Main Menu
Cyber Security
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
Russia Seeks Extremist Label for Cyber Partisans and Silent Crow
Play Ransomware Hits Law Firm, Food Tech, Church, and Factory
Akira Threatens to Publish 53 GB from US Parts Maker and Ohio MLS
Qilin Ransomware Hits Avcon Jet, Slovenian Food Group, and Trican
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
WorldLeaks Targets Thai Infrastructure Giant CH Karnchang
Supreme Court Upholds $200M FCC Fines on AT&T and Verizon
FTC Seeks Public Comment on X Corp Bid to Void Twitter Settlement
CISA Orders Patch for Linux Container Escape CVE-2022-0492
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
CVE Vulnerability Alerts
Docker Engine Vulnerability CVE-2026-34040 Allows Attackers to Bypass Authorization
Andrew Doyle April 8, 2026
A new Docker Engine vulnerability allows attackers to bypass authorization plug-ins due to an incomplete fix.
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
Cybersecurity
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
Mitchell Langley April 8, 2026
Iranian hackers exploit U.S. critical infrastructure networks by targeting internet-exposed Rockwell/Allen-Bradley PLCs.
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
Cybersecurity
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
Andrew Doyle April 8, 2026
Russia-linked APT28 is harnessing vulnerable routers in a massive espionage campaign.
Anthropic's Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
Cybersecurity
Anthropic’s Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
Gabby Lee April 8, 2026
Anthropic's new AI model, Claude Mythos, could protect critical software or potentially enhance cyberattacks.
Trent AI Emerges From Stealth With $13 Million in Funding
Cybersecurity
Trent AI Emerges From Stealth With $13 Million in Funding
Andrew Doyle April 8, 2026
Startup Trent AI unveils a comprehensive security framework to safeguard artificial intelligence (AI) agents, backed by significant funding.
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Cybersecurity
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Mitchell Langley April 8, 2026
Google's recent Android update fixes critical vulnerabilities in the operating system, including a severe StrongBox flaw and a DoS vulnerability in th...
Automated Pentesting Tools Fall Short Past the PoC Cliff
Cybersecurity
Automated Pentesting Tools Fall Short Past the “PoC Cliff”
Andrew Doyle April 8, 2026
Exploring the plateau in automated pentesting tools and the PoC cliff effect on security validation.
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
Cybersecurity
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
Gabby Lee April 8, 2026
A critical vulnerability in Flowise lets attackers execute arbitrary code using improperly validated JavaScript.
Exchange Online Mailbox Access Issues Impact Outlook Users
Application Security
Exchange Online Mailbox Access Issues Impact Outlook Users
Mitchell Langley April 7, 2026
Exchange Online access issues have affected Outlook mobile and macOS users. Microsoft is actively working on a resolution.
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Application Security
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Gabby Lee April 7, 2026
The expansion of Shadow AI within daily apps and outdated mobile devices increases exposure to unseen mobile vulnerabilities.
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Cybersecurity
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Gabby Lee April 7, 2026
Organizations face growing cybersecurity risks from trusted vendors, SaaS tools, and subcontractors that bypass traditional security measures.
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
Application Security
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
Andrew Doyle April 7, 2026
Analysis reveals critical ShareFile flaws allowing server access and arbitrary file uploads.
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
Application Security
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
Andrew Doyle April 7, 2026
Researchers found 36 harmful npm packages posing as Strapi CMS plugins to exploit Redis, PostgreSQL, and execute further cyber attacks.
Bogus Traffic Violation Text Scam Targeting Americans
News
Bogus Traffic Violation Text Scam Targeting Americans
Andrew Doyle April 7, 2026
Fraudulent "Notice of Default" text scams impersonate U.S. state courts, leading victims to phishing sites.
Qilin Ransomware Group Targets German Political Party Die Linke
News
Qilin Ransomware Group Targets German Political Party Die Linke
Mitchell Langley April 7, 2026
Qilin ransomware group claims responsibility for a cyberattack on German political party Die Linke.
Analysis Reveals .cmd Malware Escalating Privileges and Bypassing Antivirus
Cybersecurity
Analysis Reveals .cmd Malware Escalating Privileges and Bypassing Antivirus
Gabby Lee April 7, 2026
Detailed analysis of a .cmd malware found in an email, escalating privileges and bypassing antivirus.
Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users
CVE Vulnerability Alerts
Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users
Mitchell Langley April 7, 2026
Fortinet issues emergency patches for a critical vulnerability (CVE-2026-35616) in FortiClient EMS, already exploited in the wild.
North Korean Cyber Operatives Drain $285 Million from Drift Exchange
Cybersecurity
North Korean Cyber Operatives Drain $285 Million from Drift Exchange
Gabby Lee April 7, 2026
A North Korean orchestrated cyber attack stole $285 million from Drift, a Solana-based exchange, on April 1, 2026.
Axios HTTP Client Developer Targeted in North Korean Social Engineering Campaign
Application Security
Axios HTTP Client Developer Targeted in North Korean Social Engineering Campaign
Andrew Doyle April 7, 2026
The popular Axios HTTP client faced a social engineering attack attributed to North Korean actors, exposing serious security risks within open-source ...
Free Android VPNs Are Quietly Working Against You
Cybersecurity
Free Android VPNs Are Quietly Working Against You
Gabby Lee April 3, 2026
Free VPNs on Android promise protection, but often jeopardize user privacy with tracking, permissions, and risky servers.
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026

TOP CYBERSECURITY HEADLINES

TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Application Security
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Cybersecurity
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
Cybersecurity
TVING Data Breach Triggers South Korean Government Probe

This Week’s Security Spotlight

Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
Andrew Doyle June 8, 2026
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Gabby Lee June 5, 2026
Cybersecurity
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
Gabby Lee June 5, 2026
More In News
Trending
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Beyond the Inbox: The Rising Threat of Non-Email Phishing Attacks
September 23, 2025
Podcasts
Stellantis Data Breach Exposes Contact Info in Third-Party Provider Attack
September 23, 2025
Podcasts
HoundBytes Launches WorkHorse to Eliminate SOC Tier 1 Bottlenecks
September 23, 2025

Cyber Security News

Application Security
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
June 1, 2026
Cybersecurity
California AG Sues 23andMe Successor Over 2023 Genetic Data Breach
June 1, 2026
Cybersecurity
LLMShare Campaign Hosts Infostealer Downloads on ChatGPT’s Own Domain
June 1, 2026
Cybersecurity
NC Man Gets 121 Months for Selling Elderly Americans’ Data to Scammers
June 1, 2026
Application Security
Microsoft: 14 npm Packages Linked to Single Actor Stealing AWS Keys
June 1, 2026
Cybersecurity
Play Ransomware Lists MyPillow, US Telecom in Six-Victim Batch
June 1, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Anthropic’s Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
April 8, 2026
Anthropic's new AI model, Claude Mythos, could protect critical software or potentially enhance cyberattacks.
Trent AI Emerges From Stealth With $13 Million in Funding
April 8, 2026
Startup Trent AI unveils a comprehensive security framework to safeguard artificial intelligence (AI) agents, backed by significant funding.
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
April 8, 2026
Google's recent Android update fixes critical vulnerabilities in the operating system, including a severe StrongBox flaw and a DoS vulnerability in th...
Automated Pentesting Tools Fall Short Past the “PoC Cliff”
April 8, 2026
Exploring the plateau in automated pentesting tools and the PoC cliff effect on security validation.
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
April 8, 2026
A critical vulnerability in Flowise lets attackers execute arbitrary code using improperly validated JavaScript.
Exchange Online Mailbox Access Issues Impact Outlook Users
April 7, 2026
Exchange Online access issues have affected Outlook mobile and macOS users. Microsoft is actively working on a resolution.
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
April 7, 2026
The expansion of Shadow AI within daily apps and outdated mobile devices increases exposure to unseen mobile vulnerabilities.
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
April 7, 2026
Organizations face growing cybersecurity risks from trusted vendors, SaaS tools, and subcontractors that bypass traditional security measures.
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
April 7, 2026
Analysis reveals critical ShareFile flaws allowing server access and arbitrary file uploads.
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
April 7, 2026
Researchers found 36 harmful npm packages posing as Strapi CMS plugins to exploit Redis, PostgreSQL, and execute further cyber attacks.
Bogus Traffic Violation Text Scam Targeting Americans
April 7, 2026
Fraudulent "Notice of Default" text scams impersonate U.S. state courts, leading victims to phishing sites.
Qilin Ransomware Group Targets German Political Party Die Linke
April 7, 2026
Qilin ransomware group claims responsibility for a cyberattack on German political party Die Linke.
Analysis Reveals .cmd Malware Escalating Privileges and Bypassing Antivirus
April 7, 2026
Detailed analysis of a .cmd malware found in an email, escalating privileges and bypassing antivirus.
Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users
April 7, 2026
Fortinet issues emergency patches for a critical vulnerability (CVE-2026-35616) in FortiClient EMS, already exploited in the wild.
North Korean Cyber Operatives Drain $285 Million from Drift Exchange
April 7, 2026
A North Korean orchestrated cyber attack stole $285 million from Drift, a Solana-based exchange, on April 1, 2026.
Axios HTTP Client Developer Targeted in North Korean Social Engineering Campaign
April 7, 2026
The popular Axios HTTP client faced a social engineering attack attributed to North Korean actors, exposing serious security risks within open-source ...
Free Android VPNs Are Quietly Working Against You
April 3, 2026
Free VPNs on Android promise protection, but often jeopardize user privacy with tracking, permissions, and risky servers.
Residential Proxies Are Breaking IP Reputation Systems for Malware Traffic
April 3, 2026
Residential proxies confuse IP reputation systems, obscuring differences between malicious traffic and legitimate users.
Apple Rolls Out DarkSword Exploit Protection to More Devices
April 3, 2026
Apple enhances its defenses against the DarkSword exploit kit, a threat linked to state-sponsored hackers and commercial spyware vendors.
Drift Protocol Hit by Calculated Attack Resulting in $280 Million Loss
April 3, 2026
Drift Protocol faces a substantial breach, leading to administrative control loss and financial damages exceeding $280 million.
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack