Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
This Week In Cybersecurity: 06th January to 10th January
News
This Week In Cybersecurity: 06th January to 10th January
Mitchell Langley January 11, 2025
Casio Data Breach Ransomware Attack Compromised 8,500 Individuals A ransomware attack on Casio in October 2024 compromised personal data of ...
PowerSchool Data Breach Impacts Bozeman Public Schools
News
PowerSchool Data Breach Impacts Bozeman Public Schools
Mitchell Langley January 11, 2025
PowerSchool data breach impacted Bozeman Public Schools, compromising student, family, and teacher data including contact details and employment information. PowerSchool and the district are working ...
PowerSchool Data Breach Hits Louisiana School Districts: Ascension Parish Schools, Livingston Parish Schools Among the Ones Affected
News
PowerSchool Data Breach Hits Louisiana School Districts: Ascension Parish Schools, Livingston Parish Schools Among the Ones Affected
Mitchell Langley January 10, 2025
PowerSchool data breach impacted Louisiana school districts, potentially exposing sensitive student and staff information. PowerSchool claims the data has been deleted, but the incident highlights ...
New Mirai Botnet Leverages Zero-Day Exploits to Target Industrial Routers
News
New Mirai Botnet Leverages Zero-Day Exploits to Target Industrial Routers
Mitchell Langley January 10, 2025
A new Mirai botnet is using zero-day exploits to target industrial routers and smart home devices, launching high-intensity DDoS attacks. Learn about the vulnerabilities and ...
UK's Nominet Hit by Cyber Attack: Hackers Exploited Zero-Day Ivanti VPN Vulnerability
News
UK’s Nominet Hit by Cyber Attack: Hackers Exploited Zero-Day Ivanti VPN Vulnerability
Gabby Lee January 10, 2025
The UK Internet Domain Registry, Nominet, suffered a cyber attack exploiting a zero-day vulnerability in Ivanti VPN software. While no data breach is confirmed, the ...
BayMark Health Services Data Breach: Ransomware Attack Exposes Patient Data
News
BayMark Health Services Data Breach: Ransomware Attack Exposes Patient Data
Mitchell Langley January 10, 2025
BayMark Health Services suffered a significant data breach after a ransomware attack, exposing sensitive patient information. The company is working to mitigate the damage and ...
Medusind Breach Exposes Sensitive Patient Data of Over 360,000 Customers
News
Medusind Breach Exposes Sensitive Patient Data of Over 360,000 Customers
Gabby Lee January 10, 2025
US dental and medical billing firm Medusind suffered a significant data breach, exposing the personal, financial, and medical data of over 360,000 customers. The breach, ...
PowerSchool Hack Compromises Alabama K-12 Student Data
News
PowerSchool Hack Compromises Alabama K-12 Student Data
Mitchell Langley January 10, 2025
PowerSchool data breach has affected Alabama K-12 schools, raising concerns about student and teacher data security. The incident highlights the ongoing vulnerability of educational institutions ...
Casio Data Breach Ransomware Attack Compromised 8,500 Individuals
News
Casio Data Breach Ransomware Attack Compromised 8,500 Individuals
Mitchell Langley January 8, 2025
Casio confirms customer data compromised in ransomware attack
Green Bay Packers Pro Shop Data Breach Exposes Customer Information
News
Green Bay Packers Pro Shop Data Breach Exposes Customer Information
Mitchell Langley January 8, 2025
Green Bay Packers data breach affected NFL team's Packers Pro Shop website with customer's info compromised.
Rivers Casino Data Breach Follows Class-Action Lawsuits After Personal Information Compromised
News
Rivers Casino Data Breach Follows Class-Action Lawsuits After Personal Information Compromised
Gabby Lee January 8, 2025
Rivers Casino Philadelphia data breach exposed sensitive customer information, leading to multiple class-action lawsuits. Learn about the extent of the breach and the legal actions ...
PowerSchool Hack Exposes Sensitive Data of Students and Teachers in K-12 Districts
News
PowerSchool Hack Exposes Sensitive Data of Students and Teachers in K-12 Districts
Mitchell Langley January 8, 2025
PowerSchool hack exposed student and teacher data from K-12 districts, including SSNs and PII, prompting investigations and credit monitoring services for those affected.
Top 15 Cyberattacks of 2024 The Worst Incidents for Enterprise
Blog
Top 15 Cyberattacks of 2024: The Worst Incidents for Enterprise
Mitchell Langley January 8, 2025
2024 saw a record number of significant cyberattacks targeting enterprises. This blog post dissects the Top 15 Cyber Attacks of 2024, examining the impact, vulnerabilities ...
Hacked Chrome Extensions Expose 2.6 Million Users to Data Leaks
News
Hacked Chrome Extensions Expose 2.6 Million Users to Data Leaks
Mitchell Langley January 7, 2025
Over 36 Hacked Chrome extensions put 2.6 million users at risk of data leaks, exposing browsing data and credentials. Security researchers urge immediate removal of ...
Westend Dental Fined $350,000 for Covering Up Ransomware Attack Data Breach
News
Westend Dental Fined $350,000 for Covering Up Ransomware Attack Data Breach
Gabby Lee January 7, 2025
Westend Dental LLC, a US dental chain, was fined $350,000 for lying about a 2020 ransomware attack that resulted in a major data breach. Their ...
Nuclei Vulnerability Allows Signature Bypass and Code Execution
Cybersecurity
Nuclei Vulnerability Allows Signature Bypass and Code Execution
Mitchell Langley January 7, 2025
Nuclei vulnerability (CVE-2024-43405) allows signature bypass and code execution due to inconsistencies in newline character handling between signature verification and YAML parsing. Update to version ...
Washington Sues T-Mobile Over Data Breach Impacting Millions
News
Washington Sues T-Mobile Over Data Breach Impacting Millions
Mitchell Langley January 7, 2025
Washington state sued T-Mobile for a massive data breach affecting millions, alleging negligence and inadequate customer notification. The T-Mobile data breach exposed sensitive personal information.
City Bank Data Breach: Client Financial Statements Sold on Underground Forums
News
City Bank Data Breach: Client Financial Statements Sold on Underground Forums
Gabby Lee January 7, 2025
City Bank data breach resulted in client financial statements being sold on underground forums. The vulnerability, involving weak multi-factor authentication and improper session handling, was ...
PLAYFULGHOST Malware: Exploiting Phishing, SEO Poisoning, and Trojanized VPNs
News
PLAYFULGHOST Malware: Exploiting Phishing, SEO Poisoning, and Trojanized VPNs
Mitchell Langley January 7, 2025
PLAYFULGHOST malware uses phishing, SEO poisoning, and trojanized VPN apps to steal data, highlighting the need for robust cybersecurity practices.
Hacker 'natohub' Claims 42,000 Records in UN Civil Aviation Agency Data Breach
News
Hacker ‘natohub’ Claims 42,000 Records in UN Civil Aviation Agency Data Breach
Mitchell Langley January 7, 2025
A hacker claims a data breach at the ICAO, a UN agency, affecting 42,000 individuals. The ICAO is investigating.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
$10.5M to Fight AI-Phishing: The Rise of Pistachio’s Cybersecurity Training Platform
April 30, 2025
Podcasts
The Silent Majority: Why 51% of Internet Traffic Is Now Bots
April 29, 2025
Podcasts
From 1,382 to 4 Million: What VeriSource Didn’t Know (or Say)
April 29, 2025

Cyber Security News

Active Exploitation of FortiOS SSL VPN Vulnerability CVE-2020-12812 Noted
CVE Vulnerability Alerts
Active Exploitation of FortiOS SSL VPN Vulnerability CVE-2020-12812
December 28, 2025
Ripple Effects of the 2022 LastPass Data Breach Cryptocurrency at Stake
Cybersecurity
Ripple Effects of the 2022 LastPass Data Breach: Cryptocurrency at Stake
December 28, 2025
U.S. Government Seizes Web3 Ads Panel Domain Linked To Cybercrime
Cybersecurity
U.S. Government Seizes Web3 Ads Panel Domain Linked to Cybercrime
December 28, 2025
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
Cybersecurity
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
December 28, 2025
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
Application Security
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
December 28, 2025
U.S. SEC Accuses Firms of Orchestrating Cryptocurrency Fraud Worth Over $14 Million
Cybersecurity
U.S. SEC Accuses Firms of Orchestrating Cryptocurrency Fraud Worth Over $14 Million
December 28, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Major AI Vulnerability Exposed: Single Prompt Grants Full Control
April 28, 2025
Researchers uncovered a major AI vulnerability allowing attackers to bypass safeguards with a single prompt, gaining control over AI systems to generate dangerous content.
Hard-Coded Havoc: The Fatal Flaws in Planet’s Network Devices
April 28, 2025
A wave of critical vulnerabilities in Planet Technology’s industrial switches and network management systems could let attackers hijack devices, steal data, and sabotage industrial networks—with ...
Craft CMS Crisis: The 10.0-Rated RCE Flaw Every Developer Must Patch Now
April 28, 2025
A critical, actively exploited vulnerability (CVE-2025-32432) is wreaking havoc on Craft CMS—allowing attackers to execute arbitrary PHP code on unpatched servers with no authentication required. ...
Policy Puppetry: How a Single Prompt Can Trick ChatGPT, Gemini & More Into Revealing Secrets
April 28, 2025
Recent research by HiddenLayer has uncovered a shocking new AI vulnerability—dubbed the “Policy Puppetry Attack”—that can bypass safety guardrails in all major LLMs, including ChatGPT, ...
13 Cybersecurity Assumptions That Are Getting You Hacked (And What to Do Instead)
April 28, 2025
Cybersecurity myths are more dangerous than you think. Here are 13 common myths that are silently sabotaging your security—and what to do instead.
WooCommerce Admins Targeted by Fake Security Patches Delivering WordPress Backdoors
April 28, 2025
A new phishing campaign is targeting WooCommerce administrators with fake security alerts designed to hijack websites by installing hidden backdoors and persistent malware.
Marks & Spencer Halts Online Orders Following Cyberattack
April 28, 2025
Marks & Spencer suspended online orders following a cyberattack impacting digital and in-store services, while investigations continue in collaboration with external cybersecurity specialists.
Pro-Russian Hackers NoName Intensify DDoS Attacks Against German Organizations
April 28, 2025
Pro-Russian hackers NoName057(16) have intensified DDoS attacks against German organizations, targeting banks, manufacturers, and government websites in retaliation for political decisions related to Ukraine.
DragonForce Expands Ransomware Model with White-Label Branding
April 28, 2025
DragonForce expands its ransomware cartel with a white-label model, allowing affiliates to use its infrastructure under their own brand, taking a 20% cut of ransoms. ...
SK Telecom Shares Drop Sharply Following a Cyberattack and Customer Data Breach
April 28, 2025
SK Telecom Reports Customer Data Breach Linked to Cyberattack SK Telecom, South Korea’s largest mobile carrier, announced that it suffered a major customer data breach ...
Lazarus Strikes Again: Inside Operation SyncHole and the 1-Day Exploitation Crisis
April 25, 2025
In this episode, we break down the most urgent cybersecurity developments from late April 2025—including the Lazarus Group’s high-profile “Operation SyncHole” targeting South Korean industries. ...
OAuth Phishing and Microsoft 365: The Hidden Threats SMBs Can’t Ignore
April 25, 2025
In this episode, we dissect the real-world challenges of securing Microsoft 365 environments—especially for small and medium-sized businesses—amid rising threats and licensing limitations. From Reddit ...
Navigating the Complex Intersection of AI and Data Privacy
April 25, 2025
The rise of artificial intelligence (AI) presents incredible opportunities, but it also introduces complex challenges regarding data privacy. This blog post delves into the crucial ...
Why Outlook Is Eating Your CPU — And What Microsoft Says About It
April 25, 2025
Microsoft has acknowledged a serious issue affecting users of classic Outlook for Windows: CPU usage spikes up to 50% just from typing emails. First appearing ...
Russian Military Targeted by AlpineQuest Android Spyware Hidden in Trojanized Mapping App
April 25, 2025
Spyware hidden in a fake AlpineQuest app is stealing sensitive data from Russian soldiers, revealing operational plans via location tracking and real-time Telegram monitoring.
Frederick Health Data Breach Impacts 934,326 Patients
April 25, 2025
In January, a ransomware attack on Frederick Health Medical Group exposed sensitive data of 934,326 patients, triggering law enforcement involvement and mandatory federal breach reporting. ...
This Week In Cybersecurity: 21st – 25th April, 2025
April 25, 2025
Targeted malware, ransomware, phishing, and ad fraud hit SK Telecom, Baltimore schools, Google, and more this week—exposing critical data and abusing trusted systems.
Interlock Ransomware Gang Claims DaVita Cyberattack, Leaks 1.5TB of Stolen Data
April 25, 2025
The Interlock ransomware group has claimed responsibility for a cyberattack on DaVita, leaking 1.5TB of sensitive data allegedly stolen from the Fortune 500 healthcare provider.
MTN Confirms Data Breach Impacting Customer Information, Core Systems Unaffected
April 25, 2025
MTN confirms a data breach exposing limited customer data, assures core systems are safe. Law enforcement and regulators have been notified as investigations continue.
Trojan Map App: Spyware Targets Russian Soldiers via Alpine Quest
April 24, 2025
A newly discovered Android spyware campaign is targeting Russian military personnel by weaponizing a popular mapping app. Disguised as a cracked version of Alpine Quest ...
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2