Main Menu
Cyber Security
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
Palo Alto Networks Unveils AI Security Suite: Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
Massive Gmail Data Breach Exposes 183 Million User Credentials
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
TP-Link Patches Critical Omada Gateway Vulnerabilities Preventing Remote Attacks
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
Exploitable Bug in Rust async-tar Library — TARmageddon Gives Attackers RCE
Critical WSUS Flaw (CVE-2025-61884) Drives Elevated RCE Attacks on Windows Server
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
Blue Cross Blue Shield of Montana Breach Exposes Data of 462,000 Members
Post-Patch ‘ToolShell’ Exploit: CVE-2025-53770 Abused in Microsoft SharePoint
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
Iran-Linked APT Deploys Phoenix Backdoor Against 100+ Government Organisations
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Everest Ransomware Group Claims Mailchimp but Experts Say Leak Is Minor and Unproven
News
Everest Ransomware Group Claims Mailchimp but Experts Say Leak Is Minor and Unproven
Mitchell Langley August 5, 2025
Everest claims Mailchimp data breach, citing a small internal dataset; security insiders and Intuit report no evidence of systemic compromise.
DragonForce Ransomware – Hacktivist Turned Cybercriminal Enterprise
Resources
DragonForce Ransomware – Hacktivist Turned Cybercriminal Enterprise
Andrew Doyle August 4, 2025
DragonForce is a ransomware and data extortion group that evolved from a pro-Palestinian hacktivist collective into a financially motivated cybercriminal enterprise.
Hackers Target Python Developers With Phishing Campaign Using Fake PyPI Site
News
Hackers Target Python Developers With Phishing Campaign Using Fake PyPI Site
Andrew Doyle August 3, 2025
A phishing attack is targeting Python developers with fake PyPI login prompts to steal credentials and potentially distribute malware via compromised Python packages.
Mastering the Metasploit Framework The Ultimate Guide to Exploits, Payloads, and Ethical Hacking
Blog
Mastering the Metasploit Framework: The Ultimate Guide to Exploits, Payloads, and Ethical Hacking
Mitchell Langley August 1, 2025
Explore the full potential of the Metasploit Framework for ethical hacking, penetration testing, and CVE exploitation with this complete, real-world guide for cybersecurity professionals.
Shadow IT in the Enterprise Risks You Didn’t Know You Had
Blog
Shadow IT in the Enterprise: Risks You Didn’t Know You Had
Gabby Lee July 31, 2025
Unmanaged SaaS and shadow IT applications silently open dangerous security gaps. Discover how enterprise teams can detect, control, and protect against these invisible but growing ...
Minnesota Deploys National Guard Cyber Unit Following Major Cyberattack on St. Paul City Systems
News
Minnesota Deploys National Guard Cyber Unit Following Major Cyberattack on St. Paul City Systems
Andrew Doyle July 31, 2025
Minnesota activates the National Guard’s cyber unit after a cyberattack cripples St. Paul’s municipal systems, prompting emergency declarations and a multi-agency response.
Tea App Disables Messaging After Second Breach Exposes Over One Million Private Conversations
News
Tea App Disables Messaging After Second Breach Exposes Over One Million Private Conversations
Andrew Doyle July 31, 2025
Tea app disables messaging after two breaches: 72,000 verification images leaked, then 1.1 million private messages exposed; FBI and security firms investigating.
ShinyHunters Behind Salesforce-Related Data Breaches at Qantas, Allianz Life, LVMH
News
ShinyHunters Behind Salesforce-Related Data Breaches at Qantas, Allianz Life, LVMH
Mitchell Langley July 31, 2025
ShinyHunters targets Salesforce users at Qantas, Allianz, and LVMH in voice phishing attacks to steal customer data and conduct private extortion campaigns.
RiteCheck Confirms Data Breach Affecting Nearly 70,000 Customers and Employees
News
RiteCheck Confirms Data Breach Affecting Nearly 70,000 Customers and Employees
Andrew Doyle July 31, 2025
RiteCheck has disclosed a 2023 data breach impacting nearly 70,000 people, exposing Social Security numbers, payment card data, and IDs after an 11-month delay.
Hackers Exploit SAP NetWeaver Flaw to Deploy Advanced Auto-Color Malware on U.S. Chemical Firm
News
Hackers Exploit SAP NetWeaver Flaw to Deploy Advanced Auto-Color Malware on U.S. Chemical Firm
Mitchell Langley July 30, 2025
Hackers exploited a critical SAP NetWeaver vulnerability to deploy Auto-Color malware on a U.S. chemicals firm, using advanced stealth and sandbox evasion techniques.
Aeroflot Flights Canceled After Hacktivist Cyberattack Cripples Airline Systems
News
Aeroflot Flights Canceled After Hacktivist Cyberattack Cripples Airline Systems
Mitchell Langley July 30, 2025
Aeroflot’s operations were disrupted after a cyberattack claimed by Ukrainian and Belarusian hacktivists who allege wiping critical systems and exfiltrating sensitive airline data.
Orange Discloses Cyberattack, Service Disruptions in France Following Breach
News
Orange Discloses Cyberattack, Service Disruptions in France Following Breach
Mitchell Langley July 30, 2025
French telecom giant Orange confirmed a cyberattack that disrupted services in France. The affected system was isolated; no data exfiltration has been found yet.
Cheap McDonald’s Deal Turns Into Subscription Scam: Over 10,000 Romanians Targeted via Facebook and Instagram Ads
News
Cheap McDonald’s Deal Turns Into Subscription Scam: Over 10,000 Romanians Targeted via Facebook and Instagram Ads
Andrew Doyle July 30, 2025
A $2 McDonald's deal scam has duped over 10,000 Romanians into €63.42 bi-weekly subscriptions via fake ads on Instagram and Facebook, Bitdefender reports.
Scattered Spider Ransomware Group Ramps Up Sophisticated Attacks Targeting Enterprises Globally
Cybersecurity
Scattered Spider Ransomware Group Ramps Up Sophisticated Attacks Targeting Enterprises Globally
Gabby Lee July 30, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and international partners, has issued an updated advisory ...
Lynx Ransomware: INC Ransomware Reincarnated
Resources
Lynx Ransomware: INC Ransomware Reincarnated
Gabby Lee July 29, 2025
The Lynx ransomware group is a financially motivated threat actor operating under a Ransomware-as-a-Service (RaaS) model. Emerging as a successor to the INC ransomware group ...
How to Backup and Restore the Windows Registry
Blog
How to Backup and Restore the Windows Registry
Andrew Doyle July 29, 2025
Protect your system settings from accidental changes or corruption. Learn how to safely backup and restore the Windows Registry with this easy step-by-step guide.
Google Patches Gemini CLI Vulnerability That Enabled Silent Code Execution and Data Theft
News
Google Patches Gemini CLI Vulnerability That Enabled Silent Code Execution and Data Theft
Mitchell Langley July 28, 2025
A critical flaw in Google’s Gemini CLI exposed developers to silent command execution and data theft through poisoned context files, prompting an urgent security patch. ...
Tea App Data Breach Deepens as 1.1 Million Private Messages Are Exposed
News
Tea App Data Breach Deepens as 1.1 Million Private Messages Are Exposed
Mitchell Langley July 28, 2025
Tea app’s data breach escalates as 1.1 million private messages and 72,000 sensitive images, including government IDs and selfies, are leaked on hacker forums.
NASCAR Confirms Data Breach Tied to Medusa Ransomware Gang, SSNs Exposed
News
NASCAR Confirms Data Breach Tied to Medusa Ransomware Gang, SSNs Exposed
Andrew Doyle July 28, 2025
NASCAR confirms a data breach exposing Social Security numbers, linked to Medusa ransomware gang. Victims are receiving breach notifications and one year of credit monitoring. ...
Hackers Claim Deep Access to Systems, Threaten to Leak Passenger Data
News
Hackers Claim Deep Access to Systems, Threaten to Leak Passenger Data
Mitchell Langley July 28, 2025
Aeroflot suffers massive cyberattack by pro-Ukraine hackers, disrupting flights, destroying 7,000 servers, and exposing personal data of passengers and staff. A criminal probe is underway. ...
Phoenix Contact UPS Vulnerabilities Critical Flaws May Cause Denial-of-Service
Cybersecurity
Phoenix Contact UPS Vulnerabilities: Critical Flaws May Cause Denial-of-Service
Andrew Doyle October 30, 2025
Toys “R” Us Canada Data Breach Customer Records Exposed to Cyber Threats
Data Security
Toys “R” Us Canada Data Breach: Customer Records Exposed to Cyber Threats
Gabby Lee October 27, 2025
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Cybersecurity
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Andrew Doyle October 29, 2025
Maryland Paratransit Ransomware Disrupts Mobility New Ride Requests Halted
News
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
Andrew Doyle October 27, 2025

TOP CYBERSECURITY HEADLINES

TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
Endpoint Security
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
CVE Vulnerability Alerts
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Application Security
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Cybersecurity
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems

This Week’s Security Spotlight

OpenAI Atlas Omnibox Vulnerability Prompt Injection Flaw Exposes Unauthorized Access Risks
Application Security
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Gabby Lee October 27, 2025
CoPhish Exploit via Microsoft Copilot OAuth Token Theft Exposes Trusted Domains
Application Security
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
Mitchell Langley October 27, 2025
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Application Security
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Gabby Lee October 27, 2025
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Application Security
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Andrew Doyle October 22, 2025
More In News
Trending
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
Embassy Breach Alert: Iranian Hackers Exploit 100+ Email Accounts via Phishing
UpCrypter Phishing Campaign Exploits Fake Emails to Deliver RAT Payloads
Deepfake Vishing Incidents Surge by 170% in Q2 2025

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Netskope’s IPO Raises $908M: SASE Leader Surges 18% on First Trading Day
September 22, 2025
Podcasts
SPLX Exposes AI Exploit: Prompt Injection Tricks ChatGPT Into Solving CAPTCHAs
September 22, 2025
Podcasts
Brussels, Berlin, London Hit Hard as Cyber Disruption Sparks Flight Chaos
September 22, 2025

Cyber Security News

WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
Cybersecurity
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
October 2, 2025
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
Cybersecurity
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
October 2, 2025
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
Cybersecurity
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
October 2, 2025
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
Cybersecurity
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
October 2, 2025
Allianz Life Confirms July Breach Exposed SSNs for Nearly 1.5 Million People
Cybersecurity
Allianz Life Confirms July Breach Exposed SSNs for Nearly 1.5 Million People
October 2, 2025
Axonius Identities Review 2025 Unified IAM, Governance & Security
Identity and Access Management
Axonius Identities Review 2025: Unified IAM, Governance & Security
October 1, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Gmail Breach Exposes 2.5 Billion Accounts in Social Engineering Attack
August 25, 2025
Google confirmed a massive breach exposing 2.5 billion Gmail accounts, with hacker group ShinyHunters exploiting Salesforce access through social engineering and launching large-scale phishing and ...
Michigan Health System Hack Exposes Patients’ Lab Results in Healthcare Data Breach
August 25, 2025
Aspire Rural Health Systems suffered a major healthcare data breach, exposing nearly 140,000 patients’ records — including lab results, financial data, and personal identifiers.
Ethical and Regulatory Challenges in AI-Driven Cybersecurity
August 25, 2025
As AI becomes central to cybersecurity, it is also weaponized for deepfakes, adaptive malware, and phishing. Organizations now face ethical dilemmas, regulatory fragmentation, and governance ...
AI-Powered DDoS Attacks Prompt Advanced Defense Mechanisms
August 25, 2025
AI-powered DDoS attacks are reshaping the cybersecurity landscape, replacing brute-force floods with adaptive, machine-led precision. By mimicking legitimate traffic and shifting tactics in real time, ...
Palo Alto Networks Forecasts $10.5B in 2026 Revenue on AI Cybersecurity Growth
August 25, 2025
Palo Alto Networks projects up to $10.53B in fiscal 2026 revenue, fueled by demand for AI cybersecurity tools and strategic acquisitions like CyberArk. With stronger ...
WinRAR Zero-Day Vulnerability Exploited by Multiple Threat Actors
August 25, 2025
A newly discovered zero-day in WinRAR, CVE-2025-8088, is being exploited by RomCom hackers to plant executables in Windows Startup folders via path traversal. The flaw ...
FortiOS Auth Bypass Vulnerability Allows Attackers to Gain Full Control
August 22, 2025
Fortinet has disclosed CVE-2024-26009, a high-severity authentication bypass in the FGFM protocol. The flaw lets attackers impersonate managed FortiGate devices via FortiManager, enabling full administrative ...
Decline in Cybersecurity Prevention Effectiveness Raises Concerns for CISOs
August 22, 2025
New research from Horizon3.ai, WEF, Trend Micro, and others shows a widening gap between cybersecurity strategies and real-world results. CISOs face declining prevention effectiveness, rising ...
Norway Attributes Dam Cyberattack to Russian Hackers
August 22, 2025
Norway confirmed that Russian state-sponsored hackers breached the Bremanger dam’s control systems in April 2025, releasing 1.9 million gallons of water. While no damage occurred, ...
Chrome Extension FreeVPN One Secretly Captures Screens
August 22, 2025
Security researchers found that FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge, secretly captured user screenshots, URLs, and device data. Updates ...
Critical PostgreSQL Flaws Allow Code Injection During Database Restoration
August 22, 2025
The PostgreSQL team has disclosed three critical vulnerabilities—CVE-2025-8714, CVE-2025-8715, and CVE-2025-1094—impacting backup and restore utilities. These flaws enable malicious code injection and SQL exploitation, posing ...
Internet Archive Abused to Host Stealthy Malware JScript Loaders
August 22, 2025
Attackers are abusing the Internet Archive to host obfuscated malware loaders, launching multi-stage infection chains that deliver the Remcos RAT. By exploiting trusted infrastructure, threat ...
Business Council of New York State Data Breach: Personal Health Data of 47,000 People Exposed
August 21, 2025
BCNYS reports a two-day February intrusion discovered in August exposed personal, financial, and health data for 47,329 people, prompting rolling notifications and credit monitoring for ...
Clickjacking Vulnerability Exposes Autofill Data Across Major Extensions
August 21, 2025
Attackers use ADFS redirect phishing through legitimate office.com links, bypassing URL filters and MFA, to steal Microsoft 365 logins via malvertising and conditional access tricks.
Financial App Data Leak in Turkey Puts Millions at Risk
August 21, 2025
An unprotected MongoDB tied to FinansCepte and FinansWebde exposed over four million records, putting Turkish users at risk of phishing, credential stuffing, and manipulated financial ...
GenAI Powers Harder-to-Detect Phishing Threats
August 21, 2025
New research from Unit 42 shows adversaries are combining AI website builders, writing assistants, deepfakes, and chatbots to automate large-scale campaigns that closely mimic trusted ...
PyPI Cracks Down on Domain Expiration Attacks to Protect Python Packages
August 20, 2025
The Python Package Index (PyPI), the backbone of the global Python ecosystem, has rolled out new security safeguards aimed at stopping a dangerous form of ...
AI Joins the Fight Against Exploits: Google and Mozilla Patch Dangerous Vulnerabilities
August 20, 2025
Both Google and Mozilla have rolled out urgent security updates to patch multiple high-severity vulnerabilities in their flagship browsers—Google Chrome and Mozilla Firefox—underscoring the constant ...
Britain Backs Down: UK Drops Encryption Backdoor Demand on Apple
August 20, 2025
A major international clash over encryption has come to a dramatic resolution. Earlier this year, the U.K. government, acting under its controversial Investigatory Powers Act ...
PipeMagic Backdoor: How Ransomware Actors Exploited a Windows Zero-Day
August 20, 2025
In early 2025, Microsoft and security researchers uncovered PipeMagic, a modular and memory-resident backdoor that has been quietly leveraged in ransomware campaigns worldwide. Disguised as ...
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
Palo Alto Networks Unveils AI Security Suite: Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
SailPoint Identity Risk Review: Intelligent Identity Threat Detection