Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Firefox 149 Launches with a Built-In VPN for Better Privacy
Application Security
Firefox 149 Launches with a Built-In VPN for Better Privacy
Andrew Doyle March 25, 2026
Mozilla introduces Firefox 149 with an integrated VPN offering 50GB monthly traffic to bolster online privacy.
FCC Adds Consumer Routers to Covered List Amid Security Concerns
Cybersecurity
FCC Adds Consumer Routers to Covered List Amid Security Concerns
Andrew Doyle March 25, 2026
The FCC bans the sale of foreign-made consumer routers in the United States, citing security concerns.
DOE Rolls Out Project Armor to Fortify Critical Energy Infrastructure
Cybersecurity
DOE Rolls Out Project Armor to Fortify Critical Energy Infrastructure
Andrew Doyle March 25, 2026
Department of Energy unveils a strategic plan to boost the resilience of US critical energy infrastructure over the next five years.
Cybercriminals Exploit Google Ads in a Deceptive Tax Document Malvertising Campaign
Cybersecurity
Cybercriminals Exploit Google Ads in a Deceptive Tax Document Malvertising Campaign
Mitchell Langley March 25, 2026
A new malvertising campaign abuses Google Ads, targeting U.S. users searching tax-related documents to serve malware-laden installers.
Dutch Ministry of Finance Hit by Cyberattack as Data Breach Investigation Continues
Cybersecurity
Dutch Ministry of Finance Hit by Cyberattack as Data Breach Investigation Continues
Mitchell Langley March 25, 2026
A cyberattack breached some systems of the Dutch Ministry of Finance, uncovering a data breach affecting certain employees.
Open Source Projects Face a Rising Tide of Malware Infections
Cybersecurity
Open Source Projects Face a Rising Tide of Malware Infections
Gabby Lee March 25, 2026
Growing malware infection due to open source project vulnerabilities.
Major Announcements from RSAC 2026 What Day 1 Revealed
Cybersecurity
Major Announcements from RSAC 2026: What Day 1 Revealed
Andrew Doyle March 25, 2026
A detailed rundown of key cybersecurity innovations revealed on the first day of RSAC 2026.
QualDerm Partners Data Breach Hits Over 3.1 Million People
Cybersecurity
QualDerm Partners Data Breach Hits Over 3.1 Million People
Gabby Lee March 25, 2026
December 2025 breach at QualDerm Partners exposes personal and health data of over 3.1 million individuals.
Cryptocurrency Threats via Phishing Campaign Targeting French-Speaking Corporations
News
Cryptocurrency Threats via Phishing Campaign Targeting French-Speaking Corporations
Andrew Doyle March 25, 2026
French-speaking companies face phishing scams hiding crypto miners and data thieves in fake resumes.
Microsoft Fixes Gmail and Yahoo Synchronization Issues for Classic Outlook Users
Cybersecurity
Microsoft Fixes Gmail and Yahoo Synchronization Issues for Classic Outlook Users
Mitchell Langley March 25, 2026
Microsoft addresses issues affecting Gmail and Yahoo email synchronization for classic Outlook users.
Gartner Publishes Its First Market Guide for Guardian Agents
Cybersecurity
Gartner Publishes Its First Market Guide for Guardian Agents
Gabby Lee March 25, 2026
Gartner's first Market Guide for Guardian Agents, released on February 25, 2026, outlines expectations for this nascent field.
TeamPCP Strikes Again, This Time Targeting the Python Package litellm
News
TeamPCP Strikes Again, This Time Targeting the Python Package litellm
Andrew Doyle March 25, 2026
Malicious versions of Python package litellm contain a credential harvester and persistent backdoor planted by the threat actor TeamPCP.
Software Supply Chains Are the New Frontline for Cyber Risk
Cybersecurity
Software Supply Chains Are the New Frontline for Cyber Risk
Gabby Lee March 19, 2026
Explore how perimeter security isn't enough to protect against threats in software supply chains.
Sam Altman's Eyeball-Scanning Orb Takes on a New Role in AI Integration
Cybersecurity
Sam Altman’s Eyeball-Scanning Orb Takes on a New Role in AI Integration
Gabby Lee March 18, 2026
Sam Altman integrates agentic AI with his eyeball-scanning orb, enhancing its applications in cryptography and bot identification.
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
Cybersecurity
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
Andrew Doyle March 18, 2026
UK Companies House vulnerability exposed millions of firm details, potentially allowing unauthorized access and record alteration.
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
Cybersecurity
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
Mitchell Langley March 18, 2026
Researchers expose a method leveraging DNS queries for data exfiltration from AI code execution environments.
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Cybersecurity
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Mitchell Langley March 18, 2026
The EU Council has sanctioned three entities and two individuals involved in cyberattacks on critical infrastructure within the region.
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Cybersecurity
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Gabby Lee March 18, 2026
How identity-based access control for AI agents helps safeguard against misuse and data exposure.
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Application Security
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Andrew Doyle March 18, 2026
A font-rendering vulnerability manipulates AI assistants by concealing malicious web commands in innocent HTML.
Surf AI Raises $57 Million for Its Agentic Security Operations Platform
Cybersecurity
Surf AI Raises $57 Million for Its Agentic Security Operations Platform
Gabby Lee March 18, 2026
Surf AI secures $57M in funding for its security operations platform.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Ex-Hacktivist “Sabu” Backs SafeHill’s $2.6M Bet on Continuous Threat Management
September 30, 2025
Podcasts
Jaguar Land Rover Cyberattack Fallout: £1.5B UK Bailout Sparks Fears of More Attacks
September 30, 2025
Podcasts
CISA’s Sunset Clause: What Happens if America’s Cyber Threat Shield Expires?
September 30, 2025

Cyber Security News

CVE Vulnerability Alerts
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
May 13, 2026
Application Security
PHP SOAP Extension RCE CVE-2026-6722 Patched Across All Branches
May 13, 2026
Cybersecurity
GhostLock Abuses Windows API to Lock 500K Files, Bypassing EDR
May 13, 2026
Cybersecurity
WEF: 94% of Organizations Name AI as Top Cybersecurity Change Driver
May 12, 2026
CVE Vulnerability Alerts
Dirty Frag CVE-2026-43284 Exploited in Wild, Linux Patches Out
May 12, 2026
Cybersecurity
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
May 12, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Cybercriminals Exploit Google Ads in a Deceptive Tax Document Malvertising Campaign
March 25, 2026
A new malvertising campaign abuses Google Ads, targeting U.S. users searching tax-related documents to serve malware-laden installers.
Dutch Ministry of Finance Hit by Cyberattack as Data Breach Investigation Continues
March 25, 2026
A cyberattack breached some systems of the Dutch Ministry of Finance, uncovering a data breach affecting certain employees.
Open Source Projects Face a Rising Tide of Malware Infections
March 25, 2026
Growing malware infection due to open source project vulnerabilities.
Major Announcements from RSAC 2026: What Day 1 Revealed
March 25, 2026
A detailed rundown of key cybersecurity innovations revealed on the first day of RSAC 2026.
QualDerm Partners Data Breach Hits Over 3.1 Million People
March 25, 2026
December 2025 breach at QualDerm Partners exposes personal and health data of over 3.1 million individuals.
Cryptocurrency Threats via Phishing Campaign Targeting French-Speaking Corporations
March 25, 2026
French-speaking companies face phishing scams hiding crypto miners and data thieves in fake resumes.
Microsoft Fixes Gmail and Yahoo Synchronization Issues for Classic Outlook Users
March 25, 2026
Microsoft addresses issues affecting Gmail and Yahoo email synchronization for classic Outlook users.
Gartner Publishes Its First Market Guide for Guardian Agents
March 25, 2026
Gartner's first Market Guide for Guardian Agents, released on February 25, 2026, outlines expectations for this nascent field.
TeamPCP Strikes Again, This Time Targeting the Python Package litellm
March 25, 2026
Malicious versions of Python package litellm contain a credential harvester and persistent backdoor planted by the threat actor TeamPCP.
Software Supply Chains Are the New Frontline for Cyber Risk
March 19, 2026
Explore how perimeter security isn't enough to protect against threats in software supply chains.
Sam Altman’s Eyeball-Scanning Orb Takes on a New Role in AI Integration
March 18, 2026
Sam Altman integrates agentic AI with his eyeball-scanning orb, enhancing its applications in cryptography and bot identification.
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
March 18, 2026
UK Companies House vulnerability exposed millions of firm details, potentially allowing unauthorized access and record alteration.
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
March 18, 2026
Researchers expose a method leveraging DNS queries for data exfiltration from AI code execution environments.
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
March 18, 2026
The EU Council has sanctioned three entities and two individuals involved in cyberattacks on critical infrastructure within the region.
Identity-Based Access Control for AI Agents Is Now a Security Necessity
March 18, 2026
How identity-based access control for AI agents helps safeguard against misuse and data exposure.
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
March 18, 2026
A font-rendering vulnerability manipulates AI assistants by concealing malicious web commands in innocent HTML.
Surf AI Raises $57 Million for Its Agentic Security Operations Platform
March 18, 2026
Surf AI secures $57M in funding for its security operations platform.
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
March 18, 2026
LeakNet ransomware integrates ClickFix for access, shifting from traditional entry strategies.
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
March 18, 2026
The RondoDox botnet targets 174 vulnerabilities, increasing activity to 15,000 exploitation attempts daily.
Tech and Retail Giants Sign Global Pact to Combat Online Scams and Fraud
March 18, 2026
Major tech and retail organizations have banded together to address online scams and fraud, establishing a first-of-its-kind industry accord designed ...
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2