Main Menu
Cyber Security
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Application Security
JDownloader Website Hacked to Serve Python RAT Malware
Mitchell Langley May 11, 2026
Unknown attackers compromised the official JDownloader website and replaced legitimate Windows and Linux installers with a Python-based remote access trojan.
Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
Andrew Doyle May 11, 2026
NVIDIA confirmed a GeForce NOW data breach via Armenian partner GFN.am, exposing names, emails, and phone numbers of users registered before March 9, 2026.
Cybersecurity
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Mitchell Langley May 11, 2026
Trellix confirmed unauthorized access to its source code repositories after RansomHouse posted photographic evidence of the breach. Law enforcement has been notified.
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
Andrew Doyle May 11, 2026
A fraudulent OpenAI repository reached Hugging Face's trending list while distributing infostealing malware targeting credentials and access tokens.
Cybersecurity
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Gabby Lee May 11, 2026
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and browser credentials.
Cybersecurity
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator
Gabby Lee May 11, 2026
German and Spanish authorities shut down the relaunched Crimenetwork dark web marketplace and arrested its 35-year-old German operator in Mallorca under a European arrest warrant.
Cybersecurity
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
Mitchell Langley May 11, 2026
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims' WhatsApp and Outlook accounts.
Application Security
cPanel and WHM Patch Three CVEs, Two Rated High Severity
Andrew Doyle May 11, 2026
cPanel patched two CVSS 8.8 flaws including Perl code execution in WHM, as the 40,000-server CVE-2026-41940 campaign remains active.
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Andrew Doyle May 8, 2026
Researchers disclosed 12 critical vulnerabilities in the widely-used vm2 Node.js sandbox library, all enabling sandbox escape and arbitrary code execution on the host system.
Fake Claude AI Site Delivers New Beagle Windows Backdoor
Cybersecurity
Fake Claude AI Site Delivers New Beagle Windows Backdoor
Gabby Lee May 8, 2026
A malicious website impersonating Claude AI distributes a new, previously undocumented Windows backdoor named Beagle to users seeking to download the AI assistant application.
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
Application Security
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
Mitchell Langley May 8, 2026
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension prompt injection vulnerability in Claude ...
Dirty Frag Zero-Day Grants Root Access on Most Linux Distributions
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Andrew Doyle May 8, 2026
A critical unpatched Linux kernel privilege escalation flaw dubbed Dirty Frag lets local attackers gain root via a single command across major distributions.
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Mitchell Langley May 8, 2026
Fashion retailer Zara confirmed a data breach affecting over 197,000 customers after hackers accessed databases containing personal information from Inditex systems.
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Gabby Lee May 8, 2026
State-sponsored actors exploited CVE-2026-0300, a critical CVSS 9.3 RCE flaw in PAN-OS, for roughly one month before disclosure. CISA deadline is May 9.
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Gabby Lee May 8, 2026
Ivanti disclosed CVE-2026-6973, an actively exploited RCE vulnerability in EPMM 12.8.0.0 and earlier. CISA set a May 10 federal remediation deadline.
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
Application Security
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
Andrew Doyle May 8, 2026
Three PyPI packages with 2,400+ combined downloads delivered ZiChatBot malware to developer machines, abusing Zulip's REST API as a covert C2 channel with code links ...
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Cybersecurity
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Gabby Lee May 8, 2026
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
Application Security
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
Mitchell Langley May 8, 2026
Researchers identified a Linux variant of Quasar RAT targeting developer systems to steal source code access, CI/CD credentials, and signing keys for supply chain attacks.
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Cybersecurity
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Andrew Doyle May 8, 2026
Nation-state-linked PCPJack malware framework worms across cloud environments via five CVEs, using parquet file evasion to harvest credentials from cloud and financial systems.
Virginia Contractor Convicted for Destroying Federal Databases
Cybersecurity
Virginia Contractor Convicted for Destroying Federal Databases
Gabby Lee May 8, 2026
A Virginia man convicted of conspiring to destroy dozens of federal databases after being fired from his government contractor role, highlighting insider threat risks to ...
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Mitchell Langley June 17, 2026
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
Gabby Lee June 17, 2026
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Mitchell Langley June 17, 2026
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle June 17, 2026

TOP CYBERSECURITY HEADLINES

Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps

This Week’s Security Spotlight

Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Mitchell Langley June 17, 2026
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
More In News
Trending
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Ex-Hacktivist “Sabu” Backs SafeHill’s $2.6M Bet on Continuous Threat Management
September 30, 2025
Podcasts
Jaguar Land Rover Cyberattack Fallout: £1.5B UK Bailout Sparks Fears of More Attacks
September 30, 2025
Podcasts
CISA’s Sunset Clause: What Happens if America’s Cyber Threat Shield Expires?
September 30, 2025

Cyber Security News

Cybersecurity
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
June 8, 2026
Blog
DNS Tunneling: How Attacks Work, Detection, and Prevention
June 8, 2026
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
June 5, 2026
Cybersecurity
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
June 5, 2026
Application Security
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
June 5, 2026
Application Security
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
June 5, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
May 11, 2026
A fraudulent OpenAI repository reached Hugging Face's trending list while distributing infostealing malware targeting credentials and access tokens.
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
May 11, 2026
Attackers chain Google sponsored ads with fake Claude.ai chat sessions to deliver MacSync, a macOS infostealer harvesting Keychain contents and browser credentials.
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator
May 11, 2026
German and Spanish authorities shut down the relaunched Crimenetwork dark web marketplace and arrested its 35-year-old German operator in Mallorca under a European arrest warrant.
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
May 11, 2026
Researchers identify TCLBanker, a Brazilian banking trojan targeting 59 financial platforms that self-propagates by sending malicious messages through victims' WhatsApp and Outlook accounts.
cPanel and WHM Patch Three CVEs, Two Rated High Severity
May 11, 2026
cPanel patched two CVSS 8.8 flaws including Perl code execution in WHM, as the 40,000-server CVE-2026-41940 campaign remains active.
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
May 8, 2026
Researchers disclosed 12 critical vulnerabilities in the widely-used vm2 Node.js sandbox library, all enabling sandbox escape and arbitrary code execution on the host system.
Fake Claude AI Site Delivers New Beagle Windows Backdoor
May 8, 2026
A malicious website impersonating Claude AI distributes a new, previously undocumented Windows backdoor named Beagle to users seeking to download the AI assistant application.
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
May 8, 2026
Security researchers from Adversa AI and Mitiga disclosed a one-click RCE, silent MCP OAuth token hijacking, and a Chrome extension prompt injection vulnerability in Claude ...
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
May 8, 2026
A critical unpatched Linux kernel privilege escalation flaw dubbed Dirty Frag lets local attackers gain root via a single command across major distributions.
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
May 8, 2026
Fashion retailer Zara confirmed a data breach affecting over 197,000 customers after hackers accessed databases containing personal information from Inditex systems.
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
May 8, 2026
State-sponsored actors exploited CVE-2026-0300, a critical CVSS 9.3 RCE flaw in PAN-OS, for roughly one month before disclosure. CISA deadline is May 9.
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
May 8, 2026
Ivanti disclosed CVE-2026-6973, an actively exploited RCE vulnerability in EPMM 12.8.0.0 and earlier. CISA set a May 10 federal remediation deadline.
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
May 8, 2026
Three PyPI packages with 2,400+ combined downloads delivered ZiChatBot malware to developer machines, abusing Zulip's REST API as a covert C2 channel with code links ...
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
May 8, 2026
Researchers discovered TCLBanker, a banking trojan hidden in trojanized Logitech software installers, stealing credentials from 59 banking and cryptocurrency platforms.
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
May 8, 2026
Researchers identified a Linux variant of Quasar RAT targeting developer systems to steal source code access, CI/CD credentials, and signing keys for supply chain attacks.
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
May 8, 2026
Nation-state-linked PCPJack malware framework worms across cloud environments via five CVEs, using parquet file evasion to harvest credentials from cloud and financial systems.
Virginia Contractor Convicted for Destroying Federal Databases
May 8, 2026
A Virginia man convicted of conspiring to destroy dozens of federal databases after being fired from his government contractor role, highlighting insider threat risks to ...
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
May 8, 2026
Australia's Cyber Security Centre warned organizations about ClickFix social-engineering attacks using compromised WordPress sites to deliver Vidar Stealer via user-executed PowerShell commands.
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
May 8, 2026
Matthew Knoot and Erick Prince received 18-month federal sentences for laptop farm operations that placed North Korean IT workers inside U.S. companies under stolen American ...
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
May 8, 2026
California man Marlon Ferro, alias GothFerrari, received a 78-month federal sentence for home invasions, iCloud surveillance of victims, and money laundering in a ring that ...
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach