Main Menu
Cyber Security
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Apple Rolls Out DarkSword Exploit Protection to More Devices
Cybersecurity
Apple Rolls Out DarkSword Exploit Protection to More Devices
Mitchell Langley April 3, 2026
Apple enhances its defenses against the DarkSword exploit kit, a threat linked to state-sponsored hackers and commercial spyware vendors.
Critical Vulnerability in Claude Code Surfaces Days After Source Code Leak
Application Security
Critical Vulnerability in Claude Code Surfaces Days After Source Code Leak
Gabby Lee April 3, 2026
Claude Code faces a critical vulnerability discovered by Adversa AI just days after its source code was unintentionally leaked by Anthropic.
Cybercriminals Exploit Empty Properties for Postal Fraud
Cybersecurity
Cybercriminals Exploit Empty Properties for Postal Fraud
Andrew Doyle April 3, 2026
Threat actors use vacant homes to snatch mail and perpetrate fraud using Flare's findings.
Cisco Releases Patches for Critical and High-Severity Vulnerabilities
Cybersecurity
Cisco Releases Patches for Critical and High-Severity Vulnerabilities
Mitchell Langley April 3, 2026
Cisco fixes critical vulnerabilities threatening authentication, code execution, and more.
Stryker Corporation Restores Operations After Cyberattack
Cybersecurity
Stryker Corporation Restores Operations After Cyberattack
Gabby Lee April 3, 2026
Stryker Corporation resumes operations after a cyberattack by Handala hacktivists.
Cybersecurity M&A Activity Surges With 38 Deals Closing in March 2026
Cybersecurity
Cybersecurity M&A Activity Surges With 38 Deals Closing in March 2026
Mitchell Langley April 3, 2026
Explore prominent cybersecurity M&A deals announced in March 2026 by Airbus, Cellebrite, and others.
Anthropic Confirms Internal Claude Code Leak Was Caused by Human Error
Cybersecurity
Anthropic Confirms Internal Claude Code Leak Was Caused by Human Error
Mitchell Langley April 2, 2026
Anthropic confirms internal code leak of Claude Code due to human error, no sensitive data involved.
Microsoft Releases Emergency Fix for KB5079391 Update Installation Failures
Cybersecurity
Microsoft Releases Emergency Fix for KB5079391 Update Installation Failures
Andrew Doyle April 2, 2026
Microsoft has released an emergency fix for the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to widespread ...
Google Rolls Out Gmail Address Change and Alias Feature in the U.S.
Application Security
Google Rolls Out Gmail Address Change and Alias Feature in the U.S.
Andrew Doyle April 2, 2026
Google introduces a feature to change Gmail addresses, enhancing user email customization options in the U.S.
Proton Launches Meet as a Privacy-First Alternative to Google Meet and Zoom
Application Security
Proton Launches Meet as a Privacy-First Alternative to Google Meet and Zoom
Mitchell Langley April 2, 2026
Proton introduces Meet, a new video conferencing service focused on privacy.
Anthropic Accidentally Leaked Source Code for Claude Code
Cybersecurity
Anthropic Accidentally Leaked Source Code for Claude Code
Andrew Doyle April 2, 2026
Anthropic's Claude Code source code leak report assures that no client data was breached.
EvilTokens Kit Uses Device Code Phishing to Target Microsoft Accounts
News
EvilTokens Kit Uses Device Code Phishing to Target Microsoft Accounts
Mitchell Langley April 2, 2026
Explore how EvilTokens exploits phishing methods to endanger Microsoft accounts and facilitate business email compromise attacks.
Ukrainian CERT Impersonated in Phishing Campaign Distributing AGEWHEEZE
News
Ukrainian CERT Impersonated in Phishing Campaign Distributing AGEWHEEZE
Gabby Lee April 2, 2026
Ukrainian CERT is impersonated in a phishing campaign that distributes AGEWHEEZE, a remote administration tool.
Depthfirst Secures $80 Million for AI Security Expansion
Cybersecurity
Depthfirst Secures $80 Million for AI Security Expansion
Gabby Lee April 2, 2026
Depthfirst secures Series B funding to enhance AI research, train security models, and boost enterprise adoption.
DeepLoad Malware Poses a Multifaceted Threat with Credential Theft and Extension Installation
News
DeepLoad Malware Poses a Multifaceted Threat with Credential Theft and Extension Installation
Andrew Doyle April 2, 2026
New malware named DeepLoad threatens cybersecurity by deploying a malicious browser extension and spreading via USB drives to steal credentials.
Hasbro Targeted in a Recent Cybersecurity Incident
Cybersecurity
Hasbro Targeted in a Recent Cybersecurity Incident
Andrew Doyle April 2, 2026
Toy manufacturer Hasbro investigates potential data compromise following a cyberattack.
Google Patches Exploited Zero-Day Among 21 Chrome Vulnerabilities
Application Security
Google Patches Exploited Zero-Day Among 21 Chrome Vulnerabilities
Andrew Doyle April 2, 2026
Google addresses 21 vulnerabilities, including a zero-day in Chrome's Dawn component.
FBI Cautions on Security Threats from Chinese Mobile Applications
Cybersecurity
FBI Cautions on Security Threats from Chinese Mobile Applications
Andrew Doyle April 2, 2026
The FBI alerts users about data privacy issues connected to Chinese mobile applications, urging caution.
VBS File Campaign Uses WhatsApp for Multi-Stage Malware Deployment
Application Security
VBS File Campaign Uses WhatsApp for Multi-Stage Malware Deployment
Mitchell Langley April 2, 2026
New campaign exploits WhatsApp to spread Visual Basic Script files, forming a multi-stage infection chain.
Android Malware NoVoice Found Hiding Across 50 Apps on Google Play
Application Security
Android Malware NoVoice Found Hiding Across 50 Apps on Google Play
Gabby Lee April 2, 2026
Android malware NoVoice was stealthily embedded in over 50 apps on Google Play.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Mitchell Langley June 17, 2026
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
Gabby Lee June 17, 2026
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Mitchell Langley June 17, 2026
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle June 17, 2026

TOP CYBERSECURITY HEADLINES

Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps

This Week’s Security Spotlight

Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Mitchell Langley June 17, 2026
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
More In News
Trending
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Lakera’s Gandalf Network Joins Check Point in $300M AI Security Deal
September 17, 2025
Podcasts
Shai-Hulud Exposes Fragility of the Open-Source Software Supply Chain
September 17, 2025
Podcasts
ChatGPT Calendar Vulnerability Exposes User Emails in New AI Attack
September 17, 2025

Cyber Security News

Application Security
IBM WebSphere CVE-2026-8633: CVSS 9.8 No-Auth RCE Flaw Patched
June 2, 2026
NIST Inspector General NVD Backlog Hits 27,000 CVEs
CVE Vulnerability Alerts
NIST Inspector General: NVD Backlog Hits 27,000 CVEs
June 2, 2026
Cybersecurity
TheGentlemen Ransomware Lists US Water Utility Suburban Water
June 2, 2026
Cybersecurity
ShadowByt3$ Ransomware Hits Syngenta’s Cropwise Platform
June 2, 2026
Cybersecurity
UPDATE: Dashlane Confirms Encrypted Vaults Downloaded in Attack
June 2, 2026
Cybersecurity
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
June 2, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Cisco Releases Patches for Critical and High-Severity Vulnerabilities
April 3, 2026
Cisco fixes critical vulnerabilities threatening authentication, code execution, and more.
Stryker Corporation Restores Operations After Cyberattack
April 3, 2026
Stryker Corporation resumes operations after a cyberattack by Handala hacktivists.
Cybersecurity M&A Activity Surges With 38 Deals Closing in March 2026
April 3, 2026
Explore prominent cybersecurity M&A deals announced in March 2026 by Airbus, Cellebrite, and others.
Anthropic Confirms Internal Claude Code Leak Was Caused by Human Error
April 2, 2026
Anthropic confirms internal code leak of Claude Code due to human error, no sensitive data involved.
Microsoft Releases Emergency Fix for KB5079391 Update Installation Failures
April 2, 2026
Microsoft has released an emergency fix for the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to widespread ...
Google Rolls Out Gmail Address Change and Alias Feature in the U.S.
April 2, 2026
Google introduces a feature to change Gmail addresses, enhancing user email customization options in the U.S.
Proton Launches Meet as a Privacy-First Alternative to Google Meet and Zoom
April 2, 2026
Proton introduces Meet, a new video conferencing service focused on privacy.
Anthropic Accidentally Leaked Source Code for Claude Code
April 2, 2026
Anthropic's Claude Code source code leak report assures that no client data was breached.
EvilTokens Kit Uses Device Code Phishing to Target Microsoft Accounts
April 2, 2026
Explore how EvilTokens exploits phishing methods to endanger Microsoft accounts and facilitate business email compromise attacks.
Ukrainian CERT Impersonated in Phishing Campaign Distributing AGEWHEEZE
April 2, 2026
Ukrainian CERT is impersonated in a phishing campaign that distributes AGEWHEEZE, a remote administration tool.
Depthfirst Secures $80 Million for AI Security Expansion
April 2, 2026
Depthfirst secures Series B funding to enhance AI research, train security models, and boost enterprise adoption.
DeepLoad Malware Poses a Multifaceted Threat with Credential Theft and Extension Installation
April 2, 2026
New malware named DeepLoad threatens cybersecurity by deploying a malicious browser extension and spreading via USB drives to steal credentials.
Hasbro Targeted in a Recent Cybersecurity Incident
April 2, 2026
Toy manufacturer Hasbro investigates potential data compromise following a cyberattack.
Google Patches Exploited Zero-Day Among 21 Chrome Vulnerabilities
April 2, 2026
Google addresses 21 vulnerabilities, including a zero-day in Chrome's Dawn component.
FBI Cautions on Security Threats from Chinese Mobile Applications
April 2, 2026
The FBI alerts users about data privacy issues connected to Chinese mobile applications, urging caution.
VBS File Campaign Uses WhatsApp for Multi-Stage Malware Deployment
April 2, 2026
New campaign exploits WhatsApp to spread Visual Basic Script files, forming a multi-stage infection chain.
Android Malware NoVoice Found Hiding Across 50 Apps on Google Play
April 2, 2026
Android malware NoVoice was stealthily embedded in over 50 apps on Google Play.
UK Government Allocates £630,000 for Digital Identity Card Discussion
April 2, 2026
The UK government is investing £630,000 in a panel to examine digital identity card plans, aiming for diverse perspectives and trade-offs.
Hacker Charged in $55 Million Cryptocurrency Heist Involving Smart Contract Exploit
April 2, 2026
Investigators uncover how Jonathan Spalletta leveraged smart contract vulnerabilities, resulting in a major cryptocurrency theft that brought down the...
UNC1069 Linked to Axios NPM Supply Chain Attack for Financial Intrusion
April 2, 2026
Google attributes Axios npm attack to North Korean threat group UNC1069, aiming for financial theft.
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach