Main Menu
Cyber Security
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
ShadowV2 Botnet: A Test Run Amidst AWS Outage
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
London Councils Face Cyberattack: Resident Data Potentially Compromised
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Gainsight Data Breach: Company Downplays Impact
HashJack Attack Unveils a New Cybersecurity Vulnerability
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Tor Introduces Counter Galois Onion Encryption for Improved Security
Microsoft Exchange Online Outage: Customer Access Disrupted
Delta Dental of Virginia Incident Exposes Personal and Health Information
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
SitusAMC Admits to Data Breach Impacting Client Information
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
Defensive Strategies Against New ClickFix Ransomware Tactics
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Harvard Experiences Data Breach via Vishing Attack
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
Defensive Strategies Against New ClickFix Ransomware Tactics
Data Security
Defensive Strategies Against New ClickFix Ransomware Tactics
Gabby Lee November 25, 2025
ClickFix ransomware now employs deceptive Windows Update animations to mislead users. This article explores the ClickFix attack evolution, detection innovations, and proactive user protection strategies ...
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Cybersecurity
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Mitchell Langley November 25, 2025
A novel ClickFix attack method leverages fake Windows update prompts and malformed PNG files to deploy infostealer malware. This campaign seeks to exploit user trust ...
Harvard Experiences Data Breach via Vishing Attack
Data Security
Harvard Experiences Data Breach via Vishing Attack
Gabby Lee November 25, 2025
Harvard's Alumni Affairs systems fell victim to a sophisticated vishing attack, compromising sensitive data such as emails, phone numbers, and biographical details. This breach highlights ...
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
Data Security
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
Andrew Doyle November 25, 2025
Russian cyber perpetrators craftily embed StealC V2 malware within Blender files. These files, hosted on popular 3D model marketplaces, pose a sophisticated threat to digital ...
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
CVE Vulnerability Alerts
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
Andrew Doyle November 24, 2025
SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and Gen8 firewalls, impacting cybersecurity.
Security Alert Remote Code Execution Vulnerability in Glob Pattern Matching Library
Cybersecurity
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
Mitchell Langley November 24, 2025
A remote code execution vulnerability has been identified in the glob file pattern matching library. Researchers urge swift updates to installations.
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cybersecurity
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Gabby Lee November 24, 2025
Iberia Airlines has disclosed a data breach affecting its customers, traced back to a compromised supplier. This announcement follows claims by threat actors on hacker ...
Deconstructing a Qilin Ransomware Attack How Analysts Overcame Limited Visibility
News
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
Andrew Doyle November 24, 2025
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts, and the ransomware path. Learn ...
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Data Security
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Andrew Doyle November 24, 2025
Cox Enterprises has informed affected individuals about a data breach resulting from a zero-day vulnerability in Oracle E-Business Suite, allowing hackers to access sensitive personal ...
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
News
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
Mitchell Langley November 24, 2025
Cybercriminals have turned to browser notifications as a novel phishing vector using the Matrix Push C2 platform. This sophisticated approach leverages non-traditional browser features to ...
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Cybersecurity
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Gabby Lee November 24, 2025
Avast unveils Scam Guardian, a new AI-based security tool. Using Gen Threat Labs data, it offers continuous online fraud detection and guidance.
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Application Security
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Andrew Doyle November 24, 2025
SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Cybersecurity
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Gabby Lee November 24, 2025
Facing accusations of breaching Transport for London's (TfL) systems, two teenagers appeared in court. This breach, which occurred in August 2024, reportedly resulted in millions ...
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
Application Security
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
Gabby Lee November 24, 2025
Nvidia has acknowledged that its recent security updates have triggered performance issues for gamers using Windows 11 24H2 and 25H2 systems. This acknowledgment highlights the ...
ShinyHunters Claims Responsibility for Gainsight Data Breach
News
ShinyHunters Claims Responsibility for Gainsight Data Breach
Gabby Lee November 24, 2025
ShinyHunters admits to exploiting Gainsight security vulnerabilities, affecting numerous Salesforce users. This breach heightens concerns over data security and ransomware in the tech industry.
Grafana Vulnerability Addressing Critical Security Flaw in SCIM Component
CVE Vulnerability Alerts
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
Andrew Doyle November 24, 2025
Grafana has disclosed a critical vulnerability in its SCIM component, rated CVSS 10.0, potentially allowing privilege escalation. Addressing this is crucial for organizations to secure ...
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Cybersecurity
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Andrew Doyle November 24, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies about the need to patch a vulnerability in Oracle Identity Manager identified as ...
Inside Job CrowdStrike Hacked by Insider Leaking Screenshots
Cybersecurity
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
Mitchell Langley November 23, 2025
CrowdStrike has confirmed an insider leaked internal screenshots to hackers. The incident, involving Scattered Lapsus$ Hunters, underscores the persistent insider threat in cybersecurity. As a ...
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
CVE Vulnerability Alerts
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
Gabby Lee November 23, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Mitchell Langley November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Mitchell Langley November 27, 2025
Comcast's $1.5 Million Settlement in Data Breach Incident with FCC
Data Security
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
Andrew Doyle November 27, 2025
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Cybersecurity
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Andrew Doyle November 27, 2025
ShadowV2 Botnet A Test Run Amidst AWS Outage
Cybersecurity
ShadowV2 Botnet: A Test Run Amidst AWS Outage
Andrew Doyle November 27, 2025

TOP CYBERSECURITY HEADLINES

RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Cybersecurity
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
Cybersecurity
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
ShadowV2 Botnet A Test Run Amidst AWS Outage
Cybersecurity
ShadowV2 Botnet: A Test Run Amidst AWS Outage
South Korea's Financial Sector Confronts a Sophisticated Supply Chain Attack
Cybersecurity
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack

This Week’s Security Spotlight

Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Mitchell Langley November 27, 2025
London Councils Face Cyberattack Resident Data Potentially Compromised
Cybersecurity
London Councils Face Cyberattack: Resident Data Potentially Compromised
Mitchell Langley November 27, 2025
Microsoft Exchange Online Outage Customer Access Disrupted
Cybersecurity
Microsoft Exchange Online Outage: Customer Access Disrupted
Gabby Lee November 26, 2025
Harvard Experiences Data Breach via Vishing Attack
Data Security
Harvard Experiences Data Breach via Vishing Attack
Gabby Lee November 25, 2025
More In News
Trending
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software
October 28, 2025
Podcasts
$1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk”
October 27, 2025
Podcasts
OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw
October 27, 2025

Cyber Security News

South Korea's Financial Sector Confronts a Sophisticated Supply Chain Attack
Cybersecurity
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
November 27, 2025
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Cybersecurity
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
November 27, 2025
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
Identity and Access Management
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
November 27, 2025
London Councils Face Cyberattack Resident Data Potentially Compromised
Cybersecurity
London Councils Face Cyberattack: Resident Data Potentially Compromised
November 27, 2025
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Cybersecurity
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
November 27, 2025
Gainsight Data Breach Company Downplays Impact
Cybersecurity
Gainsight Data Breach: Company Downplays Impact
November 27, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
November 25, 2025
Russian cyber perpetrators craftily embed StealC V2 malware within Blender files. These files, hosted on popular 3D model marketplaces, pose a sophisticated threat to digital ...
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
November 24, 2025
SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and Gen8 firewalls, impacting cybersecurity.
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
November 24, 2025
A remote code execution vulnerability has been identified in the glob file pattern matching library. Researchers urge swift updates to installations.
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
November 24, 2025
Iberia Airlines has disclosed a data breach affecting its customers, traced back to a compromised supplier. This announcement follows claims by threat actors on hacker ...
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
November 24, 2025
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts, and the ransomware path. Learn ...
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
November 24, 2025
Cox Enterprises has informed affected individuals about a data breach resulting from a zero-day vulnerability in Oracle E-Business Suite, allowing hackers to access sensitive personal ...
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
November 24, 2025
Cybercriminals have turned to browser notifications as a novel phishing vector using the Matrix Push C2 platform. This sophisticated approach leverages non-traditional browser features to ...
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
November 24, 2025
Avast unveils Scam Guardian, a new AI-based security tool. Using Gen Threat Labs data, it offers continuous online fraud detection and guidance.
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
November 24, 2025
SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...
British Teenagers in Court for TfL Cybersecurity Breach Allegations
November 24, 2025
Facing accusations of breaching Transport for London's (TfL) systems, two teenagers appeared in court. This breach, which occurred in August 2024, reportedly resulted in millions ...
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
November 24, 2025
Nvidia has acknowledged that its recent security updates have triggered performance issues for gamers using Windows 11 24H2 and 25H2 systems. This acknowledgment highlights the ...
ShinyHunters Claims Responsibility for Gainsight Data Breach
November 24, 2025
ShinyHunters admits to exploiting Gainsight security vulnerabilities, affecting numerous Salesforce users. This breach heightens concerns over data security and ransomware in the tech industry.
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
November 24, 2025
Grafana has disclosed a critical vulnerability in its SCIM component, rated CVSS 10.0, potentially allowing privilege escalation. Addressing this is crucial for organizations to secure ...
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
November 24, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies about the need to patch a vulnerability in Oracle Identity Manager identified as ...
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
November 23, 2025
CrowdStrike has confirmed an insider leaked internal screenshots to hackers. The incident, involving Scattered Lapsus$ Hunters, underscores the persistent insider threat in cybersecurity. As a ...
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
November 23, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
ShadowV2 Botnet: A Test Run Amidst AWS Outage
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
London Councils Face Cyberattack: Resident Data Potentially Compromised
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Gainsight Data Breach: Company Downplays Impact
HashJack Attack Unveils a New Cybersecurity Vulnerability
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Tor Introduces Counter Galois Onion Encryption for Improved Security
Microsoft Exchange Online Outage: Customer Access Disrupted
Delta Dental of Virginia Incident Exposes Personal and Health Information
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
SitusAMC Admits to Data Breach Impacting Client Information
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
Defensive Strategies Against New ClickFix Ransomware Tactics
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Harvard Experiences Data Breach via Vishing Attack