Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
Cybersecurity
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
Gabby Lee April 8, 2026
A critical vulnerability in Flowise lets attackers execute arbitrary code using improperly validated JavaScript.
Exchange Online Mailbox Access Issues Impact Outlook Users
Application Security
Exchange Online Mailbox Access Issues Impact Outlook Users
Mitchell Langley April 7, 2026
Exchange Online access issues have affected Outlook mobile and macOS users. Microsoft is actively working on a resolution.
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Application Security
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Gabby Lee April 7, 2026
The expansion of Shadow AI within daily apps and outdated mobile devices increases exposure to unseen mobile vulnerabilities.
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Cybersecurity
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Gabby Lee April 7, 2026
Organizations face growing cybersecurity risks from trusted vendors, SaaS tools, and subcontractors that bypass traditional security measures.
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
Application Security
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
Andrew Doyle April 7, 2026
Analysis reveals critical ShareFile flaws allowing server access and arbitrary file uploads.
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
Application Security
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
Andrew Doyle April 7, 2026
Researchers found 36 harmful npm packages posing as Strapi CMS plugins to exploit Redis, PostgreSQL, and execute further cyber attacks.
Bogus Traffic Violation Text Scam Targeting Americans
News
Bogus Traffic Violation Text Scam Targeting Americans
Andrew Doyle April 7, 2026
Fraudulent "Notice of Default" text scams impersonate U.S. state courts, leading victims to phishing sites.
Qilin Ransomware Group Targets German Political Party Die Linke
News
Qilin Ransomware Group Targets German Political Party Die Linke
Mitchell Langley April 7, 2026
Qilin ransomware group claims responsibility for a cyberattack on German political party Die Linke.
Analysis Reveals .cmd Malware Escalating Privileges and Bypassing Antivirus
Cybersecurity
Analysis Reveals .cmd Malware Escalating Privileges and Bypassing Antivirus
Gabby Lee April 7, 2026
Detailed analysis of a .cmd malware found in an email, escalating privileges and bypassing antivirus.
Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users
CVE Vulnerability Alerts
Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users
Mitchell Langley April 7, 2026
Fortinet issues emergency patches for a critical vulnerability (CVE-2026-35616) in FortiClient EMS, already exploited in the wild.
North Korean Cyber Operatives Drain $285 Million from Drift Exchange
Cybersecurity
North Korean Cyber Operatives Drain $285 Million from Drift Exchange
Gabby Lee April 7, 2026
A North Korean orchestrated cyber attack stole $285 million from Drift, a Solana-based exchange, on April 1, 2026.
Axios HTTP Client Developer Targeted in North Korean Social Engineering Campaign
Application Security
Axios HTTP Client Developer Targeted in North Korean Social Engineering Campaign
Andrew Doyle April 7, 2026
The popular Axios HTTP client faced a social engineering attack attributed to North Korean actors, exposing serious security risks within open-source ...
Free Android VPNs Are Quietly Working Against You
Cybersecurity
Free Android VPNs Are Quietly Working Against You
Gabby Lee April 3, 2026
Free VPNs on Android promise protection, but often jeopardize user privacy with tracking, permissions, and risky servers.
Residential Proxies Are Breaking IP Reputation Systems for Malware Traffic
Cybersecurity
Residential Proxies Are Breaking IP Reputation Systems for Malware Traffic
Andrew Doyle April 3, 2026
Residential proxies confuse IP reputation systems, obscuring differences between malicious traffic and legitimate users.
Drift Protocol Hit by Calculated Attack Resulting in $280 Million Loss
Cybersecurity
Drift Protocol Hit by Calculated Attack Resulting in $280 Million Loss
Gabby Lee April 3, 2026
Drift Protocol faces a substantial breach, leading to administrative control loss and financial damages exceeding $280 million.
Apple Rolls Out DarkSword Exploit Protection to More Devices
Cybersecurity
Apple Rolls Out DarkSword Exploit Protection to More Devices
Mitchell Langley April 3, 2026
Apple enhances its defenses against the DarkSword exploit kit, a threat linked to state-sponsored hackers and commercial spyware vendors.
Critical Vulnerability in Claude Code Surfaces Days After Source Code Leak
Application Security
Critical Vulnerability in Claude Code Surfaces Days After Source Code Leak
Gabby Lee April 3, 2026
Claude Code faces a critical vulnerability discovered by Adversa AI just days after its source code was unintentionally leaked by Anthropic.
Cybercriminals Exploit Empty Properties for Postal Fraud
Cybersecurity
Cybercriminals Exploit Empty Properties for Postal Fraud
Andrew Doyle April 3, 2026
Threat actors use vacant homes to snatch mail and perpetrate fraud using Flare's findings.
Cisco Releases Patches for Critical and High-Severity Vulnerabilities
Cybersecurity
Cisco Releases Patches for Critical and High-Severity Vulnerabilities
Mitchell Langley April 3, 2026
Cisco fixes critical vulnerabilities threatening authentication, code execution, and more.
Stryker Corporation Restores Operations After Cyberattack
Cybersecurity
Stryker Corporation Restores Operations After Cyberattack
Gabby Lee April 3, 2026
Stryker Corporation resumes operations after a cyberattack by Handala hacktivists.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Weather Station Gateway Exploited: CISA Adds Meteobridge Bug to KEV List
October 6, 2025
Podcasts
DrayTek Issues Critical Patch for Router RCE Flaw (CVE-2025-10547)
October 6, 2025
Podcasts
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps
October 1, 2025

Cyber Security News

Application Security
FamousSparrow APT Hit Azerbaijani Energy Firm in Three Waves
May 14, 2026
Cybersecurity
MuddyWater Targeted South Korean Electronics Maker via DLL Sideloading
May 14, 2026
CVE Vulnerability Alerts
Linux Kernel Fragnesia CVE-2026-46300 Grants Root via Page Cache
May 14, 2026
Application Security
YellowKey and GreenPlasma: Unpatched Windows Zero-Days Released
May 14, 2026
Cybersecurity
Foxconn Confirms Nitrogen Ransomware Stole 8TB of Customer IP
May 14, 2026
Cybersecurity
OpenLoop Health Breach Exposes 716,000 Patient Records
May 14, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
April 7, 2026
Organizations face growing cybersecurity risks from trusted vendors, SaaS tools, and subcontractors that bypass traditional security measures.
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
April 7, 2026
Analysis reveals critical ShareFile flaws allowing server access and arbitrary file uploads.
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
April 7, 2026
Researchers found 36 harmful npm packages posing as Strapi CMS plugins to exploit Redis, PostgreSQL, and execute further cyber attacks.
Bogus Traffic Violation Text Scam Targeting Americans
April 7, 2026
Fraudulent "Notice of Default" text scams impersonate U.S. state courts, leading victims to phishing sites.
Qilin Ransomware Group Targets German Political Party Die Linke
April 7, 2026
Qilin ransomware group claims responsibility for a cyberattack on German political party Die Linke.
Analysis Reveals .cmd Malware Escalating Privileges and Bypassing Antivirus
April 7, 2026
Detailed analysis of a .cmd malware found in an email, escalating privileges and bypassing antivirus.
Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users
April 7, 2026
Fortinet issues emergency patches for a critical vulnerability (CVE-2026-35616) in FortiClient EMS, already exploited in the wild.
North Korean Cyber Operatives Drain $285 Million from Drift Exchange
April 7, 2026
A North Korean orchestrated cyber attack stole $285 million from Drift, a Solana-based exchange, on April 1, 2026.
Axios HTTP Client Developer Targeted in North Korean Social Engineering Campaign
April 7, 2026
The popular Axios HTTP client faced a social engineering attack attributed to North Korean actors, exposing serious security risks within open-source ...
Free Android VPNs Are Quietly Working Against You
April 3, 2026
Free VPNs on Android promise protection, but often jeopardize user privacy with tracking, permissions, and risky servers.
Residential Proxies Are Breaking IP Reputation Systems for Malware Traffic
April 3, 2026
Residential proxies confuse IP reputation systems, obscuring differences between malicious traffic and legitimate users.
Apple Rolls Out DarkSword Exploit Protection to More Devices
April 3, 2026
Apple enhances its defenses against the DarkSword exploit kit, a threat linked to state-sponsored hackers and commercial spyware vendors.
Drift Protocol Hit by Calculated Attack Resulting in $280 Million Loss
April 3, 2026
Drift Protocol faces a substantial breach, leading to administrative control loss and financial damages exceeding $280 million.
Critical Vulnerability in Claude Code Surfaces Days After Source Code Leak
April 3, 2026
Claude Code faces a critical vulnerability discovered by Adversa AI just days after its source code was unintentionally leaked by Anthropic.
Cybercriminals Exploit Empty Properties for Postal Fraud
April 3, 2026
Threat actors use vacant homes to snatch mail and perpetrate fraud using Flare's findings.
Cisco Releases Patches for Critical and High-Severity Vulnerabilities
April 3, 2026
Cisco fixes critical vulnerabilities threatening authentication, code execution, and more.
Stryker Corporation Restores Operations After Cyberattack
April 3, 2026
Stryker Corporation resumes operations after a cyberattack by Handala hacktivists.
Cybersecurity M&A Activity Surges With 38 Deals Closing in March 2026
April 3, 2026
Explore prominent cybersecurity M&A deals announced in March 2026 by Airbus, Cellebrite, and others.
Anthropic Confirms Internal Claude Code Leak Was Caused by Human Error
April 2, 2026
Anthropic confirms internal code leak of Claude Code due to human error, no sensitive data involved.
Microsoft Releases Emergency Fix for KB5079391 Update Installation Failures
April 2, 2026
Microsoft has released an emergency fix for the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to widespread ...
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2