Cyber Security
Cybersecurity
Healthplex Fined $2M After Phishing-Driven Data Breach Exposed Tens Of Thousands
A phishing click at Healthplex exposed tens of thousands’ health data; delayed reporting triggered a $2 million DFS fine and a mandatory independent MFA audit.
News
Bragg Discloses Cybersecurity Incident; Says Impact Appears Limited
Bragg Gaming Group detected a cybersecurity incident on August 16, 2025. Preliminary findings say the impact was internal only, with no indication personal data was ...
Cybersecurity
WestJet Data Breach Exposes Passenger Details, Including Names, DOB and Travel Details
WestJet confirms a June cyberattack exposed passenger details but not payment data. The airline offers two years of TransUnion monitoring and identity restoration while the ...
Resources
Crypto24 Ransomware: The Phantom Encryptor
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal, encrypt, and leak sensitive data.
Resources
Charon Ransomware: Stealthy Cyber Extortion Syndicate
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing a severe threat to critical ...
News
U.S. Seizes $1M in Cryptocurrency from BlackSuit Ransomware Gang
U.S. agencies seized over $1 million in cryptocurrency and critical infrastructure from the BlackSuit ransomware gang. While the takedown marks progress, core members have already ...
Cybersecurity
Citrix NetScaler Zero-Day Breach Hits Critical Dutch Infrastructure
A Citrix NetScaler zero-day, CVE-2025-6543, has been exploited in the wild, leading to breaches of Dutch critical infrastructure. Thousands of devices remain unpatched worldwide, prompting ...
Blog
Why Supply Chain Security is a 2025 Cyber Priority
Supply chain security has become a top cybersecurity priority in 2025. Weak vendor defenses, low visibility, and nation-state attacks are fueling breaches, underscoring the urgent ...
Cybersecurity
Fortinet Warns of FortiSIEM Zero-Day CVE-2025-25256 Critical RCE Flaw
Fortinet has patched CVE-2025-25256, a FortiSIEM vulnerability rated CVSS 9.8 that allows unauthenticated remote code execution. Exploit code is active in the wild, and security ...
Blog
Quantum Key Distribution Faces Real-World Cybersecurity Risks
Quantum Key Distribution (QKD) is often described as unbreakable, but recent research exposes flaws in real-world systems. From photorefraction and side-channel attacks to theoretical weaknesses, ...
Cybersecurity
Cybercrime Groups ShinyHunters and Scattered Spider Collaborate in Extortion Attacks
A possible alliance between ShinyHunters, Scattered Spider, and Lapsu$ points to a new wave of coordinated cybercrime. By merging social engineering and data theft, these ...
Cybersecurity
Thorium: CISA’s New Open-Source Malware Analysis and Forensic Platform
CISA has released Thorium, an open-source platform for malware analysis and digital forensics. Built with automation and scalability, it enables security teams to analyze millions ...
Cybersecurity
FBI Flags $9.9M in Losses from Crypto Recovery Scams
The FBI warns of a growing wave of “crypto recovery scams,” where fraudsters pose as attorneys or law firms to exploit victims of earlier crypto ...
Application Security
Cisco’s Critical FMC RADIUS Vulnerability: CVSS 10.0 Remote Code Execution Risk
Cisco’s CVE-2025-20188 vulnerability, rated CVSS 10.0, exposes IOS XE devices and Firepower Management Center to unauthenticated remote code execution. The flaw, caused by a hard-coded ...
News
Crypto24 Ransomware Hits Big Targets With Custom EDR Evasion And Google Drive Exfiltration
Crypto24 ransomware is hitting large enterprises with custom EDR evasion, keyloggers, and Google Drive exfiltration, abusing Windows services and uninstallers, researchers say, while encrypting systems.
News
CFE Data Leak Exposes 600GB Of Internal Logs of Mexico’s Power Operations
Over 600GB of CFE network and security logs were publicly exposed for years, potentially enabling attackers to map weaknesses and target Mexico’s industrial control systems.
News
House Of Commons Data Breach Under Investigation After Targeted Cyberattack
Canada’s House of Commons is probing a cyberattack-linked breach that exposed employee details, with investigators citing recently patched Microsoft flaws and warning of impersonation risks.
Blog
Why Zero Trust Architecture is Now Essential for 2025 Cyber Defense
Zero Trust Architecture is now a core cybersecurity strategy in 2025, driven by hybrid work, cloud adoption, and AI threats. Enterprises and governments worldwide are ...
Cybersecurity
Microsoft August 2025 Patch: 107 Fixes, Including Kerberos Zero-Day
Microsoft’s August 2025 Patch Tuesday fixes 107 flaws, including the “BadSuccessor” Kerberos zero-day in Windows Server 2025. The vulnerability could enable domain-wide compromise, prompting urgent ...
News
HTTP/1.1 Desync Flaw Leaves 24 Million Websites Open to Complete Takeover
Researchers find 24 million sites reliant on HTTP/1.1 in the proxy chain. Request smuggling enables desync attacks that can steal accounts, poison caches, and fully ...
TOP CYBERSECURITY HEADLINES
CVE Vulnerability Alerts
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
This Week’s Security Spotlight
Application Security
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
Application Security
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Application Security
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Salesforce Supply Chain Breach Hits Palo Alto Networks Customers
Palo Alto Networks confirmed exposure of customer records in a Salesforce breach via Drift tokens, as Unit 42 warned attackers mass-exfiltrated sensitive data and credentials ...
Google Warns of Sitecore Zero-Day: ViewState Deserialization Under Fire
A critical zero-day vulnerability, CVE-2025-53690, is being actively exploited in the wild, targeting Sitecore Experience Manager (XM) and Experience Platform (XP) systems deployed with outdated ...
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
Hackers breached Evertec’s Brazilian subsidiary Sinqia, attempting a $130 million theft via Pix. Using stolen vendor credentials, they initiated unauthorized transfers before operations were suspended ...
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Cloudflare confirmed its Salesforce instance was breached through compromised SalesLoft and Drift integrations, exposing customer data in a campaign affecting 700+ companies. The company’s detailed ...
Exploring Ransomware EDR-Killer Tools: How New Tactics Undermine Endpoint Security
A new wave of EDR-killer tools is reshaping ransomware tactics, enabling groups like RansomHub, Medusa, and Blacksuit to disable endpoint defenses. By exploiting vulnerable drivers ...
Agentic AI Steals Spotlight at Black Hat 2025 with Real-Time Threat Response
Agentic AI took center stage at Black Hat USA 2025, marking a definitive pivot from conceptual discussions to real-world deployment. As the cybersecurity industry grapples ...
DHS Cuts $27M Cybersecurity Support: Impact on 19,000 Local Governments
The Department of Homeland Security (DHS) will halt $27 million in annual federal funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC) by the ...
TamperedChef Infostealer Delivered Through Fraudulent PDF Editor Ads
Cybercriminals used fraudulent Google Ads to spread a fake PDF Editor app delivering TamperedChef infostealer, leveraging code-signing certificates, residential proxy enrollment
Amazon Disrupts Midnight Blizzard Campaign Targeting Microsoft 365
Amazon disrupted a Midnight Blizzard campaign where Russian hackers used compromised websites, fake Cloudflare pages, and Microsoft device code abuse to target enterprise Microsoft 365 ...
Zscaler Data Breach Exposes Customer Information After Salesloft Drift Compromise
Zscaler confirmed a Salesforce data breach linked to the Salesloft Drift compromise, exposing customer information but not its core services. The incident highlights escalating OAuth ...
Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees
Hackers calling themselves Scattered LapSus Hunters threatened to leak Google databases unless two employees are dismissed, linking their demand to recent Salesforce-driven phishing attacks.
SK Telecom Hit with Record US$96.9 Million Fine After Data Breach Exposes 23 Million Users
SK Telecom has been fined $96.9 million after a breach exposed 23 million users’ data, marking the largest privacy penalty ever imposed on a South ...
Hackers Leak Sensitive Healthcare Data of 433,000 U.S. Doctors
Hackers leaked data on 433,000 U.S. doctors, exposing names, addresses, and emails. Experts warn of phishing, identity theft, and ransomware risks targeting healthcare professionals and ...
Brokewell Malware Targets Android Users via Fake TradingView Ads on Meta
A new and highly sophisticated Android malware campaign, dubbed Brokewell, has emerged as one of the most dangerous mobile threats of 2024–2025. First spotted in ...
Von der Leyen and Shapps Flights Hit by Suspected Russian Electronic Warfare
Aviation safety and geopolitics collided when multiple flights carrying high-ranking European and UK officials were hit by suspected Russian GPS jamming. European Commission President Ursula ...
Salesforce and Google Workspace Compromised in Largest SaaS Breach
In August 2025, the largest SaaS breach of the year shook the enterprise world when a newly identified threat actor, UNC6395, orchestrated a supply-chain attack ...
Tea App Data Breach Exposes Sensitive Images
Tea Dating Advice confirmed a July 2025 breach affecting 4,244 users, exposing sensitive PII, identity documents, and private images, raising concerns over larger-scale data exposure.
NCSC Warns of Malware Campaign Using Fake PDF Editors
The NCSC uncovered a malware campaign using fake PDF editors and manual finder tools to turn devices into residential proxies, enabling criminals to mask their ...
TransUnion Data Breach Exposes Personal Information of 4.4 Million
TransUnion confirmed a cyberattack exposing data of over 4.4 million U.S. consumers, tied to Salesforce breaches attributed to ShinyHunters and UNC6395 extortion groups.
Brokewell Android Malware Spread Through Fake TradingView Ads
Cybercriminals are exploiting Meta’s ad network to push fake TradingView Premium apps that secretly install Brokewell malware on Android devices, stealing data and hijacking user ...