Main Menu
Cyber Security
Telegram’s Proxy Link Vulnerability Exposes IP Addresses
Endesa Cyberattack Results in Customer Data Exposure
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Meta Addresses Security Vulnerability in Instagram Password Resets
AI and Security: Block’s CISO Discusses AI Agents’ Potential
Apex Legends Players Face Unprecedented Character Hijacking Over Weekend
Target’s Source Code Allegedly Exposed in Cyber Breach
Drones Are Now Critical Infrastructure—and Their Networks are the New Attack Surface
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Instagram Data Breach Affects 17.5 Million Users: Security Implications Explored
U.S. Immigration and Customs Enforcement’s Surveillance Tactics Scrutinized
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
BreachForums Re-emerges Only to Fall Victim to Data Breach
Anthropic Responds to Viral Allegations of Account Bans
CISA Streamlines Security Measures With Vulnerability Catalog Adoption
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Email Security’s True Challenge: Evaluating Post-access Threats
APT28 Intensifies Credential Harvesting on Nuclear and Energy Sectors
NSA Announces Tim Kosiba as New Deputy Director
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
Illinois Department’s Database Error Leads to Massive Data Exposure
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
Vulnerability in Totolink Range Extender Firmware Allows Unauthorized Access
Vibe Hacking: How AI is Transforming Cybercrime’s Landscape
Logitech’s macOS Applications Disrupted by Expired Code-Signing Certificate
Ni8mare Vulnerability Threatens N8N Workflow Automation Platform
OwnCloud Urges Users to Implement Multi-factor Authentication for Enhanced Security
Navigating the Challenges of Fileless Malware in Cybersecurity
Microsoft Acknowledges Issues With Outlook Encryption Feature
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
Data Security
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
Gabby Lee November 18, 2025
Eurofiber France disclosed a breach caused by a vulnerability in its ticketing system, allowing attackers to access historical support records containing contact details and service ...
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
Information Security
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
Andrew Doyle November 17, 2025
A researcher claims Coinbase knew months earlier about a December 2024 breach involving insider social-engineering that exposed data for nearly 70,000 users. Coinbase later confirmed ...
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
Data Security
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
Mitchell Langley November 17, 2025
A cyberattack on Princeton University exposed a database containing personal and institutional information tied to alumni, donors, faculty, staff, and students. Princeton is investigating with ...
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
News
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Mitchell Langley November 17, 2025
Dutch authorities have seized roughly 250 servers tied to a bulletproof hosting service that catered exclusively to cybercriminals, disrupting infrastructure used for malware, phishing, and ...
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
Cybersecurity
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
Gabby Lee November 17, 2025
Seven malicious npm packages used Adspect-based traffic cloaking to avoid detection and selectively deliver staged JavaScript payloads to targeted developers. The packages acted as downloaders ...
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
Application Security
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
Andrew Doyle November 17, 2025
A record-breaking 15.72 Tbps DDoS attack from the Aisuru botnet targeted Microsoft Azure, showcasing rapidly evolving botnet capabilities. Despite the massive, multi-vector assault, Azure’s automated ...
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
Application Security
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
Andrew Doyle November 17, 2025
Researchers uncovered serious flaws in GoSign Desktop, where disabled TLS certificate validation and an unsigned update mechanism expose users to MitM attacks and malicious updates. ...
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
Cybersecurity
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
Mitchell Langley November 17, 2025
Researchers have uncovered cybercriminals abusing the long-abandoned UNIX “finger” protocol to stealthily fetch and execute commands on Windows systems. By using this legacy tool for ...
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
Cybersecurity
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
Andrew Doyle November 17, 2025
Jaguar Land Rover revealed that a major cyberattack caused £196 million in losses this quarter, significantly impacting operations despite otherwise strong performance. The incident, linked ...
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Application Security
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Gabby Lee November 17, 2025
Microsoft is investigating installation failures affecting the Windows 10 KB5068781 ESU update, with error 0x800f0922 impacting volume-licensed enterprise systems. The issue leaves legacy environments temporarily ...
CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited
CVE Vulnerability Alerts
CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited
Mitchell Langley November 17, 2025
CISA has confirmed active exploitation of CVE-2024-40446, a critical path traversal flaw in Fortinet FortiWeb 8.0.0 that allows unauthenticated attackers to read arbitrary system files. ...
RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki
Application Security
RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki
Gabby Lee November 17, 2025
RondoDox botnet operators are exploiting CVE-2025-24893, a critical 9.8-rated eval injection flaw in XWiki that enables unauthenticated remote code execution. Attackers are hijacking unpatched XWiki ...
Critical Remote Code Execution Flaws Found in AI Inference Engines Due to Unsafe Deserialization
Application Security
Critical Remote Code Execution Flaws Found in AI Inference Engines Due to Unsafe Deserialization
Andrew Doyle November 17, 2025
New research reveals that popular AI inference engines—including Meta’s TorchServe, Nvidia’s Triton, vLLM, and Microsoft’s ONNX Runtime—contain critical ZeroMQ and Python pickle flaws that enable ...
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
News
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Mitchell Langley November 17, 2025
A new phishing campaign is targeting Chinese-speaking individuals in the U.S., with scammers posing as health insurers and Chinese authorities to coerce victims into revealing ...
Fortinet Quietly Patches FortiWeb Zero-Day Vulnerability Exploited in Active Attacks
Application Security
Fortinet Quietly Patches FortiWeb Zero-Day Vulnerability Exploited in Active Attacks
Gabby Lee November 17, 2025
Researchers say Fortinet quietly patched a FortiWeb zero-day that was already being exploited, offering little transparency or guidance. The silent fix left many organizations unaware ...
Threat Group ShinyHunters Hacks Checkout.com, Demands Ransom Over Legacy Cloud Breach
Cybersecurity
Threat Group ShinyHunters Hacks Checkout.com, Demands Ransom Over Legacy Cloud Breach
Andrew Doyle November 17, 2025
A cyberattack on Checkout.com by ShinyHunters exposed sensitive data stored in an overlooked legacy cloud system, highlighting the risks of outdated infrastructure. The attackers are ...
Australia Warns of Chinese Cyber Probing Into Critical Infrastructure
Cybersecurity
Australia Warns of Chinese Cyber Probing Into Critical Infrastructure
Mitchell Langley November 17, 2025
Australian intelligence warns that Chinese state-sponsored hackers have gained unauthorized access to critical infrastructure, shifting from espionage to potential sabotage. Officials say APT groups are ...
How TTP-Based Defenses Outperform Traditional IoC Hunting
Blog
How TTP-Based Defenses Outperform Traditional IoC Hunting
Gabby Lee November 17, 2025
Behavior-based detection is replacing traditional IoC-driven security as organizations focus on identifying attacker tactics and behaviors instead of static indicators. By analyzing TTPs like credential ...
Chinese APT Leveraged Claude AI for Automated Espionage Operation
News
Chinese APT Leveraged Claude AI for Automated Espionage Operation
Andrew Doyle November 17, 2025
Chinese APT group GTG-1002 has been caught abusing Anthropic’s Claude AI to automate phishing, malware development, and reconnaissance tasks. The campaign marks a major shift ...
North Korean ‘Contagious Interview’ Campaign Evolves With JSON-Based Malware Delivery
News
North Korean ‘Contagious Interview’ Campaign Evolves With JSON-Based Malware Delivery
Gabby Lee November 17, 2025
North Korea’s “Contagious Interview” campaign is evolving with new stealth techniques, using legitimate JSON-based storage services to host malware delivered through trojanized developer tools. NVISO ...
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Cybersecurity
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Mitchell Langley January 13, 2026
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Cybersecurity
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Mitchell Langley January 13, 2026
Diplomatic Exchange Between Nations Highlights Tensions in Cybercrime Prosecutions
News
Diplomatic Exchange Between Nations Highlights Tensions in Cybercrime Prosecutions
Mitchell Langley January 11, 2026
Ledger Breach Due to Global-e Attack Compromises Customer Data
Data Security
Ledger Breach Due to Global-e Attack Compromises Customer Data
Andrew Doyle January 6, 2026

TOP CYBERSECURITY HEADLINES

Endesa Cyberattack Results in Customer Data Exposure
Data Security
Endesa Cyberattack Results in Customer Data Exposure
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Application Security
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Meta Addresses Security Vulnerability in Instagram Password Resets
Application Security
Meta Addresses Security Vulnerability in Instagram Password Resets
AI and Security Block's CISO Discusses AI Agents' Potential
Cybersecurity
AI and Security: Block’s CISO Discusses AI Agents’ Potential

This Week’s Security Spotlight

Telegram's Proxy Link Vulnerability Exposes IP Addresses
Application Security
Telegram’s Proxy Link Vulnerability Exposes IP Addresses
Andrew Doyle January 13, 2026
Apex Legends Players Face Unprecedented Character Hijacking Over Weekend
Application Security
Apex Legends Players Face Unprecedented Character Hijacking Over Weekend
Mitchell Langley January 13, 2026
BreachForums Re-emerges Only to Fall Victim to Data Breach
Application Security
BreachForums Re-emerges Only to Fall Victim to Data Breach
Mitchell Langley January 12, 2026
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Application Security
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Gabby Lee January 11, 2026
More In News
Trending
Phishers Pose as Booking.com to Compromise European Hotels
Phishing Campaign Targets Users with Google Cloud Application Exploitation
Silver Fox Exploits Tax Lures in India to Spread ValleyRAT
Grubhub Users Face Sophisticated Phishing Scam Promising Bitcoin Payouts

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Toronto’s Mycroft Raises $3.5M to Bring AI Security Officers to Startups
September 23, 2025
Podcasts
FBI Issues Guidance as Fraudsters Pose as IC3 to Extort Victims
September 22, 2025
Podcasts
Fraudulent GitHub Repos Spread Atomic Stealer Malware Targeting macOS Users
September 22, 2025

Cyber Security News

Thailand Conference Launches International Initiative to Fight Online Scams
Cybersecurity
Thailand Conference Launches International Initiative to Fight Online Scams
December 22, 2025
Latest Charges Amplify Indictments Against Alleged Tren de Aragua Members
Cybersecurity
Latest Charges Amplify Indictments Against Alleged Tren de Aragua Members
December 22, 2025
Vulnerabilities in SonicWall Remote-Access Appliance Threaten Security
Cybersecurity
Vulnerabilities in SonicWall Remote-Access Appliance Threaten Security
December 22, 2025
UEFI Vulnerability Exposes Major Motherboards to Early-Boot Attacks
Endpoint Security
UEFI Vulnerability Exposes Major Motherboards to Early-Boot Attacks
December 22, 2025
NIS2 Directive Enhances Identity and Access Control Standards
Identity and Access Management
NIS2 Directive Enhances Identity and Access Control Standards
December 22, 2025
NATO's Digital Backbone Efforts Winning the Information War
Cybersecurity
NATO’s Digital Backbone Efforts: Winning the Information War
December 22, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
November 17, 2025
A cyberattack on Princeton University exposed a database containing personal and institutional information tied to alumni, donors, faculty, staff, and students. Princeton is investigating with ...
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
November 17, 2025
Dutch authorities have seized roughly 250 servers tied to a bulletproof hosting service that catered exclusively to cybercriminals, disrupting infrastructure used for malware, phishing, and ...
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
November 17, 2025
Seven malicious npm packages used Adspect-based traffic cloaking to avoid detection and selectively deliver staged JavaScript payloads to targeted developers. The packages acted as downloaders ...
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
November 17, 2025
A record-breaking 15.72 Tbps DDoS attack from the Aisuru botnet targeted Microsoft Azure, showcasing rapidly evolving botnet capabilities. Despite the massive, multi-vector assault, Azure’s automated ...
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
November 17, 2025
Researchers uncovered serious flaws in GoSign Desktop, where disabled TLS certificate validation and an unsigned update mechanism expose users to MitM attacks and malicious updates. ...
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
November 17, 2025
Researchers have uncovered cybercriminals abusing the long-abandoned UNIX “finger” protocol to stealthily fetch and execute commands on Windows systems. By using this legacy tool for ...
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
November 17, 2025
Jaguar Land Rover revealed that a major cyberattack caused £196 million in losses this quarter, significantly impacting operations despite otherwise strong performance. The incident, linked ...
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
November 17, 2025
Microsoft is investigating installation failures affecting the Windows 10 KB5068781 ESU update, with error 0x800f0922 impacting volume-licensed enterprise systems. The issue leaves legacy environments temporarily ...
CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited
November 17, 2025
CISA has confirmed active exploitation of CVE-2024-40446, a critical path traversal flaw in Fortinet FortiWeb 8.0.0 that allows unauthenticated attackers to read arbitrary system files. ...
RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki
November 17, 2025
RondoDox botnet operators are exploiting CVE-2025-24893, a critical 9.8-rated eval injection flaw in XWiki that enables unauthenticated remote code execution. Attackers are hijacking unpatched XWiki ...
Critical Remote Code Execution Flaws Found in AI Inference Engines Due to Unsafe Deserialization
November 17, 2025
New research reveals that popular AI inference engines—including Meta’s TorchServe, Nvidia’s Triton, vLLM, and Microsoft’s ONNX Runtime—contain critical ZeroMQ and Python pickle flaws that enable ...
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
November 17, 2025
A new phishing campaign is targeting Chinese-speaking individuals in the U.S., with scammers posing as health insurers and Chinese authorities to coerce victims into revealing ...
Fortinet Quietly Patches FortiWeb Zero-Day Vulnerability Exploited in Active Attacks
November 17, 2025
Researchers say Fortinet quietly patched a FortiWeb zero-day that was already being exploited, offering little transparency or guidance. The silent fix left many organizations unaware ...
Threat Group ShinyHunters Hacks Checkout.com, Demands Ransom Over Legacy Cloud Breach
November 17, 2025
A cyberattack on Checkout.com by ShinyHunters exposed sensitive data stored in an overlooked legacy cloud system, highlighting the risks of outdated infrastructure. The attackers are ...
Australia Warns of Chinese Cyber Probing Into Critical Infrastructure
November 17, 2025
Australian intelligence warns that Chinese state-sponsored hackers have gained unauthorized access to critical infrastructure, shifting from espionage to potential sabotage. Officials say APT groups are ...
How TTP-Based Defenses Outperform Traditional IoC Hunting
November 17, 2025
Behavior-based detection is replacing traditional IoC-driven security as organizations focus on identifying attacker tactics and behaviors instead of static indicators. By analyzing TTPs like credential ...
Chinese APT Leveraged Claude AI for Automated Espionage Operation
November 17, 2025
Chinese APT group GTG-1002 has been caught abusing Anthropic’s Claude AI to automate phishing, malware development, and reconnaissance tasks. The campaign marks a major shift ...
North Korean ‘Contagious Interview’ Campaign Evolves With JSON-Based Malware Delivery
November 17, 2025
North Korea’s “Contagious Interview” campaign is evolving with new stealth techniques, using legitimate JSON-based storage services to host malware delivered through trojanized developer tools. NVISO ...
Amazon Identifies Massive NPM Package Flooding Attack as Token-Farming Campaign
November 17, 2025
Attackers flooded the npm registry with thousands of benign-looking packages designed to harvest crypto-related authentication tokens rather than deploy malware. Amazon researchers say the large-scale ...
Logitech Confirms Data Breach After Clop Ransomware Attacks Oracle Systems
November 17, 2025
Clop exploited an unpatched Oracle E-Business Suite flaw to steal corporate data from Logitech, prompting the company to confirm exposure while emphasizing no operational disruption. ...
Telegram’s Proxy Link Vulnerability Exposes IP Addresses
Endesa Cyberattack Results in Customer Data Exposure
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Meta Addresses Security Vulnerability in Instagram Password Resets
AI and Security: Block’s CISO Discusses AI Agents’ Potential
Apex Legends Players Face Unprecedented Character Hijacking Over Weekend
Target’s Source Code Allegedly Exposed in Cyber Breach
Drones Are Now Critical Infrastructure—and Their Networks are the New Attack Surface
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Instagram Data Breach Affects 17.5 Million Users: Security Implications Explored
U.S. Immigration and Customs Enforcement’s Surveillance Tactics Scrutinized
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
BreachForums Re-emerges Only to Fall Victim to Data Breach
Anthropic Responds to Viral Allegations of Account Bans
Iranian APT Group MuddyWater Launches Sophisticated Spear-Phishing Campaign
CISA Streamlines Security Measures With Vulnerability Catalog Adoption
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Illinois Man Charged for Snapchat Phishing Scheme