Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
This Week In Cybersecurity: 28th October to 1st November
Cybersecurity
This Week In Cybersecurity: 28th October to 1st November
Mitchell Langley November 3, 2024
CRA Data Breach Exposes Tens of Thousands of Taxpayer Accounts, Millions Lost in Bogus Refunds A significant data breach at ...
Trinity Ransomware Major Threat to the Healthcare Industry
Blog
Trinity Ransomware: Major Threat to the Healthcare Industry
Gabby Lee November 1, 2024
The newly discovered Trinity ransomware is a significant threat to the healthcare industry, with at least one U.S. hospital already affected. HHS issued a warning ...
Nine Class-Action Lawsuits Filed After New Jersey Water Company Data Breached
News
Nine Class-Action Lawsuits Filed After New Jersey Water Company Data Breached
Mitchell Langley October 31, 2024
Nine class-action lawsuits have been filed against a New Jersey utility company following a data breach of unknown scope. The company, American Water, serves over ...
ZircoDATA Cybersecurity Breach Exposes Sensitive Australian Data
News
ZircoDATA Cybersecurity Breach Exposes Sensitive Australian Data
Gabby Lee October 31, 2024
A major cybersecurity breach at ZircoDATA, an Australian data firm, exposed sensitive personal information, impacting hundreds of organizations and highlighting the need for stronger data ...
PSAUX Ransomware Attack Cripples 22,000 CyberPanel Instances
News
PSAUX Ransomware Attack Cripples 22,000 CyberPanel Instances
Mitchell Langley October 31, 2024
The PSAUX ransomware attack exploited critical vulnerabilities in CyberPanel, crippling over 22,000 instances and encrypting countless files. A decryptor is now available.
Interbank Confirms Data Breach Following Failed Extortion Attempt
News
Interbank Confirms Data Breach Following Failed Extortion Attempt
Mitchell Langley October 31, 2024
Interbank, a Peruvian bank, confirms a massive data breach after a failed extortion attempt. Millions of customer records, including financial details, were leaked online.
LottieFiles npm Supply Chain Attack Drains Cryptocurrency Wallets
News
LottieFiles npm Supply Chain Attack Drains Cryptocurrency Wallets
Gabby Lee October 31, 2024
A npm supply chain attack targeted LottieFiles, compromising versions 2.0.5-2.0.7 of its "lottie-player" package and leading to cryptocurrency theft. Users are urged to upgrade immediately.
Advanced Recovery Equipment & Supplies Data Breach Impacts Customer Information
News
Advanced Recovery Equipment & Supplies Data Breach Impacts Customer Information
Mitchell Langley October 31, 2024
Advanced Recovery Equipment & Supplies LLC suffered a data breach in 2023, exposing customer names, Social Security numbers, medical information, and more. Data breach notification ...
Ticking Time Bomb or Opportunity How to Secure Remote Work Environments
Blog
Ticking Time Bomb or Opportunity? How to Secure Remote Work Environments
Mitchell Langley October 31, 2024
Remote work has revolutionized the workplace, but it has also introduced a new wave of security threats. Unvetted software, vulnerable home networks, and public Wi-Fi ...
Boart Longyear Data Breach Compromised Sensitive Customer Information
News
Boart Longyear Data Breach Compromised Sensitive Customer Information
Mitchell Langley October 30, 2024
Boart Longyear, a global drilling company, experienced a data breach exposing sensitive customer information, including Social Security numbers and medical records. The company is sending ...
France's Second-Largest ISP, Free, Suffers Data Breach
News
France’s Second-Largest ISP, Free, Suffers Data Breach
Gabby Lee October 30, 2024
France's second-largest internet service provider (ISP), Free, has confirmed a significant data breach affecting some of its 22.9 million subscribers.
Cash App Data Breach Settlement: Only Few Weeks to Claim $2,575 in Compensation
News
Cash App Data Breach Settlement: Only Few Weeks to Claim $2,575 in Compensation
Mitchell Langley October 30, 2024
Cash App users affected by the 2022 data breach have until November 19th to claim up to $2,575 in compensation for the incident.
Wichita County Cyberattack: 47,000 Residents Affected by Data Breach
News
Wichita County Cyberattack: 47,000 Residents Affected by Data Breach
Mitchell Langley October 30, 2024
The Wichita County cyberattack exposed the sensitive data of 47,000 residents, including SSNs and medical records. The Medusa ransomware gang claimed responsibility, demanding a ransom ...
CRA Data Breach Exposes Tens of Thousands of Taxpayer Accounts, Millions Lost in Bogus Refunds
News
CRA Data Breach Exposes Tens of Thousands of Taxpayer Accounts, Millions Lost in Bogus Refunds
Mitchell Langley October 30, 2024
Tens of thousands of Canadian taxpayers were victims of a massive CRA data breach, resulting in millions of dollars in fraudulent refunds and exposing systemic ...
Fog Ransomware Exploits SonicWall VPN Vulnerability to Breach Corporate Networks
News
Fog Ransomware Exploits SonicWall VPN Vulnerability to Breach Corporate Networks
Gabby Lee October 28, 2024
Fog ransomware exploits a critical SonicWall VPN vulnerability (CVE-2024-40766), enabling rapid network breaches and data encryption. Prompt patching is crucial.
This Week In Cybersecurity: 21st October to 25th October
Cybersecurity
This Week In Cybersecurity: 21st October to 25th October
Andrew Doyle October 25, 2024
Cyberattack Targets Critical Sectors in Cyprus A significant cyberattack has compromised critical infrastructure in Cyprus, highlighting vulnerabilities to sophisticated threats. ...
Johnson & Johnson Data Breach Exposes Personal Information of 3,200 Individuals
News
Johnson & Johnson Data Breach Exposes Personal Information of 3,200 Individuals
Mitchell Langley October 25, 2024
A data breach at Johnson & Johnson's insurance arm compromised personal information from 3,200 individuals. The company is offering credit monitoring and identity restoration services.
Hot Topic Data Breach: Millions of Customers Potentially Affected
News
Hot Topic Data Breach: Millions of Customers Potentially Affected
Gabby Lee October 25, 2024
A massive data breach at Hot Topic potentially exposed millions of customers' personal information, highlighting
Nidec Corporation Suffers Data Breach: Ransomware Attack Leaks Sensitive Information
News
Nidec Corporation Suffers Data Breach: Ransomware Attack Leaks Sensitive Information
Mitchell Langley October 25, 2024
Nidec Corporation confirms a ransomware attack leaked 50,694 files, including sensitive business documents, after negotiations with attackers failed.
Rocky Mountain Gastroenterology Suffers Triple Cyberattack, Exposing Data of Up to 169,000 Patients
News
Rocky Mountain Gastroenterology Suffers Triple Cyberattack, Exposing Data of Up to 169,000 Patients
Mitchell Langley October 25, 2024
Rocky Mountain Gastroenterology suffered a devastating triple cyberattack, exposing sensitive data of up to 169,000 patients, highlighting the urgent need for enhanced healthcare cybersecurity.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Hackers Flip the Script: How a Fake Coinbase Email Could Empty Your Wallet
March 18, 2025
Podcasts
Brute-Force on Autopilot: Black Basta’s ‘BRUTED’ VPN Tool for Ransomware Expansion
March 17, 2025
Podcasts
GitHub Action Hijacked: The Supply Chain Attack That Exposed 23,000 Repositories
March 17, 2025

Cyber Security News

Surge in Illicit Activities Criminal Use of DIG AI on Tor Network Increases in Q4 2025
Cybersecurity
Surge in Illicit Activities: Criminal Use of DIG AI on Tor Network Increases in Q4 2025
December 22, 2025
GhostPairing Campaign Hijacks WhatsApp Accounts via Device-Linking Feature
Application Security
GhostPairing Campaign Hijacks WhatsApp Accounts via Device-Linking Feature
December 22, 2025
FTC Demands Accountability in Illusory Systems Cybersecurity Breach Case
Cybersecurity
FTC Demands Accountability in Illusory Systems Cybersecurity Breach Case
December 22, 2025
French Prosecutors Investigate Cyberattack on GNV Ferry Fantastic
Cybersecurity
French Prosecutors Investigate Cyberattack on GNV Ferry “Fantastic”
December 19, 2025
Cisco Identifies Exploited Zero-Day Vulnerability in Email Gateway Systems
Cybersecurity
Cisco Identifies Exploited Zero-Day Vulnerability in Email Gateway Systems
December 18, 2025
Windows 11 Security Updates Interrupt Enterprise VPN Connectivity
Network Security
Windows 11 Security Updates Interrupt Enterprise VPN Connectivity
December 18, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
DollyWay Malware Campaign Compromises 20,000 WordPress Sites
March 20, 2025
The DollyWay malware campaign, active since 2016, has compromised over 20,000 WordPress sites, redirecting users to malicious sites and generating millions of fraudulent impressions monthly.
WhatsApp Patches Zero-Day Flaw Exploited by Paragon Spyware
March 20, 2025
WhatsApp has patched a zero-click vulnerability exploited by Paragon spyware, affecting journalists and activists globally, highlighting ongoing cybersecurity challenges.
Ukrainian Military Targeted in New Signal Spear-Phishing Attacks
March 20, 2025
krainian military personnel are facing sophisticated spear-phishing attacks using compromised Signal accounts to deliver Dark Crystal RAT malware. Urgent security updates are needed.
Arcane Infostealer Infects YouTube and Discord Users Through Game Cheats
March 20, 2025
The Arcane infostealer, a new malware, is stealing data from YouTube and Discord users via game cheats, targeting VPNs, messengers, and cryptocurrency wallets. Its sophisticated ...
Pennsylvania Education Union Data Breach Impacts 500,000 Individuals
March 20, 2025
he Pennsylvania State Education Association (PSEA) suffered a data breach exposing the personal information of over 500,000 individuals, including financial and health records. Rhysida ransomware ...
Ransomware Victims on Dark Web – 12th March, 2025
March 20, 2025
This report summarizes recent ransomware attacks across various sectors, detailing the victims, threat actors, and available information on the incidents. Due to the nature of ...
Ransomware Victims on Dark Web – 3rd March, 2025
March 20, 2025
This report summarizes recent ransomware attacks across various sectors, detailing the victims, threat actors, and available information on the incidents. Due to the nature of ...
Qilin/Agenda Ransomware: The Credential Stealers
March 20, 2025
Overview The Qilin ransomware group, also known as Agenda, is a Russia-based ransomware-as-a-service (RaaS) operation active since at least July 2022. Initially operating under the ...
MegaRAC CVE-2024-54085 Vulnerability: Critical BMC Flaw Threatening Data Centers
March 19, 2025
A newly discovered critical vulnerability (CVE-2024-54085) in AMI’s MegaRAC Baseboard Management Controller (BMC) software puts thousands of servers at risk—including those from HPE, Asus, and ...
California Cryobank Data Breach Exposes Sensitive Customer Information
March 19, 2025
California Cryobank, a major US sperm bank, suffered a data breach exposing customer names, bank details, Social Security numbers, and more. The company is offering ...
GitHub Action Hack May Cause Another Supply Chain Attack
March 19, 2025
A cascading supply chain attack, starting with a GitHub Action hack, exposed CI/CD secrets across 23,000 repositories, highlighting vulnerabilities in third-party code reliance.
Western Alliance Bank Data Breach Impacts 21,899 Customers
March 19, 2025
Western Alliance Bank suffered a data breach impacting 21,899 customers, exposing sensitive personal and financial information due to a third-party vendor's software vulnerability exploited by ...
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
March 19, 2025
A critical Windows zero-day exploit, ZDI-CAN-25373, has been exploited by 11 state-sponsored hacking groups since 2017, enabling data theft and espionage. Microsoft initially declined to ...
Microsoft Windows March Update Wipes Out Copilot
March 19, 2025
Microsoft’s latest Windows 10 and 11 updates (KB5053598 and KB5053606) have accidentally uninstalled Copilot, the AI assistant, from some users’ systems—leaving many relieved rather than ...
$6.1 Million Crypto Stolen in WEMIX Hack
March 19, 2025
WEMIX, a blockchain gaming platform, suffered a $6.1 million crypto theft. Hackers stole authentication keys, planning the attack for two months before executing 13 successful ...
The Mirai Botnet: The Infamous DDoS Weapon
March 19, 2025
The Mirai botnet, a notorious piece of malware, launched devastating DDoS attacks in 2016. This blog post delves into its origins, spread, impact, and the ...
StilachiRAT Malware Steals Crypto Using Advanced Reconnaissance
March 18, 2025
Microsoft discovered StilachiRAT, a new RAT malware using sophisticated techniques to steal cryptocurrency and perform reconnaissance. Its advanced evasion capabilities make proactive defense crucial.
GitHub Action Supply Chain Attack Exposes CI/CD Secrets
March 18, 2025
A supply chain attack on the popular tj-actions/changed-files GitHub Action exposed CI/CD secrets. Attackers compromised a PAT, impacting 23,000 repositories. GitHub has since removed the ...
Critical Apache Tomcat Flaw Actively Exploited in Attacks
March 18, 2025
Critical Apache Tomcat RCE vulnerability (CVE-2025-24813) is actively exploited, allowing attackers to take control of servers via simple PUT requests. Immediate patching is crucial.
Fake “Security Alert” on GitHub Used to Hijack OAuth App Accounts
March 18, 2025
A massive GitHub phishing campaign uses fake "Security Alert" issues and a malicious OAuth app to hijack accounts, granting attackers full control. Immediate action is ...
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2