Main Menu
Cyber Security
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
Palo Alto Networks Unveils AI Security Suite: Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
Massive Gmail Data Breach Exposes 183 Million User Credentials
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
TP-Link Patches Critical Omada Gateway Vulnerabilities Preventing Remote Attacks
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
Exploitable Bug in Rust async-tar Library — TARmageddon Gives Attackers RCE
Critical WSUS Flaw (CVE-2025-61884) Drives Elevated RCE Attacks on Windows Server
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
Blue Cross Blue Shield of Montana Breach Exposes Data of 462,000 Members
Post-Patch ‘ToolShell’ Exploit: CVE-2025-53770 Abused in Microsoft SharePoint
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
Iran-Linked APT Deploys Phoenix Backdoor Against 100+ Government Organisations
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
SK Telecom Fined 96.9M After Data Breach Hits 23M Users
Cybersecurity
SK Telecom Hit with Record US$96.9 Million Fine After Data Breach Exposes 23 Million Users
Gabby Lee September 3, 2025
SK Telecom has been fined $96.9 million after a breach exposed 23 million users’ data, marking the largest privacy penalty ever imposed on a South ...
Hackers Leak Sensitive Healthcare Data of 433,000 U.S. Doctors
Cybersecurity
Hackers Leak Sensitive Healthcare Data of 433,000 U.S. Doctors
Andrew Doyle September 3, 2025
Hackers leaked data on 433,000 U.S. doctors, exposing names, addresses, and emails. Experts warn of phishing, identity theft, and ransomware risks targeting healthcare professionals and ...
Tea App Data Breach Exposes Sensitive Images
Cybersecurity
Tea App Data Breach Exposes Sensitive Images
Gabby Lee September 2, 2025
Tea Dating Advice confirmed a July 2025 breach affecting 4,244 users, exposing sensitive PII, identity documents, and private images, raising concerns over larger-scale data exposure.
NCSC Warns of Malware Campaign Using Fake PDF Editors
Application Security
NCSC Warns of Malware Campaign Using Fake PDF Editors
Mitchell Langley September 2, 2025
The NCSC uncovered a malware campaign using fake PDF editors and manual finder tools to turn devices into residential proxies, enabling criminals to mask their ...
TransUnion Data Breach Exposes Personal Information of 4.4 Million
Cybersecurity
TransUnion Data Breach Exposes Personal Information of 4.4 Million
Gabby Lee September 2, 2025
TransUnion confirmed a cyberattack exposing data of over 4.4 million U.S. consumers, tied to Salesforce breaches attributed to ShinyHunters and UNC6395 extortion groups.
Brokewell Android Malware Spread Through Fake TradingView Ads
Application Security
Brokewell Android Malware Spread Through Fake TradingView Ads
Andrew Doyle September 2, 2025
Cybercriminals are exploiting Meta’s ad network to push fake TradingView Premium apps that secretly install Brokewell malware on Android devices, stealing data and hijacking user ...
SentinelOne Q3 Revenue Jumps 22 Amid Cybersecurity Surge
Cybersecurity
SentinelOne Q3 Revenue Jumps 22% Amid Cybersecurity Surge
Andrew Doyle September 2, 2025
SentinelOne has raised its annual revenue forecast amid surging demand for AI-driven cybersecurity. With its Singularity platform and growing ARR surpassing $1 billion, the company ...
U.S. and Allies Expose Salt Typhoon Cyber Espionage Network
Cybersecurity
U.S. and Allies Expose Salt Typhoon Cyber Espionage Network
Mitchell Langley September 2, 2025
A sweeping international advisory accuses Chinese tech firms of fueling cyber espionage campaigns tied to Salt Typhoon and related groups. The attacks span telecom networks, ...
Senator Wyden Demands Independent Cybersecurity Review of Federal Courts
Cybersecurity
Senator Wyden Demands Independent Cybersecurity Review of Federal Courts
Gabby Lee September 2, 2025
A wave of breaches exposing sealed court records and confidential informant data has drawn sharp criticism of the judiciary’s outdated IT. Senator Ron Wyden is ...
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Endpoint Security
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Andrew Doyle September 2, 2025
A DHS audit prompted FEMA to fire 24 staff, including top IT leaders, over cybersecurity failures such as weak authentication and outdated protocols, highlighting federal ...
Maryland’s Paratransit Ransomware Strike Cyberattack Disrupts Disabled Transit Services
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley September 2, 2025
A ransomware attack on Maryland’s Mobility paratransit system has disrupted critical transportation for disabled residents, blocking new reservations and rebookings. While core transit services remain ...
Critical SharePoint Zero-Day Exploited Immediate Steps Against CVE-2025-53770 Vulnerability
Application Security
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
Gabby Lee September 2, 2025
A critical zero-day in Microsoft SharePoint, tracked as CVE-2025-53770, is being widely exploited in espionage and ransomware campaigns. Dubbed “ToolShell,” the flaw enables unauthenticated remote ...
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
Cybersecurity
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
Gabby Lee August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
Cybersecurity
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
Andrew Doyle August 28, 2025
CPAP’s systems were breached in December 2024, exposing names, SSNs, and protected health information for over 90,000 individuals including military beneficiaries.
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
Cybersecurity
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
Mitchell Langley August 28, 2025
Healthcare Services Group reports a late-2024 intrusion that exposed personal data for 624,000 people; company offers identity protection and continues forensic investigations.
PromptLock Ransomware Uses AI to Encrypt and Steal Data
Cybersecurity
PromptLock Ransomware Uses AI to Encrypt and Steal Data
Gabby Lee August 28, 2025
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights risks of weaponized AI in ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Application Security
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Andrew Doyle August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Cybersecurity
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Gabby Lee August 28, 2025
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand of 1.5 BTC was reported.
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Cybersecurity
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Mitchell Langley August 28, 2025
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple AI platforms.
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Cybersecurity
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Andrew Doyle August 28, 2025
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not impacted, CNIL was notified.
Phoenix Contact UPS Vulnerabilities Critical Flaws May Cause Denial-of-Service
Cybersecurity
Phoenix Contact UPS Vulnerabilities: Critical Flaws May Cause Denial-of-Service
Andrew Doyle October 30, 2025
Toys “R” Us Canada Data Breach Customer Records Exposed to Cyber Threats
Data Security
Toys “R” Us Canada Data Breach: Customer Records Exposed to Cyber Threats
Gabby Lee October 27, 2025
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Cybersecurity
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Andrew Doyle October 29, 2025
Maryland Paratransit Ransomware Disrupts Mobility New Ride Requests Halted
News
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
Andrew Doyle October 27, 2025

TOP CYBERSECURITY HEADLINES

TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
Endpoint Security
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
CVE Vulnerability Alerts
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Application Security
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Cybersecurity
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems

This Week’s Security Spotlight

OpenAI Atlas Omnibox Vulnerability Prompt Injection Flaw Exposes Unauthorized Access Risks
Application Security
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Gabby Lee October 27, 2025
CoPhish Exploit via Microsoft Copilot OAuth Token Theft Exposes Trusted Domains
Application Security
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
Mitchell Langley October 27, 2025
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Application Security
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Gabby Lee October 27, 2025
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Application Security
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Andrew Doyle October 22, 2025
More In News
Trending
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
Embassy Breach Alert: Iranian Hackers Exploit 100+ Email Accounts via Phishing
UpCrypter Phishing Campaign Exploits Fake Emails to Deliver RAT Payloads
Deepfake Vishing Incidents Surge by 170% in Q2 2025

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Weather Station Gateway Exploited: CISA Adds Meteobridge Bug to KEV List
October 6, 2025
Podcasts
DrayTek Issues Critical Patch for Router RCE Flaw (CVE-2025-10547)
October 6, 2025
Podcasts
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps
October 1, 2025

Cyber Security News

ICTBroadcast Servers Under Threat Cookie Vulnerability Enables Remote Code Execution
Application Security
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
October 16, 2025
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Application Security
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
October 16, 2025
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Network Security
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
October 16, 2025
Industrial Control at Risk Red Lion RTU Vulnerabilities Score 10.0 CVSS
Application Security
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
October 16, 2025
Salesforce Hacks Extortion Group Leaks Millions of Sensitive Records
Information Security
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
October 16, 2025
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Data Security
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
October 16, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
HybridPetya Ransomware Bypasses UEFI Secure Boot
September 23, 2025
ESET found HybridPetya, a Petya-style ransomware that exploits CVE-2024-7344 to bypass UEFI Secure Boot, install a bootkit, encrypt MFT clusters, and demand Bitcoin.
Microsoft Fairwater Center: Hyperscale AI Hub Coming to Wisconsin
September 23, 2025
Microsoft is building Fairwater, a hyperscale AI data center in Wisconsin with clustered NVIDIA GPUs, closed-loop liquid cooling, and a Datacenter Academy for local workforce ...
SystemBC Turns Infected VPS Hosts Into Global Proxy Highway
September 23, 2025
SystemBC leverages vulnerable commercial VPS hosts to run a 1,500-node proxy botnet that serves scraping, proxy resale, and high-volume criminal traffic globally.
Clarins Listed by Everest Ransomware Gang on Dark Web Post
September 23, 2025
Paris-headquartered luxury skincare maker Clarins has been named on a dark web leak page run by the Everest ransomware gang, which claims to have obtained ...
Hackers Claim Breach of Italian Post, Researchers Disagree
September 23, 2025
Hackers claim to have breached Poste Italiane, but researchers say the data is recycled from older leaks with fabricated fields, meaning no new compromise actually ...
New Kid Warlock Steps Up Ransomware Attacks with SharePoint Exploits
September 23, 2025
Warlock — tracked as Storm 2603 and GOLD SALEM — has surged since March 2025, exploiting SharePoint and other enterprise flaws and listing dozens of ...
Hundreds of NPM Packages Compromised in Self-Replicating Supply Chain Attack
September 23, 2025
A worm-style supply chain attack has compromised hundreds of NPM packages, harvesting npm tokens and secrets while propagating across popular JavaScript libraries and developer scopes.
Baltimore Medical System Claimed by Brain Cipher Ransomware
September 23, 2025
Brain Cipher claims several terabytes stolen from Baltimore Medical System, posting large server and database samples; impact could include medical identity theft for thousands of ...
Hackers Now Going Straight to the Source — Company Data Backups
September 22, 2025
Hackers are increasingly targeting company backups, with 18% of breaches linked to backup attacks — crippling recovery efforts and highlighting the urgent need for secure, ...
Hackers Claim Attack on the US’s Biggest Sushi Supplier — Again?
September 22, 2025
Ransomware gang Lynx claims to have stolen True World Group data, posting invoices and employee records—raising fears of a new breach and business, identity risks.
FBI Issues Guidance as Fraudsters Pose as IC3 to Extort Victims
September 22, 2025
The FBI has issued a warning to the public about a cyber campaign impersonating the Internet Crime Complaint Center (IC3), using spoofed websites to trick ...
Fraudulent GitHub Repos Spread Atomic Stealer Malware Targeting macOS Users
September 22, 2025
A new cyber campaign is actively targeting macOS users with the Atomic Stealer (AMOS) malware, leveraging fake GitHub repositories disguised as legitimate software downloads. Security ...
Netskope’s IPO Raises $908M: SASE Leader Surges 18% on First Trading Day
September 22, 2025
Netskope, a California-based cybersecurity firm specializing in secure access service edge (SASE) solutions, has officially gone public in one of the largest cybersecurity IPOs of ...
SPLX Exposes AI Exploit: Prompt Injection Tricks ChatGPT Into Solving CAPTCHAs
September 22, 2025
A startling new report from AI security platform SPLX reveals how attackers can bypass the built-in guardrails of AI agents like ChatGPT through a sophisticated ...
Brussels, Berlin, London Hit Hard as Cyber Disruption Sparks Flight Chaos
September 22, 2025
A cyberattack on Collins Aerospace, a U.S.-based provider of passenger check-in and baggage handling software, plunged major European airports into chaos over the weekend. Beginning ...
Novakon Ignored Security Reports on ICS Weaknesses, Leaving 40,000+ Devices Exposed
September 19, 2025
A new security report has revealed serious, unpatched vulnerabilities in industrial control system (ICS) products manufactured by Novakon, a Taiwan-based subsidiary of iBASE Technology. Security ...
RevengeHotels Cybercrime Group Adopts AI and VenomRAT in Hotel Credit Card Theft Campaign
September 19, 2025
The cybercrime group known as RevengeHotels, also tracked as TA558, has launched a new wave of attacks against the hospitality sector, evolving its tactics with ...
ShadowLeak: Server-Side Data Theft Attack Discovered Against ChatGPT Deep Research
September 19, 2025
A groundbreaking new cyberattack dubbed ShadowLeak has been uncovered targeting ChatGPT’s Deep Research capability, marking a dangerous escalation in AI-related threats. Unlike prior exploits such ...
WatchGuard Firebox Vulnerability Could Let Hackers Take Over Networks
September 19, 2025
A new critical vulnerability, CVE-2025-9242, has been discovered in WatchGuard Firebox firewalls, putting thousands of networks worldwide at risk. The flaw stems from an out-of-bounds ...
How SystemBC’s 1,500 Infected VPS Servers Fuel Ransomware and Fraud
September 19, 2025
The SystemBC proxy botnet has quietly become one of the most persistent pillars of the cybercrime ecosystem. First detected in 2019, SystemBC is less about ...
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
Palo Alto Networks Unveils AI Security Suite: Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
SailPoint Identity Risk Review: Intelligent Identity Threat Detection