Main Menu
Cyber Security
React2Shell Exploit Continues to Deliver Undetected Malware Families
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Microsoft Faces Criticism Over Unresolved .NET Vulnerability
.NET Framework Vulnerability SOAPwn: Impact on Enterprise Applications
Teen Hacker Arrested in Spain for Major Data Breach Scheme
Satellite Signal Interruption Causes Porsche Immobilization in Russia
Ivanti Urges Immediate Patch for Endpoint Manager Vulnerability
Prime Security Secures $20 Million to Advance AI-Powered Security Tools
Microsoft Appoints New Operating CISOs to Enhance AI-Driven Cyberdefense
Fortinet Releases Fixes for Critical Vulnerabilities Affecting FortiOS and Other Products
Adobe’s Comprehensive Security Update Targets Massive Vulnerabilities Array
Microsoft Enhances PowerShell Security With Script Warning Functionality
Microsoft Patches Critical Zero-Day Vulnerability in Windows
Google Introduces Layered Defenses in Chrome to Combat Prompt Injection Vulnerabilities
Microsoft Works to Mitigate Copilot Access Issues in Europe
Equixly Secures $11 Million Investment to Enhance API Penetration Testing Capabilities
Proofpoint Completes Acquisition of Hornetsecurity: A Strategic Move in Cybersecurity
Storm-0249 Exploits EDR and Windows Tools for Ransomware Prep
Mirai-based Broadside Botnet Exploits TBK Vision DVRs in Maritime Sector
Identity Security Firm Saviynt Secures $700 Million in Funding Amid Booming Security Market
EtherRAT Malware Implant Utilizes Linux Persistence Mechanisms in React2Shell Attack
OpenAI Responds to ChatGPT Plus Subscription Controversy Over Ads
Portugal Establishes Legal Safe Harbor for Ethical Hackers
Clickjacking Tactics Exploit SVG and CSS: Understanding the New Threat
IDEsaster: Uncovering Security Flaws in AI-Powered IDEs
FBI Warns of Social Media Images Exploited for Virtual Kidnapping Scams
GlobalProtect Logins and SonicWall APIs Come Under Fire from Hacking Campaign
ASUS Confirms Third-party Breach as Everest Ransomware Group Strikes
India Reverses Decision on Mandating Preinstalled Cybersecurity App on Smartphones
Virginia Brothers Face Conspiracy Charges Over Alleged Data Theft and Database Destruction
HybridPetya Ransomware Bypasses UEFI Secure Boot
Cybersecurity
HybridPetya Ransomware Bypasses UEFI Secure Boot
Gabby Lee September 23, 2025
ESET found HybridPetya, a Petya-style ransomware that exploits CVE-2024-7344 to bypass UEFI Secure Boot, install a bootkit, encrypt MFT clusters, and demand Bitcoin.
Microsoft Fairwater Center: Hyperscale AI Hub Coming To Wisconsin
Cybersecurity
Microsoft Fairwater Center: Hyperscale AI Hub Coming to Wisconsin
Gabby Lee September 23, 2025
Microsoft is building Fairwater, a hyperscale AI data center in Wisconsin with clustered NVIDIA GPUs, closed-loop liquid cooling, and a Datacenter Academy for local workforce ...
SystemBC Turns Infected VPS Hosts Into Global Proxy Highway
Cybersecurity
SystemBC Turns Infected VPS Hosts Into Global Proxy Highway
Mitchell Langley September 23, 2025
SystemBC leverages vulnerable commercial VPS hosts to run a 1,500-node proxy botnet that serves scraping, proxy resale, and high-volume criminal traffic globally.
Clarins Listed by Everest Ransomware Gang on Dark Web Post
Cybersecurity
Clarins Listed by Everest Ransomware Gang on Dark Web Post
Mitchell Langley September 23, 2025
Paris-headquartered luxury skincare maker Clarins has been named on a dark web leak page run by the Everest ransomware gang, ...
Hundreds of NPM Packages Compromised in Self-Replicating Supply Chain Attack
Cybersecurity
Hundreds of NPM Packages Compromised in Self-Replicating Supply Chain Attack
Andrew Doyle September 23, 2025
A worm-style supply chain attack has compromised hundreds of NPM packages, harvesting npm tokens and secrets while propagating across popular JavaScript libraries and developer scopes.
New Kid Warlock Steps Up Ransomware Attacks With SharePoint Exploits
Cybersecurity
New Kid Warlock Steps Up Ransomware Attacks with SharePoint Exploits
Gabby Lee September 23, 2025
Warlock — tracked as Storm 2603 and GOLD SALEM — has surged since March 2025, exploiting SharePoint and other enterprise flaws and listing dozens of ...
Hackers Claim Breach of Italian Post, Researchers Disagree
Cybersecurity
Hackers Claim Breach of Italian Post, Researchers Disagree
Gabby Lee September 23, 2025
Hackers claim to have breached Poste Italiane, but researchers say the data is recycled from older leaks with fabricated fields, meaning no new compromise actually ...
Baltimore Medical System Claimed by Brain Cipher Ransomware
Cybersecurity
Baltimore Medical System Claimed by Brain Cipher Ransomware
Andrew Doyle September 23, 2025
Brain Cipher claims several terabytes stolen from Baltimore Medical System, posting large server and database samples; impact could include medical identity theft for thousands of ...
Hackers Now Going Straight to the Source — Company Data Backups
Cybersecurity
Hackers Now Going Straight to the Source — Company Data Backups
Andrew Doyle September 22, 2025
Hackers are increasingly targeting company backups, with 18% of breaches linked to backup attacks — crippling recovery efforts and highlighting the urgent need for secure, ...
Hackers Claim Attack on the US's Biggest Sushi Supplier — Again?
Cybersecurity
Hackers Claim Attack on the US’s Biggest Sushi Supplier — Again?
Mitchell Langley September 22, 2025
Ransomware gang Lynx claims to have stolen True World Group data, posting invoices and employee records—raising fears of a new breach and business, identity risks.
Security Flaw in Yellow.ai Chatbot Allowed Cookie Theft and Account Hijacking
Cybersecurity
Security Flaw in Yellow.ai Chatbot Allowed Cookie Theft and Account Hijacking
Mitchell Langley September 18, 2025
A critical flaw in Yellow.ai’s chatbot allowed malicious code injection and cookie theft, putting support agent accounts at risk. The vulnerability has been patched.
Russian Gang Claims Breach of U.S. Broadcaster; Executive Passport Exposed
Cybersecurity
Russian Gang Claims Breach of U.S. Broadcaster; Executive Passport Exposed
Gabby Lee September 18, 2025
Termite claims to have exfiltrated News-Press & Gazette data, posting screenshots that show a U.S. passport and employee contact records, heightening identity-theft concerns.
FBI Warns of UNC6040 and UNC6395 Threat Actors Targeting Salesforce
Cybersecurity
FBI Warns of UNC6040 and UNC6395 Threat Actors Targeting Salesforce
Mitchell Langley September 18, 2025
FBI warns that UNC6040 and UNC6395 are exploiting Salesforce through OAuth abuse and stolen tokens to steal corporate data, extort victims, and pivot into cloud ...
Vietnam Credit Bureau Leak Claims Expose 160 Million Financial Records
Cybersecurity
Vietnam Credit Bureau Leak Claims Expose 160 Million Financial Records
Mitchell Langley September 18, 2025
ShinyHunters claims to sell 160 million CIC credit records from Vietnam. Researchers verified samples; authorities confirm a breach and opened an investigation.
Retina Group of Florida and Hampton Regional Medical Center Report Patient Data Breaches
Cybersecurity
Retina Group of Florida and Hampton Regional Medical Center Report Patient Data Breaches
Andrew Doyle September 18, 2025
Retina Group of Florida and Hampton Regional Medical Center disclosed breaches exposing protected health information for approximately 153,000 patients; investigations, notifications, and monitoring are underway ...
ShinyHunters Claims 160 Million Vietnamese Credit Records Stolen From National Database
Cybersecurity
ShinyHunters Claims 160 Million Vietnamese Credit Records Stolen from National Database
Syed Arslan September 16, 2025
ShinyHunters claims 160 million Vietnam credit records stolen from CIC; samples verified by ReSecurity include PII, credit histories, and government IDs with recent timestamps.
Everest Ransomware Gang Names Allegis Group on Dark Web Claiming Client Lists
Cybersecurity
Everest Ransomware Gang Names Allegis Group on Dark Web Claiming Client Lists
Mitchell Langley September 15, 2025
Everest ransomware gang claims Allegis Group documents and client lists were taken; screenshots show spreadsheets of 135,000 and 426,000 lines, researchers warn of phishing risks.
Apple Warns Users of Sophisticated Spyware Attacks Across Multiple Countries
Cybersecurity
Apple Warns Users of Sophisticated Spyware Attacks Across Multiple Countries
Mitchell Langley September 15, 2025
Apple has warned users in over 150 countries of mercenary spyware attacks using zero-days and zero-click exploits, urging Lockdown Mode and emergency security assistance.
Microsoft to Roll Out Built-In Link Warnings for Teams Chats
Cybersecurity
Microsoft to Roll Out Built-In Link Warnings for Teams Chats
Andrew Doyle September 15, 2025
Microsoft will roll out real-time malicious link warnings for Teams chats in September 2025, adding another security layer to protect enterprise users from phishing and ...
National Cyber Director Pushes for Aggressive Cyber Strategy to Shift Risk to Adversaries
Cybersecurity
National Cyber Director Pushes for Aggressive Cyber Strategy to Shift Risk to Adversaries
Gabby Lee September 11, 2025
National Cyber Director Sean Cairncross calls for a unified cyber strategy, urging CISA 2015 reauthorization, IT modernization, and stronger deterrence measures to shift risk onto ...
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
Application Security
Google Patches Gemini Enterprise Vulnerability Exposing Corporate Data
Andrew Doyle December 11, 2025
Docker Hub Data Exposure Puts Thousands of Containers at Risk
Data Security
Docker Hub Data Exposure Puts Thousands of Containers at Risk
Mitchell Langley December 11, 2025
React2Shell Exploit Continues to Deliver Undetected Malware Families
Cybersecurity
React2Shell Exploit Continues to Deliver Undetected Malware Families
Mitchell Langley December 11, 2025
Storm-0249 Exploits EDR and Windows Tools for Ransomware Prep
Application Security
Storm-0249 Exploits EDR and Windows Tools for Ransomware Prep
Mitchell Langley December 11, 2025

TOP CYBERSECURITY HEADLINES

Docker Hub Data Exposure Puts Thousands of Containers at Risk
Data Security
Docker Hub Data Exposure Puts Thousands of Containers at Risk
React2Shell Exploit Continues to Deliver Undetected Malware Families
Cybersecurity
React2Shell Exploit Continues to Deliver Undetected Malware Families
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Application Security
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Microsoft Faces Criticism Over Unresolved .NET Vulnerability
Application Security
Microsoft Faces Criticism Over Unresolved .NET Vulnerability

This Week’s Security Spotlight

Why Insuring Keith Richards' Fingers Highlights Risk Management in Cybersecurity
Cybersecurity
Why Insuring Keith Richards’ Fingers Highlights Risk Management in Cybersecurity
Andrew Doyle December 11, 2025
ASUS Confirms Third-party Breach as Everest Ransomware Group Strikes
Endpoint Security
ASUS Confirms Third-party Breach as Everest Ransomware Group Strikes
Mitchell Langley December 8, 2025
Russian Internet Authority Blocks Roblox Over Content Concerns
Cybersecurity
Russian Internet Authority Blocks Roblox Over Content Concerns
Mitchell Langley December 5, 2025
React Server Components' Security Flaw Risks Unauthenticated Remote Code Execution
CVE Vulnerability Alerts
React Server Components’ Security Flaw Risks Unauthenticated Remote Code Execution
Andrew Doyle December 5, 2025
More In News
Trending
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Phoenix Attack Breaks DDR5 Rowhammer Defenses: Root in 109 Seconds
September 16, 2025
Podcasts
Silent Push Raises $10M Series B to Expand Threat Intelligence Platform
September 16, 2025
Podcasts
Google Accused of Shadow Lobbying Against California Privacy Opt-Out Law
September 16, 2025

Cyber Security News

Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
Cybersecurity
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
November 17, 2025
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
Application Security
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
November 17, 2025
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
Application Security
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
November 17, 2025
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
Cybersecurity
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
November 17, 2025
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
Cybersecurity
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
November 17, 2025
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Application Security
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
November 17, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Microsoft Warns of New XCSSET macOS Malware Variant Targeting Xcode Devs
September 30, 2025
Microsoft detects a new XCSSET variant targeting Xcode projects with clipboard hijacking, Firefox data theft, and LaunchDaemon persistence—inspect builds, patch systems, and harden CI pipelines.
Maryland Department of Transportation Confirms Data Loss in Rhysida Ransomware Attack
September 30, 2025
Rhysida claims to have stolen MDOT employee IDs and background checks and demands 30 BTC; MDOT confirms data loss while investigators and responders work to ...
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
September 30, 2025
The Co-operative Group has disclosed over $100 million in profit losses from the April 2025 Scattered Spider cyberattack. The breach caused £206 million in lost ...
Texas Compliance Vendor Exposes 40K+ Sensitive DOT Records in S3 Leak
September 30, 2025
Misconfigured S3 storage exposed 18,000 Social Security cards and 23,000 driver licenses tied to AJT Compliance’s DOT SHIELD, putting Texas truckers at high risk of ...
Jaguar Land Rover Cyberattack Fallout: £1.5B UK Bailout Sparks Fears of More Attacks
September 30, 2025
Jaguar Land Rover (JLR), one of the UK’s largest exporters and a key anchor of the nation’s automotive supply chain, has been brought to the ...
ICO Fines U.K. Energy Firms £550K for Unlawful Robo Marketing Calls
September 30, 2025
The ICO fined two U.K. energy companies £550K for unlawful robo-calls that targeted vulnerable individuals. Consumers are urged to register with TPS and report suspicious ...
UK Arrests Suspect in Ransomware Attack That Disrupted European Airports
September 30, 2025
UK police arrested a suspect in the Collins Aerospace MUSE ransomware attack that disrupted major European airports; investigators continue forensic work while airports rely on ...
Dark Web Monitoring Guide for CISOs: Turning Shadows into Signals
September 30, 2025
Dark web monitoring gives CISOs early warning of breaches, ransomware, and credential leaks. Turning intelligence into action helps enterprises anticipate attacks instead of merely reacting.
CISA’s Sunset Clause: What Happens if America’s Cyber Threat Shield Expires?
September 30, 2025
The Cybersecurity Information Sharing Act (CISA), first enacted in 2015, is facing a critical expiration deadline in September 2025. Without reauthorization, the law that shields ...
GhostSec – From Hacktivist to Ransomware Warlord
September 30, 2025
GhostSec evolved from hacktivist roots into a hybrid ransomware threat, using GhostLocker to target global sectors with encryption, extortion, and high-impact double-extortion campaigns.
How to Remove a Hacker’s Access From a Hacked Device
September 30, 2025
Hacked phones can expose sensitive data to fraud, identity theft, and financial loss. This guide explains how to spot signs of compromise, regain control through ...
5 Cybersecurity Blind Spots Most Companies Ignore
September 30, 2025
Cyberattacks often exploit overlooked weaknesses, not just firewalls or antivirus gaps. This article highlights five common cybersecurity blind spots—shadow IT, poor access controls, unpatched systems, ...
Crypto Theft on macOS: XCSSET Malware Swaps Wallet Addresses in Real Time
September 29, 2025
A new and more dangerous variant of the XCSSET macOS malware has been uncovered by Microsoft, revealing an expanded arsenal of capabilities aimed at financial ...
Nine High-Severity Vulnerabilities Expose Cognex Legacy Cameras to Cyber Threats
September 29, 2025
Cybersecurity researchers at Nozomi Networks have uncovered nine high-severity vulnerabilities in several older models of Cognex industrial cameras, including the widely deployed In-Sight 2000, 7000, ...
Microsoft Cuts Services to Israeli Military Unit After Surveillance Revelations
September 29, 2025
Microsoft has taken the unprecedented step of cutting off services to an Israeli military unit after internal and external investigations revealed its cloud and AI ...
Ghana, Senegal, Ivory Coast at the Center of Interpol’s Multi-Nation Cybercrime Takedown
September 29, 2025
Interpol has announced the results of a sweeping cybercrime operation across 14 African nations, leading to the arrest of 260 individuals behind romance scams and ...
Legislative Shifts in Cybersecurity: Analyzing the Impact of EU and UK Cyber Laws
September 29, 2025
How will Europe’s new cyber laws change operational risk? This analysis explains the impact of the EU Cyber Solidarity Act and the UK CSRB on ...
Cisco ASA 5500-X Devices Under Attack: U.S. CISA Issues Emergency Directive
September 29, 2025
CISA has issued an emergency directive following active exploitation of Cisco ASA 5500-X firewalls. Federal agencies must audit and patch devices immediately, as vulnerabilities allow ...
Harrods Data Breach Exposes Customer Details in Third-Party Hack
September 29, 2025
Britain is facing a troubling wave of cyberattacks that has shaken some of its most high-profile organizations. Harrods, the world-renowned luxury retailer, confirmed that customer ...
Teen Suspect in Scattered Spider Casino Hacks Allegedly Holds $1.8M Bitcoin
September 29, 2025
A 17-year-old accused of aiding the 2023 MGM and Caesars cyberattacks faces six felony charges. Linked to Scattered Spider, prosecutors allege he holds $1.8M in ...
Docker Hub Data Exposure Puts Thousands of Containers at Risk
React2Shell Exploit Continues to Deliver Undetected Malware Families
Microsoft Advances Teams Security With New Suspicious Traffic Analysis Feature
Microsoft Faces Criticism Over Unresolved .NET Vulnerability
.NET Framework Vulnerability SOAPwn: Impact on Enterprise Applications
Teen Hacker Arrested in Spain for Major Data Breach Scheme
Satellite Signal Interruption Causes Porsche Immobilization in Russia
Ivanti Urges Immediate Patch for Endpoint Manager Vulnerability
Prime Security Secures $20 Million to Advance AI-Powered Security Tools
Microsoft Appoints New Operating CISOs to Enhance AI-Driven Cyberdefense
Fortinet Releases Fixes for Critical Vulnerabilities Affecting FortiOS and Other Products
Adobe’s Comprehensive Security Update Targets Massive Vulnerabilities Array
Microsoft Enhances PowerShell Security With Script Warning Functionality
Microsoft Patches Critical Zero-Day Vulnerability in Windows
Google Introduces Layered Defenses in Chrome to Combat Prompt Injection Vulnerabilities
Microsoft Works to Mitigate Copilot Access Issues in Europe
Equixly Secures $11 Million Investment to Enhance API Penetration Testing Capabilities
Proofpoint Completes Acquisition of Hornetsecurity: A Strategic Move in Cybersecurity
Storm-0249 Exploits EDR and Windows Tools for Ransomware Prep
Mirai-based Broadside Botnet Exploits TBK Vision DVRs in Maritime Sector