Main Menu
Cyber Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Sensitive Data at OB/GYN Associates Exposed in Data Breach
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Sensitive Data at OBGYN Associates Exposed in Data Breach
Cybersecurity
Sensitive Data at OB/GYN Associates Exposed in Data Breach
Andrew Doyle November 10, 2025
A data breach at OB/GYN Associates exposed personal and health-insurance information of some patients, prompting containment efforts, credit-monitoring offers and heightened guidance for affected individuals.
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Cybersecurity
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Mitchell Langley November 10, 2025
State-sponsored threat actors breached SonicWall’s cloud backup service, accessing firewall configuration files for all users and prompting urgent customer resets and governance reforms.
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Gabby Lee November 9, 2025
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation in Europe’s high-profile media-sector cyberattacks.
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Application Security
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Andrew Doyle November 9, 2025
Microsoft’s latest Windows Insider build introduces major upgrades to Quick Machine Recovery and Smart App Control, enhancing system restoration speed and flexibility. The updates simplify ...
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
Application Security
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
Gabby Lee November 9, 2025
Security researchers uncovered malicious NuGet packages embedded with time-delayed payloads set to activate in 2027–2028, targeting enterprise software and industrial systems. The stealthy implants exploit ...
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
CVE Vulnerability Alerts
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
Andrew Doyle November 9, 2025
A zero-day flaw in Samsung Galaxy devices (CVE-2025-21042) was exploited to deploy LANDFALL spyware across the Middle East, enabling full device compromise and covert data ...
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Application Security
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Andrew Doyle November 7, 2025
A malicious Visual Studio Code extension mimicking “pyms-folders” was found on Microsoft’s marketplace, encrypting user files in a ransomware-like attack. Researchers believe the extension was ...
Cisco Warns of New Attack Variant Exploiting Secure Firewall ASA and FTD Vulnerabilities
CVE Vulnerability Alerts
Cisco Warns of New Attack Variant Exploiting Secure Firewall ASA and FTD Vulnerabilities
Mitchell Langley November 6, 2025
Cisco has warned of a new attack variant targeting its Secure Firewall ASA and FTD devices, exploiting CVE-2025-20333 and CVE-2025-20362 in tandem for remote code ...
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Mitchell Langley November 6, 2025
The ClickFix malware campaign is redefining social engineering by tricking users into manually infecting their systems through fake video guides, countdown timers, and OS-specific commands. ...
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
News
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Mitchell Langley November 6, 2025
The Clop ransomware gang has claimed responsibility for a cyberattack on The Washington Post, adding the newspaper to its dark web leak site amid ongoing ...
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Cybersecurity
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Gabby Lee November 6, 2025
Nevada has fully restored operations across 60 state agencies nearly a year after a massive ransomware attack crippled public services in August 2023. The state ...
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
Application Security
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
Andrew Doyle November 6, 2025
Truffle Security has raised $25 million in Series A funding led by Decibel to expand its enterprise-grade secrets detection and remediation platform. Evolving from its ...
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Cybersecurity
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Gabby Lee November 6, 2025
The U.S. Congressional Budget Office has confirmed a cybersecurity incident involving unauthorized access to its network, with early evidence pointing to a foreign threat actor. ...
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Application Security
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Mitchell Langley November 6, 2025
Researchers at Tenable uncovered seven security flaws in OpenAI’s ChatGPT, including critical vulnerabilities in the GPT-4o model that exposed memory-stored user data and allowed web ...
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Cybersecurity
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Gabby Lee November 6, 2025
Executive Russian hacking group Sandworm has hit Ukraine’s grain sector with destructive wiper malware, targeting economic infrastructure in attacks now reaching beyond government and energy ...
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Cybersecurity
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Andrew Doyle November 6, 2025
Hackers allegedly breached Russia’s Radon nuclear waste plant, stealing testing data, user information, and employee details, raising national security concerns over access to sensitive nuclear ...
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Cybersecurity
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Mitchell Langley November 6, 2025
A misconfigured third-party database exposed over 50,000 Stanford Health Care and Hillsboro Medical Center staff records, including payroll data, emails, and hashed passwords, increasing phishing ...
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
Cybersecurity
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
Gabby Lee November 6, 2025
The Qilin ransomware gang claims to have stolen data from Habib Bank AG Zurich, exposing sensitive customer details and internal source code.
Cybersecurity
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
Andrew Doyle November 6, 2025
A global survey found 82 percent of large financial-services organisations reported a data breach or leak in the past year, signalling pervasive cyber-risk across the ...
U.S. Sanctions North Korean Financial Network Over Cybercrime-Funded Weapons Program
News
U.S. Sanctions North Korean Financial Network Over Cybercrime-Funded Weapons Program
Mitchell Langley November 6, 2025
The U.S. Treasury has sanctioned eight North Korea-linked individuals and entities accused of laundering funds from cyberattacks to finance Pyongyang’s weapons programs. The move targets ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Cybersecurity
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Mitchell Langley November 11, 2025
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Mitchell Langley November 11, 2025
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Gabby Lee November 9, 2025
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Mitchell Langley November 6, 2025

TOP CYBERSECURITY HEADLINES

Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in 'expr-eval' Library Enables Remote Code Execution
Application Security
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
News
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

This Week’s Security Spotlight

Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Gabby Lee November 11, 2025
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Gabby Lee November 6, 2025
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
More In News
Trending
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
How Device Code Phishing Abuses OAuth Flows on Google and Azure
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software
October 28, 2025
Podcasts
$1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk”
October 27, 2025
Podcasts
OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw
October 27, 2025

Cyber Security News

Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Cybersecurity
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
November 11, 2025
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Application Security
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
November 11, 2025
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CVE Vulnerability Alerts
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
November 11, 2025
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Application Security
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
November 11, 2025
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Cybersecurity
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
November 11, 2025
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Application Security
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
November 10, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
November 9, 2025
Microsoft’s latest Windows Insider build introduces major upgrades to Quick Machine Recovery and Smart App Control, enhancing system restoration speed and flexibility. The updates simplify ...
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
November 9, 2025
Security researchers uncovered malicious NuGet packages embedded with time-delayed payloads set to activate in 2027–2028, targeting enterprise software and industrial systems. The stealthy implants exploit ...
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
November 9, 2025
A zero-day flaw in Samsung Galaxy devices (CVE-2025-21042) was exploited to deploy LANDFALL spyware across the Middle East, enabling full device compromise and covert data ...
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
November 7, 2025
A malicious Visual Studio Code extension mimicking “pyms-folders” was found on Microsoft’s marketplace, encrypting user files in a ransomware-like attack. Researchers believe the extension was ...
Cisco Warns of New Attack Variant Exploiting Secure Firewall ASA and FTD Vulnerabilities
November 6, 2025
Cisco has warned of a new attack variant targeting its Secure Firewall ASA and FTD devices, exploiting CVE-2025-20333 and CVE-2025-20362 in tandem for remote code ...
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
November 6, 2025
The ClickFix malware campaign is redefining social engineering by tricking users into manually infecting their systems through fake video guides, countdown timers, and OS-specific commands. ...
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
November 6, 2025
The Clop ransomware gang has claimed responsibility for a cyberattack on The Washington Post, adding the newspaper to its dark web leak site amid ongoing ...
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
November 6, 2025
Nevada has fully restored operations across 60 state agencies nearly a year after a massive ransomware attack crippled public services in August 2023. The state ...
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
November 6, 2025
Truffle Security has raised $25 million in Series A funding led by Decibel to expand its enterprise-grade secrets detection and remediation platform. Evolving from its ...
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
November 6, 2025
The U.S. Congressional Budget Office has confirmed a cybersecurity incident involving unauthorized access to its network, with early evidence pointing to a foreign threat actor. ...
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
November 6, 2025
Researchers at Tenable uncovered seven security flaws in OpenAI’s ChatGPT, including critical vulnerabilities in the GPT-4o model that exposed memory-stored user data and allowed web ...
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
November 6, 2025
Executive Russian hacking group Sandworm has hit Ukraine’s grain sector with destructive wiper malware, targeting economic infrastructure in attacks now reaching beyond government and energy ...
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
November 6, 2025
Hackers allegedly breached Russia’s Radon nuclear waste plant, stealing testing data, user information, and employee details, raising national security concerns over access to sensitive nuclear ...
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
November 6, 2025
A misconfigured third-party database exposed over 50,000 Stanford Health Care and Hillsboro Medical Center staff records, including payroll data, emails, and hashed passwords, increasing phishing ...
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
November 6, 2025
The Qilin ransomware gang claims to have stolen data from Habib Bank AG Zurich, exposing sensitive customer details and internal source code.
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
November 6, 2025
A global survey found 82 percent of large financial-services organisations reported a data breach or leak in the past year, signalling pervasive cyber-risk across the ...
U.S. Sanctions North Korean Financial Network Over Cybercrime-Funded Weapons Program
November 6, 2025
The U.S. Treasury has sanctioned eight North Korea-linked individuals and entities accused of laundering funds from cyberattacks to finance Pyongyang’s weapons programs. The move targets ...
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
November 6, 2025
Microsoft has added a new web-based feature to the Microsoft Store that lets users create a single installer for multiple apps. The enhancement simplifies deployments, ...
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
November 6, 2025
Google has uncovered AI-driven malware capable of mutating its code during execution, evading traditional detection tools. By embedding machine learning models directly into payloads, attackers ...
Gootloader Resurfaces After Hiatus, Leveraging SEO Poisoning to Spread Malware
November 6, 2025
The Gootloader malware gang has resurfaced after months of inactivity, reviving its signature SEO poisoning attacks. By manipulating search results to distribute malicious downloads through ...
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Route Redirect Automates Large-Scale Microsoft 365 Phishing
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Sensitive Data at OB/GYN Associates Exposed in Data Breach
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach