Cyber Security
PromptLock Ransomware Uses AI to Encrypt and Steal Data
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
Farmers Insurance Data Breach Impacts 1.1 Million Customers in Salesforce Cyberattack
AI Summary Injection Turns Summaries into Malware Delivery
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Arizona Seeks $10M to Bolster Election Cybersecurity: Post-Attack Response Plan
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
Apple Patches Zero-Day Exploit: Immediate Fix for CVE-2025-43300 Threat
Google to Verify Android Developers: A New Era in App Security Emerges
Okta Raises Annual Forecasts Amid Surging Demand for Cybersecurity Tools
The Dual Role of AI in Cybersecurity: Weapon and Shield
Senator Wyden Demands Independent Review After Federal Court Cyber Breaches
Nevada State Offices Shut Down Amid Major Network Security Incident
Android Malware Masquerades as FSB Antivirus To Spy on Russian Business Executives
Orange Suffers Data Breach Affecting 850k Customers
Michigan Health System Hack Exposes Patients’ Lab Results in Healthcare Data Breach
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Cybersecurity
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Nissan has confirmed a data breach at its Tokyo-based subsidiary, Creative Box Inc. (CBI), following unauthorized access on August 16, 2025. The Qilin ransomware group ...
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
Resources
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims spanning healthcare, manufacturing, and IT, ...
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Blog
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Australia is facing a surge in AI-driven cyberattacks, from deepfake phishing and malware development to supply chain compromises. With over 70 major incidents in 2025 ...
CISA Expands Known Exploited Vulnerabilities Catalog 47 New Threats Identified
CVE Vulnerability Alerts
CISA Expands Known Exploited Vulnerabilities Catalog: 47 New Threats Identified
CISA has added 47 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, including flaws in SharePoint, Google Chromium, and Cisco devices. The ...
Arizona Seeks 10M to Bolster Election Cybersecurity
Cybersecurity
Arizona Seeks $10M to Bolster Election Cybersecurity: Post-Attack Response Plan
A cyberattack on Arizona’s election portal, linked to Iranian-affiliated actors, has spurred calls for $10 million in cybersecurity funding and $3.5 million annually. Secretary of ...
Microsoft Patches Teams Vulnerability Critical Fix Against Remote Code Risks
Application Security
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
Microsoft has patched CVE-2025-53783, a heap-based buffer overflow in Teams that enables remote code execution across desktop, mobile, and hardware devices. Though exploitation requires social ...
Apple Patches Zero-Day Exploit Immediate Fix for CVE-2025-43300 Threat
Cybersecurity
Apple Patches Zero-Day Exploit: Immediate Fix for CVE-2025-43300 Threat
Apple has released emergency patches for CVE-2025-43300, a zero-day flaw in the Image I/O framework enabling remote code execution via malicious images. Actively exploited in ...
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
News
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised as PDFs, these droppers fetch ...
Google to Verify Android Developers A New Era in App Security Emerges
Application Security
Google to Verify Android Developers: A New Era in App Security Emerges
Google is rolling out its Developer Verification program, requiring all Android developers—inside and outside the Play Store—to verify their identity by 2027. The policy aims ...
Okta Raises FY26 Forecast as Identity Verification Demand Surges
Data Security
Okta Raises Annual Forecasts Amid Surging Demand for Cybersecurity Tools
Okta has lifted its fiscal 2026 revenue forecast after reporting strong Q2 results, driven by soaring demand for identity verification tools. As AI-powered impersonation attacks ...
The Dual Role of AI in Cybersecurity Weapon and Shield
Blog
The Dual Role of AI in Cybersecurity: Weapon and Shield
AI hacking has moved from speculation to reality, enabling deepfake phishing, automated malware, and large-scale social engineering. While defenders deploy AI for detection and response, ...
FraudGPT, WormGPT, and Dark AI Models Fuel Surge in Cybercrime
Blog
FraudGPT, WormGPT, and Dark AI Models Fuel Surge in Cybercrime
Malicious AI models like FraudGPT, WormGPT, and PoisonGPT are reshaping cybercrime, enabling scalable phishing, malware generation, and disinformation. Unlike mainstream LLMs, these blackhat tools strip ...
The Imperative for a New Cyber Defense Playbook
Blog
The Imperative for a New Cyber Defense Playbook
Traditional cybersecurity models are failing against AI-driven threats, workforce fatigue, and complex tool sprawl. From adaptive malware and deepfake phishing to poorly governed machine identities, ...
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
News
UpCrypter Phishing Campaign Exploits Fake Emails to Deliver RAT Payloads
A new phishing campaign is distributing the UpCrypter malware loader through fake voicemail and purchase order emails. Targeting industries worldwide, UpCrypter delivers multiple remote access ...
Senator Wyden Demands Independent Review After Federal Court Cyber Breaches
Cybersecurity
Senator Wyden Demands Independent Review After Federal Court Cyber Breaches
Senator Ron Wyden is urging an independent review of federal court cybersecurity after breaches exposed sealed case files. Citing outdated systems and weak defenses, he ...
Nevada State Offices Shut Down Amid Major Network Security Incident
Cybersecurity
Nevada State Offices Shut Down Amid Major Network Security Incident
Nevada’s state government was forced to suspend in-person services and shut down major websites after a large-scale network security incident on August 25, 2025. Early ...
Android Malware Masquerades as FSB Antivirus To Spy on Russian Business Executives
Application Security
Android Malware Masquerades as FSB Antivirus To Spy on Russian Business Executives
A fake FSB antivirus hides Android malware spying on Russian executives, logging keystrokes, streaming cameras, exfiltrating messenger data, and rotating providers for command and control.
Orange Suffers Data Breach Affecting 850k Customers
Cybersecurity
Orange Suffers Data Breach Affecting 850k Customers
Orange Belgium reports a cyberattack exposing SIM details, PUK codes, names, phone numbers, and tariff plans for 850,000 customers; no financial data or passwords were ...
Michigan Health System Hack Exposes Patients’ Lab Results in Healthcare Data Breach
Cybersecurity
Michigan Health System Hack Exposes Patients’ Lab Results in Healthcare Data Breach
Aspire Rural Health Systems suffered a major healthcare data breach, exposing nearly 140,000 patients’ records — including lab results, financial data, and personal identifiers.
Gmail Breach Exposes 2.5 Billion Accounts in Social Engineering Attack
Cybersecurity
Gmail Breach Exposes 2.5 Billion Accounts in Social Engineering Attack
Google confirmed a massive breach exposing 2.5 billion Gmail accounts, with hacker group ShinyHunters exploiting Salesforce access through social engineering and launching large-scale phishing and ...

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Detection Tools
Farmers Insurance Data Breach Impacts 1.1 Million Customers in Salesforce Cyberattack
Farmers Insurance confirmed a third-party vendor database was breached on May 29, exposing PII for 1,111,386 customers in the wider Salesforce data theft campaign.
AI Summary Injection Turns Summaries into Malware Delivery
Researchers show attackers hide malicious payloads in HTML using CSS obfuscation and prompt overdose so AI summaries output malware instructions that lead to ransomware execution.
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Nissan has confirmed a data breach at its Tokyo-based subsidiary, Creative Box Inc. (CBI), following unauthorized access on August 16, 2025. The Qilin ransomware group ...
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims spanning healthcare, manufacturing, and IT, ...
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Australia is facing a surge in AI-driven cyberattacks, from deepfake phishing and malware development to supply chain compromises. With over 70 major incidents in 2025 ...
CISA Expands Known Exploited Vulnerabilities Catalog: 47 New Threats Identified
CISA has added 47 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, including flaws in SharePoint, Google Chromium, and Cisco devices. The ...
Arizona Seeks $10M to Bolster Election Cybersecurity: Post-Attack Response Plan
A cyberattack on Arizona’s election portal, linked to Iranian-affiliated actors, has spurred calls for $10 million in cybersecurity funding and $3.5 million annually. Secretary of ...
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
Microsoft has patched CVE-2025-53783, a heap-based buffer overflow in Teams that enables remote code execution across desktop, mobile, and hardware devices. Though exploitation requires social ...
Apple Patches Zero-Day Exploit: Immediate Fix for CVE-2025-43300 Threat
Apple has released emergency patches for CVE-2025-43300, a zero-day flaw in the Image I/O framework enabling remote code execution via malicious images. Actively exploited in ...
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised as PDFs, these droppers fetch ...
Silk Typhoon’s Fake Adobe Update: How China-Backed Hackers Target Diplomats
A new and highly sophisticated cyber espionage campaign attributed to Silk Typhoon—also known as Mustang Panda, TEMP.Hex, or UNC6384—has been uncovered, targeting diplomats and government ...
FTC Warns Tech Giants: Don’t Weaken Encryption for Foreign Governments
The fight over encryption has entered a new phase. The Federal Trade Commission (FTC), led by Chairman Andrew Ferguson, has issued a strong warning to ...
Invisible Prompts: How Image Scaling Attacks Break AI Security
Researchers have uncovered a new form of indirect prompt injection that leverages a simple but powerful trick: image scaling. This novel attack involves hiding malicious ...
Google to Verify Android Developers: A New Era in App Security Emerges
Google is rolling out its Developer Verification program, requiring all Android developers—inside and outside the Play Store—to verify their identity by 2027. The policy aims ...
Healthcare Services Group Breach Exposes 624,000 Individuals’ Sensitive Data
The healthcare sector has been rocked yet again by a massive cybersecurity incident. Healthcare Services Group (HCSG), a provider of dining and laundry services to ...
Okta Raises Annual Forecasts Amid Surging Demand for Cybersecurity Tools
Okta has lifted its fiscal 2026 revenue forecast after reporting strong Q2 results, driven by soaring demand for identity verification tools. As AI-powered impersonation attacks ...
Auchan Data Breach: Hundreds of Thousands of Loyalty Accounts Compromised
French retail giant Auchan has confirmed a massive data breach that compromised the personal details of hundreds of thousands of customers. The stolen data includes ...
Docker Desktop Vulnerability: Why Containers Aren’t as Safe as You Think
A critical vulnerability in Docker Desktop, CVE-2025-9074, has shaken the container security world. Scoring 9.3 on the CVSS scale, this flaw exposed an unauthenticated Docker ...
Arch Linux Website, Forums, and AUR Targeted in Sustained Cyber Assault
The Arch Linux community has just endured more than a week of turbulence as a massive distributed denial-of-service (DDoS) attack disrupted its most critical services, ...
Data I/O Ransomware Attack: Supply Chain Cybersecurity in Crisis
Cyberattacks against supply chains are no longer isolated disruptions—they are systemic threats with the power to cascade across industries and nations. The recent ransomware attack ...