Main Menu
Cyber Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Sensitive Data at OB/GYN Associates Exposed in Data Breach
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Minnesota Deploys National Guard Cyber Unit Following Major Cyberattack on St. Paul City Systems
News
Minnesota Deploys National Guard Cyber Unit Following Major Cyberattack on St. Paul City Systems
Andrew Doyle July 31, 2025
Minnesota activates the National Guard’s cyber unit after a cyberattack cripples St. Paul’s municipal systems, prompting emergency declarations and a multi-agency response.
Tea App Disables Messaging After Second Breach Exposes Over One Million Private Conversations
News
Tea App Disables Messaging After Second Breach Exposes Over One Million Private Conversations
Andrew Doyle July 31, 2025
Tea app disables messaging after two breaches: 72,000 verification images leaked, then 1.1 million private messages exposed; FBI and security firms investigating.
ShinyHunters Behind Salesforce-Related Data Breaches at Qantas, Allianz Life, LVMH
News
ShinyHunters Behind Salesforce-Related Data Breaches at Qantas, Allianz Life, LVMH
Mitchell Langley July 31, 2025
ShinyHunters targets Salesforce users at Qantas, Allianz, and LVMH in voice phishing attacks to steal customer data and conduct private extortion campaigns.
RiteCheck Confirms Data Breach Affecting Nearly 70,000 Customers and Employees
News
RiteCheck Confirms Data Breach Affecting Nearly 70,000 Customers and Employees
Andrew Doyle July 31, 2025
RiteCheck has disclosed a 2023 data breach impacting nearly 70,000 people, exposing Social Security numbers, payment card data, and IDs after an 11-month delay.
Hackers Exploit SAP NetWeaver Flaw to Deploy Advanced Auto-Color Malware on U.S. Chemical Firm
News
Hackers Exploit SAP NetWeaver Flaw to Deploy Advanced Auto-Color Malware on U.S. Chemical Firm
Mitchell Langley July 30, 2025
Hackers exploited a critical SAP NetWeaver vulnerability to deploy Auto-Color malware on a U.S. chemicals firm, using advanced stealth and sandbox evasion techniques.
Aeroflot Flights Canceled After Hacktivist Cyberattack Cripples Airline Systems
News
Aeroflot Flights Canceled After Hacktivist Cyberattack Cripples Airline Systems
Mitchell Langley July 30, 2025
Aeroflot’s operations were disrupted after a cyberattack claimed by Ukrainian and Belarusian hacktivists who allege wiping critical systems and exfiltrating sensitive airline data.
Orange Discloses Cyberattack, Service Disruptions in France Following Breach
News
Orange Discloses Cyberattack, Service Disruptions in France Following Breach
Mitchell Langley July 30, 2025
French telecom giant Orange confirmed a cyberattack that disrupted services in France. The affected system was isolated; no data exfiltration has been found yet.
Cheap McDonald’s Deal Turns Into Subscription Scam: Over 10,000 Romanians Targeted via Facebook and Instagram Ads
News
Cheap McDonald’s Deal Turns Into Subscription Scam: Over 10,000 Romanians Targeted via Facebook and Instagram Ads
Andrew Doyle July 30, 2025
A $2 McDonald's deal scam has duped over 10,000 Romanians into €63.42 bi-weekly subscriptions via fake ads on Instagram and Facebook, Bitdefender reports.
Scattered Spider Ransomware Group Ramps Up Sophisticated Attacks Targeting Enterprises Globally
Cybersecurity
Scattered Spider Ransomware Group Ramps Up Sophisticated Attacks Targeting Enterprises Globally
Gabby Lee July 30, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI and international partners, has issued an updated advisory ...
Lynx Ransomware: INC Ransomware Reincarnated
Resources
Lynx Ransomware: INC Ransomware Reincarnated
Gabby Lee July 29, 2025
The Lynx ransomware group is a financially motivated threat actor operating under a Ransomware-as-a-Service (RaaS) model. Emerging as a successor to the INC ransomware group ...
How to Backup and Restore the Windows Registry
Blog
How to Backup and Restore the Windows Registry
Andrew Doyle July 29, 2025
Protect your system settings from accidental changes or corruption. Learn how to safely backup and restore the Windows Registry with this easy step-by-step guide.
Google Patches Gemini CLI Vulnerability That Enabled Silent Code Execution and Data Theft
News
Google Patches Gemini CLI Vulnerability That Enabled Silent Code Execution and Data Theft
Mitchell Langley July 28, 2025
A critical flaw in Google’s Gemini CLI exposed developers to silent command execution and data theft through poisoned context files, prompting an urgent security patch. ...
Tea App Data Breach Deepens as 1.1 Million Private Messages Are Exposed
News
Tea App Data Breach Deepens as 1.1 Million Private Messages Are Exposed
Mitchell Langley July 28, 2025
Tea app’s data breach escalates as 1.1 million private messages and 72,000 sensitive images, including government IDs and selfies, are leaked on hacker forums.
NASCAR Confirms Data Breach Tied to Medusa Ransomware Gang, SSNs Exposed
News
NASCAR Confirms Data Breach Tied to Medusa Ransomware Gang, SSNs Exposed
Andrew Doyle July 28, 2025
NASCAR confirms a data breach exposing Social Security numbers, linked to Medusa ransomware gang. Victims are receiving breach notifications and one year of credit monitoring. ...
Hackers Claim Deep Access to Systems, Threaten to Leak Passenger Data
News
Hackers Claim Deep Access to Systems, Threaten to Leak Passenger Data
Mitchell Langley July 28, 2025
Aeroflot suffers massive cyberattack by pro-Ukraine hackers, disrupting flights, destroying 7,000 servers, and exposing personal data of passengers and staff. A criminal probe is underway. ...
CISA Warns of Ongoing Exploits Targeting PaperCut RCE Vulnerability, Urges Immediate Patching
News
CISA Warns of Ongoing Exploits Targeting PaperCut RCE Vulnerability, Urges Immediate Patching
Andrew Doyle July 28, 2025
CISA warns that hackers are actively exploiting a PaperCut vulnerability (CVE-2023-2533) for remote code execution, urging organizations to patch systems immediately to reduce risk.
Exploit Published for Actively Exploited Cisco ISE Vulnerability Leading to Root Access
News
Exploit Published for Actively Exploited Cisco ISE Vulnerability Leading to Root Access
Mitchell Langley July 28, 2025
Cisco ISE vulnerability CVE-2025-20281 now has a public exploit, enabling remote root access. Active exploitation is confirmed. Patching remains the only defense.
BlackSuit Ransomware Operation Disrupted in Global Law Enforcement Seizure
News
BlackSuit Ransomware Operation Disrupted in Global Law Enforcement Seizure
Mitchell Langley July 28, 2025
Authorities have seized the BlackSuit ransomware gang’s dark web site, disrupting its operations as members appear to rebrand under a new name: Chaos ransomware.
Scattered Spider Ramps Up VMware ESXi Attacks Targeting U.S. Enterprise Virtual Infrastructure
News
Scattered Spider Ramps Up VMware ESXi Attacks Targeting U.S. Enterprise Virtual Infrastructure
Mitchell Langley July 28, 2025
Scattered Spider hackers are compromising VMware ESXi infrastructure through social engineering, enabling full control and ransomware deployment without exploiting any software vulnerabilities.
Allianz Life Data Breach Exposes Information of Over 1 Million Customers
News
Allianz Life Data Breach Exposes Information of Over 1 Million Customers
Andrew Doyle July 28, 2025
A recent data breach at Allianz Life compromised personal data of most of its 1.4 million customers via a third-party CRM system, possibly tied to ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Cybersecurity
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Mitchell Langley November 11, 2025
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Mitchell Langley November 11, 2025
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Gabby Lee November 9, 2025
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Mitchell Langley November 6, 2025

TOP CYBERSECURITY HEADLINES

Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in 'expr-eval' Library Enables Remote Code Execution
Application Security
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
News
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

This Week’s Security Spotlight

Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Gabby Lee November 11, 2025
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Gabby Lee November 6, 2025
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
More In News
Trending
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
How Device Code Phishing Abuses OAuth Flows on Google and Azure
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Phoenix Attack Breaks DDR5 Rowhammer Defenses: Root in 109 Seconds
September 16, 2025
Podcasts
Silent Push Raises $10M Series B to Expand Threat Intelligence Platform
September 16, 2025
Podcasts
Google Accused of Shadow Lobbying Against California Privacy Opt-Out Law
September 16, 2025

Cyber Security News

Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Data Security
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
October 16, 2025
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Cybersecurity
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
October 15, 2025
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Cybersecurity
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
October 15, 2025
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Cybersecurity
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
October 15, 2025
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
Cybersecurity
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
October 15, 2025
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Cybersecurity
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
October 15, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Palo Alto Networks Forecasts $10.5B in 2026 Revenue on AI Cybersecurity Growth
August 25, 2025
Palo Alto Networks projects up to $10.53B in fiscal 2026 revenue, fueled by demand for AI cybersecurity tools and strategic acquisitions like CyberArk. With stronger ...
WinRAR Zero-Day Vulnerability Exploited by Multiple Threat Actors
August 25, 2025
A newly discovered zero-day in WinRAR, CVE-2025-8088, is being exploited by RomCom hackers to plant executables in Windows Startup folders via path traversal. The flaw ...
FortiOS Auth Bypass Vulnerability Allows Attackers to Gain Full Control
August 22, 2025
Fortinet has disclosed CVE-2024-26009, a high-severity authentication bypass in the FGFM protocol. The flaw lets attackers impersonate managed FortiGate devices via FortiManager, enabling full administrative ...
Decline in Cybersecurity Prevention Effectiveness Raises Concerns for CISOs
August 22, 2025
New research from Horizon3.ai, WEF, Trend Micro, and others shows a widening gap between cybersecurity strategies and real-world results. CISOs face declining prevention effectiveness, rising ...
Norway Attributes Dam Cyberattack to Russian Hackers
August 22, 2025
Norway confirmed that Russian state-sponsored hackers breached the Bremanger dam’s control systems in April 2025, releasing 1.9 million gallons of water. While no damage occurred, ...
Chrome Extension FreeVPN One Secretly Captures Screens
August 22, 2025
Security researchers found that FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge, secretly captured user screenshots, URLs, and device data. Updates ...
Critical PostgreSQL Flaws Allow Code Injection During Database Restoration
August 22, 2025
The PostgreSQL team has disclosed three critical vulnerabilities—CVE-2025-8714, CVE-2025-8715, and CVE-2025-1094—impacting backup and restore utilities. These flaws enable malicious code injection and SQL exploitation, posing ...
Internet Archive Abused to Host Stealthy Malware JScript Loaders
August 22, 2025
Attackers are abusing the Internet Archive to host obfuscated malware loaders, launching multi-stage infection chains that deliver the Remcos RAT. By exploiting trusted infrastructure, threat ...
Business Council of New York State Data Breach: Personal Health Data of 47,000 People Exposed
August 21, 2025
BCNYS reports a two-day February intrusion discovered in August exposed personal, financial, and health data for 47,329 people, prompting rolling notifications and credit monitoring for ...
Clickjacking Vulnerability Exposes Autofill Data Across Major Extensions
August 21, 2025
Attackers use ADFS redirect phishing through legitimate office.com links, bypassing URL filters and MFA, to steal Microsoft 365 logins via malvertising and conditional access tricks.
Financial App Data Leak in Turkey Puts Millions at Risk
August 21, 2025
An unprotected MongoDB tied to FinansCepte and FinansWebde exposed over four million records, putting Turkish users at risk of phishing, credential stuffing, and manipulated financial ...
GenAI Powers Harder-to-Detect Phishing Threats
August 21, 2025
New research from Unit 42 shows adversaries are combining AI website builders, writing assistants, deepfakes, and chatbots to automate large-scale campaigns that closely mimic trusted ...
PyPI Cracks Down on Domain Expiration Attacks to Protect Python Packages
August 20, 2025
The Python Package Index (PyPI), the backbone of the global Python ecosystem, has rolled out new security safeguards aimed at stopping a dangerous form of ...
AI Joins the Fight Against Exploits: Google and Mozilla Patch Dangerous Vulnerabilities
August 20, 2025
Both Google and Mozilla have rolled out urgent security updates to patch multiple high-severity vulnerabilities in their flagship browsers—Google Chrome and Mozilla Firefox—underscoring the constant ...
Britain Backs Down: UK Drops Encryption Backdoor Demand on Apple
August 20, 2025
A major international clash over encryption has come to a dramatic resolution. Earlier this year, the U.K. government, acting under its controversial Investigatory Powers Act ...
PipeMagic Backdoor: How Ransomware Actors Exploited a Windows Zero-Day
August 20, 2025
In early 2025, Microsoft and security researchers uncovered PipeMagic, a modular and memory-resident backdoor that has been quietly leveraged in ransomware campaigns worldwide. Disguised as ...
270,000 Intel Employee Records at Risk from Authentication Bypass and Hardcoded Credentials
August 20, 2025
In late 2024, Intel faced a major cybersecurity wake-up call when security researcher Eaton Zveare uncovered a series of vulnerabilities inside the company’s internal systems—flaws ...
LG Hai Phong Earns CSMS Level 3 Certification at Its Largest Vehicle Component Base
August 20, 2025
LG’s Hai Phong plant earned CSMS Level 3 Certification from TÜV Rheinland, the first facility to hold both Level 2 and Level 3 simultaneously, validating ...
XenoRAT Malware Campaign Targets Embassies in South Korea
August 20, 2025
A multi-stage espionage campaign using XenoRAT malware has targeted foreign embassies in South Korea, with evidence linking the activity to both North Korean and Chinese ...
SentinelOne Expands Partnership With Mimecast to Advance People-Focused Cybersecurity
August 20, 2025
SentinelOne and Mimecast deepen integration, pairing Singularity endpoint telemetry with Human Risk Management to prioritize people-focused cybersecurity and reduce human-caused breaches.
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Route Redirect Automates Large-Scale Microsoft 365 Phishing
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Sensitive Data at OB/GYN Associates Exposed in Data Breach
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach