Main Menu
Cyber Security
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
US Treasury Hack: Escalating Cyber Warfare Between US and China
Cybersecurity
US Treasury Hack: Escalating Cyber Warfare Between US and China
Gabby Lee January 2, 2025
The recent US Treasury cyberattack highlights the escalating threat landscape. Learn how enterprise businesses can bolster their defenses against sophisticated state-sponsored attacks like the US ...
Cyber Attacks Hit French Internet Sites: Multiple Cities Targeted in Pro-Russia Hack
News
Cyber Attacks Hit French Internet Sites: Multiple Cities Targeted in Pro-Russia Hack
Mitchell Langley January 2, 2025
French cities faced widespread website outages due to cyberattacks claimed by a pro-Russian group, highlighting vulnerabilities to politically motivated digital disruptions.
This Week In Cybersecurity: 23rd December to 27th December
News
This Week In Cybersecurity: 23rd December to 27th December
Mitchell Langley January 1, 2025
This Week In Cybersecurity covers the latest incidents and trends from December 23rd to December 27th. Highlights include the Play ransomware gang's breach of Krispy ...
Rhode Island's RIBridges Hack: Data Leaked on Dark Web on New Year's Day
News
Rhode Island’s RIBridges Hack: Data Leaked on Dark Web on New Year’s Day
Gabby Lee January 1, 2025
The RIBridges data breach exposes the sensitive information of approximately 650,000 Rhode Islanders. The state is working to mitigate the damage and provide support to ...
Volkswagen Data Leak Exposes Location Data of 800,000 Electric Vehicles
News
Volkswagen Data Leak Exposes Location Data of 800,000 Electric Vehicles
Mitchell Langley January 1, 2025
Volkswagen data leak exposed the location data of 800,000 electric vehicles, along with personal details for some drivers, highlighting serious security flaws.
China Denies State-Sponsored Cyberattack on US Treasury
News
China Denies State-Sponsored Cyberattack on US Treasury
Mitchell Langley January 1, 2025
China denies US accusations of a state-sponsored cyberattack on US Treasury, calling the claims "groundless," while the US points to a compromised third-party service provider.
Pro-Russian Hackers NoName057 Launch Coordinated Cyberattacks Against Italy
News
Pro-Russian Hackers NoName057 Launch Coordinated Cyberattacks Against Italy
Mitchell Langley December 31, 2024
: Pro-Russian hackers NoName057 targeted Italian websites, including Milan airports, in a series of DDoS attacks.
Massive Healthcare Breaches Prompt Overhaul of US Cybersecurity Rules
Cybersecurity
Massive Healthcare Breaches Prompt Overhaul of US Cybersecurity Rules
Mitchell Langley December 31, 2024
The US is overhauling its cybersecurity rules following a surge in healthcare breaches. New regulations will mandate encryption, multi-factor authentication, and network segmentation to protect ...
Harley-Davidson Data Breach Exposes Thousands of Customer Records: 888 Claims Cyberattack
News
Harley-Davidson Data Breach Exposes Thousands of Customer Records: 888 Claims Cyberattack
Gabby Lee December 31, 2024
Harley-Davidson data breach has allegedly exposed the personal information of over 66,700 customers. Learn about the leaked data and the potential risks.
US Treasury Department Hacked: Cyber Attack On US Treasury Blamed on Chinese State-Sponsored Actors
News
US Treasury Department Hacked: Cyber Attack On US Treasury Blamed on Chinese State-Sponsored Actors
Mitchell Langley December 31, 2024
The US Treasury Department was hacked, with Chinese state-sponsored actors gaining access to employee workstations and unclassified documents. Learn
AT&T and Verizon Secure Networks Following Devastating Salt Typhoon Breach
News
AT&T and Verizon Secure Networks Following Devastating Salt Typhoon Breach
Mitchell Langley December 30, 2024
The Salt Typhoon breach impacted AT&T and Verizon, but both companies claim to have successfully contained the Chinese state-sponsored hacking campaign and secured their networks. ...
Japan Airlines Cyberattack Causes Flight Delays
News
Japan Airlines Cyberattack Causes Flight Delays
Gabby Lee December 30, 2024
A distributed denial-of-service (DDoS) attack on Japan Airlines (JAL) caused significant flight delays, highlighting the vulnerability of the aviation industry to cyber threats. Learn about ...
OpenAI ChatGPT Outage: Thousands Report Disruption
News
OpenAI ChatGPT Outage: Thousands Report Disruption
Gabby Lee December 27, 2024
OpenAI ChatGPT outage hit on December 26th, 2024, impacting millions of users. Downdetector showed over 50,000 outage reports. OpenAI attributed the problem to an internet ...
Volkswagen Data Breach Exposes Location Data of 800,000 Electric Vehicles
News
Volkswagen Data Breach Exposes Location Data of 800,000 Electric Vehicles
Mitchell Langley December 27, 2024
A data breach at Volkswagen has exposed the location data of around 800,000 electric vehicles from VW, Audi, Seat, and Skoda. The vulnerability, reported by ...
USAA Bank Data Breach Lawsuit Settles for $3.25 Million
News
USAA Bank Data Breach Lawsuit Settles for $3.25 Million
Mitchell Langley December 26, 2024
USAA Bank paid $3.25 million to settle a data breach lawsuit stemming from a 2021 incident exposing customer data obtained from motor vehicle records. The ...
Indonesia Government Data Breach: 82 GB of Sensitive Data Leaked Online
News
Indonesia Government Data Breach: 82 GB of Sensitive Data Leaked Online
Mitchell Langley December 26, 2024
Indonesia government data breach leaked 82 GB of sensitive data, including financial records, taxpayer information, and employee details, raising serious security and privacy concerns.
News
ConnectOnCall Healthcare Data Breach Exposes Sensitive Healthcare Information
Gabby Lee December 26, 2024
A massive data breach at ConnectOnCall, a healthcare communications provider, has exposed sensitive patient information, raising serious concerns about data security in the healthcare sector.
Kay Adams' NFL Broadcast Interrupted by Netflix Technical Glitch
News
Kay Adams’ NFL Broadcast Interrupted by Netflix Technical Glitch
Mitchell Langley December 26, 2024
Kay Adams' NFL broadcast on Netflix was disrupted due to a technical glitch on Christmas Day, leaving viewers frustrated and highlighting the challenges of streaming ...
WhatsApp Wins Against NSO Group: Judge Finds NSO Liable for Pegasus
Cybersecurity
WhatsApp Wins Against NSO Group: Judge Finds NSO Liable for Pegasus
Mitchell Langley December 24, 2024
WhatsApp secured a major legal victory against NSO Group, creators of Pegasus spyware, with a US court ruling them liable for hacking 1,400 devices. This ...
Ascension Cyberattack Update: New Details Emerge, Patient and Employee Data Exposed
News
Ascension Cyberattack Update: New Details Emerge, Patient and Employee Data Exposed
Mitchell Langley December 24, 2024
A new update reveals the full extent of the June Ascension cyberattack, exposing patient and employee data including medical records, payment information, and Social Security ...
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Andrew Doyle May 8, 2026
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Mitchell Langley May 8, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

Dirty Frag Zero-Day Grants Root Access on Most Linux Distributions
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV

This Week’s Security Spotlight

Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
Signed, Sealed, Stolen Hackers Used DigiCert to Certify Malware
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Gabby Lee May 5, 2026
When Amazon Sends the Phishing Email
Cybersecurity
When Amazon Sends the Phishing Email
Andrew Doyle May 5, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Mitchell Langley April 21, 2026
More In News
Trending
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Tax Season Never Really Ends for Hackers
When Amazon Sends the Phishing Email
Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
How CodeAnt AI is Automating Code Reviews for 50+ Dev Teams
May 8, 2025
Podcasts
The Langflow Breach: How a Popular AI Tool Opened the Door to Hackers
May 7, 2025
Podcasts
Mirai Reloaded: Why CVE-2024-7399 Still Haunts Samsung Servers
May 7, 2025

Cyber Security News

Vulnerabilities in PCIe IDE Protocol Pose Risks to Local Systems
Cybersecurity
Vulnerabilities in PCIe IDE Protocol Pose Risks to Local Systems
December 15, 2025
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
Application Security
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
December 11, 2025
Why Insuring Keith Richards' Fingers Highlights Risk Management in Cybersecurity
Cybersecurity
Why Insuring Keith Richards’ Fingers Highlights Risk Management in Cybersecurity
December 11, 2025
Docker Hub Data Exposure Puts Thousands of Containers at Risk
Data Security
Docker Hub Data Exposure Puts Thousands of Containers at Risk
December 11, 2025
React2Shell Exploit Continues to Deliver Undetected Malware Families
Cybersecurity
React2Shell Exploit Continues to Deliver Undetected Malware Families
December 11, 2025
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Application Security
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
December 11, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
System Intrusions Surge Across EMEA, Verizon DBIR Warns
April 24, 2025
System intrusion breaches in EMEA doubled to 53% in one year, according to Verizon’s 2025 DBIR, as internal threats and third-party involvement surged globally.
Data Breach at Yale New Haven Health Exposes Personal Information of 5.5 Million Patients
April 24, 2025
A data breach at Yale New Haven Health exposed personal details of 5.5 million patients, with names, SSNs, and medical IDs among the data stolen. ...
New Android Malware ‘SuperCard X’ Uses NFC to Drain Bank Accounts in Real Time
April 24, 2025
New Android malware 'SuperCard X' uses NFC technology and social engineering to clone cards and drain bank accounts in real-time through a convincing multi-step scam. ...
Massive 1.33 Million-Device Botnet Drives Unprecedented DDoS Attacks Surge in Q1 2025
April 24, 2025
A record-breaking 1.33 million-device botnet has driven a 110% surge in DDoS attacks in Q1 2025, targeting fintech, e-commerce, and telecom sectors.
Blue Shield of California Exposes Health Data of 4.7 Million Members to Google Due to Analytics Misconfiguration
April 24, 2025
Blue Shield of California disclosed a data breach impacting 4.7 million members after misconfigured Google Analytics exposed protected health information to Google Ads platforms.
Cybercrime Losses in the U.S. Reached $16.6 Billion in 2024, FBI Reports
April 24, 2025
Cybercrime losses in the U.S. hit $16.6 billion in 2024, with older adults and businesses suffering the most, according to new FBI complaint data.
Marks & Spencer Cyberattack Disrupts Services and Delays Customer Orders
April 23, 2025
Marks & Spencer confirms a cyberattack disrupting services, leading to delayed orders and affecting contactless payments, while assuring customers of ongoing efforts to resolve the ...
Qilin Ransomware: Tactics, Techniques, Procedures and Mitigation
April 23, 2025
Qilin ransomware, a potent threat emerging in 2022, has rapidly gained notoriety. This blog post delves into its advanced tactics, techniques, and procedures (TTPs), providing ...
Cookie-Bite Attack Uses Chrome Extension to Steal Microsoft Session Tokens and Bypass MFA
April 23, 2025
Varonis researchers reveal Cookie-Bite, a proof-of-concept Chrome extension attack that steals Azure Entra ID session cookies to bypass MFA and access Microsoft 365 services.
SK Telecom Malware Incident Targets USIM Customer Data
April 23, 2025
SK Telecom has disclosed a malware attack that exposed sensitive USIM data, prompting swift containment, investigation, and enhanced security measures for its 34 million subscribers. ...
Baltimore City Public Schools Data Breach Impacts 25,000 Individuals After Ransomware Attack
April 23, 2025
Baltimore City Public Schools confirms 25,000 people were impacted by a February ransomware attack that exposed sensitive employee and student information, including identification documents.
Active! Mail Zero-Day RCE Vulnerability Exploited in Ongoing Attacks on Japanese Organizations
April 23, 2025
A zero-day flaw in Active! Mail is under active exploitation in Japan, affecting major providers and exposing data across enterprise, education, and government sectors.
The Second Scam: FBI Warns of IC3 Impersonators Targeting Fraud Victims
April 22, 2025
The FBI has issued a stark warning about a growing scam targeting individuals who’ve already been victimized. In this episode, we unpack how fraudsters are ...
Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests
April 22, 2025
The Scallywag ad fraud network used WordPress plugins to generate 1.4 billion daily ad requests, monetizing piracy and redirect sites before being dismantled.
FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud
April 22, 2025
The FBI warns of a scam where criminals impersonate IC3 officials, targeting prior fraud victims with false promises of fund recovery to steal financial information. ...
Abilene, Texas Shuts Down City Systems Following Cyberattack
April 22, 2025
Abilene, Texas has taken key systems offline after a cyberattack. City services are disrupted but emergency response remains intact. Investigation and recovery efforts continue.
Imaflex Inc. Data Breach Exposes Personal and Employment Data
April 22, 2025
Imaflex Inc. Data Breach Exposes Personal and Employment Data: Legal Investigation Underway Imaflex Inc. has disclosed a data breach that exposed sensitive personal and employment-related ...
Google Confirms Sophisticated Phishing Attack Targeting Gmail Users Through DKIM and OAuth Abuse
April 22, 2025
Google confirms a phishing campaign targeting Gmail users that abused DKIM and Google Sites to send spoofed legal requests and steal user credentials undetected.
Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
April 22, 2025
Evil Corp, a prolific Russian cybercrime syndicate, deploys sophisticated malware and ransomware, targeting diverse sectors globally, including healthcare and finance, for financial gain and potential ...
This Week In Cybersecurity: April 1st to 5th, 2025
April 21, 2025
This week in cybersecurity covers a range of incidents, including the shutdown of openSNP over privacy concerns, a data breach affecting 173,000 patients, and a ...
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67