Main Menu
Cyber Security
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
cPanel and WHM Patch Three CVEs, Two Rated High Severity
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Fake Claude AI Site Delivers New Beagle Windows Backdoor
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Microsoft Investigates Vanishing Mouse Pointer Bug in Classic Outlook
Application Security
Microsoft Investigates Vanishing Mouse Pointer Bug in Classic Outlook
Mitchell Langley February 25, 2026
Microsoft investigates an issue causing Outlook's mouse pointer to disappear for some users.
GitHub's Dependabot is Under Fire for Alert Accuracy Issues
Application Security
GitHub’s Dependabot is Under Fire for Alert Accuracy Issues
Gabby Lee February 25, 2026
A Go library maintainer questions the effectiveness of GitHub's Dependabot due to alert fatigue from inaccurate dependency-scanning alerts.
BeyondTrust RS and PRA Vulnerability Is Being Actively Exploited by Threat Actors
Cybersecurity
BeyondTrust RS and PRA Vulnerability Is Being Actively Exploited by Threat Actors
Gabby Lee February 25, 2026
Attackers exploit CVE-2026-1731 in BeyondTrust RS and PRA, leveraging VShell for persistence, lateral movement, and system control.
Microsoft Expands Data Loss Prevention Controls for Microsoft 365 Copilot
Cybersecurity
Microsoft Expands Data Loss Prevention Controls for Microsoft 365 Copilot
Andrew Doyle February 25, 2026
Microsoft expands data loss prevention (DLP) controls to block Microsoft 365 Copilot from accessing and processing confidential Word, Excel, and Power...
New Security Concerns Arise with the Proliferation of Internal LLMs
Cybersecurity
New Security Concerns Arise with the Proliferation of Internal LLMs
Mitchell Langley February 25, 2026
As organizations implement LLMs, security concerns shift to the infrastructure.
Cybercriminal Group Exploits Hundreds of FortiGate Firewalls Using Off-the-Shelf AI Tools
Application Security
Cybercriminal Group Exploits Hundreds of FortiGate Firewalls Using Off-the-Shelf AI Tools
Gabby Lee February 24, 2026
A cybercrime group used off-the-shelf AI tools to target FortiGate firewalls in 55 countries.
Ring Bets $10,000 That Nobody Can Hack Its Local Streaming Feature
Cybersecurity
Ring Bets $10,000 That Nobody Can Hack Its Local Streaming Feature
Andrew Doyle February 24, 2026
Ring offers $10,000 for finding security flaws in its new local streaming feature. The company's goal is to limit video access to device owners' trust...
Romanian Hacker Admits to Selling Oregon State Network Access in Court
Cybersecurity
Romanian Hacker Admits to Selling Oregon State Network Access in Court
Mitchell Langley February 23, 2026
A Romanian hacker pleads guilty to selling digital access to a US state office network.
Privacy Groups Demand Compliance From Generative AI Image Creators
Cybersecurity
Privacy Groups Demand Compliance From Generative AI Image Creators
Gabby Lee February 23, 2026
Privacy watchdogs insist generative AI makers adhere to data protection laws.
Spanish Hacker Arrested for Booking Luxury Hotel Rooms for One Cent
Cybersecurity
Spanish Hacker Arrested for Booking Luxury Hotel Rooms for One Cent
Andrew Doyle February 23, 2026
Spanish police apprehended a hacker for booking luxury rooms for €0.01 each through an exploited payment system.
Anthropic Introduces Claude Code Security for Vulnerability Detection
Application Security
Anthropic Introduces Claude Code Security for Vulnerability Detection
Mitchell Langley February 23, 2026
Anthropic's new feature scans code for vulnerabilities, suggesting targeted patches.
PayPal Data Breach Exposed User Data for Six Months Due to Software Bug
Cybersecurity
PayPal Data Breach Exposed User Data for Six Months Due to Software Bug
Mitchell Langley February 23, 2026
A six-month data breach at PayPal exposed sensitive user information due to a software flaw in its Working Capital app.
Critical Grandstream Phone Vulnerability Allows for Eavesdropping Opportunities
CVE Vulnerability Alerts
Critical Grandstream Phone Vulnerability Allows for Eavesdropping Opportunities
Gabby Lee February 23, 2026
A critical flaw in Grandstream phones enables remote code execution without authentication.
Ukrainian National Sentenced in US Federal Court for Aiding North Korean IT Fraud
Cybersecurity
Ukrainian National Sentenced in US Federal Court for Aiding North Korean IT Fraud
Andrew Doyle February 23, 2026
Ukrainian Oleksandr Didenko sentenced to 5 years for aiding North Korean IT workers in employment fraud.
Deutsche Bahn Hit by a Large-Scale DDoS Attack Disrupting Rail Services
Cybersecurity
Deutsche Bahn Hit by a Large-Scale DDoS Attack Disrupting Rail Services
Mitchell Langley February 20, 2026
Deutsche Bahn's services were disrupted by a DDoS attack, leading to significant travel complications across Germany's national rail network.
Snyk CEO Steps Down to Make Way for AI-Focused Leadership
Cybersecurity
Snyk CEO Steps Down to Make Way for AI-Focused Leadership
Andrew Doyle February 20, 2026
Snyk's CEO announces departure to align leadership with AI advancements in code review.
Advantest Cyberattack Sparks Fears of Employee and Client Data Exposure
Cybersecurity
Advantest Cyberattack Sparks Fears of Employee and Client Data Exposure
Mitchell Langley February 20, 2026
Advantest faces a ransomware attack, investigating potential data breach impact.
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Cybersecurity
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Mitchell Langley February 20, 2026
Discover how PromptSpy malware uses Gemini AI at runtime to analyze on-screen elements and maintain persistence on Android devices even after a reboot...
Ukrainian National Gets Five Years for Helping North Korean IT Workers Infiltrate U.S. Companies
News
Ukrainian National Gets Five Years for Helping North Korean IT Workers Infiltrate U.S. Companies
Mitchell Langley February 20, 2026
A Ukrainian hacker aided North Korea in infiltrating U.S. companies by providing stolen identities, resulting in a five-year prison sentence.
Former Google Engineers Indicted for Alleged Trade Secret Theft Linked to Iran
Cybersecurity
Former Google Engineers Indicted for Alleged Trade Secret Theft Linked to Iran
Gabby Lee February 20, 2026
Former Google engineers indicted for allegedly stealing trade secrets and transferring sensitive data to unauthorized locations, including Iran.
Application Security
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
Gabby Lee May 11, 2026
Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
Andrew Doyle May 11, 2026
Cybersecurity
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Mitchell Langley May 11, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
Cybersecurity
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Cybersecurity
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator

This Week’s Security Spotlight

Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
Andrew Doyle May 11, 2026
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
Andrew Doyle May 11, 2026
Cybersecurity
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Gabby Lee May 11, 2026
Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
More In News
Trending
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Tax Season Never Really Ends for Hackers

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Ex-Hacktivist “Sabu” Backs SafeHill’s $2.6M Bet on Continuous Threat Management
September 30, 2025
Podcasts
Jaguar Land Rover Cyberattack Fallout: £1.5B UK Bailout Sparks Fears of More Attacks
September 30, 2025
Podcasts
CISA’s Sunset Clause: What Happens if America’s Cyber Threat Shield Expires?
September 30, 2025

Cyber Security News

OpenAI Responds to Supply Chain Attack Affecting macOS Security
Application Security
OpenAI Responds to Supply Chain Attack Affecting macOS Security
April 14, 2026
Juniper Networks Addresses Critical Junos OS Vulnerabilities
Cybersecurity
Juniper Networks Addresses Critical Junos OS Vulnerabilities
April 13, 2026
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
Application Security
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
April 13, 2026
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
Cybersecurity
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
April 13, 2026
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
Cybersecurity
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
April 13, 2026
AI Browser Extensions Pose a Hidden Risk to Network Security
Application Security
AI Browser Extensions Pose a Hidden Risk to Network Security
April 13, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Microsoft Expands Data Loss Prevention Controls for Microsoft 365 Copilot
February 25, 2026
Microsoft expands data loss prevention (DLP) controls to block Microsoft 365 Copilot from accessing and processing confidential Word, Excel, and Power...
New Security Concerns Arise with the Proliferation of Internal LLMs
February 25, 2026
As organizations implement LLMs, security concerns shift to the infrastructure.
Cybercriminal Group Exploits Hundreds of FortiGate Firewalls Using Off-the-Shelf AI Tools
February 24, 2026
A cybercrime group used off-the-shelf AI tools to target FortiGate firewalls in 55 countries.
Ring Bets $10,000 That Nobody Can Hack Its Local Streaming Feature
February 24, 2026
Ring offers $10,000 for finding security flaws in its new local streaming feature. The company's goal is to limit video access to device owners' trust...
Romanian Hacker Admits to Selling Oregon State Network Access in Court
February 23, 2026
A Romanian hacker pleads guilty to selling digital access to a US state office network.
Privacy Groups Demand Compliance From Generative AI Image Creators
February 23, 2026
Privacy watchdogs insist generative AI makers adhere to data protection laws.
Spanish Hacker Arrested for Booking Luxury Hotel Rooms for One Cent
February 23, 2026
Spanish police apprehended a hacker for booking luxury rooms for €0.01 each through an exploited payment system.
Anthropic Introduces Claude Code Security for Vulnerability Detection
February 23, 2026
Anthropic's new feature scans code for vulnerabilities, suggesting targeted patches.
PayPal Data Breach Exposed User Data for Six Months Due to Software Bug
February 23, 2026
A six-month data breach at PayPal exposed sensitive user information due to a software flaw in its Working Capital app.
Critical Grandstream Phone Vulnerability Allows for Eavesdropping Opportunities
February 23, 2026
A critical flaw in Grandstream phones enables remote code execution without authentication.
Ukrainian National Sentenced in US Federal Court for Aiding North Korean IT Fraud
February 23, 2026
Ukrainian Oleksandr Didenko sentenced to 5 years for aiding North Korean IT workers in employment fraud.
Deutsche Bahn Hit by a Large-Scale DDoS Attack Disrupting Rail Services
February 20, 2026
Deutsche Bahn's services were disrupted by a DDoS attack, leading to significant travel complications across Germany's national rail network.
Snyk CEO Steps Down to Make Way for AI-Focused Leadership
February 20, 2026
Snyk's CEO announces departure to align leadership with AI advancements in code review.
Advantest Cyberattack Sparks Fears of Employee and Client Data Exposure
February 20, 2026
Advantest faces a ransomware attack, investigating potential data breach impact.
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
February 20, 2026
Discover how PromptSpy malware uses Gemini AI at runtime to analyze on-screen elements and maintain persistence on Android devices even after a reboot...
Ukrainian National Gets Five Years for Helping North Korean IT Workers Infiltrate U.S. Companies
February 20, 2026
A Ukrainian hacker aided North Korea in infiltrating U.S. companies by providing stolen identities, resulting in a five-year prison sentence.
Former Google Engineers Indicted for Alleged Trade Secret Theft Linked to Iran
February 20, 2026
Former Google engineers indicted for allegedly stealing trade secrets and transferring sensitive data to unauthorized locations, including Iran.
Operation Red Card 2.0 Dismantles Online Scam Networks Across Africa
February 20, 2026
Operation Red Card 2.0 led to 651 arrests and disrupted online scam networks in Africa.
MIT CSAIL’s 2025 AI Agent Index Puts System Transparency Under the Microscope
February 20, 2026
Academic researchers spotlighted the growing role and impact of AI agents across industries, raising critical questions about transparency, accountabi...
FBI Issues Warning on Escalating ATM Jackpotting Losses
February 20, 2026
The FBI alerts the public on ATM jackpotting, reporting $20M losses and 1,900 incidents since 2020 in the U.S.
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
cPanel and WHM Patch Three CVEs, Two Rated High Severity
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Fake Claude AI Site Delivers New Beagle Windows Backdoor
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms