interlock ransomware ...
Deepfake Threats, Mobile Biometrics, and the Future of Trust
May 22, 2025
As digital deception evolves, so must our defenses. In this episode, we dive deep into the escalating battle for trust in our increasingly connected world. ...
Quantum Hacking Is Coming: How to Prepare with Post-Quantum Security Today
May 22, 2025
Quantum hacking is no longer science fiction. This in-depth guide explores post-quantum security, quantum-resistant cryptography, and how to protect your business from future cyber threats.
Russian APT28 Hackers Target Ukraine Aid Operations Through Global Espionage Campaign
May 22, 2025
Russian APT28 hackers have targeted international aid operations to Ukraine since 2022, using cyber espionage to monitor, disrupt, and exfiltrate data from key sectors.
Marks & Spencer Projects $402 Million Profit Loss After Cyberattack Disrupts Operations
May 22, 2025
Marks & Spencer faces a $402 million profit hit following a cyberattack linked to Scattered Spider, disrupting sales and operations and exposing customer data.
Interlock Ransomware Suspected in Kettering Health System-Wide Outage
May 22, 2025
Kettering Health canceled elective procedures after a ransomware-linked outage. Interlock ransomware group is suspected. Emergency services remain operational, but threat actors may leak stolen data. ...
3AM Ransomware Operators Use Spoofed IT Calls, Email Bombing for Network Breaches
May 22, 2025
The 3AM ransomware gang exploits spoofed IT support calls and email bombing to socially engineer remote access, targeting corporate networks in stealthy credential-based breaches.
Global Crackdown Dismantles Lumma Infostealer Malware Network, Seizes 2,300 Domains
May 22, 2025
Authorities and private sector partners have dismantled the infrastructure of the Lumma Infostealer malware, a dominant player in the malware-as-a-service (MaaS) ecosystem.
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools
May 22, 2025
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools
EU Sanctions Stark Industries and Leadership for Supporting Russian Cyber Operations
May 22, 2025
The EU has sanctioned Stark Industries and its leadership for enabling Russian cyber operations, disinformation, and infrastructure support used in attacks against European interests.
119,000 ICS Devices Exposed: The Internet’s Hidden Infrastructure Risk
May 22, 2025
In this episode, we dive into a growing cybersecurity crisis: the exposure of Industrial Control Systems (ICS) on the public internet. These systems power our ...
Serviceaide Data Leak Exposes Health Records of Over 480,000 Catholic Health Patients
May 21, 2025
Serviceaide exposed over 480,000 Catholic Health patients' records due to a misconfigured Elasticsearch database, putting sensitive personal and medical data at risk.
Coinbase Data Breach Exposes Personal Information of 69,461 Customers in Contractor-Driven Incident
May 21, 2025
Coinbase confirms a data breach involving overseas contractors that exposed personal and financial information of 69,461 users, prompting fears of social engineering and financial fraud. ...
Over 100 Malicious Chrome Extensions Found Masquerading as AI Tools, VPNs, and Crypto Utilities
May 21, 2025
A massive and ongoing campaign involving over 100 malicious Chrome extensions has been uncovered, with threat actors deploying browser add-ons disguised as free AI tools, ...
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2