Main Menu
Cyber Security
Justice Department Alleges Misleading Compliance in Federal Audit Case
GeoServer Vulnerability Exploitation Facilitates External Entity Attacks
MITRE Highlights XSS and SQL Injection as Top Software Vulnerabilities for 2025
Shadow Spreadsheets’ Stealthy Role in Data Security Risks
Torrent Disguised as Leonardo DiCaprio Film Evades Detection Using Subtle Malware Delivery Technique
Kali Linux Version 2025.4 Introduces New Hacking Tools and Improvements
Fieldtex Ransomware Attack: Akira Group Claims Responsibility
Digital-only eVisa Scheme Faces Scrutiny Over Data Leaks and GDPR Concerns
Gladinet CentreStack Flaw: A Widespread Threat to Organizations
PyStoreRAT: New JavaScript-Based RAT Distributed via GitHub
Pentagon Pushes for Post-Quantum Cryptography Amid Rising Tech Tensions
New Cyber Threats: Movie Downloads and Software Updates Under Siege
Zero-day Vulnerability in Gogs Leads to Hundreds of Compromised Servers
Former Employee Faces Charges Over Alleged Cybersecurity Fraud: DoD Compliance in Question
Microsoft Expands Vulnerability Rewards Program to Third-Party Code
Stealthy Campaign Targets Developers With Malicious VSCode Extensions
Cybercrime as a Service: The New Era of Subscription-Based Attacks
LastPass Suffers Major Setback as ICO Imposes Consequences Over 2022 Data Breach
Vulnerabilities in PCIe IDE Protocol Pose Risks to Local Systems
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
Why Insuring Keith Richards’ Fingers Highlights Risk Management in Cybersecurity
Docker Hub Data Exposure Puts Thousands of Containers at Risk
React2Shell Exploit Continues to Deliver Undetected Malware Families
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Microsoft Faces Criticism Over Unresolved .NET Vulnerability
.NET Framework Vulnerability SOAPwn: Impact on Enterprise Applications
Teen Hacker Arrested in Spain for Major Data Breach Scheme
Satellite Signal Interruption Causes Porsche Immobilization in Russia
Ivanti Urges Immediate Patch for Endpoint Manager Vulnerability
Prime Security Secures $20 Million to Advance AI-Powered Security Tools
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Cybersecurity
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Andrew Doyle November 11, 2025
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Application Security
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Mitchell Langley November 11, 2025
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CVE Vulnerability Alerts
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
Gabby Lee November 11, 2025
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Application Security
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Andrew Doyle November 11, 2025
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Cybersecurity
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Mitchell Langley November 11, 2025
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
Route Redirect Automates Large-Scale Microsoft 365 Phishing
News
Route Redirect Automates Large-Scale Microsoft 365 Phishing
Gabby Lee November 11, 2025
Researchers uncovered Quantum Route Redirect, a phishing-as-a-service platform using over 1,000 fake Microsoft 365 domains to automate credential theft. With geo-fencing, redirect cloaking, and evasion ...
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Application Security
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Andrew Doyle November 10, 2025
NAKIVO has released Backup & Replication v11.1, adding real-time replication, enhanced Proxmox VE integration, granular physical backups, and MSP Direct Connect. The update boosts disaster ...
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Cybersecurity
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Andrew Doyle November 10, 2025
Microsoft researchers revealed Whisper Leak, a side-channel flaw that allows attackers to infer AI chat content through encrypted HTTPS traffic analysis. By studying packet sizes ...
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Application Security
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Gabby Lee November 10, 2025
Security researchers disclosed three severe runC vulnerabilities (CVE-2024-21626, -23651, -23652) enabling container escapes in Docker and Kubernetes. The flaws allow host-level command injection and privilege ...
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
News
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
Gabby Lee November 10, 2025
The Swiss NCSC warns of a phishing campaign impersonating Apple’s lost device alerts to steal Apple ID credentials. Attackers exploit users’ fear of losing iPhones ...
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
News
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
Mitchell Langley November 10, 2025
Israeli-made Graphite spyware has been used to target Italian political adviser Francesco Nicodemo, marking Italy’s fifth confirmed infection. The case intensifies concerns over state-backed surveillance, ...
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
Cybersecurity
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
Andrew Doyle November 10, 2025
QNAP released urgent patches for seven zero-day flaws exposed during Pwn2Own 2025, impacting QTS, QuTS hero, and other key NAS tools. The vulnerabilities posed serious ...
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Application Security
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Gabby Lee November 10, 2025
Security researchers report the return of GlassWorm, a malware campaign exploiting VSCode extension marketplaces. Three malicious extensions, downloaded over 10,000 times, embedded obfuscated JavaScript for ...
Sensitive Data at OBGYN Associates Exposed in Data Breach
Cybersecurity
Sensitive Data at OB/GYN Associates Exposed in Data Breach
Andrew Doyle November 10, 2025
A data breach at OB/GYN Associates exposed personal and health-insurance information of some patients, prompting containment efforts, credit-monitoring offers and heightened guidance for affected individuals.
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Cybersecurity
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Mitchell Langley November 10, 2025
State-sponsored threat actors breached SonicWall’s cloud backup service, accessing firewall configuration files for all users and prompting urgent customer resets and governance reforms.
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Gabby Lee November 9, 2025
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation in Europe’s high-profile media-sector cyberattacks.
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Application Security
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Andrew Doyle November 9, 2025
Microsoft’s latest Windows Insider build introduces major upgrades to Quick Machine Recovery and Smart App Control, enhancing system restoration speed and flexibility. The updates simplify ...
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
Application Security
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
Gabby Lee November 9, 2025
Security researchers uncovered malicious NuGet packages embedded with time-delayed payloads set to activate in 2027–2028, targeting enterprise software and industrial systems. The stealthy implants exploit ...
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
CVE Vulnerability Alerts
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
Andrew Doyle November 9, 2025
A zero-day flaw in Samsung Galaxy devices (CVE-2025-21042) was exploited to deploy LANDFALL spyware across the Middle East, enabling full device compromise and covert data ...
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Application Security
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Andrew Doyle November 7, 2025
A malicious Visual Studio Code extension mimicking “pyms-folders” was found on Microsoft’s marketplace, encrypting user files in a ransomware-like attack. Researchers believe the extension was ...
Email Scam Exploits PayPal's Subscriptions Billing Feature
News
Email Scam Exploits PayPal’s Subscriptions Billing Feature
Gabby Lee December 15, 2025
Shadow Spreadsheets' Stealthy Role in Data Security Risks
Data Security
Shadow Spreadsheets’ Stealthy Role in Data Security Risks
Mitchell Langley December 15, 2025
Torrent Disguised as Leonardo DiCaprio Film Evades Detection Using Subtle Malware Delivery Technique
Cybersecurity
Torrent Disguised as Leonardo DiCaprio Film Evades Detection Using Subtle Malware Delivery Technique
Gabby Lee December 15, 2025
Fieldtex Ransomware Attack Akira Group Claims Responsibility
Cybersecurity
Fieldtex Ransomware Attack: Akira Group Claims Responsibility
Mitchell Langley December 15, 2025

TOP CYBERSECURITY HEADLINES

Apple Patches Critical Vulnerabilities Across Multiple Platforms
CVE Vulnerability Alerts
Apple Patches Critical Vulnerabilities Across Multiple Platforms
CISA Alerts on Exploited Vulnerability in Sierra Wireless AirLink ALEOS Routers
CVE Vulnerability Alerts
CISA Alerts on Exploited Vulnerability in Sierra Wireless AirLink ALEOS Routers
Germany Accuses Russia of Cyberattacks on Air Traffic Control and Election Interference
Cybersecurity
Germany Accuses Russia of Cyberattacks on Air Traffic Control and Election Interference
Justice Department Alleges Misleading Compliance in Federal Audit Case
Cybersecurity
Justice Department Alleges Misleading Compliance in Federal Audit Case

This Week’s Security Spotlight

Email Scam Exploits PayPal's Subscriptions Billing Feature
News
Email Scam Exploits PayPal’s Subscriptions Billing Feature
Gabby Lee December 15, 2025
Notepad++ Fixes Updater Vulnerability Allowing Attackers to Hijack Update Traffic
Application Security
Notepad++ Fixes Updater Vulnerability Allowing Attackers to Hijack Update Traffic
Andrew Doyle December 15, 2025
Justice Department Alleges Misleading Compliance in Federal Audit Case
Cybersecurity
Justice Department Alleges Misleading Compliance in Federal Audit Case
Gabby Lee December 15, 2025
Why Insuring Keith Richards' Fingers Highlights Risk Management in Cybersecurity
Cybersecurity
Why Insuring Keith Richards’ Fingers Highlights Risk Management in Cybersecurity
Andrew Doyle December 11, 2025
More In News
Trending
Intense Surge in Phishing Campaigns with New Malicious Domains
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Weather Station Gateway Exploited: CISA Adds Meteobridge Bug to KEV List
October 6, 2025
Podcasts
DrayTek Issues Critical Patch for Router RCE Flaw (CVE-2025-10547)
October 6, 2025
Podcasts
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps
October 1, 2025

Cyber Security News

Zafran Security Accelerates Global Expansion with $60 Million Series C Funding
Cybersecurity
Zafran Security Accelerates Global Expansion with $60 Million Series C Funding
December 3, 2025
Albiriox Banking Trojan Poses New Threat to Android Devices
Cybersecurity
Albiriox Banking Trojan Poses New Threat to Android Devices
December 2, 2025
Hackers Exploit Hiring Processes With Deepfakes and Fake Resumes
Cybersecurity
Hackers Exploit Hiring Processes With Deepfakes and Fake Resumes
December 2, 2025
Young Cybercriminals Rebels Without a Cause in the Digital World
Cybersecurity
Young Cybercriminals: Rebels Without a Cause in the Digital World
December 2, 2025
$29 Million in Bitcoin Seized from Cryptomixer Implications for Cybercrime
Cybersecurity
$29 Million in Bitcoin Seized from Cryptomixer: Implications for Cybercrime
December 2, 2025
ShadyPanda Malware Exploits Browser Extensions for Mass Infiltration
Application Security
ShadyPanda Malware Exploits Browser Extensions for Mass Infiltration
December 2, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
November 11, 2025
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
November 11, 2025
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
Route Redirect Automates Large-Scale Microsoft 365 Phishing
November 11, 2025
Researchers uncovered Quantum Route Redirect, a phishing-as-a-service platform using over 1,000 fake Microsoft 365 domains to automate credential theft. With geo-fencing, redirect cloaking, and evasion ...
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
November 10, 2025
NAKIVO has released Backup & Replication v11.1, adding real-time replication, enhanced Proxmox VE integration, granular physical backups, and MSP Direct Connect. The update boosts disaster ...
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
November 10, 2025
Microsoft researchers revealed Whisper Leak, a side-channel flaw that allows attackers to infer AI chat content through encrypted HTTPS traffic analysis. By studying packet sizes ...
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
November 10, 2025
Security researchers disclosed three severe runC vulnerabilities (CVE-2024-21626, -23651, -23652) enabling container escapes in Docker and Kubernetes. The flaws allow host-level command injection and privilege ...
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
November 10, 2025
The Swiss NCSC warns of a phishing campaign impersonating Apple’s lost device alerts to steal Apple ID credentials. Attackers exploit users’ fear of losing iPhones ...
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
November 10, 2025
Israeli-made Graphite spyware has been used to target Italian political adviser Francesco Nicodemo, marking Italy’s fifth confirmed infection. The case intensifies concerns over state-backed surveillance, ...
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
November 10, 2025
QNAP released urgent patches for seven zero-day flaws exposed during Pwn2Own 2025, impacting QTS, QuTS hero, and other key NAS tools. The vulnerabilities posed serious ...
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
November 10, 2025
Security researchers report the return of GlassWorm, a malware campaign exploiting VSCode extension marketplaces. Three malicious extensions, downloaded over 10,000 times, embedded obfuscated JavaScript for ...
Sensitive Data at OB/GYN Associates Exposed in Data Breach
November 10, 2025
A data breach at OB/GYN Associates exposed personal and health-insurance information of some patients, prompting containment efforts, credit-monitoring offers and heightened guidance for affected individuals.
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
November 10, 2025
State-sponsored threat actors breached SonicWall’s cloud backup service, accessing firewall configuration files for all users and prompting urgent customer resets and governance reforms.
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
November 9, 2025
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation in Europe’s high-profile media-sector cyberattacks.
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
November 9, 2025
Microsoft’s latest Windows Insider build introduces major upgrades to Quick Machine Recovery and Smart App Control, enhancing system restoration speed and flexibility. The updates simplify ...
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
November 9, 2025
Security researchers uncovered malicious NuGet packages embedded with time-delayed payloads set to activate in 2027–2028, targeting enterprise software and industrial systems. The stealthy implants exploit ...
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
November 9, 2025
A zero-day flaw in Samsung Galaxy devices (CVE-2025-21042) was exploited to deploy LANDFALL spyware across the Middle East, enabling full device compromise and covert data ...
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
November 7, 2025
A malicious Visual Studio Code extension mimicking “pyms-folders” was found on Microsoft’s marketplace, encrypting user files in a ransomware-like attack. Researchers believe the extension was ...
Cisco Warns of New Attack Variant Exploiting Secure Firewall ASA and FTD Vulnerabilities
November 6, 2025
Cisco has warned of a new attack variant targeting its Secure Firewall ASA and FTD devices, exploiting CVE-2025-20333 and CVE-2025-20362 in tandem for remote code ...
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
November 6, 2025
The ClickFix malware campaign is redefining social engineering by tricking users into manually infecting their systems through fake video guides, countdown timers, and OS-specific commands. ...
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
November 6, 2025
The Clop ransomware gang has claimed responsibility for a cyberattack on The Washington Post, adding the newspaper to its dark web leak site amid ongoing ...
Apple Patches Critical Vulnerabilities Across Multiple Platforms
CISA Alerts on Exploited Vulnerability in Sierra Wireless AirLink ALEOS Routers
Germany Accuses Russia of Cyberattacks on Air Traffic Control and Election Interference
Justice Department Alleges Misleading Compliance in Federal Audit Case
GeoServer Vulnerability Exploitation Facilitates External Entity Attacks
MITRE Highlights XSS and SQL Injection as Top Software Vulnerabilities for 2025
Shadow Spreadsheets’ Stealthy Role in Data Security Risks
New Wave of Phishing Kits Target Credential Theft at Scale
Torrent Disguised as Leonardo DiCaprio Film Evades Detection Using Subtle Malware Delivery Technique
Kali Linux Version 2025.4 Introduces New Hacking Tools and Improvements
Fieldtex Ransomware Attack: Akira Group Claims Responsibility
Digital-only eVisa Scheme Faces Scrutiny Over Data Leaks and GDPR Concerns
Gladinet CentreStack Flaw: A Widespread Threat to Organizations
PyStoreRAT: New JavaScript-Based RAT Distributed via GitHub
Pentagon Pushes for Post-Quantum Cryptography Amid Rising Tech Tensions
New Cyber Threats: Movie Downloads and Software Updates Under Siege
Zero-day Vulnerability in Gogs Leads to Hundreds of Compromised Servers
Former Employee Faces Charges Over Alleged Cybersecurity Fraud: DoD Compliance in Question
Microsoft Expands Vulnerability Rewards Program to Third-Party Code
Stealthy Campaign Targets Developers With Malicious VSCode Extensions