Main Menu
Cyber Security
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Indian Government Issues High-Severity Warning for Google Chrome Users
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
Google’s AI-Powered Search Signals the Return of Ads: What it Means for Security and Strategy
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
Hackers Claim Breach of Viz Media Executive Account, Exfiltrating 250GB of Corporate Data
Russian Police Arrest Teenagers Behind Meduza Infostealer Operation
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers
Former L3Harris Executive Admits to Selling Classified Cybersecurity Data to Russian Exploit Dealer
WhatsApp Enhances Security With Passkey-Enforced Encrypted Chat Backups
Critical “Brash” Vulnerability in Chromium’s Blink Engine Can Instantly Crash Browsers
OpenAI Upgrades GPT-5 to Better Handle Conversations Involving Emotional Distress
Surge in NFC Relay Malware Hits Android Users Across Eastern Europe
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
Proton Launches Dark Web Data Breach Observatory to Expose Hidden Cyber Threats
PhantomRaven Campaign Exploits AI Package Suggestions to Get into Developer Systems
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
Phoenix Contact UPS Vulnerabilities: Critical Flaws May Cause Denial-of-Service
Fuji Electric HMI Configurator Flaws: Industrial Software Vulnerabilities Expose Hack Risks
Atroposia Malware Now Comes With Built-In Local Vulnerability Scanner
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
LameHug Malware Uses AI-Powered Language Model to Launch Dynamic Windows Data Theft
News
LameHug Malware Uses AI-Powered Language Model to Launch Dynamic Windows Data Theft
Andrew Doyle July 18, 2025
LameHug malware uses an AI language model to craft system commands on the fly, targeting Windows machines in attacks linked to Russian-backed APT28.
Louis Vuitton Confirms Multi-Country Data Breaches Linked to Single Cyberattack
News
Louis Vuitton Confirms Multi-Country Data Breaches Linked to Single Cyberattack
Mitchell Langley July 18, 2025
Luxury fashion house Louis Vuitton confirmed that recent customer data breaches in the UK, South Korea, and Turkey all trace back to a single cyberattack ...
Cisco ISE Vulnerability Exposes Critical Remote Code Execution Risk Across Enterprise Networks
News
Cisco ISE Vulnerability Exposes Critical Remote Code Execution Risk Across Enterprise Networks
Mitchell Langley July 18, 2025
A critical Cisco ISE vulnerability (CVE-2025-20337) exposes systems to remote code execution and root access. Enterprises must upgrade to Patch 7 or Patch 2 immediately. ...
Chinese APT Group Salt Typhoon Breaches U.S. National Guard Network, Steals Critical Configuration Files
News
Chinese APT Group Salt Typhoon Breaches U.S. National Guard Network, Steals Critical Configuration Files
Andrew Doyle July 18, 2025
Salt Typhoon, a Chinese state-backed hacking group, quietly breached a U.S. Army National Guard network for nine months, stealing sensitive configuration files and credentials.
Phishing Scam Costs Nebraska School District $1.8 Million in Construction Funds
News
Phishing Scam Costs Nebraska School District $1.8 Million in Construction Funds
Mitchell Langley July 17, 2025
A phishing email targeting a real construction project led Broken Bow Public Schools in Nebraska to mistakenly transfer $1.8 million to cybercriminals.
Chinese Cyber-Espionage Group Infiltrates Army National Guard Network Across the US
News
Chinese Cyber-Espionage Group Infiltrates Army National Guard Network Across the US
Andrew Doyle July 17, 2025
Salt Typhoon, a Chinese cyber-espionage group, infiltrated a US state's Army National Guard network, exfiltrating sensitive data and threatening nationwide cybersecurity coordination efforts.
Chinese State-Backed Hackers Breach U.S. Army National Guard Network in Espionage Campaign
News
Chinese State-Backed Hackers Breach U.S. Army National Guard Network in Espionage Campaign
Mitchell Langley July 17, 2025
Chinese hackers known as Salt Typhoon infiltrated a U.S. state’s Army National Guard network, accessing sensitive data tied to every other state and four territories. ...
Scattered Spider-Attack Hits Co-op, Exposes Data of 6.5 Million Members
News
Scattered Spider-Attack Hits Co-op, Exposes Data of 6.5 Million Members
Andrew Doyle July 17, 2025
UK retailer Co-op confirms a cyberattack in April stole personal data of 6.5 million members. Threat actors linked to Scattered Spider used social engineering tactics. ...
Active-Duty U.S. Soldier Pleads Guilty to Hacking and Extortion of Telecom Giants
News
Active-Duty U.S. Soldier Pleads Guilty to Hacking and Extortion of Telecom Giants
Mitchell Langley July 17, 2025
A 21-year-old U.S. Army soldier pleaded guilty to hacking and extorting major telecom firms using stolen credentials, SSH brute tools, SIM-swapping, and cybercrime forums.
Episource Data Breach Hits Over 5 Million Patients, Sensitive Medical and Insurance Data Potentially Exposed
News
Episource Data Breach Hits Over 5 Million Patients, Sensitive Medical and Insurance Data Potentially Exposed
Andrew Doyle July 16, 2025
A cyberattack on Episource, a UnitedHealth subsidiary, compromised the personal and medical data of over five million patients, including Social Security and health insurance details. ...
Abacus Market Disappears in Suspected Exit Scam After Handling $300 Million in Darknet Transactions
News
Abacus Market Disappears in Suspected Exit Scam After Handling $300 Million in Darknet Transactions
Mitchell Langley July 16, 2025
Abacus Market, a major darknet platform for drug trade, has abruptly gone offline, sparking suspicions of a large-scale exit scam involving millions in crypto.
DragonForce Claims Cyberattack on US Retail Giant Belk, Leaks 156GB of Sensitive Customer and Employee Data
News
DragonForce Claims Cyberattack on US Retail Giant Belk, Leaks 156GB of Sensitive Customer and Employee Data
Mitchell Langley July 16, 2025
Hackers from the DragonForce ransomware group claim to have breached US retailer Belk, leaking 156GB of customer orders, employee profiles, and mobile app data.
Diskstation Ransomware Gang Dismantled After Years of Targeting NAS Devices Across Europe
News
Diskstation Ransomware Gang Dismantled After Years of Targeting NAS Devices Across Europe
Mitchell Langley July 16, 2025
Authorities dismantled the Diskstation ransomware group targeting NAS devices since 2021, arresting the primary suspect in Romania after seizing evidence during international raids.
Consentik Breach Exposes Hundreds of Shopify Stores to Admin Takeovers and Data Theft
News
Consentik Breach Exposes Hundreds of Shopify Stores to Admin Takeovers and Data Theft
Mitchell Langley July 16, 2025
A misconfigured Shopify plugin leaked sensitive access tokens and analytics, leaving hundreds of e-commerce businesses vulnerable to admin-level compromise and malicious exploitation.
Why is Activity Logging Crucial for Detecting Cyberattacks
Blog
Why is Activity Logging Crucial for Detecting Cyberattacks
Mitchell Langley July 15, 2025
Activity logging uncovers cyber threats, insider abuse, and compliance gaps. Discover why it’s the foundation of effective detection, response, and long-term security strategy.
SafePay Ransomware: LockBit’s Lonewolf Ghost
Resources
SafePay Ransomware: LockBit’s Lonewolf Ghost
Andrew Doyle July 15, 2025
SafePay is a centralized ransomware group leveraging LockBit-derived code, stealthy infiltration, and rapid encryption—targeting SMEs and MSPs globally without using affiliates or public channels.
Saudi Industrial Giant Rezayat Group Listed on Dark Web After Alleged Everest Ransomware Breach
News
Saudi Industrial Giant Rezayat Group Listed on Dark Web After Alleged Everest Ransomware Breach
Andrew Doyle July 15, 2025
Saudi-based Rezayat Group has allegedly been breached by the Everest ransomware gang, with hackers claiming to have stolen 10GB of sensitive corporate and client data. ...
Interlock Ransomware Now Deploying FileFix to Deliver RAT Payloads via Social Engineering
News
Interlock Ransomware Now Deploying FileFix to Deliver RAT Payloads via Social Engineering
Mitchell Langley July 15, 2025
Interlock Ransomware Switches to FileFix for Stealthy RAT Delivery The Interlock ransomware operation has adopted a new delivery mechanism known as FileFix, using it to ...
Gigabyte Firmware Vulnerabilities Expose Over 240 Motherboards to Stealth UEFI Malware Attacks
News
Gigabyte Firmware Vulnerabilities Expose Over 240 Motherboards to Stealth UEFI Malware Attacks
Mitchell Langley July 15, 2025
Gigabyte motherboards face critical firmware flaws that enable stealthy UEFI malware to bypass Secure Boot, posing long-term risks to systems in enterprise and industrial environments. ...
Louis Vuitton UK Confirms Customer Data Breach Amid Growing Wave of Retail Cyberattacks
News
Louis Vuitton UK Confirms Customer Data Breach Amid Growing Wave of Retail Cyberattacks
Mitchell Langley July 15, 2025
Louis Vuitton UK confirms a data breach exposing customer PII, marking the latest in a string of high-profile retail cyberattacks across the country this year. ...
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
Application Security
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
Gabby Lee November 4, 2025
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
Data Security
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
Gabby Lee November 3, 2025
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
News
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
Andrew Doyle November 2, 2025
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Cybersecurity
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Andrew Doyle October 29, 2025

TOP CYBERSECURITY HEADLINES

Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
News
Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
Former Jabber Zeus Developer Extradited to U.S. to Face Cybercrime Charges
News
Former Jabber Zeus Developer Extradited to U.S. to Face Cybercrime Charges
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
Cybersecurity
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel

This Week’s Security Spotlight

OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Data Security
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Andrew Doyle November 2, 2025
Former L3Harris Executive Admits to Selling Classified Cybersecurity Data to Russian Exploit Dealer
Cybersecurity
Former L3Harris Executive Admits to Selling Classified Cybersecurity Data to Russian Exploit Dealer
Andrew Doyle October 31, 2025
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
Cybersecurity
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
Andrew Doyle October 30, 2025
More In News
Trending
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
11 Types of Social Engineering Attacks and How to Prevent Them
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
Embassy Breach Alert: Iranian Hackers Exploit 100+ Email Accounts via Phishing

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
CrowdStrike Acquires Pangea to Launch AI Detection and Response (AIDR)
September 17, 2025
Podcasts
RaccoonO365: $100K Phishing-as-a-Service Scheme Taken Down
September 17, 2025
Podcasts
AI-Generated Phishing and Deepfakes Supercharge Social Engineering Attacks
September 16, 2025

Cyber Security News

Lynx Claims Ransomware Intrusion at TriMed Subsidiary of Henry Schein
Cybersecurity
Lynx Claims Ransomware Intrusion at TriMed Subsidiary of Henry Schein
October 6, 2025
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
Cybersecurity
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
October 5, 2025
DrayTek Vigor RCE Vulnerability Prompts Urgent Firmware Updates
Cybersecurity
DrayTek Vigor RCE Vulnerability Prompts Urgent Firmware Updates
October 5, 2025
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
Cybersecurity
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
October 2, 2025
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
Cybersecurity
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
October 2, 2025
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
Cybersecurity
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
October 2, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Healthplex Fined $2M After Phishing-Driven Data Breach Exposed Tens Of Thousands
August 18, 2025
A phishing click at Healthplex exposed tens of thousands’ health data; delayed reporting triggered a $2 million DFS fine and a mandatory independent MFA audit.
Bragg Discloses Cybersecurity Incident; Says Impact Appears Limited
August 18, 2025
Bragg Gaming Group detected a cybersecurity incident on August 16, 2025. Preliminary findings say the impact was internal only, with no indication personal data was ...
WestJet Data Breach Exposes Passenger Details, Including Names, DOB and Travel Details
August 18, 2025
WestJet confirms a June cyberattack exposed passenger details but not payment data. The airline offers two years of TransUnion monitoring and identity restoration while the ...
Crypto24 Ransomware: The Phantom Encryptor
August 18, 2025
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal, encrypt, and leak sensitive data.
Charon Ransomware: Stealthy Cyber Extortion Syndicate
August 18, 2025
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing a severe threat to critical ...
U.S. Seizes $1M in Cryptocurrency from BlackSuit Ransomware Gang
August 18, 2025
U.S. agencies seized over $1 million in cryptocurrency and critical infrastructure from the BlackSuit ransomware gang. While the takedown marks progress, core members have already ...
Citrix NetScaler Zero-Day Breach Hits Critical Dutch Infrastructure
August 18, 2025
A Citrix NetScaler zero-day, CVE-2025-6543, has been exploited in the wild, leading to breaches of Dutch critical infrastructure. Thousands of devices remain unpatched worldwide, prompting ...
Why Supply Chain Security is a 2025 Cyber Priority
August 18, 2025
Supply chain security has become a top cybersecurity priority in 2025. Weak vendor defenses, low visibility, and nation-state attacks are fueling breaches, underscoring the urgent ...
Fortinet Warns of FortiSIEM Zero-Day CVE-2025-25256 Critical RCE Flaw
August 18, 2025
Fortinet has patched CVE-2025-25256, a FortiSIEM vulnerability rated CVSS 9.8 that allows unauthenticated remote code execution. Exploit code is active in the wild, and security ...
Quantum Key Distribution Faces Real-World Cybersecurity Risks
August 18, 2025
Quantum Key Distribution (QKD) is often described as unbreakable, but recent research exposes flaws in real-world systems. From photorefraction and side-channel attacks to theoretical weaknesses, ...
Cybercrime Groups ShinyHunters and Scattered Spider Collaborate in Extortion Attacks
August 18, 2025
A possible alliance between ShinyHunters, Scattered Spider, and Lapsu$ points to a new wave of coordinated cybercrime. By merging social engineering and data theft, these ...
Thorium: CISA’s New Open-Source Malware Analysis and Forensic Platform
August 18, 2025
CISA has released Thorium, an open-source platform for malware analysis and digital forensics. Built with automation and scalability, it enables security teams to analyze millions ...
FBI Flags $9.9M in Losses from Crypto Recovery Scams
August 18, 2025
The FBI warns of a growing wave of “crypto recovery scams,” where fraudsters pose as attorneys or law firms to exploit victims of earlier crypto ...
Cisco’s Critical FMC RADIUS Vulnerability: CVSS 10.0 Remote Code Execution Risk
August 18, 2025
Cisco’s CVE-2025-20188 vulnerability, rated CVSS 10.0, exposes IOS XE devices and Firepower Management Center to unauthenticated remote code execution. The flaw, caused by a hard-coded ...
U.S. Sanctions Grinex, the Russian Crypto Exchange Born from Garantex’s Ashes
August 15, 2025
The U.S. Department of the Treasury has announced sweeping sanctions against Grinex, a Russian-linked cryptocurrency exchange identified as the direct successor to the previously sanctioned ...
Canadian House of Commons Breach Tied to Microsoft SharePoint Zero-Day
August 15, 2025
On August 8th, 2025, hackers breached the Canadian House of Commons by exploiting a critical Microsoft SharePoint zero-day vulnerability—CVE-2025-53770—with a severity score of 9.8. The ...
Norwegian Authorities Blame Pro-Russian Hackers for Critical Infrastructure Breach
August 15, 2025
In April 2025, Norway experienced a chilling reminder of the risks facing its critical infrastructure when pro-Russian hackers took control of the Lake Risevatnet dam ...
MadeYouReset: New HTTP/2 Flaw Could Unleash Massive DDoS Storms
August 15, 2025
A newly disclosed HTTP/2 vulnerability—dubbed MadeYouReset (CVE-2025-8671)—is making waves across the cybersecurity community for its potential to power devastating Denial-of-Service attacks. Building on the 2023 ...
Cybersecurity Budgets Hit Historic Slowdown as Global Tensions Mount
August 15, 2025
Global cybersecurity strategies are being tested like never before as organizations face the dual pressure of escalating cyber threats and shrinking budgets. Both IANS and ...
CFE Data Leak Exposes 600GB Of Internal Logs of Mexico’s Power Operations
August 15, 2025
Over 600GB of CFE network and security logs were publicly exposed for years, potentially enabling attackers to map weaknesses and target Mexico’s industrial control systems.
Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
Former Jabber Zeus Developer Extradited to U.S. to Face Cybercrime Charges
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Indian Government Issues High-Severity Warning for Google Chrome Users
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
Australia Issues Urgent Warning as Cisco IOS XE Exploit Sees Ongoing Attacks
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
Google’s AI-Powered Search Signals the Return of Ads: What it Means for Security and Strategy
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
Hackers Claim Breach of Viz Media Executive Account, Exfiltrating 250GB of Corporate Data
Russian Police Arrest Teenagers Behind Meduza Infostealer Operation
Trend Vision One Identity Security Review: Unified Identity-Centric Threat Detection and Risk Management for the Enterprise
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers