Main Menu
Cyber Security
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor

Sorry, we couldn't find any posts. Please try a different search.

Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Andrew Doyle May 8, 2026
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Mitchell Langley May 8, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

Dirty Frag Zero-Day Grants Root Access on Most Linux Distributions
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV

This Week’s Security Spotlight

Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
Signed, Sealed, Stolen Hackers Used DigiCert to Certify Malware
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Gabby Lee May 5, 2026
When Amazon Sends the Phishing Email
Cybersecurity
When Amazon Sends the Phishing Email
Andrew Doyle May 5, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Mitchell Langley April 21, 2026
More In News
Trending
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Tax Season Never Really Ends for Hackers
When Amazon Sends the Phishing Email
Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Sorry, we couldn't find any posts. Please try a different search.

Cyber Security News

Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
Cybersecurity
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
October 27, 2025
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
Cybersecurity
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
October 27, 2025
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Cybersecurity
Hackers Target Hundreds of Federal Agents in Targeted Attacks
October 22, 2025
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
Cybersecurity
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
October 22, 2025
Attackers Exploit OAuth Tokens After Password Resets
Cybersecurity
Attackers Exploit OAuth Tokens After Password Resets
October 22, 2025
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
Cybersecurity
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
October 22, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Cloudflare Hacked by a State Sponsored Hacker Using Auth Tokens Stolen in the Okta Attack
February 2, 2024
Cloudflare has announced that its internal Atlassian server was breached by a ‘nation state attacker’. Hacker performing the Cloudflare hack gained unauthorized access to Cloudflare’s ...
Blackbaud Data Breach: FTC Holds Blackbaud Responsible for Linient Data Protection Policies
February 2, 2024
Blackbaud has reached a settlement agreement with the Federal Trade Commission (FTC) following charges of inadequate security measures and irresponsible data retention practices that led ...
This Week in Cybersecurity: 29th Jan – 2nd Feb: Medusa Ransomware Strikes Again
February 2, 2024
Medusa Ransomware Attacks Kansas City Public Transportation Authority The Kansas City Area Transportation Authority (KCATA) revealed it was hit by a Medusa ransomware attack on ...
Fulton County Cyberattack: Cyberattack Hits Georgia County Where Trump Faces Charges
January 31, 2024
The recent Fulton County cyberattack on Georgia had a widespread impact on various departments, including the office of District Attorney Fani Willis. This incident disrupted ...
Schneider Electric Hit by Cactus Ransomware Attack
January 31, 2024
Schneider Electric ransomware attack has been claimed by Cactus ransomware. The attackers stole valuable corporate data from Sustainability Business division. Schneider Electric Ransomware Attack Schneider ...
DarkGate Malware Pushed in Phishing Attacks via Group Chats of Microsoft Teams
January 31, 2024
Recent phishing attacks have exploited Microsoft Teams group chat requests to distribute malicious attachments containing DarkGate malware. The attackers exploited a compromised Teams user or ...
Linux glibc Flaw Lets Attackers Exploit Root Access on Major Linux Distros
January 31, 2024
A newly discovered vulnerability in the GNU C Library (glibc) enables attackers to gain root access on default configurations of major Linux distributions. This Linux ...
Johnson Controls Ransomware Attack Cost $27 Million After Data Breach
January 31, 2024
Johnson Controls Ransomware Attack Cost $27 Million in total and data was breached with sensitive corporate data stolen. According to official confirmation from Johnson Controls ...
Keenan Warns 1.5 Million People of Data Breach: Personal Information Stolen
January 31, 2024
Keenan Warns 1.5 Million People of a significant data breach. Keenan Data Breach compromised the data of 1.5 Million customers and employees Keenan Data Breach ...
Ukrainian Hackers Wiped 2 Petabytes of Data from Russian Research Center
January 31, 2024
Pro-Ukrainian Hackers wiped 2 petabytes of data from Russian Center for Space Hydrometeorology, a state research center that uses satellite data to monitor climatic activities ...
Medusa Ransomware Attacks Kansas City Public Transportation Authority
January 29, 2024
The Kansas City Area Transportation Authority (KCATA) disclosed that it experienced a targeted Medusa ransomware attack on Tuesday, January 23. KCATA (Kansas City Area Transportation ...
Critical Jenkins RCE Flaw (CVE-2024-23897) Exploited in the Wild
January 29, 2024
Numerous proof-of-concept (PoC) exploits have been disclosed for the Critical Jenkins RCE flaw (CVE-2024-23897), which has recently been patched. There are indications that this vulnerability ...
This Week in Cybersecurity: 22nd Jan – 25th Jan: Mother of All Breaches Exposes 26 Billion Records
January 26, 2024
Mother of All Breaches (MOAB) Exposes 26 Billion Records Researchers found a data breach containing 26 billion records from various sources, dubbed “Mother of All ...
Blackwood Hackers Use AitM to Hijack WPS Office Update and Install NSPX30 Malware
January 26, 2024
The ‘Blackwood hackers’ have been engaging in cyberespionage attacks since 2018 and employs a highly sophisticated malware called NSPX30. Interestingly, the NSPX30 malware is built ...
Hackers Stole Raw Genotype Data, Health Reports in the 23andMe Data Breach
January 26, 2024
Raw genotype data of almost 5.1 million people was stolen in the 23andMe Data Breach that went unnoticed for months.   23andMe Data Breach Gave ...
HPE Hacked by Russian Hacker Group ‘Midnight Blizzard’ that Hacked Microsoft
January 26, 2024
The HPE hack was attributed to a group of suspected Russian hackers known as Midnight Blizzard, also referred to as Cozy Bear, APT29, and Nobelium. ...
Equilend Cyberattack Brings the Financial Tech Firm Down, Trades with Systems Offline
January 26, 2024
The EquiLend Cyberattack has forced the loan lending firm to trade manually with systems going offline. Lockbit ransomware gang is said to be behind the ...
Bucks County Cybersecurity Incident Disrupts Computer-Aided Dispatch System
January 26, 2024
The Bucks County Cybersecurity Incident impacted the county’s computer-aided dispatch (CAD) system leading to suspension of 911 call automation. Authorities in Bucks County, Pennsylvania, have ...
Jason’s Deli Breach Exposes Data of Over 350K Users in Credential Stuffing Attack
January 24, 2024
Jason’s Deli has recently discovered a data breach that has affected its online platform. In notifications sent to customers, the company has informed them that ...
Mother of All Breaches (MOAB) Exposes 26 Billion Records
January 24, 2024
The recently discovered supermassive leak is an extensive collection of data from various past breaches. It includes a staggering 12 terabytes of information, encompassing a ...
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67