Main Menu
Cyber Security
64 Million T-Mobile Customer Records Allegedly Exposed in New Data Leak
How to Defend Your Organization Against Scattered Spider’s Service Desk Attacks
Ivanti Workspace Control Exposes SQL Credentials Through Hardcoded Key Flaws
The Exploding Threat of Cybercrime-as-a-Service (CaaS): How it’s Reshaping the Cybercrime Landscape
Quantum Hacking Is Coming: How to Prepare with Post-Quantum Security Today
Interlock Ransomware Suspected in Kettering Health System-Wide Outage
RVTools Supply Chain Attack Delivered Bumblebee Malware via Trojanized Installer
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
The Truth About Identity Attacks: How to Protect Your Business and Data
CISA Warns of Ongoing Cyber Threats to U.S. Oil and Gas Infrastructure
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
The Rising Tide of Supply Chain Cybersecurity Risks in 2025
Fighting AI with AI: Using Artificial Intelligence to Strengthen Enterprise Cybersecurity
27 Million Records Allegedly Leaked from French Retailer Boulanger
13 Cybersecurity Assumptions That Are Getting You Hacked (And What to Do Instead)
Navigating the Complex Intersection of AI and Data Privacy
Cookie-Bite Attack Uses Chrome Extension to Steal Microsoft Session Tokens and Bypass MFA
Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests
FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud
Remote Desktop Protocol (RDP): A Double-Edged Sword for IT Teams
Google Faces £5 Billion UK Antitrust Lawsuit Over Search Advertising Practices
Skyward Specialty Insurance Data Breach Exposes Sensitive Information
Hacker Forum ‘Cracked’ Resurfaces Online After FBI Seizure in Global Cybercrime Operation
Wolters Kluwer Data Breach Claim Raises Alarms Across Fortune 500 Network
Fall River Public Schools Responds to Cybersecurity Breach
COBIT 2019 vs. COBIT 5: What’s New and Why It Matters
The Soaring Cost of Data Breaches for Enterprise Businesses in 2024
ChatGPT is Down Worldwide Impacting Millions
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years
VanHelsing Ransomware Targets Multiple Platforms Including Windows and ESXi Systems
News
VanHelsing Ransomware Targets Multiple Platforms Including Windows and ESXi Systems
Mitchell Langley March 25, 2025
The new VanHelsing ransomware targets various systems, employing advanced encryption techniques and demanding ransoms up to $500,000 from its victims.
INTERPOL Operation Red Card Nets 300 Cybercrime Suspects in Africa
News
INTERPOL Operation Red Card Nets 300 Cybercrime Suspects in Africa
Andrew Doyle March 25, 2025
INTERPOL's Operation Red Card resulted in the arrest of 306 cybercrime suspects across seven African nations, seizing thousands of devices used in various scams.
Oracle Cloud Breach Compromises 6 Million Records, Threatening 140,000 Businesses
News
Oracle Cloud Breach Compromises 6 Million Records, Threatening 140,000 Businesses
Mitchell Langley March 24, 2025
A massive Oracle Cloud breach exposed 6 million records, impacting 140,000 businesses. The attacker, "rose87168," is selling the data and demanding ransoms.
NYU Data Breach: Class Action Lawsuit Investigation Underway
News
NYU Data Breach: Class Action Lawsuit Investigation Underway
Andrew Doyle March 24, 2025
NYU's March 2025 data breach exposed millions of applicants' personal data, prompting a class action lawsuit investigation. Attorneys seek to recover compensation for affected individuals.
Microsoft's Trusted Signing Service Abused to Code-Sign Malware
News
Microsoft’s Trusted Signing Service Abused to Code-Sign Malware
Andrew Doyle March 24, 2025
Microsoft's Trusted Signing service is being abused to code-sign malware using short-lived certificates. This allows malicious software to bypass security and appear legitimate. Microsoft is ...
Coinbase Targeted in GitHub Actions Breach
News
Coinbase Targeted in GitHub Actions Breach
Mitchell Langley March 24, 2025
A major GitHub Actions breach targeted Coinbase, exploiting the tj-actions/changed-files action to steal secrets. Although Coinbase claims no damage, the attack highlights supply chain vulnerabilities.
CISA Says NAKIVO Backup Flaw is Actively Exploited in Attacks
News
CISA Says NAKIVO Backup Flaw is Actively Exploited in Attacks
Mitchell Langley March 21, 2025
CISA warns of a critical NAKIVO backup flaw, CVE-2024-48248, allowing unauthorized file access, urging organizations to patch systems promptly.
GitHub Supply Chain Attack Exposes Secrets in 218 Repositories
News
GitHub Supply Chain Attack Exposes Secrets in 218 Repositories
Andrew Doyle March 21, 2025
A GitHub Action supply chain attack exposed secrets from 218 repositories due to malicious code in tj-actions/changed-files, impacting popular projects and potentially causing further supply ...
WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug
News
WordPress Plugin WP Ghost Vulnerable to Critical Remote Code Execution Bug
Mitchell Langley March 21, 2025
Critical remote code execution vulnerability in WordPress plugin WP Ghost allows attackers to hijack servers. Urgent updates are required.
Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks
News
Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks
Mitchell Langley March 21, 2025
Cisco's Smart Licensing Utility vulnerabilities CVE-2024-20439 and CVE-2024-20440 are now exploited, allowing unauthorized access through a backdoor admin account.
HellCat Hacking Spree Targets Jira Servers Worldwide
News
HellCat Hacking Spree Targets Jira Servers Worldwide
Andrew Doyle March 21, 2025
HellCat hackers are exploiting compromised Jira credentials in a worldwide hacking spree, targeting companies like Ascom and Jaguar Land Rover, stealing sensitive data including source ...
RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks
News
RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks
Andrew Doyle March 21, 2025
RansomHub ransomware uses a new multi-function backdoor, Betruger, for enhanced attacks, streamlining the deployment process and minimizing detection.
Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers
News
Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers
Mitchell Langley March 21, 2025
MI MegaRAC BMC vulnerability (CVE-2024-54085) lets attackers remotely hijack and brick servers, impacting numerous vendors and potentially causing significant damage.
This Week In Cybersecurity: 17th March to 21st March, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 17th March to 21st March, 2025
Andrew Doyle March 21, 2025
This week in cybersecurity reports on a range of incidents, including a major data breach at California Cryobank and a supply chain attack affecting GitHub ...
Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code
News
Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code
Andrew Doyle March 20, 2025
A critical vulnerability in Veeam Backup & Replication allows remote code execution, affecting various versions and posing significant security risks.
Microsoft Exchange Online Outage Impacts Outlook Web Users
News
Microsoft Exchange Online Outage Impacts Outlook Web Users
Mitchell Langley March 20, 2025
A Microsoft Exchange Online outage severely impacted Outlook on the web users globally, causing login and access issues. Microsoft attributed the problem to a code ...
DollyWay Malware Campaign Compromises 20,000 WordPress Sites
News
DollyWay Malware Campaign Compromises 20,000 WordPress Sites
Mitchell Langley March 20, 2025
The DollyWay malware campaign, active since 2016, has compromised over 20,000 WordPress sites, redirecting users to malicious sites and generating millions of fraudulent impressions monthly.
WhatsApp Patches Zero-Day Flaw Exploited by Paragon Spyware
Cybersecurity
WhatsApp Patches Zero-Day Flaw Exploited by Paragon Spyware
Andrew Doyle March 20, 2025
WhatsApp has patched a zero-click vulnerability exploited by Paragon spyware, affecting journalists and activists globally, highlighting ongoing cybersecurity challenges.
Ukrainian Military Targeted in New Signal Spear-Phishing Attacks
News
Ukrainian Military Targeted in New Signal Spear-Phishing Attacks
Mitchell Langley March 20, 2025
krainian military personnel are facing sophisticated spear-phishing attacks using compromised Signal accounts to deliver Dark Crystal RAT malware. Urgent security updates are needed.
Arcane Infostealer Infects YouTube and Discord Users Through Game Cheats
News
Arcane Infostealer Infects YouTube and Discord Users Through Game Cheats
Andrew Doyle March 20, 2025
The Arcane infostealer, a new malware, is stealing data from YouTube and Discord users via game cheats, targeting VPNs, messengers, and cryptocurrency wallets. Its sophisticated ...
Stormous Ransomware: Unmasking the Pro-Russian Cyber Threat
Blog
Stormous Ransomware: The Pro-Russian Cyber Gang Targeting Global Networks
Gabby Lee July 3, 2025
INC Ransom: Master of Double Extortion
Ransomware
INC Ransomware: Master of Double Extortion
Gabby Lee June 10, 2025
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
News
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
Andrew Doyle May 12, 2025
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
Cybersecurity
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
Mitchell Langley May 8, 2025

TOP CYBERSECURITY HEADLINES

Cybercriminals Turn to PDFs to Impersonate Microsoft, PayPal, and DocuSign
News
Cybercriminals Turn to PDFs to Impersonate Microsoft, PayPal, and DocuSign
IdeaLab Confirms Data Stolen in Ransomware Attack Linked to Hunters International
News
IdeaLab Confirms Data Stolen in Ransomware Attack Linked to Hunters International
Kelly Benefits Data Breach Exposes Personal Information of Over 550,000 Individuals
News
Kelly Benefits Data Breach Exposes Personal Information of Over 550,000 Individuals
Esse Health Data Breach Impacts Over 263,000 Patients in Prolonged Cyber Incident
News
Esse Health Data Breach Impacts Over 263,000 Patients in Prolonged Cyber Incident

SECURITYWEEK INDUSTRY EXPERTS

BMW Financial Services Caught in Third-Party Data Breach Involving Texas Fintech Firm
News
BMW Financial Services Caught in Third-Party Data Breach Involving Texas Fintech Firm
Andrew Doyle July 7, 2025
Ingram Micro Confirms SafePay Ransomware Attack Behind Major Outage
News
Ingram Micro Confirms SafePay Ransomware Attack Behind Major Outage
Mitchell Langley July 7, 2025
Telefónica Faces New Data Leak Allegations After Hacker Publishes Sample Files
News
Telefónica Faces New Data Leak Allegations After Hacker Publishes Sample Files
Mitchell Langley July 7, 2025
Cybercriminals Turn to PDFs to Impersonate Microsoft, PayPal, and DocuSign
News
Cybercriminals Turn to PDFs to Impersonate Microsoft, PayPal, and DocuSign
Mitchell Langley July 7, 2025
More In News
Trending
What is a Whaling Phishing Attack?
Phishing Attacks on the Rise: Businesses Face Growing Cyberthreat
Email Spoofing 101: Understanding the Basics and How to Protect Your Enterprise Data
How AI is Revolutionizing Phishing Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Oxford City Council Breach Exposes 21 Years of Data
June 20, 2025
Podcasts
Weaponized GitHub Repositories: How Banana Squad and Water Curse Are Hitting Devs
June 20, 2025
Podcasts
Chain IQ Breach Exposes UBS & Pictet Employee Data: A Supply Chain Failure
June 20, 2025

Cyber Security News

Verkada to Pay $2.95 Million for Security Failures Leading to Breaches
Cybersecurity
Verkada to Pay $2.95 Million for Security Failures Leading to Breaches
September 3, 2024
This Week in Cybersecurity: 26th August to 30th August, BlackSuit Ransomware Stole Data
Cybersecurity
This Week in Cybersecurity: 26th August to 30th August, BlackSuit Ransomware Stole Data
September 2, 2024
DICK'S Sporting Goods Cyberattack Shuts Down Email and Locks Employee Accounts
Cybersecurity
DICK’S Sporting Goods Cyberattack Shuts Down Email and Locks Employee Accounts
September 2, 2024
North Korean Hackers Exploit Chrome Zero-Day to Deploy Rootkit
Cybersecurity
North Korean Hackers Exploit Chrome Zero-Day to Deploy Rootkit
September 2, 2024
Voldemort Malware: A New Threat Abusing Google Sheets for Data Exfiltration
Cybersecurity
Voldemort Malware: A New Threat Abusing Google Sheets for Data Exfiltration
September 2, 2024
French Government Websites Under Siege Following Telegram CEO Arrest
Cybersecurity
French Government Websites Under Siege Following Telegram CEO Arrest
August 27, 2024
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Threat Actors
  • Threat Detection Tools
  • Uncategorized
Moldovan Authorities Arrest Suspect Tied to DoppelPaymer Ransomware Attacks
May 13, 2025
A Moldovan suspect has been arrested for a 2021 DoppelPaymer ransomware attack that crippled Dutch research systems and caused €4.5 million in damages.
rand-user-agent: The NPM Package That Opened a Backdoor
May 12, 2025
In this episode, we break down the recent compromise of the rand-user-agent NPM package—an attack that quietly turned a once-trusted JavaScript library into a delivery ...
160,000 Victims Later: The Aspire USA Breach Under Valsoft’s Watch
May 12, 2025
In this episode, we break down the February 2025 data breach that hit Valsoft Corporation, operating under the name AllTrust, through its subsidiary Aspire USA. ...
Backdoored by ‘Cheap’ AI: How Fake npm Packages Compromised Cursor IDE
May 12, 2025
A new supply chain attack has emerged—this time targeting macOS users of the Cursor AI code editor through rogue npm packages. In this episode, we ...
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
May 12, 2025
Chinese threat group Chaya_004 exploited a zero-day flaw in SAP NetWeaver servers, compromising hundreds of systems using remote code execution and web shell deployments.
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
May 12, 2025
The iClicker website was hacked between April 12–16, 2025, using a fake CAPTCHA to deploy malware via a ClickFix attack targeting students and faculty.
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
May 12, 2025
LockBit's dark web affiliate panels were hacked, exposing thousands of victim negotiation messages, affiliate details, and bitcoin addresses in a leaked MySQL database.
Ascension Data Breach Exposes Personal and Health Information of Over 430,000 Patients
May 12, 2025
Ascension confirms a third-party data breach affecting 437,329 patients, exposing sensitive personal and medical data, including Social Security numbers and health insurance details.
PipeMagic, Procdump, and Privilege Escalation: Tracking the Windows CLFS Exploit Chain
May 8, 2025
A zero-day vulnerability in the Windows Common Log File System (CLFS), tracked as CVE-2025-29824, became the center of a global cybersecurity storm when it was ...
Pegasus Spyware, WhatsApp v. NSO Group, and the Global Battle for Data Privacy
May 8, 2025
In this episode, we dive deep into the legal, technical, and geopolitical implications of the U.S. court ruling in WhatsApp v. NSO Group—a landmark case ...
How CodeAnt AI is Automating Code Reviews for 50+ Dev Teams
May 8, 2025
AI tools are generating more code than ever — but who’s reviewing it? In this episode, we spotlight CodeAnt AI, the fast-growing platform built to ...
The Truth About Identity Attacks: How to Protect Your Business and Data
May 8, 2025
In today's digital landscape, identity attacks are rampant, costing businesses millions and causing irreparable damage to reputations. This comprehensive guide explores seven common identity-based attacks, ...
CISA Warns of Ongoing Cyber Threats to U.S. Oil and Gas Infrastructure
May 8, 2025
U.S. Oil and Gas Sectors Face Persistent Cyber Threats, CISA Warns The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory warning that ...
NSO Group Fined $167 Million for Pegasus Spyware Attack on WhatsApp Users
May 8, 2025
A U.S. jury has ordered NSO Group to pay over $167 million in damages for a 2019 Pegasus spyware attack that targeted 1,400 WhatsApp users. ...
PowerSchool Hacker Now Extorting Individual School Districts Using Stolen Data
May 8, 2025
The PowerSchool hacker is now targeting individual school districts, threatening to leak sensitive student and staff data stolen in the December 2024 breach.
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
May 8, 2025
Play ransomware operators exploited a critical Windows log file vulnerability (CVE-2025-29824) in zero-day attacks, targeting global IT, finance, and retail sectors.
The Langflow Breach: How a Popular AI Tool Opened the Door to Hackers
May 7, 2025
A newly disclosed zero-day vulnerability, CVE-2025-3248, is being actively exploited in the wild—and it’s targeting Langflow, a popular open-source framework for building AI-powered applications. In ...
Mirai Reloaded: Why CVE-2024-7399 Still Haunts Samsung Servers
May 7, 2025
In this episode, we break down the active exploitation of CVE-2024-7399, a critical path traversal and arbitrary file upload vulnerability in Samsung MagicINFO 9 Server. ...
UK Retail Cyberattacks Prompt Urgent Warning from National Cyber Security Centre
May 7, 2025
The UK’s NCSC has issued a warning after recent cyberattacks disrupted major retailers including Marks & Spencer, Harrods, and Co-op, urging stronger cybersecurity readiness.
CVE-2025-31324: A Critical SAP Zero-Day in Active Exploitation
May 7, 2025
A critical zero-day vulnerability — CVE-2025-31324 — is shaking the enterprise tech world. In this episode, we dive deep into the alarming exploit targeting SAP NetWeaver ...
SAP’s July 2025 Patch Day: Critical Flaws, CVE-2025-30012, and Ransomware Risk
106GB Exposed? Telefónica, HellCat, and the Silent Data Breach
Ingram Micro’s SafePay Ransomware Breach: Human-Operated Threats and Supply Chain Fallout
The Illusion of Shutdowns: What Hunters International’s Closure Really Means
The AI Cyber Threat: How to Secure your Systems in the Age of Artificial Intelligence
BMW Financial Services Caught in Third-Party Data Breach Involving Texas Fintech Firm
CISA Flags CVE-2025-6554: Patching Chrome’s Critical Flaw Before It’s Too Late
Telefónica Faces New Data Leak Allegations After Hacker Publishes Sample Files
Ingram Micro Confirms SafePay Ransomware Attack Behind Major Outage
Cybercriminals Turn to PDFs to Impersonate Microsoft, PayPal, and DocuSign
ANSSI vs. Houken: France Battles Advanced Chinese Hacking Threat
Psychological Manipulation and AI Fraud: How Spain Exposed a $12M Scam
CVE-2025-20309: Critical Cisco Root Access Flaw Threatens VoIP Security
IdeaLab Confirms Data Stolen in Ransomware Attack Linked to Hunters International
Kelly Benefits Data Breach Exposes Personal Information of Over 550,000 Individuals
Esse Health Data Breach Impacts Over 263,000 Patients in Prolonged Cyber Incident
Spain Arrests Hackers Behind Data Breach Targeting Politicians and Journalists
Citrix Patch for Critical NetScaler Vulnerabilities Causes Login Issues for Some Customers
Forminator Plugin Flaw Leaves 600,000+ WordPress Sites at Risk of Full Takeover
Grafana Issues Critical Security Fixes for Image Renderer Plugin and Synthetic Monitoring Agent