Cyber Security
ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently
Apple Hide My Email Still Leaks Real Addresses After Claimed Fix
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Unit 42 Confirms 13,000 Malicious Phantom Squatting Sites
Trump Administration Lifts Claude Fable 5 Access Restrictions
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
DeepSeek Built Browser Ransomware Using Chrome File System API
Scattered Spider Suspect Peter Stokes Extradited From Finland
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
BioShocking Attack Turns AI Browsers Into Credential Thieves
Working Exploit Published for LoadMaster CVE-2026-8037 RCE
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
Three Daktronics Controller Flaws Allow Remote Highway Sign Hijack
Gitea CVE-2026-20896 Auth Bypass Exploited via One HTTP Header
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store
A 'By Design' Flaw in Anthropic's MCP Could Enable Widespread AI Supply Chain Attacks
Cybersecurity
A ‘By Design’ Flaw in Anthropic’s MCP Could Enable Widespread AI Supply Chain Attacks
A newly discovered flaw in Anthropic's Model Context Protocol allows unsanitized command execution, endangering AI environments.
Capsule Security Secures $7 Million to Protect AI Agents at Runtime
Cybersecurity
Capsule Security Secures $7 Million to Protect AI Agents at Runtime
Capsule Security emerges from stealth with $7 million funding to secure AI agents.
France's Rising Kidnapping Cases Amid Crypto Extortion Schemes
Cybersecurity
France’s Rising Kidnapping Cases Amid Crypto Extortion Schemes
French mother and child rescued after 20-hour kidnap, exposing extortion threats tied to crypto wealth.
Over 100 Malicious Chrome Extensions Are Stealing User Data and Creating Backdoors
Application Security
Over 100 Malicious Chrome Extensions Are Stealing User Data and Creating Backdoors
Over 100 Chrome extensions are stealing user data and creating backdoor vulnerabilities, posing significant threats to cybersecurity.
Modern Trucking's Cybersecurity Imperative - Industry Leaders Address Digital Threats
Cybersecurity
Modern Trucking’s Cybersecurity Imperative: Industry Leaders Address Digital Threats
Trucks transformed into digital networks face cybersecurity risks.
Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
Application Security
Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
Microsoft addresses critical Windows 10 vulnerabilities with its April 2026 security patches.
Fake Ledger Live App on macOS Drains $9.5 Million From Victims
Application Security
Fake Ledger Live App on macOS Drains $9.5 Million From Victims
Fake Ledger Live app drains $9.5 million from 50 victims via Apple's App Store. Investigating infiltration tactics.
Basic-Fit Data Breach Exposes Personal Information of One Million Members
Cybersecurity
Basic-Fit Data Breach Exposes Personal Information of One Million Members
A data breach at Basic-Fit has exposed sensitive data of one million members, including names, birth dates, and bank details.
McGraw-Hill Data Breach - Salesforce Misconfiguration Exploited by Hackers
Cybersecurity
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
McGraw-Hill's data breach involved a Salesforce misconfiguration, exposing sensitive information.
Critical Security Flaws in Composer Put PHP Applications at Risk
Application Security
Critical Security Flaws in Composer Put PHP Applications at Risk
Two severe security vulnerabilities identified in PHP's Composer might allow arbitrary command execution.
Adobe's ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Application Security
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Adobe patches 55 vulnerabilities across 11 products, with ColdFusion flaws deemed highly exploitable.
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Application Security
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Microsoft introduces a fast-track process for developers facing sudden account suspensions in the Windows Hardware Program.
Cyberwarfare Within the Underground - Ransomware Gangs Clash
News
Cyberwarfare Within the Underground: Ransomware Gangs Clash
Rival ransomware gangs in a conflict as 0APT warns of exposing Krybit affiliates.
Google Enhances Pixel Security with Rust-Based DNS Parser
Application Security
Google Enhances Pixel Security with Rust-Based DNS Parser
Google's Rust-based DNS parser improves Pixel security by addressing vulnerabilities through memory-safe code integration.
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
Cybersecurity
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
International collaboration exposes $45M in stolen cryptocurrency; $12M recovered in law enforcement play.
Stolen Credentials and Zero Trust - Preventing Privilege Escalation in Security Breaches
Cybersecurity
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
Stolen credentials often lead to unchecked privilege escalation and security breaches, but identity-first Zero Trust offers a strategic solution.
Cybersecurity
Cybercriminals Use Ad Fraud With AI and SEO Tactics to Push Scareware
Novel ad fraud scheme employs AI and SEO techniques to push deceptive content and trick users.
JanelaRAT - Continuing Threat to Latin American Financial Institutions
Cybersecurity
JanelaRAT: Continuing Threat to Latin American Financial Institutions
Latin America's financial sector faces advanced cyber threats from JanelaRAT malware targeting crucial financial data.
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform W3LL
News
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform “W3LL”
The FBI and Indonesian authorities have dismantled the global phishing platform "W3LL" and arrested its alleged creator in the first joint enforcement...
Phony Root Certificate Scheme Puts Open Source Developers at Risk
News
Phony Root Certificate Scheme Puts Open Source Developers at Risk
Cyber attackers use Google-hosted pages to trick open source developers with fake credentials and take control.
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Over 100 Malicious Chrome Extensions Are Stealing User Data and Creating Backdoors
Over 100 Chrome extensions are stealing user data and creating backdoor vulnerabilities, posing significant threats to cybersecurity.
Modern Trucking’s Cybersecurity Imperative: Industry Leaders Address Digital Threats
Trucks transformed into digital networks face cybersecurity risks.
Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
Microsoft addresses critical Windows 10 vulnerabilities with its April 2026 security patches.
Fake Ledger Live App on macOS Drains $9.5 Million From Victims
Fake Ledger Live app drains $9.5 million from 50 victims via Apple's App Store. Investigating infiltration tactics.
Basic-Fit Data Breach Exposes Personal Information of One Million Members
A data breach at Basic-Fit has exposed sensitive data of one million members, including names, birth dates, and bank details.
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
McGraw-Hill's data breach involved a Salesforce misconfiguration, exposing sensitive information.
Critical Security Flaws in Composer Put PHP Applications at Risk
Two severe security vulnerabilities identified in PHP's Composer might allow arbitrary command execution.
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Adobe patches 55 vulnerabilities across 11 products, with ColdFusion flaws deemed highly exploitable.
Microsoft Rolls Out Fast-Track Account Recovery for Windows Hardware Program Suspensions
Microsoft introduces a fast-track process for developers facing sudden account suspensions in the Windows Hardware Program.
Cyberwarfare Within the Underground: Ransomware Gangs Clash
Rival ransomware gangs in a conflict as 0APT warns of exposing Krybit affiliates.
Google Enhances Pixel Security with Rust-Based DNS Parser
Google's Rust-based DNS parser improves Pixel security by addressing vulnerabilities through memory-safe code integration.
US, UK, and Canadian Forces Execute Successful Anti-Cryptocurrency Theft Operation
International collaboration exposes $45M in stolen cryptocurrency; $12M recovered in law enforcement play.
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
Stolen credentials often lead to unchecked privilege escalation and security breaches, but identity-first Zero Trust offers a strategic solution.
Cybercriminals Use Ad Fraud With AI and SEO Tactics to Push Scareware
Novel ad fraud scheme employs AI and SEO techniques to push deceptive content and trick users.
JanelaRAT: Continuing Threat to Latin American Financial Institutions
Latin America's financial sector faces advanced cyber threats from JanelaRAT malware targeting crucial financial data.
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform “W3LL”
The FBI and Indonesian authorities have dismantled the global phishing platform "W3LL" and arrested its alleged creator in the first joint enforcement...
Phony Root Certificate Scheme Puts Open Source Developers at Risk
Cyber attackers use Google-hosted pages to trick open source developers with fake credentials and take control.
Information Theft Revolutionized: No Local Decryption in This Security Threat
Storm infostealer bypasses local decryption in browsers, hijacks sessions and passwords.
Booking.com Confirms Unauthorized Access Compromising User Data
Unauthorized access at Booking.com exposes user and reservation data, raising cybersecurity concerns.
LinkedIn’s Browser Extension Draws Corporate Espionage Allegations
Examination of allegations linking LinkedIn's browser extension to corporate espionage conducted by Microsoft.