Cyber Security
News
Dior Confirms U.S. Customer Data Compromised in Global Cybersecurity Breach
Dior is alerting U.S. customers about a data breach that exposed personal data. The cyberattack, linked to ShinyHunters, targeted LVMH brands via a third-party vendor. ...
News
Arch Linux Removes Malicious AUR Packages That Deployed Chaos RAT Malware
Arch Linux pulled three AUR packages after discovering they delivered Chaos RAT malware through a malicious GitHub script, compromising Linux systems via community-sourced PKGBUILD files. ...
News
New CrushFTP Zero-Day Exploit Enables Admin Access on Unpatched Servers
CrushFTP warns of an actively exploited zero-day vulnerability (CVE-2025-54309) allowing full admin access via web interface on unpatched servers running outdated builds.
News
Widespread Cyberattack Exploits Microsoft SharePoint Zero-Day, Hits U.S. Agencies and Global Targets
Hackers exploited a zero-day in Microsoft SharePoint, breaching U.S. agencies, global businesses, and universities before patches were issued. Some breaches include loss of critical data. ...
Cybersecurity Newsletter
Weekly Cybersecurity Newsletter: 14th to 18th August
Explore our latest cybersecurity podcast episodes featuring ransomware attacks, phishing campaigns, corporate breaches, legal showdowns, and deep dives into evolving threats and digital defenses.
News
BigONE Crypto Exchange Hacked: $27 Million Stolen in Hot Wallet Attack
BigONE cryptocurrency exchange suffered a $27 million breach involving its hot wallet. While user funds are safe, blockchain forensics reveal ongoing laundering of stolen assets. ...
News
LameHug Malware Uses AI-Powered Language Model to Launch Dynamic Windows Data Theft
LameHug malware uses an AI language model to craft system commands on the fly, targeting Windows machines in attacks linked to Russian-backed APT28.
News
Louis Vuitton Confirms Multi-Country Data Breaches Linked to Single Cyberattack
Luxury fashion house Louis Vuitton confirmed that recent customer data breaches in the UK, South Korea, and Turkey all trace back to a single cyberattack ...
News
Cisco ISE Vulnerability Exposes Critical Remote Code Execution Risk Across Enterprise Networks
A critical Cisco ISE vulnerability (CVE-2025-20337) exposes systems to remote code execution and root access. Enterprises must upgrade to Patch 7 or Patch 2 immediately. ...
News
Chinese APT Group Salt Typhoon Breaches U.S. National Guard Network, Steals Critical Configuration Files
Salt Typhoon, a Chinese state-backed hacking group, quietly breached a U.S. Army National Guard network for nine months, stealing sensitive configuration files and credentials.
News
Phishing Scam Costs Nebraska School District $1.8 Million in Construction Funds
A phishing email targeting a real construction project led Broken Bow Public Schools in Nebraska to mistakenly transfer $1.8 million to cybercriminals.
News
Chinese Cyber-Espionage Group Infiltrates Army National Guard Network Across the US
Salt Typhoon, a Chinese cyber-espionage group, infiltrated a US state's Army National Guard network, exfiltrating sensitive data and threatening nationwide cybersecurity coordination efforts.
News
Chinese State-Backed Hackers Breach U.S. Army National Guard Network in Espionage Campaign
Chinese hackers known as Salt Typhoon infiltrated a U.S. state’s Army National Guard network, accessing sensitive data tied to every other state and four territories. ...
News
Scattered Spider-Attack Hits Co-op, Exposes Data of 6.5 Million Members
UK retailer Co-op confirms a cyberattack in April stole personal data of 6.5 million members. Threat actors linked to Scattered Spider used social engineering tactics. ...
News
Active-Duty U.S. Soldier Pleads Guilty to Hacking and Extortion of Telecom Giants
A 21-year-old U.S. Army soldier pleaded guilty to hacking and extorting major telecom firms using stolen credentials, SSH brute tools, SIM-swapping, and cybercrime forums.
News
Episource Data Breach Hits Over 5 Million Patients, Sensitive Medical and Insurance Data Potentially Exposed
A cyberattack on Episource, a UnitedHealth subsidiary, compromised the personal and medical data of over five million patients, including Social Security and health insurance details. ...
News
Abacus Market Disappears in Suspected Exit Scam After Handling $300 Million in Darknet Transactions
Abacus Market, a major darknet platform for drug trade, has abruptly gone offline, sparking suspicions of a large-scale exit scam involving millions in crypto.
News
DragonForce Claims Cyberattack on US Retail Giant Belk, Leaks 156GB of Sensitive Customer and Employee Data
Hackers from the DragonForce ransomware group claim to have breached US retailer Belk, leaking 156GB of customer orders, employee profiles, and mobile app data.
News
Diskstation Ransomware Gang Dismantled After Years of Targeting NAS Devices Across Europe
Authorities dismantled the Diskstation ransomware group targeting NAS devices since 2021, arresting the primary suspect in Romania after seizing evidence during international raids.
News
Consentik Breach Exposes Hundreds of Shopify Stores to Admin Takeovers and Data Theft
A misconfigured Shopify plugin leaked sensitive access tokens and analytics, leaving hundreds of e-commerce businesses vulnerable to admin-level compromise and malicious exploitation.
TOP CYBERSECURITY HEADLINES
CVE Vulnerability Alerts
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
This Week’s Security Spotlight
Application Security
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
Application Security
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Application Security
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Workday Breach Tied to Third-Party CRM Hack in ShinyHunters Campaign
Workday, one of the world’s leading providers of human resources and financial management software, has confirmed a data breach that exposed business contact information through ...
MoD Contractor Data Breach Exposes Thousands Of Afghan Nationals
MoD confirms a contractor-linked data breach affecting up to 3,700 ARAP arrivals, exposing names and passport details and reigniting concerns over subcontractor security and Afghan ...
AT&T Settlement Clears $177M for Victims Of 2019 and 2024 Data Breaches
Federal court approves $177 million AT&T settlement covering 2019 and 2024 data breaches; claimants can seek documented losses or tiered payments, with $7,500 maximum possible.
DOJ Brings Down Zeppelin Ransomware Operator, Seizes Millions in Crypto
The U.S. Department of Justice has successfully dismantled a major operator behind the notorious Zeppelin ransomware, charging Russian national Ianis Aleksandrovich Antropenko with conspiracy to ...
Workday Data Breach Linked To Third-Party CRM Amid Salesforce Social Engineering Wave
Workday discloses a data breach tied to a third-party CRM after social engineering attacks. No tenant data was accessed; business contact details were exposed amid ...
Healthplex Fined $2M After Phishing-Driven Data Breach Exposed Tens Of Thousands
A phishing click at Healthplex exposed tens of thousands’ health data; delayed reporting triggered a $2 million DFS fine and a mandatory independent MFA audit.
Bragg Discloses Cybersecurity Incident; Says Impact Appears Limited
Bragg Gaming Group detected a cybersecurity incident on August 16, 2025. Preliminary findings say the impact was internal only, with no indication personal data was ...
WestJet Data Breach Exposes Passenger Details, Including Names, DOB and Travel Details
WestJet confirms a June cyberattack exposed passenger details but not payment data. The airline offers two years of TransUnion monitoring and identity restoration while the ...
Crypto24 Ransomware: The Phantom Encryptor
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal, encrypt, and leak sensitive data.
Charon Ransomware: Stealthy Cyber Extortion Syndicate
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing a severe threat to critical ...
U.S. Seizes $1M in Cryptocurrency from BlackSuit Ransomware Gang
U.S. agencies seized over $1 million in cryptocurrency and critical infrastructure from the BlackSuit ransomware gang. While the takedown marks progress, core members have already ...
Citrix NetScaler Zero-Day Breach Hits Critical Dutch Infrastructure
A Citrix NetScaler zero-day, CVE-2025-6543, has been exploited in the wild, leading to breaches of Dutch critical infrastructure. Thousands of devices remain unpatched worldwide, prompting ...
Why Supply Chain Security is a 2025 Cyber Priority
Supply chain security has become a top cybersecurity priority in 2025. Weak vendor defenses, low visibility, and nation-state attacks are fueling breaches, underscoring the urgent ...
Fortinet Warns of FortiSIEM Zero-Day CVE-2025-25256 Critical RCE Flaw
Fortinet has patched CVE-2025-25256, a FortiSIEM vulnerability rated CVSS 9.8 that allows unauthenticated remote code execution. Exploit code is active in the wild, and security ...
Quantum Key Distribution Faces Real-World Cybersecurity Risks
Quantum Key Distribution (QKD) is often described as unbreakable, but recent research exposes flaws in real-world systems. From photorefraction and side-channel attacks to theoretical weaknesses, ...
Cybercrime Groups ShinyHunters and Scattered Spider Collaborate in Extortion Attacks
A possible alliance between ShinyHunters, Scattered Spider, and Lapsu$ points to a new wave of coordinated cybercrime. By merging social engineering and data theft, these ...
Thorium: CISA’s New Open-Source Malware Analysis and Forensic Platform
CISA has released Thorium, an open-source platform for malware analysis and digital forensics. Built with automation and scalability, it enables security teams to analyze millions ...
FBI Flags $9.9M in Losses from Crypto Recovery Scams
The FBI warns of a growing wave of “crypto recovery scams,” where fraudsters pose as attorneys or law firms to exploit victims of earlier crypto ...
Cisco’s Critical FMC RADIUS Vulnerability: CVSS 10.0 Remote Code Execution Risk
Cisco’s CVE-2025-20188 vulnerability, rated CVSS 10.0, exposes IOS XE devices and Firepower Management Center to unauthenticated remote code execution. The flaw, caused by a hard-coded ...
U.S. Sanctions Grinex, the Russian Crypto Exchange Born from Garantex’s Ashes
The U.S. Department of the Treasury has announced sweeping sanctions against Grinex, a Russian-linked cryptocurrency exchange identified as the direct successor to the previously sanctioned ...