Cyber Security
News
Dior Confirms Data Breach Exposing Chinese Customer Information
Christian Dior confirms a customer data breach affecting Chinese users. Names, contacts, and shopping data were leaked; no financial details were compromised. Investigation ongoing.
News
Nucor Shuts Down Production Lines Following Cybersecurity Incident
Nucor Corporation has shut down select production operations following a cybersecurity incident that compromised internal systems. The company is investigating and restoring operations.
News
Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach
Hackers are selling 89 million Steam user records in an apparent supply chain breach involving vendor access. Valve denies a direct Steam breach but continues ...
News
HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage
HireClick leaked over 5.7 million resume files after leaving an AWS bucket unsecured. The data exposure poses significant risks of fraud, phishing, and identity theft. ...
News
Valve Denies Steam Data Breach, Dismisses Leaked Data as Useless Expired Codes
Valve denies claims of a Steam data breach, stating leaked data consists of expired SMS codes with no account credentials, passwords, or personal information.
News
Memphis-Shelby County Schools Joins Growing Lawsuit Against PowerSchool After Data Breach
Tennessee’s largest school district has filed a federal lawsuit against PowerSchool, citing breach of contract and security failures linked to a December 2023 data breach. ...
News
DragonForce Hackers Disrupt UK Retail Giant Co-op in Geopolitically Charged Cyberattack
Russian-aligned ransomware group DragonForce hit UK retailer Co-op, exposing customer data and disrupting operations, in a hybrid cyberattack blending financial and geopolitical motives.
News
EU Launches European Vulnerability Database (EUVD) Amid CVE Funding Crisis
The EU launches its own vulnerability database (EUVD) to strengthen cybersecurity, reduce reliance on CVE, and ensure greater digital sovereignty across European infrastructure.
News
Twilio Denies Breach After Leak Claims to Expose Steam 2FA Codes
Twilio denies breach after leaked Steam 2FA codes appear online. Experts suspect a third-party SMS provider may be the source of the data exposure.
News
M&S Confirms Customer Data Breach Following Cyberattack
M&S confirms a customer data breach exposing contact details and order history after a cyberattack, but reassures no payment data or passwords were compromised.
News
VMware Tools Vulnerability Lets Attackers Tamper with Virtual Machines
Broadcom patches a critical VMware Tools vulnerability that allows attackers with limited VM access to tamper with files. Affects Windows, Linux, and open-vm-tools versions.
News
Thousands of Node Developers Compromised by Malware in Popular npm Packages
A sophisticated supply chain attack on npm injected malware into widely used packages, exposing thousands of developers to remote access trojans, data theft, and backdoors. ...
News
Türkiye-Backed Group Exploits Output Messenger Zero-Day in Cyberespionage Attack on Kurdish Targets
A Türkiye-linked cyberespionage group exploited a zero-day in Output Messenger, enabling access to sensitive data and communications in targeted attacks on Kurdish-aligned users.
News
Moldovan Authorities Arrest Suspect Tied to DoppelPaymer Ransomware Attacks
A Moldovan suspect has been arrested for a 2021 DoppelPaymer ransomware attack that crippled Dutch research systems and caused €4.5 million in damages.
Cybersecurity
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
Chinese threat group Chaya_004 exploited a zero-day flaw in SAP NetWeaver servers, compromising hundreds of systems using remote code execution and web shell deployments.
Cybersecurity
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
The iClicker website was hacked between April 12–16, 2025, using a fake CAPTCHA to deploy malware via a ClickFix attack targeting students and faculty.
News
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
LockBit's dark web affiliate panels were hacked, exposing thousands of victim negotiation messages, affiliate details, and bitcoin addresses in a leaked MySQL database.
News
Ascension Data Breach Exposes Personal and Health Information of Over 430,000 Patients
Ascension confirms a third-party data breach affecting 437,329 patients, exposing sensitive personal and medical data, including Social Security numbers and health insurance details.
News
NSO Group Fined $167 Million for Pegasus Spyware Attack on WhatsApp Users
A U.S. jury has ordered NSO Group to pay over $167 million in damages for a 2019 Pegasus spyware attack that targeted 1,400 WhatsApp users. ...
Cybersecurity
CISA Warns of Ongoing Cyber Threats to U.S. Oil and Gas Infrastructure
U.S. Oil and Gas Sectors Face Persistent Cyber Threats, CISA Warns The Cybersecurity and Infrastructure Security Agency (CISA) has issued ...
Ransomware
INC Ransomware: Master of Double Extortion
TOP CYBERSECURITY HEADLINES
SECURITYWEEK INDUSTRY EXPERTS
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Threat Actors
- Threat Detection Tools
- Uncategorized
How to Defend Your Organization Against Scattered Spider’s Service Desk Attacks
Scattered Spider service desk attacks exploit social engineering to bypass security, targeting help desks for credential access. Learn defense strategies using open-source tools and training. ...
Food Delivery App GonnaOrder Leaked Customer Names, Addresses, and Order Info for Nearly Two Years
A misconfigured Kafka Broker on GonnaOrder’s platform exposed customer names, phone numbers, and delivery details across Europe from August 2022 to May 2025.
Headero App Data Leak Exposes Over Four Million Sensitive User Records, Including GPS and Sexual Preferences
A misconfigured database tied to the Headero dating app exposed over four million sensitive user records, including GPS coordinates, explicit chat logs, and STD statuses. ...
Ransomware Attack on Mastery Schools Exposes Thousands of Sensitive Records, Including Credit Card and Biometric Data
A ransomware breach at Mastery Schools in Philadelphia exposed sensitive personal and financial records, affecting over 37,000 individuals including students, staff, and families.
Mental Health Provider Mount Rogers Targeted by INC Ransom, Internal Documents and Personal Details Leaked
Ransomware group INC Ransom breached Mount Rogers Community Services, leaking internal files, personal emails, and invoices from the mental health provider's systems.
Erie Insurance Cyberattack Causes System-Wide Disruptions and Portal Outages
Erie Insurance confirms a cyberattack as the source of major service disruptions since June 7, affecting customer access, claims processing, and business operations.
Tomcat Manager Attacks: 400 IPs in Coordinated Brute-Force Attack
On June 5, 2025, GreyNoise flagged a massive spike in coordinated brute-force login attempts targeting Apache Tomcat Manager interfaces. Nearly 400 unique IP addresses, many ...
TxDOT Data Leak: 423,391 Texans Exposed
On May 12, 2025, the Texas Department of Transportation (TxDOT) disclosed a significant data breach that compromised crash reports containing personal data of over 423,000 ...
Ghost Students and AI Scams: How Identity Theft is Gutting Financial Aid
What happens when hundreds of thousands of college applications are submitted—not by hopeful students, but by bots using stolen identities? In this episode, we dive ...
BlackSuit (Royal) Ransomware: Conti Ransomware Reborn
BlackSuit, formerly Royal, is a sophisticated ransomware group using multi-vector attacks, partial encryption, and double extortion to target global organizations, including critical infrastructure. Their operations ...
Ivanti Workspace Control Exposes SQL Credentials Through Hardcoded Key Flaws
Ivanti patched three high-severity vulnerabilities in Workspace Control caused by hardcoded cryptographic keys, which exposed SQL and environment credentials to local authenticated attackers.
Texas Dept. of Transportation Breach Exposes 300,000 Crash Records in May 2025
TxDOT suffered a breach on May 12, 2025, leaking 300,000 crash reports. Stolen data includes driver’s license numbers, insurance info, and crash details.
Mirai Botnet Exploits Wazuh Servers via Remote Code Execution Vulnerability
A critical RCE flaw in Wazuh servers is being exploited by Mirai botnet variants, allowing attackers to execute Python code through malicious API requests.
FIN6 Hackers Target Recruiters with Fake Job Seekers and Malware-Loaded Resumes
FIN6 hackers are impersonating job seekers to infiltrate recruiter systems, delivering the More_Eggs malware via AWS-hosted resume sites and phishing tactics on LinkedIn and Indeed. ...
4,000+ Fake Sites Used in Scam Marketplace Ads on Facebook to Impersonate Top Retail Brands
A scam network using over 4,000 fake websites is impersonating Amazon, Birkenstock, and more, pushing fraudulent Facebook Marketplace ads and stealing user data.
Bert Ransomware Group Claims Data Theft from Global Port Agency S5
Ransomware gang Bert claims to have stolen 140GB of sensitive data from S5 Agency World, a maritime logistics firm with operations in 360+ ports globally. ...
Inside the React Native NPM Supply Chain Breach: 16 Packages, 1 Million+ Downloads, and a RAT in the Code
In this episode, we break down the massive supply chain attack that rocked the React Native ecosystem beginning on June 6, 2025. Over 16 NPM ...
INC Ransomware: Master of Double Extortion
INC Ransomware is a sophisticated and relatively new cybercriminal group known for its targeted ransomware attacks against corporate and organizational networks. They exhibit a high ...
Mirai Strikes Again: Spring4Shell, Wazuh, and TBK DVRs Exploited in Live Campaigns
In this episode, we dive into the latest wave of active Mirai botnet campaigns exploiting high-severity remote code execution (RCE) vulnerabilities in critical enterprise and ...
UNFI Breach: How One Cyberattack Shook the North American Food Supply
On June 5, 2025, United Natural Foods Inc. (UNFI)—North America’s largest publicly traded wholesale food distributor and primary supplier for Whole Foods—was struck by a ...