Cyber Security
How to Defend Your Organization Against Scattered Spider’s Service Desk Attacks
Ivanti Workspace Control Exposes SQL Credentials Through Hardcoded Key Flaws
The Exploding Threat of Cybercrime-as-a-Service (CaaS): How it’s Reshaping the Cybercrime Landscape
Quantum Hacking Is Coming: How to Prepare with Post-Quantum Security Today
Interlock Ransomware Suspected in Kettering Health System-Wide Outage
RVTools Supply Chain Attack Delivered Bumblebee Malware via Trojanized Installer
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
The Truth About Identity Attacks: How to Protect Your Business and Data
CISA Warns of Ongoing Cyber Threats to U.S. Oil and Gas Infrastructure
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
The Rising Tide of Supply Chain Cybersecurity Risks in 2025
Fighting AI with AI: Using Artificial Intelligence to Strengthen Enterprise Cybersecurity
27 Million Records Allegedly Leaked from French Retailer Boulanger
13 Cybersecurity Assumptions That Are Getting You Hacked (And What to Do Instead)
Navigating the Complex Intersection of AI and Data Privacy
Cookie-Bite Attack Uses Chrome Extension to Steal Microsoft Session Tokens and Bypass MFA
Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests
FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud
Remote Desktop Protocol (RDP): A Double-Edged Sword for IT Teams
Google Faces £5 Billion UK Antitrust Lawsuit Over Search Advertising Practices
Skyward Specialty Insurance Data Breach Exposes Sensitive Information
Hacker Forum ‘Cracked’ Resurfaces Online After FBI Seizure in Global Cybercrime Operation
Wolters Kluwer Data Breach Claim Raises Alarms Across Fortune 500 Network
Fall River Public Schools Responds to Cybersecurity Breach
COBIT 2019 vs. COBIT 5: What’s New and Why It Matters
The Soaring Cost of Data Breaches for Enterprise Businesses in 2024
ChatGPT is Down Worldwide Impacting Millions
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years
10 Key Benefits of Cyber Tabletop Exercises
Western Alliance Bank Data Breach Impacts 21,899 Customers
News
Western Alliance Bank Data Breach Impacts 21,899 Customers
Western Alliance Bank suffered a data breach impacting 21,899 customers, exposing sensitive personal and financial information due to a third-party vendor's software vulnerability exploited by ...
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
News
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
A critical Windows zero-day exploit, ZDI-CAN-25373, has been exploited by 11 state-sponsored hacking groups since 2017, enabling data theft and espionage. Microsoft initially declined to ...
$6.1 Million Crypto Stolen in WEMIX Hack
News
$6.1 Million Crypto Stolen in WEMIX Hack
WEMIX, a blockchain gaming platform, suffered a $6.1 million crypto theft. Hackers stole authentication keys, planning the attack for two months before executing 13 successful ...
StilachiRAT Malware Steals Crypto Using Advanced Reconnaissance
News
StilachiRAT Malware Steals Crypto Using Advanced Reconnaissance
Microsoft discovered StilachiRAT, a new RAT malware using sophisticated techniques to steal cryptocurrency and perform reconnaissance. Its advanced evasion capabilities make proactive defense crucial.
GitHub Action Supply Chain Attack Exposes CI/CD Secrets
News
GitHub Action Supply Chain Attack Exposes CI/CD Secrets
A supply chain attack on the popular tj-actions/changed-files GitHub Action exposed CI/CD secrets. Attackers compromised a PAT, impacting 23,000 repositories. GitHub has since removed the ...
Critical Apache Tomcat Flaw Actively Exploited in Attacks
News
Critical Apache Tomcat Flaw Actively Exploited in Attacks
Critical Apache Tomcat RCE vulnerability (CVE-2025-24813) is actively exploited, allowing attackers to take control of servers via simple PUT requests. Immediate patching is crucial.
Fake "Security Alert" on GitHub Used to Hijack OAuth App Accounts
News
Fake “Security Alert” on GitHub Used to Hijack OAuth App Accounts
A massive GitHub phishing campaign uses fake "Security Alert" issues and a malicious OAuth app to hijack accounts, granting attackers full control. Immediate action is ...
Lingnan University Suffers Cybersecurity Breach: Sensitive Data Exposed
News
Lingnan University Suffers Cybersecurity Breach: Sensitive Data Exposed
Lingnan University in Hong Kong suffered a data breach exposing thousands of records, including sensitive personal data. The university is taking steps to enhance security.
Florida Hospital Data Breach Impacts Over 120,000 Patients
News
Florida Hospital Data Breach Impacts Over 120,000 Patients
A Florida hospital, CDH, suffered a data breach impacting over 120,000 patients. Sensitive data, including Social Security numbers and health information, was compromised. The BianLian ...
BlackBasta Ransomware Uses Automated Tool 'BRUTED' to Brute-Force VPNs
News
BlackBasta Ransomware Uses Automated Tool ‘BRUTED’ to Brute-Force VPNs
The BlackBasta ransomware group uses an automated tool, BRUTED, to brute-force VPNs and firewalls, highlighting the need for robust multi-factor authentication.
JD.com Data Breach: Babuk Ransomware Cartel Claims Massive Data Theft
News
JD.com Data Breach: Babuk Ransomware Cartel Claims Massive Data Theft
JD.com, a major Chinese retailer, faces a massive data breach after the Babuk ransomware cartel claims to have stolen customer passwords and other sensitive information. ...
UDMI Radiology Firm Suffers Major Data Breach: Fog Ransomware Claims Responsibility
News
UDMI Radiology Firm Suffers Major Data Breach: Fog Ransomware Claims Responsibility
Fog ransomware group claims responsibility for a major data breach at UDMI, a radiology firm, impacting over 138,000 individuals. The incident underscores the critical need ...
FBI Issues Warning Against Medusa Ransomware for Gmail, Outlook, and VPN Users
News
FBI Issues Warning Against Medusa Ransomware for Gmail, Outlook, and VPN Users
The FBI warns of escalating Medusa ransomware attacks targeting Gmail, Outlook, and VPN users, urging immediate security enhancements to mitigate the threat.
LockBit Ransomware Developer Extradited to the United States
News
LockBit Ransomware Developer Extradited to the United States
A key LockBit ransomware developer, Rostislav Panev, has been extradited to the US to face charges for his role in the group's global attacks.
Insider Attack and Extortion at Stram Center, SSK Plastic Surgery and Grove at Valhalla Rehabilitation
News
Insider Attack and Extortion at Stram Center, SSK Plastic Surgery and Grove at Valhalla Rehabilitation
Three healthcare providers suffered data breaches from insider attacks, extortion, and third-party vulnerabilities, highlighting the need for robust cybersecurity measures.
CISA Reports Medusa Ransomware Attacks Over 300 Critical Infrastructure Organizations
News
CISA Reports Medusa Ransomware Attacks Over 300 Critical Infrastructure Organizations
A joint advisory from CISA, FBI, and MS-ISAC reveals Medusa ransomware impacted over 300 US critical infrastructure organizations by February 2025. The advisory details mitigation ...
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
News
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
Facebook disclosed a critical FreeType vulnerability (CVE-2025-27363), allowing arbitrary code execution. All versions up to 2.13 are affected; immediate updates are crucial.
Lazarus Group North Korean Hackers Infect Hundreds via Malicious npm Packages
News
Lazarus Group North Korean Hackers Infect Hundreds via Malicious npm Packages
The Lazarus Group, a North Korean hacking collective, deployed six malicious npm packages, infecting hundreds of developers. The packages steal credentials and deploy backdoors.
Sunflower Medical Group Data Breach: Rhysida Ransomware Attack Exposes 220,968 Records
News
Sunflower Medical Group Data Breach: Rhysida Ransomware Attack Exposes 220,968 Records
Kansas' Sunflower Medical Group suffered a data breach impacting 220,968 individuals. The Rhysida ransomware group claimed responsibility for the incident in January.
Infostealer Malware Infects 26 Million Devices, Steals Bank Card Data and Passwords
News
Infostealer Malware Infects 26 Million Devices, Steals Bank Card Data and Passwords
A devastating Infostealer malware campaign has compromised 26 million devices, stealing bank card details and passwords. Kaspersky's report highlights the scale of the threat.

TOP CYBERSECURITY HEADLINES

SECURITYWEEK INDUSTRY EXPERTS

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Threat Actors
  • Threat Detection Tools
  • Uncategorized
TikTok Fined €530M: GDPR Breach Over Data Transfers to China
The Irish Data Protection Commission (DPC) has fined TikTok a staggering €530 million ($601 million) for violating the GDPR by transferring European user data to ...
StealC Malware Upgraded With Advanced Data Theft and Stealth Capabilities
StealC malware receives major upgrade with advanced stealth, encryption, and data theft tools, including real-time Telegram alerts and full desktop screenshot capabilities.
Endor Labs Raises $93M to Cut AppSec Noise and Secure the Software Supply Chain
In this episode, we explore the security challenges of the AI-driven software era and how Endor Labs is reshaping application security for the modern development ...
UK Retailer Co-op Discloses Data Theft After DragonForce Ransomware Compromise
UK retailer Co-op has confirmed a data breach impacting millions, following a ransomware attack by DragonForce. Personal details were stolen, but no financial data.
U.S. Indicts Black Kingdom Ransomware Developer Behind 1,500 Microsoft Exchange Attacks
The U.S. has indicted a Yemeni national for operating Black Kingdom ransomware, targeting Microsoft Exchange servers in 1,500 global attacks demanding $10,000 in Bitcoin.
CVE-2025-3928: How One Vulnerability Breached Commvault’s Azure Stack
In this episode, we take a deep dive into CVE-2025-3928—a critical vulnerability in the Commvault Web Server that enables remote attackers to deploy and execute ...
Sodinokibi/REvil Ransomware: The Evasive Threat
Overview Sodinokibi, also known as REvil, is a highly prolific and sophisticated ransomware-as-a-service (RaaS) operation active since at least April 2019. Initially observed primarily in ...
beWanted Exposes Personal Data of 1.1 Million Job Seekers Across Europe and Latin America
Employment platform beWanted leaked over 1.1 million CVs containing names, ID numbers, contact details, and employment history.
Nova Scotia Power, a Canadian Utility, Breached: A Global Warning for Critical Infrastructure
On April 25, 2025, Nova Scotia Power, the province’s primary electricity provider, confirmed what many suspected: a cyber incident involving unauthorized access had compromised customer ...
SentinelOne Discloses Ongoing Attacks by Nation-State Hackers and Ransomware Gangs
In a rare move, SentinelOne has publicly confirmed that it is under persistent attack from nation-state threat actors and ransomware gangs. This episode breaks down ...
Nova Scotia Power Confirms Customer Data Compromised in Cyberattack
Nova Scotia Power confirms personal customer data was stolen in a cyberattack on April 25, though electricity services remain unaffected as the investigation continues.
OpenEoX and the Future of End-of-Life Standardization in IT
In this episode, we unpack the evolving landscape of Product Lifecycle Management (PLM) and why it’s become a strategic cornerstone in modern IT environments. From ...
Malicious PyPI Packages Exploit Gmail and WebSockets to Hijack Systems
Seven malicious PyPI packages exploited Gmail and WebSockets for remote command execution and data theft, with some packages downloaded over 18,000 times.
iHeartMedia Breach Exposes Personal Data Including SSNs and Passport Numbers
iHeartMedia confirmed a December data breach exposing names, Social Security, and passport numbers from local station systems. The company is offering identity theft protection.
Ascension Discloses Data Breach Affecting 5.6 Million Individuals
Ascension, a major U.S. healthcare provider, confirmed a ransomware breach affecting 5.6 million individuals, compromising medical, financial, and personal data.
Harrods Confirms Cyberattack Amid Growing Wave Targeting UK Retail Sector
Harrods joins M&S and Co-op as the latest UK retailer targeted in a cyberattack, prompting immediate security measures amid a surge in retail-focused intrusions.
LayerX Secures $45M Total to Battle Data Leaks, One Browser at a Time
LayerX just raised another $11 million — and it’s not to build another antivirus. With $45 million in total funding, the company is betting that ...
AirBorne: How a Zero-Click Bug Threatens Millions of Apple and Third-Party Devices
In this episode, we dive deep into AirBorne — a critical set of vulnerabilities in Apple’s AirPlay protocol and SDK, recently uncovered by security researchers ...
$10.5M to Fight AI-Phishing: The Rise of Pistachio’s Cybersecurity Training Platform
In this episode, we dive into the story of Pistachio, the Norwegian cybersecurity startup that just raised $7 million in new funding—bringing its total to ...
Hitachi Vantara Takes Servers Offline Following Akira Ransomware Attack
Hitachi Vantara shut down servers to contain an Akira ransomware attack that disrupted systems and led to stolen data across corporate and government-related operations.
IdeaLab Confirms Data Stolen in Ransomware Attack Linked to Hunters International
Kelly Benefits Data Breach Exposes Personal Information of Over 550,000 Individuals
Esse Health Data Breach Impacts Over 263,000 Patients in Prolonged Cyber Incident
Spain Arrests Hackers Behind Data Breach Targeting Politicians and Journalists
Citrix Patch for Critical NetScaler Vulnerabilities Causes Login Issues for Some Customers
Forminator Plugin Flaw Leaves 600,000+ WordPress Sites at Risk of Full Takeover
Grafana Issues Critical Security Fixes for Image Renderer Plugin and Synthetic Monitoring Agent
Hunters International Ransomware Group Shuts Down, Offers Free Decryptors Amid Exit
Spanish Authorities Dismantle €10 Million Investment Scam Network With Fake Advisors and Crypto Portals
Cisco Removes Hardcoded Root Account from Unified CM to Prevent Remote Takeover
Fake Crypto Wallet Add-ons Flood Firefox Store in Ongoing Credential Theft Campaign
Qantas Confirms Data Breach Following Cyberattack on Third-Party Platform
macOS Under Siege: NimDoor Malware Targets Telegram, Wallets, and Keychains
Cisco Unified CM Vulnerability: Root Access Risk for Enterprise VoIP Networks
Forminator Flaw Exposes WordPress Sites to Takeover Attacks: Vulnerability Threatens 600,000+ Sites
Stormous Ransomware: The Pro-Russian Cyber Gang Targeting Global Networks
Kelly Benefits Breach: Over 550,000 Victims and the Rising Identity Theft Crisis
The Rising Tide of Cybersecurity Threats in Hospitality: How Hotels Can Stay Secure this Summer
FileFix, HTA, and MotW Bypass—The Alarming Evolution of HTML-Based Attacks
Critical Flaws in Microsens NMP Web+ Threaten Industrial Network Security