Main Menu
Cyber Security
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Triple Extortion Ransomware: How It Works and How to Stop It
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
OpenClaw AI Agent Hijacked via Malicious vCard Injection
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
New Bypass Technique Bypasses Apple's AI Safeguards
Application Security
New Bypass Technique Bypasses Apple’s AI Safeguards
Gabby Lee April 10, 2026
Researchers bypass Apple Intelligence guardrails using Neural Exect and Unicode manipulation.
ChipSoft's Website Goes Offline After Ransomware Attack While Email Stays Operational
Cybersecurity
ChipSoft’s Website Goes Offline After Ransomware Attack While Email Stays Operational
Gabby Lee April 9, 2026
ChipSoft's website is down following a ransomware attack, though email communication remains functional.
Telehealth Company Hims & Hers Health Discloses Data Breach Involving Support Tickets
Cybersecurity
Telehealth Company Hims & Hers Health Discloses Data Breach Involving Support Tickets
Gabby Lee April 8, 2026
Hims & Hers Health reports a data breach linked to a third-party customer service platform, impacting support tickets.
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
Cybersecurity
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
Mitchell Langley April 8, 2026
Authentication tokens were stolen during a breach, impacting numerous companies.
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat
Cybersecurity
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat
Andrew Doyle April 8, 2026
Discover how CrystalX RAT combines surveillance, data theft, and remote access capabilities in a sophisticated Malware-as-a-Service operation uncovere...
Chinese Threat Actors Exploit TrueConf Zero-Day to Breach Asian Governments
News
Chinese Threat Actors Exploit TrueConf Zero-Day to Breach Asian Governments
Mitchell Langley April 8, 2026
Chinese threat actors used TrueConf zero-day vulnerability to breach Asian government networks for reconnaissance and payload execution.
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
CVE Vulnerability Alerts
Docker Engine Vulnerability CVE-2026-34040 Allows Attackers to Bypass Authorization
Andrew Doyle April 8, 2026
A new Docker Engine vulnerability allows attackers to bypass authorization plug-ins due to an incomplete fix.
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
Cybersecurity
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
Mitchell Langley April 8, 2026
Iranian hackers exploit U.S. critical infrastructure networks by targeting internet-exposed Rockwell/Allen-Bradley PLCs.
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
Cybersecurity
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
Andrew Doyle April 8, 2026
Russia-linked APT28 is harnessing vulnerable routers in a massive espionage campaign.
Anthropic's Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
Cybersecurity
Anthropic’s Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
Gabby Lee April 8, 2026
Anthropic's new AI model, Claude Mythos, could protect critical software or potentially enhance cyberattacks.
Trent AI Emerges From Stealth With $13 Million in Funding
Cybersecurity
Trent AI Emerges From Stealth With $13 Million in Funding
Andrew Doyle April 8, 2026
Startup Trent AI unveils a comprehensive security framework to safeguard artificial intelligence (AI) agents, backed by significant funding.
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Cybersecurity
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Mitchell Langley April 8, 2026
Google's recent Android update fixes critical vulnerabilities in the operating system, including a severe StrongBox flaw and a DoS vulnerability in th...
Automated Pentesting Tools Fall Short Past the PoC Cliff
Cybersecurity
Automated Pentesting Tools Fall Short Past the “PoC Cliff”
Andrew Doyle April 8, 2026
Exploring the plateau in automated pentesting tools and the PoC cliff effect on security validation.
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
Cybersecurity
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
Gabby Lee April 8, 2026
A critical vulnerability in Flowise lets attackers execute arbitrary code using improperly validated JavaScript.
Exchange Online Mailbox Access Issues Impact Outlook Users
Application Security
Exchange Online Mailbox Access Issues Impact Outlook Users
Mitchell Langley April 7, 2026
Exchange Online access issues have affected Outlook mobile and macOS users. Microsoft is actively working on a resolution.
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Application Security
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Gabby Lee April 7, 2026
The expansion of Shadow AI within daily apps and outdated mobile devices increases exposure to unseen mobile vulnerabilities.
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Cybersecurity
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Gabby Lee April 7, 2026
Organizations face growing cybersecurity risks from trusted vendors, SaaS tools, and subcontractors that bypass traditional security measures.
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
Application Security
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
Andrew Doyle April 7, 2026
Analysis reveals critical ShareFile flaws allowing server access and arbitrary file uploads.
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
Application Security
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
Andrew Doyle April 7, 2026
Researchers found 36 harmful npm packages posing as Strapi CMS plugins to exploit Redis, PostgreSQL, and execute further cyber attacks.
Bogus Traffic Violation Text Scam Targeting Americans
News
Bogus Traffic Violation Text Scam Targeting Americans
Andrew Doyle April 7, 2026
Fraudulent "Notice of Default" text scams impersonate U.S. state courts, leading victims to phishing sites.
Cybersecurity
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Mitchell Langley June 16, 2026
Cybersecurity
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
Gabby Lee June 16, 2026
Cybersecurity
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Andrew Doyle June 15, 2026
Cybersecurity
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Andrew Doyle June 15, 2026

TOP CYBERSECURITY HEADLINES

Application Security
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
Cybersecurity
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
Cybersecurity
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
Cybersecurity
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims

This Week’s Security Spotlight

Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Andrew Doyle June 10, 2026
More In News
Trending
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Novakon Ignored Security Reports on ICS Weaknesses, Leaving 40,000+ Devices Exposed
September 19, 2025
Podcasts
RevengeHotels Cybercrime Group Adopts AI and VenomRAT in Hotel Credit Card Theft Campaign
September 19, 2025
Podcasts
ShadowLeak: Server-Side Data Theft Attack Discovered Against ChatGPT Deep Research
September 19, 2025

Cyber Security News

Application Security
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
June 2, 2026
NIST Inspector General NVD Backlog Hits 27,000 CVEs
CVE Vulnerability Alerts
NIST Inspector General: NVD Backlog Hits 27,000 CVEs
June 2, 2026
Cybersecurity
TheGentlemen Ransomware Lists US Water Utility Suburban Water
June 2, 2026
Cybersecurity
ShadowByt3$ Ransomware Hits Syngenta’s Cropwise Platform
June 2, 2026
Cybersecurity
UPDATE: Dashlane Confirms Encrypted Vaults Downloaded in Attack
June 2, 2026
Cybersecurity
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
June 2, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
April 8, 2026
Authentication tokens were stolen during a breach, impacting numerous companies.
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat
April 8, 2026
Discover how CrystalX RAT combines surveillance, data theft, and remote access capabilities in a sophisticated Malware-as-a-Service operation uncovere...
Chinese Threat Actors Exploit TrueConf Zero-Day to Breach Asian Governments
April 8, 2026
Chinese threat actors used TrueConf zero-day vulnerability to breach Asian government networks for reconnaissance and payload execution.
Docker Engine Vulnerability CVE-2026-34040 Allows Attackers to Bypass Authorization
April 8, 2026
A new Docker Engine vulnerability allows attackers to bypass authorization plug-ins due to an incomplete fix.
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
April 8, 2026
Iranian hackers exploit U.S. critical infrastructure networks by targeting internet-exposed Rockwell/Allen-Bradley PLCs.
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
April 8, 2026
Russia-linked APT28 is harnessing vulnerable routers in a massive espionage campaign.
Anthropic’s Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
April 8, 2026
Anthropic's new AI model, Claude Mythos, could protect critical software or potentially enhance cyberattacks.
Trent AI Emerges From Stealth With $13 Million in Funding
April 8, 2026
Startup Trent AI unveils a comprehensive security framework to safeguard artificial intelligence (AI) agents, backed by significant funding.
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
April 8, 2026
Google's recent Android update fixes critical vulnerabilities in the operating system, including a severe StrongBox flaw and a DoS vulnerability in th...
Automated Pentesting Tools Fall Short Past the “PoC Cliff”
April 8, 2026
Exploring the plateau in automated pentesting tools and the PoC cliff effect on security validation.
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
April 8, 2026
A critical vulnerability in Flowise lets attackers execute arbitrary code using improperly validated JavaScript.
Exchange Online Mailbox Access Issues Impact Outlook Users
April 7, 2026
Exchange Online access issues have affected Outlook mobile and macOS users. Microsoft is actively working on a resolution.
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
April 7, 2026
The expansion of Shadow AI within daily apps and outdated mobile devices increases exposure to unseen mobile vulnerabilities.
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
April 7, 2026
Organizations face growing cybersecurity risks from trusted vendors, SaaS tools, and subcontractors that bypass traditional security measures.
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
April 7, 2026
Analysis reveals critical ShareFile flaws allowing server access and arbitrary file uploads.
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
April 7, 2026
Researchers found 36 harmful npm packages posing as Strapi CMS plugins to exploit Redis, PostgreSQL, and execute further cyber attacks.
Bogus Traffic Violation Text Scam Targeting Americans
April 7, 2026
Fraudulent "Notice of Default" text scams impersonate U.S. state courts, leading victims to phishing sites.
Qilin Ransomware Group Targets German Political Party Die Linke
April 7, 2026
Qilin ransomware group claims responsibility for a cyberattack on German political party Die Linke.
Analysis Reveals .cmd Malware Escalating Privileges and Bypassing Antivirus
April 7, 2026
Detailed analysis of a .cmd malware found in an email, escalating privileges and bypassing antivirus.
Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users
April 7, 2026
Fortinet issues emergency patches for a critical vulnerability (CVE-2026-35616) in FortiClient EMS, already exploited in the wild.
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Triple Extortion Ransomware: How It Works and How to Stop It
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs