Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
Arrest Linked to KMSAuto Malware Campaign That Hit 2.8 Million Systems
Cybersecurity
Arrest Linked to KMSAuto Malware Campaign That Hit 2.8 Million Systems
Andrew Doyle December 29, 2025
Authorities arrest a Lithuanian individual suspected of deploying clipboard-stealer malware through KMSAuto, impacting 2.8 million computers. The tool, camouflaged as a utility for unauthorized Windows ...
Trust Wallet Compromise Results in $7 Million Loss from Crypto Accounts
Data Security
Trust Wallet Compromise Results in $7 Million Loss from Crypto Accounts
Mitchell Langley December 29, 2025
Trust Wallet users suffer a $7M loss after a targeted attack on the browser extension impacts 3,000 crypto addresses just before Christmas.
Ex-Coinbase Support Agent in India Arrested for Involvement in Data Theft
Data Security
Ex-Coinbase Support Agent in India Arrested for Involvement in Data Theft
Gabby Lee December 29, 2025
A former Coinbase agent in India was detained for aiding hackers to infiltrate company databases, allowing unlawful access to sensitive client data.
Spotify Disables User Accounts to Combat Massive Data Scraping
Data Security
Spotify Disables User Accounts to Combat Massive Data Scraping
Andrew Doyle December 29, 2025
Spotify took action against data scraping by deactivating accounts after Anna’s Archive released data on 86 million songs from its platform.
Ubisoft's Rainbow Six Siege Breach Enables Hackers to Exploit Internal Systems
Application Security
Ubisoft’s Rainbow Six Siege Breach Enables Hackers to Exploit Internal Systems
Mitchell Langley December 28, 2025
Rainbow Six Siege faces a security breach allowing hackers to manipulate in-game systems, impacting player bans and economic balance, compromising integrity.
Hackers Breach Condé Nast Systems, Exposing WIRED Subscriber Data
Cybersecurity
Hackers Breach Condé Nast Systems, Exposing WIRED Subscriber Data
Gabby Lee December 28, 2025
A hacker claims responsibility for a breach at Condé Nast, exposing over 2.3 million WIRED subscriber records. The attacker threatens to release up to 40 ...
Malicious NPM Package ‘Lotusbail’ Targets WhatsApp Credentials
Application Security
Malicious NPM Package ‘Lotusbail’ Targets WhatsApp Credentials
Gabby Lee December 28, 2025
The malicious NPM package ‘Lotusbail’ covertly stole WhatsApp credentials through a backdoor. With more than 56,000 downloads over a six-month period, it emphasized the need ...
LangChain Core Critical Vulnerability Risks for Data Security and LLM Integrity
Application Security
LangChain Core Critical Vulnerability: Risks for Data Security and LLM Integrity
Andrew Doyle December 28, 2025
Critical LangChain Core flaw may enable data theft and LLM response manipulation, impacting system security and integrity.
Cyber Espionage Campaign Involving a China-Linked APT Utilizing DNS Poisoning (1)
Cybersecurity
Cyber Espionage Campaign Involving a China-Linked APT Utilizing DNS Poisoning
Mitchell Langley December 28, 2025
Kaspersky has attributed a China-linked advanced persistent threat group with a DNS poisoning technique to deploy the MgBot backdoor for cyber espionage in Türkiye, China, ...
Aflac Confirms Data Breach Impacting Over 22 Million Customers
Data Security
Aflac Confirms Data Breach Impacting Over 22 Million Customers
Gabby Lee December 28, 2025
A data breach at Aflac has exposed sensitive personal information of over 22 million customers. The company confirmed detecting unusual activities on its systems in ...
Grubhub Users Face Sophisticated Phishing Scam Promising Bitcoin Payouts
News
Grubhub Users Face Sophisticated Phishing Scam Promising Bitcoin Payouts
Mitchell Langley December 28, 2025
Grubhub customers received deceptive messages, seemingly from a company email, promising tenfold bitcoin returns. This scam misled users into transferring cryptocurrency to a specific wallet.
Trust Wallet Urges Users to Update Chrome Extension Due to Security Incident
Application Security
Trust Wallet Urges Users to Update Chrome Extension Due to Security Incident
Gabby Lee December 28, 2025
Trust Wallet experienced a critical security breach affecting its Google Chrome extension, leading to losses of approximately $7 million. Users are urged to update to ...
Active Exploitation of FortiOS SSL VPN Vulnerability CVE-2020-12812 Noted
CVE Vulnerability Alerts
Active Exploitation of FortiOS SSL VPN Vulnerability CVE-2020-12812
Andrew Doyle December 28, 2025
Fortinet has identified ongoing exploitation of the five-year-old FortiOS SSL VPN flaw CVE-2020-12812, revealing it poses significant risks in specific configurations.
Ripple Effects of the 2022 LastPass Data Breach Cryptocurrency at Stake
Cybersecurity
Ripple Effects of the 2022 LastPass Data Breach: Cryptocurrency at Stake
Gabby Lee December 28, 2025
Weak master passwords from 2022's LastPass breach are being exploited to compromise cryptocurrency assets, implicating Russian cybercriminal involvement, according to TRM Labs.
CISA Issues Urgent Advisory on Digiever NVRs Due to Known Exploited Vulnerability
CVE Vulnerability Alerts
CISA Issues Urgent Advisory on Digiever NVRs Due to Known Exploited Vulnerability
Andrew Doyle December 28, 2025
CISA has highlighted CVE-2023-52163, a vulnerability in Digiever NVRs, for active exploitation, advising immediate update and security precautions.
U.S. Government Seizes Web3 Ads Panel Domain Linked To Cybercrime
Cybersecurity
U.S. Government Seizes Web3 Ads Panel Domain Linked to Cybercrime
Mitchell Langley December 28, 2025
Federal authorities confiscated the 'web3adspanels.org' domain, a crucial tool for cybercriminals in hosting and distributing stolen banking login credentials. This move represents a significant intervention ...
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
Cybersecurity
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
Gabby Lee December 28, 2025
The fraudulent Nomani scheme has increased 62%, spreading from Facebook to YouTube. ESET's data indicates a block of 64,000 URLs in 2023.
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
Application Security
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
Andrew Doyle December 28, 2025
Microsoft's integration of Rust aims to improve security and performance in software. With AI assistance, this significant codebase migration targets safety vulnerabilities in existing programming ...
U.S. SEC Accuses Firms of Orchestrating Cryptocurrency Fraud Worth Over $14 Million
Cybersecurity
U.S. SEC Accuses Firms of Orchestrating Cryptocurrency Fraud Worth Over $14 Million
Mitchell Langley December 28, 2025
The SEC has filed charges against Morocoin Tech Corp. and others, accusing them of a $14 million cryptocurrency scam. The companies allegedly misled investors with ...
AI Vulnerabilities Identified by Researchers in Eurostar's Chatbot
Cybersecurity
AI Vulnerabilities Identified by Researchers in Eurostar’s Chatbot
Gabby Lee December 28, 2025
Researchers revealed security weaknesses in Eurostar’s AI chatbot, uncovering four flaws, including HTML injections. Eurostar's reaction raised eyebrows within cybersecurity circles.
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Weather Station Gateway Exploited: CISA Adds Meteobridge Bug to KEV List
October 6, 2025
Podcasts
DrayTek Issues Critical Patch for Router RCE Flaw (CVE-2025-10547)
October 6, 2025
Podcasts
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps
October 1, 2025

Cyber Security News

Cybercriminals Exploit Microsoft SharePoint to Target Energy Sector
Application Security
Cybercriminals Exploit Microsoft SharePoint to Target Energy Sector
January 28, 2026
Microsoft Enhances Teams With Fraud Protection Calling Safeguards in Focus
Application Security
Microsoft Enhances Teams With Fraud Protection: Calling Safeguards in Focus
January 28, 2026
New Advances in Page Cache Exploitation by Austrian Researchers
Cybersecurity
New Advances in Page Cache Exploitation by Austrian Researchers
January 28, 2026
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Cybersecurity
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
January 22, 2026
aiFWall Launches to Elevate AI Protection in Cyber Security
Application Security
aiFWall Launches to Elevate AI Protection in Cyber Security
January 22, 2026
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Application Security
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
January 22, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Spotify Disables User Accounts to Combat Massive Data Scraping
December 29, 2025
Spotify took action against data scraping by deactivating accounts after Anna’s Archive released data on 86 million songs from its platform.
Ubisoft’s Rainbow Six Siege Breach Enables Hackers to Exploit Internal Systems
December 28, 2025
Rainbow Six Siege faces a security breach allowing hackers to manipulate in-game systems, impacting player bans and economic balance, compromising integrity.
Hackers Breach Condé Nast Systems, Exposing WIRED Subscriber Data
December 28, 2025
A hacker claims responsibility for a breach at Condé Nast, exposing over 2.3 million WIRED subscriber records. The attacker threatens to release up to 40 ...
Malicious NPM Package ‘Lotusbail’ Targets WhatsApp Credentials
December 28, 2025
The malicious NPM package ‘Lotusbail’ covertly stole WhatsApp credentials through a backdoor. With more than 56,000 downloads over a six-month period, it emphasized the need ...
LangChain Core Critical Vulnerability: Risks for Data Security and LLM Integrity
December 28, 2025
Critical LangChain Core flaw may enable data theft and LLM response manipulation, impacting system security and integrity.
Cyber Espionage Campaign Involving a China-Linked APT Utilizing DNS Poisoning
December 28, 2025
Kaspersky has attributed a China-linked advanced persistent threat group with a DNS poisoning technique to deploy the MgBot backdoor for cyber espionage in Türkiye, China, ...
Aflac Confirms Data Breach Impacting Over 22 Million Customers
December 28, 2025
A data breach at Aflac has exposed sensitive personal information of over 22 million customers. The company confirmed detecting unusual activities on its systems in ...
Grubhub Users Face Sophisticated Phishing Scam Promising Bitcoin Payouts
December 28, 2025
Grubhub customers received deceptive messages, seemingly from a company email, promising tenfold bitcoin returns. This scam misled users into transferring cryptocurrency to a specific wallet.
Trust Wallet Urges Users to Update Chrome Extension Due to Security Incident
December 28, 2025
Trust Wallet experienced a critical security breach affecting its Google Chrome extension, leading to losses of approximately $7 million. Users are urged to update to ...
Active Exploitation of FortiOS SSL VPN Vulnerability CVE-2020-12812
December 28, 2025
Fortinet has identified ongoing exploitation of the five-year-old FortiOS SSL VPN flaw CVE-2020-12812, revealing it poses significant risks in specific configurations.
Ripple Effects of the 2022 LastPass Data Breach: Cryptocurrency at Stake
December 28, 2025
Weak master passwords from 2022's LastPass breach are being exploited to compromise cryptocurrency assets, implicating Russian cybercriminal involvement, according to TRM Labs.
CISA Issues Urgent Advisory on Digiever NVRs Due to Known Exploited Vulnerability
December 28, 2025
CISA has highlighted CVE-2023-52163, a vulnerability in Digiever NVRs, for active exploitation, advising immediate update and security precautions.
U.S. Government Seizes Web3 Ads Panel Domain Linked to Cybercrime
December 28, 2025
Federal authorities confiscated the 'web3adspanels.org' domain, a crucial tool for cybercriminals in hosting and distributing stolen banking login credentials. This move represents a significant intervention ...
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
December 28, 2025
The fraudulent Nomani scheme has increased 62%, spreading from Facebook to YouTube. ESET's data indicates a block of 64,000 URLs in 2023.
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
December 28, 2025
Microsoft's integration of Rust aims to improve security and performance in software. With AI assistance, this significant codebase migration targets safety vulnerabilities in existing programming ...
U.S. SEC Accuses Firms of Orchestrating Cryptocurrency Fraud Worth Over $14 Million
December 28, 2025
The SEC has filed charges against Morocoin Tech Corp. and others, accusing them of a $14 million cryptocurrency scam. The companies allegedly misled investors with ...
AI Vulnerabilities Identified by Researchers in Eurostar’s Chatbot
December 28, 2025
Researchers revealed security weaknesses in Eurostar’s AI chatbot, uncovering four flaws, including HTML injections. Eurostar's reaction raised eyebrows within cybersecurity circles.
Critical Patch Alert: MongoDB Urges Immediate Update to Prevent RCE Attacks
December 28, 2025
MongoDB has issued an urgent advisory for IT admins to rapidly patch a high-severity vulnerability allowing potential remote code execution (RCE) attacks on susceptible servers. ...
Italy’s AGCM Fines Apple €98.6 Million Over Alleged App Tracking Transparency Misuse
December 24, 2025
Italy's competition authority, AGCM, has fined Apple €98.6 million for allegedly abusing its dominant market position with the App Tracking Transparency framework.
Passwd Offers Secure Credential Management for Google Workspace Users
December 24, 2025
Passwd provides a secure credential management platform designed exclusively for businesses using Google Workspace, emphasizing integration, controlled sharing, and practicality.
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited