Main Menu
Cyber Security
React2Shell Exploit Continues to Deliver Undetected Malware Families
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Microsoft Faces Criticism Over Unresolved .NET Vulnerability
.NET Framework Vulnerability SOAPwn: Impact on Enterprise Applications
Teen Hacker Arrested in Spain for Major Data Breach Scheme
Satellite Signal Interruption Causes Porsche Immobilization in Russia
Ivanti Urges Immediate Patch for Endpoint Manager Vulnerability
Prime Security Secures $20 Million to Advance AI-Powered Security Tools
Microsoft Appoints New Operating CISOs to Enhance AI-Driven Cyberdefense
Fortinet Releases Fixes for Critical Vulnerabilities Affecting FortiOS and Other Products
Adobe’s Comprehensive Security Update Targets Massive Vulnerabilities Array
Microsoft Enhances PowerShell Security With Script Warning Functionality
Microsoft Patches Critical Zero-Day Vulnerability in Windows
Google Introduces Layered Defenses in Chrome to Combat Prompt Injection Vulnerabilities
Microsoft Works to Mitigate Copilot Access Issues in Europe
Equixly Secures $11 Million Investment to Enhance API Penetration Testing Capabilities
Proofpoint Completes Acquisition of Hornetsecurity: A Strategic Move in Cybersecurity
Storm-0249 Exploits EDR and Windows Tools for Ransomware Prep
Mirai-based Broadside Botnet Exploits TBK Vision DVRs in Maritime Sector
Identity Security Firm Saviynt Secures $700 Million in Funding Amid Booming Security Market
EtherRAT Malware Implant Utilizes Linux Persistence Mechanisms in React2Shell Attack
OpenAI Responds to ChatGPT Plus Subscription Controversy Over Ads
Portugal Establishes Legal Safe Harbor for Ethical Hackers
Clickjacking Tactics Exploit SVG and CSS: Understanding the New Threat
IDEsaster: Uncovering Security Flaws in AI-Powered IDEs
FBI Warns of Social Media Images Exploited for Virtual Kidnapping Scams
GlobalProtect Logins and SonicWall APIs Come Under Fire from Hacking Campaign
ASUS Confirms Third-party Breach as Everest Ransomware Group Strikes
India Reverses Decision on Mandating Preinstalled Cybersecurity App on Smartphones
Virginia Brothers Face Conspiracy Charges Over Alleged Data Theft and Database Destruction
Australia Issues Urgent Warning as Cisco IOS XE Exploit Sees Ongoing Attacks
CVE Vulnerability Alerts
Australia Issues Urgent Warning as Cisco IOS XE Exploit Sees Ongoing Attacks
Gabby Lee November 2, 2025
Australian authorities have issued an urgent warning over active exploitation of CVE-2023-20198, a critical Cisco IOS XE flaw used to deploy the persistent “BadCandy” webshell. ...
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
Application Security
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
Mitchell Langley November 2, 2025
China-linked APT group Bronze Butler exploited a zero-day flaw in Motex Lanscope Endpoint Manager to deploy an upgraded Gokcpdoor malware variant in targeted Japanese organizations. ...
Google’s AI-Powered Search Signals the Return of Ads What it Means for Security and Strategy
Application Security
Google’s AI-Powered Search Signals the Return of Ads: What it Means for Security and Strategy
Gabby Lee November 2, 2025
Google is integrating advertising into its AI-powered Search Generative Experience (SGE), embedding sponsored results directly within AI summaries and answer boxes. The move redefines ad ...
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
News
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
Andrew Doyle November 2, 2025
China-linked APT group UNC6384 has launched a cyberespionage campaign exploiting a Windows zero-day flaw to infiltrate European diplomatic networks. Researchers say the operation, uncovered by ...
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
Cybersecurity
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
Andrew Doyle October 31, 2025
A misconfigured server at Reputation.com exposed 120 million internal logs containing session cookies and backend data, potentially allowing attackers to hijack customer social media accounts.
Hackers Claim Breach of Viz Media Executive Account, Exfiltrating 250GB of Corporate Data
Cybersecurity
Hackers Claim Breach of Viz Media Executive Account, Exfiltrating 250GB of Corporate Data
Mitchell Langley October 31, 2025
Hackers claim to have breached Viz Media’s vice president’s Google Drive, stealing 250GB of corporate data, credentials, and licensing documents now being sold on dark ...
Russian Police Arrest Teenagers Behind Meduza Infostealer Operation
Cybersecurity
Russian Police Arrest Teenagers Behind Meduza Infostealer Operation
Andrew Doyle October 31, 2025
Russian police arrested three teenagers behind the Meduza Infostealer operation, exposing a teenage-run malware service that stole credentials and state data across multiple systems.
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers
Application Security
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers
Gabby Lee October 31, 2025
CISA and NSA have issued new guidance to secure Microsoft Exchange servers, urging organizations to minimize exposure, disable legacy protocols, and adopt Zero Trust to ...
Former L3Harris Executive Admits to Selling Classified Cybersecurity Data to Russian Exploit Dealer
Cybersecurity
Former L3Harris Executive Admits to Selling Classified Cybersecurity Data to Russian Exploit Dealer
Andrew Doyle October 31, 2025
A former L3Harris executive pleaded guilty to leaking U.S. cyber exploit intelligence to a Russian broker. The insider threat case exposes severe national security and ...
WhatsApp Enhances Security With Passkey-Enforced Encrypted Chat Backups
Application Security
WhatsApp Enhances Security With Passkey-Enforced Encrypted Chat Backups
Mitchell Langley October 31, 2025
WhatsApp is rolling out passkey-encrypted backups for Android and iOS, securing chat history in the cloud with biometric or screen-lock authentication to enhance end-to-end encryption.
Critical “Brash” Vulnerability in Chromium’s Blink Engine Can Instantly Crash Browsers
Application Security
Critical “Brash” Vulnerability in Chromium’s Blink Engine Can Instantly Crash Browsers
Mitchell Langley October 30, 2025
A flaw in Chromium’s Blink engine, dubbed “Brash,” lets attackers crash browsers like Chrome and Edge with a single malicious URL, exposing a major denial-of-service ...
CISA Adds XWiki and Broadcom VMware Flaws to Known Exploited Vulnerabilities Catalog
CVE Vulnerability Alerts
CISA Adds XWiki and Broadcom VMware Flaws to Known Exploited Vulnerabilities Catalog
Gabby Lee October 30, 2025
CISA has added critical XWiki and VMware vulnerabilities to its Known Exploited list, confirming active attacks and urging immediate patching under federal security mandates.
OpenAI Upgrades GPT-5 to Better Handle Conversations Involving Emotional Distress
Application Security
OpenAI Upgrades GPT-5 to Better Handle Conversations Involving Emotional Distress
Mitchell Langley October 30, 2025
OpenAI’s October GPT-4 update improves how the model handles emotionally charged conversations. The upgrade enhances safety, empathy, and redirection for users expressing distress while reducing ...
Surge in NFC Relay Malware Hits Android Users Across Eastern Europe
Application Security
Surge in NFC Relay Malware Hits Android Users Across Eastern Europe
Andrew Doyle October 30, 2025
Over 760 malicious Android apps are exploiting NFC tap-to-pay features to steal payment credentials in real time. The surge in NFC relay malware highlights rising ...
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
Application Security
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
Mitchell Langley October 30, 2025
A data breach at Conduent has exposed personal and medical information of over 10.5 million people through the MOVEit vulnerability, underscoring the massive risks of ...
Proton Launches Dark Web Data Breach Observatory to Expose Hidden Cyber Threats
Cybersecurity
Proton Launches Dark Web Data Breach Observatory to Expose Hidden Cyber Threats
Gabby Lee October 30, 2025
Proton launched its Data Breach Observatory to detect and report dark web data exposures, providing real-time alerts and insights to help organizations prevent and mitigate ...
PhantomRaven Campaign Exploits AI Package Suggestions to Get into Developer Systems
Cybersecurity
PhantomRaven Campaign Exploits AI Package Suggestions to Get into Developer Systems
Gabby Lee October 30, 2025
The PhantomRaven campaign weaponized AI-generated package names to distribute malicious npm modules, stealing developer credentials and CI/CD tokens in a stealthy software supply chain attack.
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
Cybersecurity
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
Andrew Doyle October 30, 2025
Canadian authorities revealed multiple hacktivist intrusions into water, energy, and agricultural systems, manipulating industrial controls in opportunistic attacks that risked operational safety but aimed mainly ...
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
Cybersecurity
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
Mitchell Langley October 30, 2025
Nation-state hackers breached U.S. telecom provider Ribbon Communications, maintaining covert access for nearly a year and exposing sensitive customer data in a targeted cyberespionage campaign.
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
Application Security
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
Gabby Lee October 30, 2025
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates to prevent data exposure.
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
Application Security
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
Andrew Doyle December 11, 2025
Docker Hub Data Exposure Puts Thousands of Containers at Risk
Data Security
Docker Hub Data Exposure Puts Thousands of Containers at Risk
Mitchell Langley December 11, 2025
React2Shell Exploit Continues to Deliver Undetected Malware Families
Cybersecurity
React2Shell Exploit Continues to Deliver Undetected Malware Families
Mitchell Langley December 11, 2025
Storm-0249 Exploits EDR and Windows Tools for Ransomware Prep
Application Security
Storm-0249 Exploits EDR and Windows Tools for Ransomware Prep
Mitchell Langley December 11, 2025

TOP CYBERSECURITY HEADLINES

Docker Hub Data Exposure Puts Thousands of Containers at Risk
Data Security
Docker Hub Data Exposure Puts Thousands of Containers at Risk
React2Shell Exploit Continues to Deliver Undetected Malware Families
Cybersecurity
React2Shell Exploit Continues to Deliver Undetected Malware Families
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Application Security
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Microsoft Faces Criticism Over Unresolved .NET Vulnerability
Application Security
Microsoft Faces Criticism Over Unresolved .NET Vulnerability

This Week’s Security Spotlight

Why Insuring Keith Richards' Fingers Highlights Risk Management in Cybersecurity
Cybersecurity
Why Insuring Keith Richards’ Fingers Highlights Risk Management in Cybersecurity
Andrew Doyle December 11, 2025
ASUS Confirms Third-party Breach as Everest Ransomware Group Strikes
Endpoint Security
ASUS Confirms Third-party Breach as Everest Ransomware Group Strikes
Mitchell Langley December 8, 2025
Russian Internet Authority Blocks Roblox Over Content Concerns
Cybersecurity
Russian Internet Authority Blocks Roblox Over Content Concerns
Mitchell Langley December 5, 2025
React Server Components' Security Flaw Risks Unauthenticated Remote Code Execution
CVE Vulnerability Alerts
React Server Components’ Security Flaw Risks Unauthenticated Remote Code Execution
Andrew Doyle December 5, 2025
More In News
Trending
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
MatrixPDF: The New Phishing Toolkit That Turns Safe PDFs into Cyber Weapons
October 1, 2025
Podcasts
Asahi Brewery Cyberattack Halts Domestic Operations Across Japan
September 30, 2025
Podcasts
Akira Ransomware Exploits SonicWall Flaw with Record-Breaking Speed
September 30, 2025

Cyber Security News

RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Cybersecurity
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
November 27, 2025
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
Cybersecurity
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
November 27, 2025
ShadowV2 Botnet A Test Run Amidst AWS Outage
Cybersecurity
ShadowV2 Botnet: A Test Run Amidst AWS Outage
November 27, 2025
South Korea's Financial Sector Confronts a Sophisticated Supply Chain Attack
Cybersecurity
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
November 27, 2025
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Cybersecurity
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
November 27, 2025
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
Identity and Access Management
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
November 27, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
November 2, 2025
China-linked APT group UNC6384 has launched a cyberespionage campaign exploiting a Windows zero-day flaw to infiltrate European diplomatic networks. Researchers say the operation, uncovered by ...
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
October 31, 2025
A misconfigured server at Reputation.com exposed 120 million internal logs containing session cookies and backend data, potentially allowing attackers to hijack customer social media accounts.
Hackers Claim Breach of Viz Media Executive Account, Exfiltrating 250GB of Corporate Data
October 31, 2025
Hackers claim to have breached Viz Media’s vice president’s Google Drive, stealing 250GB of corporate data, credentials, and licensing documents now being sold on dark ...
Russian Police Arrest Teenagers Behind Meduza Infostealer Operation
October 31, 2025
Russian police arrested three teenagers behind the Meduza Infostealer operation, exposing a teenage-run malware service that stole credentials and state data across multiple systems.
Trend Vision One Identity Security Review: Unified Identity-Centric Threat Detection and Risk Management for the Enterprise
October 31, 2025
Trend Vision One Identity Security delivers unified visibility into human and non-human identities, posture assessment and threat detection across cloud, hybrid and on-premises infrastructure for ...
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers
October 31, 2025
CISA and NSA have issued new guidance to secure Microsoft Exchange servers, urging organizations to minimize exposure, disable legacy protocols, and adopt Zero Trust to ...
Former L3Harris Executive Admits to Selling Classified Cybersecurity Data to Russian Exploit Dealer
October 31, 2025
A former L3Harris executive pleaded guilty to leaking U.S. cyber exploit intelligence to a Russian broker. The insider threat case exposes severe national security and ...
WhatsApp Enhances Security With Passkey-Enforced Encrypted Chat Backups
October 31, 2025
WhatsApp is rolling out passkey-encrypted backups for Android and iOS, securing chat history in the cloud with biometric or screen-lock authentication to enhance end-to-end encryption.
Critical “Brash” Vulnerability in Chromium’s Blink Engine Can Instantly Crash Browsers
October 30, 2025
A flaw in Chromium’s Blink engine, dubbed “Brash,” lets attackers crash browsers like Chrome and Edge with a single malicious URL, exposing a major denial-of-service ...
CISA Adds XWiki and Broadcom VMware Flaws to Known Exploited Vulnerabilities Catalog
October 30, 2025
CISA has added critical XWiki and VMware vulnerabilities to its Known Exploited list, confirming active attacks and urging immediate patching under federal security mandates.
OpenAI Upgrades GPT-5 to Better Handle Conversations Involving Emotional Distress
October 30, 2025
OpenAI’s October GPT-4 update improves how the model handles emotionally charged conversations. The upgrade enhances safety, empathy, and redirection for users expressing distress while reducing ...
Surge in NFC Relay Malware Hits Android Users Across Eastern Europe
October 30, 2025
Over 760 malicious Android apps are exploiting NFC tap-to-pay features to steal payment credentials in real time. The surge in NFC relay malware highlights rising ...
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
October 30, 2025
A data breach at Conduent has exposed personal and medical information of over 10.5 million people through the MOVEit vulnerability, underscoring the massive risks of ...
Proton Launches Dark Web Data Breach Observatory to Expose Hidden Cyber Threats
October 30, 2025
Proton launched its Data Breach Observatory to detect and report dark web data exposures, providing real-time alerts and insights to help organizations prevent and mitigate ...
PhantomRaven Campaign Exploits AI Package Suggestions to Get into Developer Systems
October 30, 2025
The PhantomRaven campaign weaponized AI-generated package names to distribute malicious npm modules, stealing developer credentials and CI/CD tokens in a stealthy software supply chain attack.
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
October 30, 2025
Canadian authorities revealed multiple hacktivist intrusions into water, energy, and agricultural systems, manipulating industrial controls in opportunistic attacks that risked operational safety but aimed mainly ...
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
October 30, 2025
Nation-state hackers breached U.S. telecom provider Ribbon Communications, maintaining covert access for nearly a year and exposing sensitive customer data in a targeted cyberespionage campaign.
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
October 30, 2025
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates to prevent data exposure.
Phoenix Contact UPS Vulnerabilities: Critical Flaws May Cause Denial-of-Service
October 30, 2025
Critical flaws in Phoenix Contact’s QUINT4 UPS devices could let attackers shut down power or steal credentials. One unpatched Modbus flaw risks remote “power denial” ...
Fuji Electric HMI Configurator Flaws: Industrial Software Vulnerabilities Expose Hack Risks
October 30, 2025
Fuji Electric’s Monitouch V-SFT, Tellus Lite V-Simulator, and V-Server Lite tools contain critical flaws (CVE-2024-11787, others) enabling remote code execution. CISA urges urgent patching.
Docker Hub Data Exposure Puts Thousands of Containers at Risk
React2Shell Exploit Continues to Deliver Undetected Malware Families
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Microsoft Faces Criticism Over Unresolved .NET Vulnerability
.NET Framework Vulnerability SOAPwn: Impact on Enterprise Applications
Teen Hacker Arrested in Spain for Major Data Breach Scheme
Satellite Signal Interruption Causes Porsche Immobilization in Russia
Ivanti Urges Immediate Patch for Endpoint Manager Vulnerability
Prime Security Secures $20 Million to Advance AI-Powered Security Tools
Microsoft Appoints New Operating CISOs to Enhance AI-Driven Cyberdefense
Fortinet Releases Fixes for Critical Vulnerabilities Affecting FortiOS and Other Products
Adobe’s Comprehensive Security Update Targets Massive Vulnerabilities Array
Microsoft Enhances PowerShell Security With Script Warning Functionality
Microsoft Patches Critical Zero-Day Vulnerability in Windows
Google Introduces Layered Defenses in Chrome to Combat Prompt Injection Vulnerabilities
Microsoft Works to Mitigate Copilot Access Issues in Europe
Equixly Secures $11 Million Investment to Enhance API Penetration Testing Capabilities
Proofpoint Completes Acquisition of Hornetsecurity: A Strategic Move in Cybersecurity
Storm-0249 Exploits EDR and Windows Tools for Ransomware Prep
Mirai-based Broadside Botnet Exploits TBK Vision DVRs in Maritime Sector