Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
Inside Job CrowdStrike Hacked by Insider Leaking Screenshots
Cybersecurity
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
Mitchell Langley November 23, 2025
CrowdStrike has confirmed an insider leaked internal screenshots to hackers. The incident, involving Scattered Lapsus$ Hunters, underscores the persistent insider threat in cybersecurity. As a ...
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
CVE Vulnerability Alerts
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
Gabby Lee November 23, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Mitchell Langley November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Cybersecurity
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Gabby Lee November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Application Security
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Andrew Doyle November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Mitchell Langley November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
Data Security
Italian Railway Data Breach Traced to Third-Party IT Compromise
Andrew Doyle November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
News
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Mitchell Langley November 21, 2025
APT24, a China-linked threat group, used a custom malware called BadAudio in a three-year surveillance operation, now evolving with advanced techniques.
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
News
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
Gabby Lee November 21, 2025
Thai authorities, helped by a tip from the FBI, have arrested a Russian hacking suspect in Phuket, linking the individual to major cyber breaches.
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
Application Security
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
Mitchell Langley November 21, 2025
The new Android malware dubbed Sturnus bypasses strong encryption in secure messaging apps by recording on-screen content and enabling full device control.
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Application Security
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Andrew Doyle November 21, 2025
A vulnerability in WhatsApp's contact discovery protocol exposed the risk of mass account enumeration, allowing attackers to confirm up to 3.5 billion accounts.
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Cybersecurity
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Gabby Lee November 21, 2025
The U.S. Securities and Exchange Commission has ended its litigation against SolarWinds and its CISO, closing a controversial chapter stemming from the 2020 SUNBURST attack.
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Cybersecurity
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Andrew Doyle November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat Palo Alto Networks CEO Predicts Security Overhaul by 2029
Cybersecurity
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Mitchell Langley November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
News
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
Andrew Doyle November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Cybersecurity
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Mitchell Langley November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
News
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
Gabby Lee November 21, 2025
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
News
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
Andrew Doyle November 21, 2025
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Application Security
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Mitchell Langley November 21, 2025
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
News
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Andrew Doyle November 21, 2025
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Phoenix Attack Breaks DDR5 Rowhammer Defenses: Root in 109 Seconds
September 16, 2025
Podcasts
Silent Push Raises $10M Series B to Expand Threat Intelligence Platform
September 16, 2025
Podcasts
Google Accused of Shadow Lobbying Against California Privacy Opt-Out Law
September 16, 2025

Cyber Security News

Email Security's True Challenge Evaluating Post-access Threats
Blog
Email Security’s True Challenge: Evaluating Post-access Threats
January 11, 2026
APT28 Intensifies Credential Harvesting on Nuclear and Energy Sectors
Cybersecurity
APT28 Intensifies Credential Harvesting on Nuclear and Energy Sectors
January 11, 2026
NSA Announces Tim Kosiba as New Deputy Director
Cybersecurity
NSA Announces Tim Kosiba as New Deputy Director
January 11, 2026
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
Endpoint Security
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
January 11, 2026
Illinois Department's Database Error Leads to Massive Data Exposure
Data Security
Illinois Department’s Database Error Leads to Massive Data Exposure
January 11, 2026
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
Cybersecurity
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
January 11, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
November 21, 2025
APT24, a China-linked threat group, used a custom malware called BadAudio in a three-year surveillance operation, now evolving with advanced techniques.
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
November 21, 2025
Thai authorities, helped by a tip from the FBI, have arrested a Russian hacking suspect in Phuket, linking the individual to major cyber breaches.
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
November 21, 2025
The new Android malware dubbed Sturnus bypasses strong encryption in secure messaging apps by recording on-screen content and enabling full device control.
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
November 21, 2025
A vulnerability in WhatsApp's contact discovery protocol exposed the risk of mass account enumeration, allowing attackers to confirm up to 3.5 billion accounts.
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
November 21, 2025
The U.S. Securities and Exchange Commission has ended its litigation against SolarWinds and its CISO, closing a controversial chapter stemming from the 2020 SUNBURST attack.
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
November 21, 2025
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
November 21, 2025
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
November 21, 2025
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
November 21, 2025
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
November 21, 2025
Cybersecurity startup Mate has emerged from stealth with a $15.5M seed round to accelerate its enterprise-focused cloud security platform. The company plans to expand engineering, ...
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
November 21, 2025
Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited