Main Menu
Cyber Security
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
Blacon High School Temporarily Closes Due to Ransomware Attack
News
Blacon High School Temporarily Closes Due to Ransomware Attack
Gabby Lee January 21, 2025
Blacon High School temporarily closed due to a ransomware attack. Further closures are possible as investigations continue. The incident highlights the rising threat of ransomware ...
Otelier Data Breach Exposes Millions of Hotel Reservations and Personal Information
News
Otelier Data Breach Exposes Millions of Hotel Reservations and Personal Information
Mitchell Langley January 20, 2025
The Otelier data breach affected millions of hotel reservations, exposed personal information from major hotel chains. The breach, originating from compromised employee credentials.
HPE Data Breached by IntelBroker: HPE Data on Sale on Dark Web
News
HPE Data Breached by IntelBroker: HPE Data on Sale on Dark Web
Gabby Lee January 20, 2025
IntelBroker, a notorious threat actor, is selling data stolen from Hewlett-Packard Enterprise (HPE), including source code, private keys, and personal information. The HPE data breach ...
FBI Warns AT&T Data Breach Exposed Agent Call Logs Risking Informants
News
FBI Warns AT&T Data Breach Exposed Agent Call Logs Risking Informants
Mitchell Langley January 20, 2025
AT&T data breach exposed six months of FBI agent call logs, potentially revealing confidential informants. The FBI warning highlights vulnerabilities in telecommunications security and the ...
Gateshead Council Cyber-Attack: Personal Data Stolen
News
Gateshead Council Cyber-Attack: Personal Data Stolen
Gabby Lee January 16, 2025
A cyber-attack on Gateshead Council resulted in a data breach affecting an unknown number of residents. The council urges vigilance against phishing emails and advises ...
GGG Data Breach: Path of Excile 2 Dev Grinding Gear Games Apologizes for Security Lapse
News
GGG Data Breach: Path of Excile 2 Dev Grinding Gear Games Apologizes for Security Lapse
Mitchell Langley January 16, 2025
Grinding Gear Games revealed a Path of Exile 2 data breach, compromising 66 accounts and potentially exposing personal information like emails and addresses. The developer ...
Telefonica Breach Exposes 20,000 Employees' Data and Jira Details: Hellcat Ransomware's Infostealer Malware at Play
News
Telefonica Breach Exposes 20,000 Employees’ Data and Jira Details: Hellcat Ransomware’s Infostealer Malware at Play
Mitchell Langley January 15, 2025
Telefonica breach impacts 20,000 employees through customer data theft and infostealer malware tactics in this detailed analysis.
WazirX Hack: North Korea's Lazarus Blamed for WazirX's $235 Million Cryptocurrency Theft
News
WazirX Hack: North Korea’s Lazarus Blamed for WazirX’s $235 Million Cryptocurrency Theft
Mitchell Langley January 15, 2025
The US, Japan, and South Korea blame North Korea's Lazarus group for the WazirX hack, a $235 million cryptocurrency theft. WazirX CEO calls for global ...
PowerSchool Data Breach Exposes Social Security Numbers of 60 Million Students and Teachers
News
PowerSchool Data Breach Exposes Social Security Numbers of 60 Million Students and Teachers
Gabby Lee January 15, 2025
PowerSchool data breach cyberattack exposed SSNs and PII of 60 million students and teachers, including medical information.
West Haven, Connecticut, Battles a Devastating Qilin Ransomware Cyberattack
News
West Haven, Connecticut, Battles a Devastating Qilin Ransomware Cyberattack
Mitchell Langley January 15, 2025
West Haven, Connecticut, is recovering from a cyberattack attributed to the Qilin ransomware group, which temporarily shut down city IT systems. The investigation is ongoing ...
Manitou Springs School District 14 Joins District 49 in PowerSchool Data Breach
News
Manitou Springs School District 14 Joins District 49 in PowerSchool Data Breach
Mitchell Langley January 14, 2025
Manitou Springs District 14 and District 49 experienced a PowerSchool data breach exposing student and parent names and addresses. PowerSchool is investigating with cybersecurity experts. ...
Ransomware Attack Paralyzes Slovakian Land Registry, Souring Slovakia-Ukraine Relations
News
Ransomware Attack Paralyzes Slovakian Land Registry, Souring Slovakia-Ukraine Relations
Gabby Lee January 14, 2025
A ransomware attack has severely impacted Slovakia's Geodesy, Cartography and Cadastre Office (UGKK), causing widespread disruption to land registry services and related public functions. The ...
Pro-Russian Hacker Group Targets Italian Banks and Public Services in DDoS Attacks
News
Pro-Russian Hacker Group Targets Italian Banks and Public Services in DDoS Attacks
Mitchell Langley January 14, 2025
A wave of cyberattacks on Italian banks, including Intesa Sanpaolo and Monte dei Paschi, along with public services, were launched by the pro-Russian hacker group, ...
Gravy Analytics Data Breach Exposes Location Data: iOS 14.5 and App Tracking Transparency Offer Some Protection
News
Gravy Analytics Data Breach Exposes Location Data: iOS 14.5 and App Tracking Transparency Offer Some Protection
Mitchell Langley January 14, 2025
The Gravy Analytics data breach exposed the precise location information of millions of users, impacting both iOS and Android devices. Popular apps, including dating apps ...
Top 10 Ransomware Groups of 2024 The Year's Most Active Cyber Threats
Blog
Top 10 Ransomware Groups of 2024: The Year’s Most Active Cyber Threats
Mitchell Langley January 14, 2025
This in-depth analysis reveals the Top 10 Ransomware groups that dominated the cyberattack landscape in 2024, examining their methods, impact on businesses, and the implications ...
PowerSchool Data Breach: Millions of Student Records Compromised in January 2025
News
PowerSchool Data Breach: Millions of Student Records Compromised in January 2025
Gabby Lee January 13, 2025
PowerSchool had a data breach in December 2025, compromising the personal data of millions of students and parents. Hackers exploited stolen credentials to access sensitive ...
Vermont School Breached in PowerSchool Hack
News
Vermont School Breached in PowerSchool Hack
Mitchell Langley January 13, 2025
PowerSchool data breach exposed the personal data of Vermont school students and staff. The impact varies, but cybersecurity concerns are high. Schools are taking steps ...
This Week In Cybersecurity: 06th January to 10th January
News
This Week In Cybersecurity: 06th January to 10th January
Mitchell Langley January 11, 2025
Casio Data Breach Ransomware Attack Compromised 8,500 Individuals A ransomware attack on Casio in October 2024 compromised personal data of ...
PowerSchool Data Breach Impacts Bozeman Public Schools
News
PowerSchool Data Breach Impacts Bozeman Public Schools
Mitchell Langley January 11, 2025
PowerSchool data breach impacted Bozeman Public Schools, compromising student, family, and teacher data including contact details and employment information. PowerSchool and the district are working ...
PowerSchool Data Breach Hits Louisiana School Districts: Ascension Parish Schools, Livingston Parish Schools Among the Ones Affected
News
PowerSchool Data Breach Hits Louisiana School Districts: Ascension Parish Schools, Livingston Parish Schools Among the Ones Affected
Mitchell Langley January 10, 2025
PowerSchool data breach impacted Louisiana school districts, potentially exposing sensitive student and staff information. PowerSchool claims the data has been deleted, but the incident highlights ...
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Andrew Doyle May 8, 2026
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Mitchell Langley May 8, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

Dirty Frag Zero-Day Grants Root Access on Most Linux Distributions
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV

This Week’s Security Spotlight

Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
Signed, Sealed, Stolen Hackers Used DigiCert to Certify Malware
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Gabby Lee May 5, 2026
When Amazon Sends the Phishing Email
Cybersecurity
When Amazon Sends the Phishing Email
Andrew Doyle May 5, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Mitchell Langley April 21, 2026
More In News
Trending
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Tax Season Never Really Ends for Hackers
When Amazon Sends the Phishing Email
Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
TeleMessage Exploit: Inside the Messaging Flaw That Hit Coinbase and CBP
May 13, 2025
Podcasts
rand-user-agent: The NPM Package That Opened a Backdoor
May 12, 2025
Podcasts
160,000 Victims Later: The Aspire USA Breach Under Valsoft’s Watch
May 12, 2025

Cyber Security News

Fieldtex Ransomware Attack Akira Group Claims Responsibility
Cybersecurity
Fieldtex Ransomware Attack: Akira Group Claims Responsibility
December 15, 2025
Digital-only eVisa Scheme Faces Scrutiny Over Data Leaks and GDPR Concerns
Data Security
Digital-only eVisa Scheme Faces Scrutiny Over Data Leaks and GDPR Concerns
December 15, 2025
Gladinet CentreStack Flaw A Widespread Threat to Organizations
Cybersecurity
Gladinet CentreStack Flaw: A Widespread Threat to Organizations
December 15, 2025
PyStoreRAT New JavaScript-Based RAT Distributed via GitHub
Cybersecurity
PyStoreRAT: New JavaScript-Based RAT Distributed via GitHub
December 15, 2025
Pentagon Pushes for Post-Quantum Cryptography Amid Rising Tech Tensions
Cybersecurity
Pentagon Pushes for Post-Quantum Cryptography Amid Rising Tech Tensions
December 15, 2025
New Cyber Threats Movie Downloads and Software Updates Under Siege
Cybersecurity
New Cyber Threats: Movie Downloads and Software Updates Under Siege
December 15, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
AirBorne: How a Zero-Click Bug Threatens Millions of Apple and Third-Party Devices
April 30, 2025
In this episode, we dive deep into AirBorne — a critical set of vulnerabilities in Apple’s AirPlay protocol and SDK, recently uncovered by security researchers ...
$10.5M to Fight AI-Phishing: The Rise of Pistachio’s Cybersecurity Training Platform
April 30, 2025
In this episode, we dive into the story of Pistachio, the Norwegian cybersecurity startup that just raised $7 million in new funding—bringing its total to ...
Hitachi Vantara Takes Servers Offline Following Akira Ransomware Attack
April 30, 2025
Hitachi Vantara shut down servers to contain an Akira ransomware attack that disrupted systems and led to stolen data across corporate and government-related operations.
Vulnerability Alert – 30th April, 2025
April 30, 2025
Staying ahead of emerging cyber threats requires continuous monitoring of newly disclosed vulnerabilities, exploitation trends, and post-compromise behaviors. This page provides a detailed breakdown of ...
Fighting AI with AI: Using Artificial Intelligence to Strengthen Enterprise Cybersecurity
April 30, 2025
The rise of AI-driven cyberattacks necessitates a proactive approach. This blog explores how AI can combat AI cybersecurity threats, highlighting its benefits and risks ...
MTN Ghana Data Breach Impacts 5,700 Customers, Investigation Underway
April 30, 2025
MTN Ghana confirms a data breach affecting 5,700 customers, with investigations ongoing and direct outreach underway to mitigate potential risks and prevent further exposure.
SK Telecom Offers Free SIM Replacements After Malware Breach Impacts USIM Data
April 30, 2025
SK Telecom is replacing SIM cards for 25 million users after a malware breach exposed USIM data. Supply limits restrict replacements to 6 million by ...
CISA Flags Broadcom, CommVault, and Active! Mail Vulnerabilities as Actively Exploited
April 30, 2025
CISA adds Broadcom, CommVault, and Active! Mail vulnerabilities to KEV catalog following active exploitation reports, urging immediate patching by enterprise and critical infrastructure operators.
M&S Cyberattack Halts Online Sales, Triggers Major Financial Impact
April 30, 2025
Marks & Spencer suspended online orders after a cyberattack over Easter weekend caused major disruptions, wiping £500 million off its stock and impacting daily sales. ...
The Silent Majority: Why 51% of Internet Traffic Is Now Bots
April 29, 2025
The bots have taken over—and they’re not just crawling your website. In this episode, we dig into the alarming reality that automated bots now generate ...
From 1,382 to 4 Million: What VeriSource Didn’t Know (or Say)
April 29, 2025
In this episode, we investigate the massive data breach at VeriSource Services, Inc. (VSI), a Houston-based HR outsourcing and employee benefits administrator. Initially reported as ...
Actively Exploited: Commvault Web Shells, Active! mail RCE, and Brocade Code Injection Now in KEV
April 29, 2025
Three actively exploited vulnerabilities—CVE-2025-42599 (Qualitia Active! mail), CVE-2025-3928 (Commvault Web Server), and CVE-2025-1976 (Broadcom Brocade Fabric OS)—have been added to CISA’s KEV catalog. The Qualitia ...
Over 1,200 SAP NetWeaver Servers Exposed to Actively Exploited Critical Vulnerability
April 29, 2025
A critical SAP NetWeaver flaw (CVE-2025-31324) is being actively exploited. Over 1,200 servers are exposed, with hundreds already compromised by remote webshell deployments.
27 Million Records Allegedly Leaked from French Retailer Boulanger
April 29, 2025
Personal data linked to over 27 million customer records of French electronics giant Boulanger has been leaked on a public hacking forum, with no ransom ...
Marks & Spencer Cyberattack Tied to Scattered Spider Ransomware Group
April 29, 2025
Marks & Spencer is battling an ongoing outage caused by Scattered Spider ransomware attackers, who breached its systems, stole password data, and encrypted virtual machines. ...
VeriSource Confirms Data Breach Impacted 4 Million People After Year-Long Investigation
April 29, 2025
VeriSource Confirms Data Breach Impacted 4 Million People After Year-Long Investigation
Darcula: AI-Enhanced Phishing Platform Targets Users Worldwide
April 29, 2025
The Darcula phishing platform has been upgraded with AI, enabling cybercriminals to quickly generate multilingual phishing scams and harvest user credentials on a global scale. ...
Major AI Vulnerability Exposed: Single Prompt Grants Full Control
April 28, 2025
Researchers uncovered a major AI vulnerability allowing attackers to bypass safeguards with a single prompt, gaining control over AI systems to generate dangerous content.
Hard-Coded Havoc: The Fatal Flaws in Planet’s Network Devices
April 28, 2025
A wave of critical vulnerabilities in Planet Technology’s industrial switches and network management systems could let attackers hijack devices, steal data, and sabotage industrial networks—with ...
Craft CMS Crisis: The 10.0-Rated RCE Flaw Every Developer Must Patch Now
April 28, 2025
A critical, actively exploited vulnerability (CVE-2025-32432) is wreaking havoc on Craft CMS—allowing attackers to execute arbitrary PHP code on unpatched servers with no authentication required. ...
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67