Main Menu
Cyber Security
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Under Armour Account Breach: 72.7 Million Accounts Impacted
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
Serious Bugs in Chainlit Could Expose Sensitive Credentials
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Google Chrome Introduces Option to Delete Local AI Models
Tennessee Hacker Admits Guilt in Supreme Court Filing System Breach
Monnai Secures $12 Million to Bolster Identity and Risk Data Services
New Chrome Extensions Disguised as HR Tools Pose Security Threat
Verizon Offers Compensation after Nationwide Wireless Service Outage
Microsoft Patch Tuesday Update Sparks Unrest in PCs
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
Project Eleven Secures $20 Million Funding to Propel Post-Quantum Security
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
XSS Vulnerability in StealC Malware’s Control Panel Uncovered
Analyzing AI in Security Testing: SQL Injection Strong yet Fails in Controls
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
Critical Security Vulnerabilities: Redis Found at Risk of Unauthenticated RCE
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Visual Studio Code’s Copilot Studio Extension Now Widely Available
AWS CodeBuild Critical Security Flaw Exposed GitHub Repositories
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Mitchell Langley November 11, 2025
Sensitive credentials and configuration secrets tied to high-profile artificial intelligence (AI) companies were found exposed on public GitHub repositories, potentially ...
Critical Vulnerability in 'expr-eval' Library Enables Remote Code Execution
Application Security
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
Mitchell Langley November 11, 2025
A critical flaw in the popular JavaScript library expr-eval allows remote code execution through unsafe expression parsing. With over 800,000 weekly NPM downloads, the issue ...
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
News
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Gabby Lee November 11, 2025
Cybercriminals are increasingly using LinkedIn to launch phishing campaigns targeting executives through direct messages. By exploiting professional trust and bypassing email defenses, attackers deliver malicious ...
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Cybersecurity
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Andrew Doyle November 11, 2025
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Application Security
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Mitchell Langley November 11, 2025
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CVE Vulnerability Alerts
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
Gabby Lee November 11, 2025
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Application Security
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Andrew Doyle November 11, 2025
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Cybersecurity
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Mitchell Langley November 11, 2025
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
Route Redirect Automates Large-Scale Microsoft 365 Phishing
News
Route Redirect Automates Large-Scale Microsoft 365 Phishing
Gabby Lee November 11, 2025
Researchers uncovered Quantum Route Redirect, a phishing-as-a-service platform using over 1,000 fake Microsoft 365 domains to automate credential theft. With geo-fencing, redirect cloaking, and evasion ...
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Application Security
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Andrew Doyle November 10, 2025
NAKIVO has released Backup & Replication v11.1, adding real-time replication, enhanced Proxmox VE integration, granular physical backups, and MSP Direct Connect. The update boosts disaster ...
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Cybersecurity
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Andrew Doyle November 10, 2025
Microsoft researchers revealed Whisper Leak, a side-channel flaw that allows attackers to infer AI chat content through encrypted HTTPS traffic analysis. By studying packet sizes ...
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Application Security
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Gabby Lee November 10, 2025
Security researchers disclosed three severe runC vulnerabilities (CVE-2024-21626, -23651, -23652) enabling container escapes in Docker and Kubernetes. The flaws allow host-level command injection and privilege ...
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
News
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
Gabby Lee November 10, 2025
The Swiss NCSC warns of a phishing campaign impersonating Apple’s lost device alerts to steal Apple ID credentials. Attackers exploit users’ fear of losing iPhones ...
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
News
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
Mitchell Langley November 10, 2025
Israeli-made Graphite spyware has been used to target Italian political adviser Francesco Nicodemo, marking Italy’s fifth confirmed infection. The case intensifies concerns over state-backed surveillance, ...
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
Cybersecurity
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
Andrew Doyle November 10, 2025
QNAP released urgent patches for seven zero-day flaws exposed during Pwn2Own 2025, impacting QTS, QuTS hero, and other key NAS tools. The vulnerabilities posed serious ...
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Application Security
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Gabby Lee November 10, 2025
Security researchers report the return of GlassWorm, a malware campaign exploiting VSCode extension marketplaces. Three malicious extensions, downloaded over 10,000 times, embedded obfuscated JavaScript for ...
Sensitive Data at OBGYN Associates Exposed in Data Breach
Cybersecurity
Sensitive Data at OB/GYN Associates Exposed in Data Breach
Andrew Doyle November 10, 2025
A data breach at OB/GYN Associates exposed personal and health-insurance information of some patients, prompting containment efforts, credit-monitoring offers and heightened guidance for affected individuals.
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Cybersecurity
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Mitchell Langley November 10, 2025
State-sponsored threat actors breached SonicWall’s cloud backup service, accessing firewall configuration files for all users and prompting urgent customer resets and governance reforms.
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Gabby Lee November 9, 2025
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation in Europe’s high-profile media-sector cyberattacks.
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Application Security
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Andrew Doyle November 9, 2025
Microsoft’s latest Windows Insider build introduces major upgrades to Quick Machine Recovery and Smart App Control, enhancing system restoration speed and flexibility. The updates simplify ...
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Cybersecurity
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Mitchell Langley January 22, 2026
Under Armour Account Breach 72.7 Million Accounts Impacted
Data Security
Under Armour Account Breach: 72.7 Million Accounts Impacted
Gabby Lee January 22, 2026
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
News
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
Andrew Doyle January 20, 2026
GootLoader Employs Malformed ZIP Files to Evade Detection
News
GootLoader Employs Malformed ZIP Files to Evade Detection
Gabby Lee January 19, 2026

TOP CYBERSECURITY HEADLINES

Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
Cybersecurity
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Cybersecurity
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Contagious Interview Campaign Targets Multiple Sectors Worldwide
News
Contagious Interview Campaign Targets Multiple Sectors Worldwide
Zoom's Critical Security Update Resolves Severe Vulnerability
CVE Vulnerability Alerts
Zoom’s Critical Security Update Resolves Severe Vulnerability

This Week’s Security Spotlight

TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
Canada's Investment Watchdog Suffers Massive Data Breach 750,000 Impacted by CIRO Security Incident
Data Security
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
Mitchell Langley January 18, 2026
AMD's ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Endpoint Security
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Gabby Lee January 18, 2026
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Cybersecurity
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Mitchell Langley January 15, 2026
More In News
Trending
Illinois Man Charged for Snapchat Phishing Scheme
Email Security’s True Challenge: Evaluating Post-access Threats
How Misconfigured Email Routing Opens the Door for Credential Theft
Phishers Pose as Booking.com to Compromise European Hotels

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Phoenix Attack Breaks DDR5 Rowhammer Defenses: Root in 109 Seconds
September 16, 2025
Podcasts
Silent Push Raises $10M Series B to Expand Threat Intelligence Platform
September 16, 2025
Podcasts
Google Accused of Shadow Lobbying Against California Privacy Opt-Out Law
September 16, 2025

Cyber Security News

Dangerous Chrome Extensions Phantom Shuttle Targets Sensitive Data
Application Security
Dangerous Chrome Extensions: Phantom Shuttle Targets Sensitive Data
December 24, 2025
French National Postal Service Disruption Affects Millions of Users
Cybersecurity
French National Postal Service Disruption Affects Millions of Users
December 24, 2025
Nissan Cyberattack Hackers Compromise Red Hat GitLab Instances
Data Security
Nissan Cyberattack: Hackers Compromise Red Hat GitLab Instances
December 24, 2025
Microsoft Focuses on Security with Its Timely Out-of-Band Update
Cybersecurity
Microsoft Focuses on Security with Its Timely Out-of-Band Update
December 24, 2025
Anna’s Archive Takes a Stand on Music Preservation
Data Security
Anna’s Archive Takes a Stand on Music Preservation
December 23, 2025
Long Development Timelines Highlight Challenges in Zero-Day Vulnerabilities
Cybersecurity
Long Development Timelines Highlight Challenges in Zero-Day Vulnerabilities
December 23, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
November 11, 2025
Cybercriminals are increasingly using LinkedIn to launch phishing campaigns targeting executives through direct messages. By exploiting professional trust and bypassing email defenses, attackers deliver malicious ...
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
November 11, 2025
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
November 11, 2025
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
November 11, 2025
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
November 11, 2025
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
November 11, 2025
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
Route Redirect Automates Large-Scale Microsoft 365 Phishing
November 11, 2025
Researchers uncovered Quantum Route Redirect, a phishing-as-a-service platform using over 1,000 fake Microsoft 365 domains to automate credential theft. With geo-fencing, redirect cloaking, and evasion ...
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
November 10, 2025
NAKIVO has released Backup & Replication v11.1, adding real-time replication, enhanced Proxmox VE integration, granular physical backups, and MSP Direct Connect. The update boosts disaster ...
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
November 10, 2025
Microsoft researchers revealed Whisper Leak, a side-channel flaw that allows attackers to infer AI chat content through encrypted HTTPS traffic analysis. By studying packet sizes ...
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
November 10, 2025
Security researchers disclosed three severe runC vulnerabilities (CVE-2024-21626, -23651, -23652) enabling container escapes in Docker and Kubernetes. The flaws allow host-level command injection and privilege ...
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
November 10, 2025
The Swiss NCSC warns of a phishing campaign impersonating Apple’s lost device alerts to steal Apple ID credentials. Attackers exploit users’ fear of losing iPhones ...
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
November 10, 2025
Israeli-made Graphite spyware has been used to target Italian political adviser Francesco Nicodemo, marking Italy’s fifth confirmed infection. The case intensifies concerns over state-backed surveillance, ...
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
November 10, 2025
QNAP released urgent patches for seven zero-day flaws exposed during Pwn2Own 2025, impacting QTS, QuTS hero, and other key NAS tools. The vulnerabilities posed serious ...
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
November 10, 2025
Security researchers report the return of GlassWorm, a malware campaign exploiting VSCode extension marketplaces. Three malicious extensions, downloaded over 10,000 times, embedded obfuscated JavaScript for ...
Sensitive Data at OB/GYN Associates Exposed in Data Breach
November 10, 2025
A data breach at OB/GYN Associates exposed personal and health-insurance information of some patients, prompting containment efforts, credit-monitoring offers and heightened guidance for affected individuals.
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
November 10, 2025
State-sponsored threat actors breached SonicWall’s cloud backup service, accessing firewall configuration files for all users and prompting urgent customer resets and governance reforms.
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
November 9, 2025
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation in Europe’s high-profile media-sector cyberattacks.
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
November 9, 2025
Microsoft’s latest Windows Insider build introduces major upgrades to Quick Machine Recovery and Smart App Control, enhancing system restoration speed and flexibility. The updates simplify ...
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
November 9, 2025
Security researchers uncovered malicious NuGet packages embedded with time-delayed payloads set to activate in 2027–2028, targeting enterprise software and industrial systems. The stealthy implants exploit ...
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
November 9, 2025
A zero-day flaw in Samsung Galaxy devices (CVE-2025-21042) was exploited to deploy LANDFALL spyware across the Middle East, enabling full device compromise and covert data ...
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
aiFWall Launches to Elevate AI Protection in Cyber Security
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Contagious Interview Campaign Targets Multiple Sectors Worldwide
Zoom’s Critical Security Update Resolves Severe Vulnerability
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Under Armour Account Breach: 72.7 Million Accounts Impacted
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
Serious Bugs in Chainlit Could Expose Sensitive Credentials
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats