Cyber Security
News
Pennsylvania Education Union Data Breach Impacts 500,000 Individuals
Andrew Doyle
March 20, 2025
he Pennsylvania State Education Association (PSEA) suffered a data breach exposing the personal information of over 500,000 individuals, including financial and health records. Rhysida ransomware ...
Ransomware
Ransomware Victims on Dark Web – 3rd March, 2025
Andrew Doyle
March 20, 2025
This report summarizes recent ransomware attacks across various sectors, detailing the victims, threat actors, and available information on the incidents. Due to the nature of ...
News
California Cryobank Data Breach Exposes Sensitive Customer Information
Mitchell Langley
March 19, 2025
California Cryobank, a major US sperm bank, suffered a data breach exposing customer names, bank details, Social Security numbers, and more. The company is offering ...
News
GitHub Action Hack May Cause Another Supply Chain Attack
Andrew Doyle
March 19, 2025
A cascading supply chain attack, starting with a GitHub Action hack, exposed CI/CD secrets across 23,000 repositories, highlighting vulnerabilities in third-party code reliance.
News
Western Alliance Bank Data Breach Impacts 21,899 Customers
Mitchell Langley
March 19, 2025
Western Alliance Bank suffered a data breach impacting 21,899 customers, exposing sensitive personal and financial information due to a third-party vendor's software vulnerability exploited by ...
News
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
Andrew Doyle
March 19, 2025
A critical Windows zero-day exploit, ZDI-CAN-25373, has been exploited by 11 state-sponsored hacking groups since 2017, enabling data theft and espionage. Microsoft initially declined to ...
News
$6.1 Million Crypto Stolen in WEMIX Hack
Andrew Doyle
March 19, 2025
WEMIX, a blockchain gaming platform, suffered a $6.1 million crypto theft. Hackers stole authentication keys, planning the attack for two months before executing 13 successful ...
News
StilachiRAT Malware Steals Crypto Using Advanced Reconnaissance
Mitchell Langley
March 18, 2025
Microsoft discovered StilachiRAT, a new RAT malware using sophisticated techniques to steal cryptocurrency and perform reconnaissance. Its advanced evasion capabilities make proactive defense crucial.
News
GitHub Action Supply Chain Attack Exposes CI/CD Secrets
Andrew Doyle
March 18, 2025
A supply chain attack on the popular tj-actions/changed-files GitHub Action exposed CI/CD secrets. Attackers compromised a PAT, impacting 23,000 repositories. GitHub has since removed the ...
News
Critical Apache Tomcat Flaw Actively Exploited in Attacks
Mitchell Langley
March 18, 2025
Critical Apache Tomcat RCE vulnerability (CVE-2025-24813) is actively exploited, allowing attackers to take control of servers via simple PUT requests. Immediate patching is crucial.
News
Fake “Security Alert” on GitHub Used to Hijack OAuth App Accounts
Andrew Doyle
March 18, 2025
A massive GitHub phishing campaign uses fake "Security Alert" issues and a malicious OAuth app to hijack accounts, granting attackers full control. Immediate action is ...
News
Lingnan University Suffers Cybersecurity Breach: Sensitive Data Exposed
Andrew Doyle
March 18, 2025
Lingnan University in Hong Kong suffered a data breach exposing thousands of records, including sensitive personal data. The university is taking steps to enhance security.
News
Florida Hospital Data Breach Impacts Over 120,000 Patients
Mitchell Langley
March 17, 2025
A Florida hospital, CDH, suffered a data breach impacting over 120,000 patients. Sensitive data, including Social Security numbers and health information, was compromised. The BianLian ...
News
BlackBasta Ransomware Uses Automated Tool ‘BRUTED’ to Brute-Force VPNs
Andrew Doyle
March 17, 2025
The BlackBasta ransomware group uses an automated tool, BRUTED, to brute-force VPNs and firewalls, highlighting the need for robust multi-factor authentication.
News
JD.com Data Breach: Babuk Ransomware Cartel Claims Massive Data Theft
Mitchell Langley
March 17, 2025
JD.com, a major Chinese retailer, faces a massive data breach after the Babuk ransomware cartel claims to have stolen customer passwords and other sensitive information. ...
News
UDMI Radiology Firm Suffers Major Data Breach: Fog Ransomware Claims Responsibility
Andrew Doyle
March 17, 2025
Fog ransomware group claims responsibility for a major data breach at UDMI, a radiology firm, impacting over 138,000 individuals. The incident underscores the critical need ...
News
FBI Issues Warning Against Medusa Ransomware for Gmail, Outlook, and VPN Users
Mitchell Langley
March 17, 2025
The FBI warns of escalating Medusa ransomware attacks targeting Gmail, Outlook, and VPN users, urging immediate security enhancements to mitigate the threat.
News
LockBit Ransomware Developer Extradited to the United States
Andrew Doyle
March 17, 2025
A key LockBit ransomware developer, Rostislav Panev, has been extradited to the US to face charges for his role in the group's global attacks.
News
Insider Attack and Extortion at Stram Center, SSK Plastic Surgery and Grove at Valhalla Rehabilitation
Mitchell Langley
March 14, 2025
Three healthcare providers suffered data breaches from insider attacks, extortion, and third-party vulnerabilities, highlighting the need for robust cybersecurity measures.
News
CISA Reports Medusa Ransomware Attacks Over 300 Critical Infrastructure Organizations
Mitchell Langley
March 14, 2025
A joint advisory from CISA, FBI, and MS-ISAC reveals Medusa ransomware impacted over 300 US critical infrastructure organizations by February 2025. The advisory details mitigation ...
Blog
Stormous Ransomware: The Pro-Russian Cyber Gang Targeting Global Networks
Gabby Lee
July 3, 2025
News
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
Andrew Doyle
May 12, 2025
Cybersecurity
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
Mitchell Langley
May 8, 2025
TOP CYBERSECURITY HEADLINES
SECURITYWEEK INDUSTRY EXPERTS
News
BMW Financial Services Caught in Third-Party Data Breach Involving Texas Fintech Firm
Andrew Doyle
July 7, 2025
News
Telefónica Faces New Data Leak Allegations After Hacker Publishes Sample Files
Mitchell Langley
July 7, 2025
News
Ingram Micro Confirms SafePay Ransomware Attack Behind Major Outage
Mitchell Langley
July 7, 2025
News
Cybercriminals Turn to PDFs to Impersonate Microsoft, PayPal, and DocuSign
Mitchell Langley
July 7, 2025
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Threat Actors
- Threat Detection Tools
- Uncategorized
Masimo Cyberattack Disrupts Operations Amid $350M Audio Brand Sale to Samsung
May 7, 2025
Masimo disclosed a cyberattack impacting manufacturing and logistics, coinciding with the $350M sale of its Sound United audio brands to Samsung subsidiary Harman.
Ransom House Ransomware Claims Breach at Oettinger Brewery, Threatens to Leak Internal Data
May 7, 2025
Ransom House claims to have breached German brewing giant Oettinger, threatening to leak sensitive data if the company fails to meet its ransom demands.
Langflow RCE Flaw Actively Exploited: CISA Urges Immediate Patch
May 7, 2025
CISA confirms active exploitation of critical Langflow RCE flaw CVE-2025-3248, urging urgent updates to prevent full server takeover through exposed API endpoints.
“Bring Your Own Installer” EDR Bypass Used in Ransomware Attack Targeting SentinelOne
May 7, 2025
A new “Bring Your Own Installer” bypass lets ransomware actors disable SentinelOne EDR protection by exploiting the agent upgrade process, leaving endpoints exposed to attack. ...
Another Day, Another Commvault Zero-Day: RCE, Path Traversal, and KEV Inclusions
May 6, 2025
In this episode, we break down the anatomy of some of the most critical vulnerabilities threatening enterprise systems in 2025 — and the real-world attacks ...
Kelly Benefits Breach: What 413,000 Exposed Records Teach Us About Cybersecurity
May 6, 2025
In this episode, we dive deep into the massive data breach at Kelly Benefits, a payroll and benefits administrator that exposed the sensitive personal data ...
The Rising Tide of Supply Chain Cybersecurity Risks in 2025
May 6, 2025
Explore six critical Supply Chain Cybersecurity Risks in 2025—from AI-driven cyberattacks and IoT vulnerabilities to quantum computing and geopolitical threats shaping logistics.
$491M Budget Cut: The White House Move That Could Reshape CISA
May 6, 2025
In this episode, we unpack the rising tensions surrounding the Cybersecurity and Infrastructure Security Agency (CISA) as it faces proposed budget cuts, looming layoffs, and ...
Rhysida Ransomware Gang Claims Cyberattack on Peruvian Government Systems
May 6, 2025
Rhysida ransomware group has claimed responsibility for a cyberattack on Peru’s government systems, demanding payment for stolen data while officials deny any breach occurred.
Anonymous Hacks GlobalX Airline Over Deportation Flights Linked to ICE and Trump-Era Policy
May 6, 2025
Anonymous defaced a GlobalX subdomain and leaked flight manifests related to ICE deportation flights of Venezuelan migrants, protesting Trump-era policies ruled unlawful by a federal ...
Trump’s Security Adviser Targeted in Messaging App Breach Linked to Signal Clone
May 6, 2025
A hacked Signal clone used by Trump’s former security adviser Mike Waltz has raised serious concerns over the safety of sensitive government communications.
New York Post X Account Hacked and Hijacked in Targeted Crypto Scam
May 6, 2025
Hackers hijacked the New York Post’s verified X account to target crypto users via direct messages, redirecting victims to a Telegram-based scam under false pretenses. ...
EU Fines TikTok €530 Million For Data Protection Failures
May 6, 2025
TikTok has been fined €530 million by EU regulators over data protection failures and may face a data transfer suspension to China unless it complies ...
TikTok Fined €530M: GDPR Breach Over Data Transfers to China
May 5, 2025
The Irish Data Protection Commission (DPC) has fined TikTok a staggering €530 million ($601 million) for violating the GDPR by transferring European user data to ...
StealC Malware Upgraded With Advanced Data Theft and Stealth Capabilities
May 5, 2025
StealC malware receives major upgrade with advanced stealth, encryption, and data theft tools, including real-time Telegram alerts and full desktop screenshot capabilities.
Endor Labs Raises $93M to Cut AppSec Noise and Secure the Software Supply Chain
May 5, 2025
In this episode, we explore the security challenges of the AI-driven software era and how Endor Labs is reshaping application security for the modern development ...
UK Retailer Co-op Discloses Data Theft After DragonForce Ransomware Compromise
May 5, 2025
UK retailer Co-op has confirmed a data breach impacting millions, following a ransomware attack by DragonForce. Personal details were stolen, but no financial data.
U.S. Indicts Black Kingdom Ransomware Developer Behind 1,500 Microsoft Exchange Attacks
May 5, 2025
The U.S. has indicted a Yemeni national for operating Black Kingdom ransomware, targeting Microsoft Exchange servers in 1,500 global attacks demanding $10,000 in Bitcoin.
CVE-2025-3928: How One Vulnerability Breached Commvault’s Azure Stack
May 5, 2025
In this episode, we take a deep dive into CVE-2025-3928—a critical vulnerability in the Commvault Web Server that enables remote attackers to deploy and execute ...
Sodinokibi/REvil Ransomware: The Evasive Threat
May 5, 2025
Overview Sodinokibi, also known as REvil, is a highly prolific and sophisticated ransomware-as-a-service (RaaS) operation active since at least April 2019. Initially observed primarily in ...