Main Menu
Cyber Security
JavaScript Worm Disrupts Wikimedia Platforms Across Multiple Wikis
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
US Government Contractor’s Son Charged with Cryptocurrency Theft from US Marshals Service
Russian Ransomware Operator Admits Guilt in U.S. Court
Meta’s Smart Glasses Face Privacy Investigation in Britain
Iranian MOIS-Linked MuddyWater Cyber Group Deploys New Custom Implant
HungerRush POS Platform Targeted in Data Extortion Scheme
Fake OpenClaw Installers on GitHub Are Stealing User Data
Coruna iOS Exploits Target Apple Devices in Espionage and Financial Attacks
FBI Seizes LeakBase and Disrupts a Major Cybercrime Forum
Zurich Forms Cyber Insurance Powerhouse with $11 Billion Beazley Acquisition
Retaliatory Hacktivism Escalates Amid Epic Fury and Roaring Lion Military Operations
University of Mississippi Medical Center Resumes Operations After Nine-Day Ransomware Attack
LexisNexis Data Breach Claimed by Fulcrumsec Group
Attackers Exploit Command Injection Vulnerability in Sangoma FreePBX
Alabama Man Pleads Guilty to Cyberstalking and Extortion After Hijacking Hundreds of Women’s Accounts
Chrome’s Gemini Live Feature Left Users Exposed to Malicious Extensions
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
Madison Square Garden Cyber Incident Revealed Months Later
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido’s Full Customer Database
‘Sandworm_Mode’ Supply Chain Attack Hits the NPM Ecosystem
ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Data
Broadcom Releases Patches for VMware Aria Operations Vulnerabilities
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
Endpoint Security
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
Andrew Doyle January 11, 2026
Cybercriminals are exploiting vulnerabilities in proxy servers, seeking unauthorized access to commercial large language models, posing significant cybersecurity concerns.
North Korean Hackers Exploit QR Codes to Breach Enterprise Cloud Security
News
North Korean Hackers Exploit QR Codes to Breach Enterprise Cloud Security
Mitchell Langley January 11, 2026
North Korean state-sponsored cyber actors leverage QR codes to bypass enterprise security systems, gaining unauthorized access to cloud platforms. The FBI highlights these tactics in ...
Illinois Department's Database Error Leads to Massive Data Exposure
Data Security
Illinois Department’s Database Error Leads to Massive Data Exposure
Gabby Lee January 11, 2026
The Illinois Department of Human Services recently disclosed a significant data breach affecting approximately 700,000 residents. A misconfigured privacy setting was identified as the cause, ...
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
Cybersecurity
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
Andrew Doyle January 11, 2026
Security company Trend Micro has resolved three critical vulnerabilities in its Apex Central management console, disclosed by Tenable. These issues, identified as CVE-2025-69258, CVE-2025-69259, and ...
Vulnerability in Totolink Range Extender Firmware Allows Unauthorized Access
Endpoint Security
Vulnerability in Totolink Range Extender Firmware Allows Unauthorized Access
Mitchell Langley January 8, 2026
Totolink range extenders are at risk due to a firmware bug that leads to unauthenticated root-level Telnet service, allowing potential device takeovers. Security researchers encourage ...
Vibe Hacking How AI is Transforming Cybercrime's Landscape
Cybersecurity
Vibe Hacking: How AI is Transforming Cybercrime’s Landscape
Andrew Doyle January 8, 2026
The evolution of cybercrime from skill-based activities to AI-driven "vibe hacking" is reshaping attack strategies. By utilizing AI tools, cybercriminals gain access to advanced capabilities ...
How Misconfigured Email Routing Opens the Door for Credential Theft
Blog
How Misconfigured Email Routing Opens the Door for Credential Theft
Gabby Lee January 8, 2026
Misconfigured email routing creates an opening for attackers using Phishing-as-a-Service platforms like Tycoon2FA to steal credentials. Such tactics enable attackers to replicate legitimate internal emails, ...
Logitech's macOS Applications Disrupted by Expired Code-Signing Certificate
Application Security
Logitech’s macOS Applications Disrupted by Expired Code-Signing Certificate
Andrew Doyle January 7, 2026
Logitech's macOS applications, Options+ and G Hub, faced functionality issues after their code-signing certificate expired, preventing users from launching the apps on Apple systems. This ...
Ni8mare Vulnerability Threatens N8N Workflow Automation Platform
Application Security
Ni8mare Vulnerability Threatens N8N Workflow Automation Platform
Mitchell Langley January 7, 2026
A critical vulnerability discovered in the N8N workflow automation platform enables remote, unauthenticated attackers to gain control over systems. Details emerge on this severe risk, ...
Black Cat's SEO Poisoning Tactics Target Software Downloaders
News
Black Cat’s SEO Poisoning Tactics Target Software Downloaders
Gabby Lee January 7, 2026
The Black Cat cybercrime group is leveraging fraudulent software download sites in a new SEO-driven attack campaign, delivering backdoor malware. The tactic involves SEO poisoning ...
OwnCloud Urges Users to Implement Multi-factor Authentication for Enhanced Security
Identity and Access Management
OwnCloud Urges Users to Implement Multi-factor Authentication for Enhanced Security
Andrew Doyle January 7, 2026
OwnCloud recommends multi-factor authentication to prevent unauthorized access to user data via compromised credentials. This security measure adds an essential layer, mitigating the risk of ...
Navigating the Challenges of Fileless Malware in Cybersecurity
Blog
Navigating the Challenges of Fileless Malware in Cybersecurity
Gabby Lee January 7, 2026
Fileless malware poses a significant challenge by leveraging existing tools within environments instead of standard files, making detection difficult for cybersecurity teams.
Microsoft Acknowledges Issues With Outlook Encryption Feature
Application Security
Microsoft Acknowledges Issues With Outlook Encryption Feature
Mitchell Langley January 7, 2026
A flaw in classic Outlook prevents users from opening encrypted emails, affecting security and efficiency. Microsoft outlines the known issue tied to this encryption feature, ...
Stalkerware Vendor's Guilty Plea A Rare Legal Victory in Consumer Spyware Prosecution
Cybersecurity
Stalkerware Vendor’s Guilty Plea: A Rare Legal Victory in Consumer Spyware Prosecution
Gabby Lee January 7, 2026
A significant legal breakthrough marks only the second successful prosecution of a consumer spyware vendor in over ten years by the US government, revealing complex ...
The Influence of Security Advice and Accountability in Cybersecurity
Blog
The Influence of Security Advice and Accountability in Cybersecurity
Andrew Doyle January 7, 2026
Security advice can often have minimal real-world consequences for those who deliver it but are not involved in its application. Understanding how accountability and responsibility ...
Chrome Extensions Masquerading as AITOPIA Pose Risk
Application Security
Chrome Extensions Masquerading as AITOPIA Pose Risk
Mitchell Langley January 7, 2026
Security analysts identified two harmful Chrome extensions, downloaded 900,000 times, masquerading as legitimate AITOPIA tools. These extensions extracted users' browser activity and personal data. Google’s ...
Microsoft Alters Exchange Online User Email Limitations After Customer Pushback
Cybersecurity
Microsoft Alters Exchange Online User Email Limitations After Customer Pushback
Mitchell Langley January 7, 2026
Microsoft has postponed its intended changes to Exchange Online, initially meant to restrict email recipients per message, following feedback from customers displeased by the limitations ...
European Space Agency Confronts Repeated Data Breaches with Legal Action
Data Security
European Space Agency Confronts Repeated Data Breaches with Legal Action
Gabby Lee January 7, 2026
A second major data breach in two weeks has put the European Space Agency in the midst of a cybersecurity crisis, prompting legal action. The ...
Generative AI Elevates Active Directory Password Attacks
Identity and Access Management
Generative AI Elevates Active Directory Password Attacks
Andrew Doyle January 7, 2026
Generative AI is revolutionizing password attacks on Active Directory, utilizing advanced algorithms to exploit weak passwords. Specops Software highlights how AI-driven techniques are increasing the ...
Phishers Pose as Booking.com to Compromise European Hotels
News
Phishers Pose as Booking.com to Compromise European Hotels
Mitchell Langley January 7, 2026
In a newly identified cybersecurity threat, attackers are imitating Booking.com to infiltrate European hotels. Employees are manipulated into installing malware under the guise of handling ...
Perplexity's Comet Browser Had a Flaw That Left Users Vulnerable to Local File Theft
Application Security
Perplexity’s Comet Browser Had a Flaw That Left Users Vulnerable to Local File Theft
Andrew Doyle March 6, 2026
Meta's Smart Glasses Face Privacy Investigation in Britain
Cybersecurity
Meta’s Smart Glasses Face Privacy Investigation in Britain
Gabby Lee March 6, 2026
Lazarus Group Expands Its Ransomware Arsenal with Medusa
News
Lazarus Group Expands Its Ransomware Arsenal with Medusa
Andrew Doyle February 25, 2026
Polish Authorities Detain Suspected Phobos Ransomware Operative
News
Polish Authorities Detain Suspected Phobos Ransomware Operative
Andrew Doyle February 18, 2026

TOP CYBERSECURITY HEADLINES

JavaScript Worm Disrupts Wikimedia Platforms Across Multiple Wikis
Cybersecurity
JavaScript Worm Disrupts Wikimedia Platforms Across Multiple Wikis
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
Application Security
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
US Government Contractor's Son Charged with Cryptocurrency Theft from US Marshals Service
Cybersecurity
US Government Contractor’s Son Charged with Cryptocurrency Theft from US Marshals Service
Cisco Catalyst SD-WAN Manager Faces Active Exploitation of New Vulnerabilities
CVE Vulnerability Alerts
Cisco Catalyst SD-WAN Manager Faces Active Exploitation of New Vulnerabilities

This Week’s Security Spotlight

OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Cybersecurity
OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Andrew Doyle February 19, 2026
CISA Faces Challenges With Limited Resources Amid DHS Shutdown
Cybersecurity
CISA Faces Challenges With Limited Resources Amid DHS Shutdown
Andrew Doyle February 17, 2026
Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
More In News
Trending
Law Enforcement Dismantles Tycoon2FA Phishing-as-a-Service Platform
Phishing Attack Masquerades as Google Security Page to Steal Sensitive Information
Optimizely Suffers a Data Breach Through a Voice Phishing Attack
Cybercriminals Exploit OAuth 2.0 Device Authorization Flow in Vishing Campaigns

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Crypto Theft on macOS: XCSSET Malware Swaps Wallet Addresses in Real Time
September 29, 2025
Podcasts
Nine High-Severity Vulnerabilities Expose Cognex Legacy Cameras to Cyber Threats
September 29, 2025
Podcasts
Microsoft Cuts Services to Israeli Military Unit After Surveillance Revelations
September 29, 2025

Cyber Security News

Cloud-Based Password Managers Face New Security Vulnerabilities
Cybersecurity
Cloud-Based Password Managers Face New Security Vulnerabilities
February 17, 2026
South Korean Fine Imposed on Dior, Louis Vuitton, and Tiffany Following Salesforce Breach
Cybersecurity
South Korean Fine Imposed on Dior, Louis Vuitton, and Tiffany Following Salesforce Breach
February 17, 2026
Odido Faces Cybersecurity Breach Threatening Customer Data
Cybersecurity
Odido Faces Cybersecurity Breach Threatening Customer Data
February 17, 2026
Dutch Police's Data Debacle Arrest Over Accidental File Sharing
Cybersecurity
Dutch Police’s Data Debacle: Arrest Over Accidental File Sharing
February 17, 2026
CISA Faces Challenges With Limited Resources Amid DHS Shutdown
Cybersecurity
CISA Faces Challenges With Limited Resources Amid DHS Shutdown
February 17, 2026
AMOS Infostealer Exploits Popular AI Platforms to Target macOS
Cybersecurity
AMOS Infostealer Exploits Popular AI Platforms to Target macOS
February 17, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
January 11, 2026
Security company Trend Micro has resolved three critical vulnerabilities in its Apex Central management console, disclosed by Tenable. These issues, identified as CVE-2025-69258, CVE-2025-69259, and ...
Vulnerability in Totolink Range Extender Firmware Allows Unauthorized Access
January 8, 2026
Totolink range extenders are at risk due to a firmware bug that leads to unauthenticated root-level Telnet service, allowing potential device takeovers. Security researchers encourage ...
Vibe Hacking: How AI is Transforming Cybercrime’s Landscape
January 8, 2026
The evolution of cybercrime from skill-based activities to AI-driven "vibe hacking" is reshaping attack strategies. By utilizing AI tools, cybercriminals gain access to advanced capabilities ...
How Misconfigured Email Routing Opens the Door for Credential Theft
January 8, 2026
Misconfigured email routing creates an opening for attackers using Phishing-as-a-Service platforms like Tycoon2FA to steal credentials. Such tactics enable attackers to replicate legitimate internal emails, ...
Logitech’s macOS Applications Disrupted by Expired Code-Signing Certificate
January 7, 2026
Logitech's macOS applications, Options+ and G Hub, faced functionality issues after their code-signing certificate expired, preventing users from launching the apps on Apple systems. This ...
Ni8mare Vulnerability Threatens N8N Workflow Automation Platform
January 7, 2026
A critical vulnerability discovered in the N8N workflow automation platform enables remote, unauthenticated attackers to gain control over systems. Details emerge on this severe risk, ...
Black Cat’s SEO Poisoning Tactics Target Software Downloaders
January 7, 2026
The Black Cat cybercrime group is leveraging fraudulent software download sites in a new SEO-driven attack campaign, delivering backdoor malware. The tactic involves SEO poisoning ...
OwnCloud Urges Users to Implement Multi-factor Authentication for Enhanced Security
January 7, 2026
OwnCloud recommends multi-factor authentication to prevent unauthorized access to user data via compromised credentials. This security measure adds an essential layer, mitigating the risk of ...
Navigating the Challenges of Fileless Malware in Cybersecurity
January 7, 2026
Fileless malware poses a significant challenge by leveraging existing tools within environments instead of standard files, making detection difficult for cybersecurity teams.
Microsoft Acknowledges Issues With Outlook Encryption Feature
January 7, 2026
A flaw in classic Outlook prevents users from opening encrypted emails, affecting security and efficiency. Microsoft outlines the known issue tied to this encryption feature, ...
Stalkerware Vendor’s Guilty Plea: A Rare Legal Victory in Consumer Spyware Prosecution
January 7, 2026
A significant legal breakthrough marks only the second successful prosecution of a consumer spyware vendor in over ten years by the US government, revealing complex ...
The Influence of Security Advice and Accountability in Cybersecurity
January 7, 2026
Security advice can often have minimal real-world consequences for those who deliver it but are not involved in its application. Understanding how accountability and responsibility ...
Chrome Extensions Masquerading as AITOPIA Pose Risk
January 7, 2026
Security analysts identified two harmful Chrome extensions, downloaded 900,000 times, masquerading as legitimate AITOPIA tools. These extensions extracted users' browser activity and personal data. Google’s ...
Microsoft Alters Exchange Online User Email Limitations After Customer Pushback
January 7, 2026
Microsoft has postponed its intended changes to Exchange Online, initially meant to restrict email recipients per message, following feedback from customers displeased by the limitations ...
European Space Agency Confronts Repeated Data Breaches with Legal Action
January 7, 2026
A second major data breach in two weeks has put the European Space Agency in the midst of a cybersecurity crisis, prompting legal action. The ...
Generative AI Elevates Active Directory Password Attacks
January 7, 2026
Generative AI is revolutionizing password attacks on Active Directory, utilizing advanced algorithms to exploit weak passwords. Specops Software highlights how AI-driven techniques are increasing the ...
Phishers Pose as Booking.com to Compromise European Hotels
January 7, 2026
In a newly identified cybersecurity threat, attackers are imitating Booking.com to infiltrate European hotels. Employees are manipulated into installing malware under the guise of handling ...
Researchers Trap Scattered Lapsus$ Hunters in Honeypot
January 7, 2026
In an effort to better understand new hacking techniques, researchers have deployed honeypots—a deceptive cybersecurity strategy—to lure attackers from the Scattered Lapsus$ group. These controlled ...
Unpatched Vulnerability in TOTOLINK EX200 Puts Devices at Risk
January 7, 2026
A critical flaw in TOTOLINK EX200 allows remote attackers full control. Tracked as CVE-2025-65606, the vulnerability presents significant risks for users.
Chrome Extensions Compromise Privacy by Exfiltrating ChatGPT and DeepSeek Conversations
January 7, 2026
Cybersecurity experts have discovered browser extensions that secretly exfiltrate conversations and browsing activities from ChatGPT and DeepSeek, exposing users to potential data compromises. Over 900,000 ...
JavaScript Worm Disrupts Wikimedia Platforms Across Multiple Wikis
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
US Government Contractor’s Son Charged with Cryptocurrency Theft from US Marshals Service
Cisco Catalyst SD-WAN Manager Faces Active Exploitation of New Vulnerabilities
Russian Campaign Targets Ukraine with BadPaw and MeowMeow Malware
Russian Ransomware Operator Admits Guilt in U.S. Court
Meta’s Smart Glasses Face Privacy Investigation in Britain
Iranian MOIS-Linked MuddyWater Cyber Group Deploys New Custom Implant
Underground Sale of Compromised cPanel Credentials Fuels Phishing Infrastructure
HungerRush POS Platform Targeted in Data Extortion Scheme
Fake OpenClaw Installers on GitHub Are Stealing User Data
Coruna iOS Exploits Target Apple Devices in Espionage and Financial Attacks
FBI Seizes LeakBase and Disrupts a Major Cybercrime Forum
Zurich Forms Cyber Insurance Powerhouse with $11 Billion Beazley Acquisition
Retaliatory Hacktivism Escalates Amid Epic Fury and Roaring Lion Military Operations
University of Mississippi Medical Center Resumes Operations After Nine-Day Ransomware Attack
Phishing Warnings as LastPass Users Get Targeted by Fake Alerts
Law Enforcement Dismantles Tycoon2FA Phishing-as-a-Service Platform
LexisNexis Data Breach Claimed by Fulcrumsec Group
Attackers Exploit Command Injection Vulnerability in Sangoma FreePBX