Main Menu
Cyber Security
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
Malware Campaign Exploits DLL Side-Loading in c-ares Library
Application Security
Malware Campaign Exploits DLL Side-Loading in c-ares Library
Andrew Doyle January 15, 2026
Security experts uncovered a malware scheme bypassing security via DLL side-loading in c-ares library. Attackers leverage a malicious libcares-2.dll to deploy trojans.
Fortinet's Latest Patches Target Critical Vulnerabilities in FortiFone and FortiSIEM
Application Security
Fortinet’s Latest Patches Target Critical Vulnerabilities in FortiFone and FortiSIEM
Mitchell Langley January 15, 2026
Fortinet's recent patch release addresses six security vulnerabilities, with two significant vulnerabilities found in FortiFone and FortiSIEM. These critical issues could be exploited without authentication, ...
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Cybersecurity
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Mitchell Langley January 15, 2026
A judicial decision marked a win for CrowdStrike as an investor lawsuit was dismissed due to inadequate evidence of intent to defraud investors following a ...
Lumen Technologies Disrupts AISURU and Kimwolf Botnet Networks
Cybersecurity
Lumen Technologies Disrupts AISURU and Kimwolf Botnet Networks
Gabby Lee January 15, 2026
Lumen Technologies’ Black Lotus Labs null-routed traffic to more than 550 command-and-control nodes since October 2025, targeting AISURU and Kimwolf botnets. These networks exploit devices ...
Telecom Giants Face Significant GDPR Fines Due to Data Breaches
Data Security
Telecom Giants Face Significant GDPR Fines Due to Data Breaches
Andrew Doyle January 15, 2026
Two French telecom companies were fined €42 million by CNIL for GDPR violations. The breaches revealed significant lapses in security protocols.
Aikido Security Secures $60 Million Investment at $1 Billion Valuation
Cybersecurity
Aikido Security Secures $60 Million Investment at $1 Billion Valuation
Andrew Doyle January 15, 2026
Aikido Security, a firm dedicated to developer security, recently raised $60 million, elevating its valuation to $1 billion. This milestone is part of their broader ...
PLUGGYAPE Malware Targets Ukraine's Defense Amid Rising Cyber Threats
Cybersecurity
PLUGGYAPE Malware Targets Ukraine’s Defense Amid Rising Cyber Threats
Mitchell Langley January 15, 2026
CERT-UA reported recent cyberattacks targeting Ukraine's defense using PLUGGYAPE malware. Security experts associate these assaults with medium confidence to the Russian-affiliated Void Blizzard group.
Verizon Wireless Faces Widespread U.S. Outage and Service Issues
Cybersecurity
Verizon Wireless Faces Widespread U.S. Outage and Service Issues
Gabby Lee January 15, 2026
Verizon Wireless faces sweeping outages in the United States, leaving customers unable to access cellular services. Many report phones stuck in SOS mode, impacting communication ...
GoBruteforcer Botnet Exploits Weak Server Credentials to Target Crypto Ventures
Cybersecurity
GoBruteforcer Botnet Exploits Weak Server Credentials to Target Crypto Ventures
Mitchell Langley January 15, 2026
The GoBruteforcer botnet uses AI-driven server deployments with weak credentials to target crypto and blockchain projects. The botnet, by exploiting legacy web technologies, enhances its ...
Chrome Extension Impersonates Trading Tool to Steal MEXC API Keys
Application Security
Chrome Extension Impersonates Trading Tool to Steal MEXC API Keys
Gabby Lee January 14, 2026
Cybersecurity experts have identified a harmful Google Chrome extension that pretends to be a trading facilitator on the MEXC cryptocurrency exchange. Named MEXC API Automator, ...
Android Users Encounter Issue with Volume Buttons When Accessibility Features are Enabled
Application Security
Android Users Encounter Issue with Volume Buttons When Accessibility Features are Enabled
Andrew Doyle January 14, 2026
Users of Android devices face difficulties with the volume buttons not functioning properly due to a software bug affecting those with accessibility features enabled.
Fried Frank Data Breach Implications for High-Profile Clients
Data Security
Fried Frank Data Breach: Implications for High-Profile Clients
Andrew Doyle January 14, 2026
The prestigious law firm Fried Frank has recently experienced a data breach, affecting confidential information related to its high-profile clientele. Notable entities such as JPMorgan ...
CrowdStrike Enhances Browser Security Via $420M Seraphic Acquisition
Cybersecurity
CrowdStrike Enhances Browser Security Via $420M Seraphic Acquisition
Mitchell Langley January 14, 2026
CrowdStrike announces a $420 million deal to acquire Seraphic, bolstering its capabilities in browser security. This acquisition, following a recent identity security purchase, reinforces CrowdStrike's ...
Ongoing Web Skimming Threats Targeting Payment Networks and Clients
Cybersecurity
Ongoing Web Skimming Threats Targeting Payment Networks and Clients
Mitchell Langley January 14, 2026
Cybersecurity experts have uncovered a large-scale web skimming attack targeting notable payment providers, including American Express and Mastercard. The attack has threatened enterprise organizations since ...
Belgian Hospital Cyberattack Forces Operational Halt and Patient Transfers
Cybersecurity
Belgian Hospital Cyberattack Forces Operational Halt and Patient Transfers
Gabby Lee January 14, 2026
Belgian healthcare facility AZ Monica was hit by a cyberattack, leading to a temporary shutdown of all servers, the cancellation of procedures, and patient transfers. ...
Adobe's Latest Security Patches Address Critical Vulnerabilities in ColdFusion
Application Security
Adobe’s Latest Security Patches Address Critical Vulnerabilities in ColdFusion
Andrew Doyle January 14, 2026
Adobe recently released updates to resolve 25 vulnerabilities across its software products. A critical bug in ColdFusion, linked to Apache Tika, is among the flaws ...
Central Maine Healthcare Data Breach Sensitive Information of Over 145,000 at Risk
Data Security
Central Maine Healthcare Data Breach: Sensitive Information of Over 145,000 at Risk
Mitchell Langley January 14, 2026
Central Maine Healthcare suffered a data breach affecting more than 145,000 individuals. Sensitive data such as Social Security numbers and addresses was potentially exposed. Investigators ...
Microsoft Enhances Secure Boot Certificates for Windows 11
Application Security
Microsoft Enhances Secure Boot Certificates for Windows 11
Mitchell Langley January 14, 2026
Microsoft introduces updated Secure Boot certificates for eligible Windows 11 systems, aiming to bolster security through automated installations, adding precautionary measures against past vulnerabilities.
CISO Strategies for 2026 Navigating Future Cybersecurity Challenges
Cybersecurity
CISO Strategies for 2026: Navigating Future Cybersecurity Challenges
Andrew Doyle January 13, 2026
The cybersecurity landscape in 2026 demands that Chief Information Security Officers (CISOs) adapt to new challenges and opportunities. Strategic foresight into emerging threats, technological evolution, ...
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Cybersecurity
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Mitchell Langley January 13, 2026
The University of Hawaii’s Cancer Center faced a ransomware attack in August 2025, compromising study participants’ data, including old Social Security numbers.
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Andrew Doyle May 8, 2026
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Mitchell Langley May 8, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

Dirty Frag Zero-Day Grants Root Access on Most Linux Distributions
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV

This Week’s Security Spotlight

Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
Signed, Sealed, Stolen Hackers Used DigiCert to Certify Malware
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Gabby Lee May 5, 2026
When Amazon Sends the Phishing Email
Cybersecurity
When Amazon Sends the Phishing Email
Andrew Doyle May 5, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Mitchell Langley April 21, 2026
More In News
Trending
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Tax Season Never Really Ends for Hackers
When Amazon Sends the Phishing Email
Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
FireCompass Raises $20M to Scale AI-Powered Offensive Security
September 8, 2025
Podcasts
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems
September 8, 2025
Podcasts
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto
September 8, 2025

Cyber Security News

Iranian Hackers Breach FBI Director's Personal Email Account
Cybersecurity
Iranian Hackers Breach FBI Director’s Personal Email Account
March 31, 2026
European Commission Responds to Cloud Infrastructure Cyberattack
Cybersecurity
European Commission Responds to Cloud Infrastructure Cyberattack
March 31, 2026
Smart Slider 3 Plugin Flaw Lets Subscriber-Level Users Access Server Files
Application Security
Smart Slider 3 Plugin Flaw Lets Subscriber-Level Users Access Server Files
March 31, 2026
Apple Alerts Users to Update Outdated iPhones and iPads Due to Active Web-Based Threats
Cybersecurity
Apple Alerts Users to Update Outdated iPhones and iPads Due to Active Web-Based Threats
March 31, 2026
CareCloud Responds to a Potential Data Security Breach
Cybersecurity
CareCloud Responds to a Potential Data Security Breach
March 31, 2026
Cybercrime Group Targets Developers with Malicious Telnyx Package on PyPI
Cybersecurity
Cybercrime Group Targets Developers with Malicious Telnyx Package on PyPI
March 31, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Lumen Technologies Disrupts AISURU and Kimwolf Botnet Networks
January 15, 2026
Lumen Technologies’ Black Lotus Labs null-routed traffic to more than 550 command-and-control nodes since October 2025, targeting AISURU and Kimwolf botnets. These networks exploit devices ...
Telecom Giants Face Significant GDPR Fines Due to Data Breaches
January 15, 2026
Two French telecom companies were fined €42 million by CNIL for GDPR violations. The breaches revealed significant lapses in security protocols.
Aikido Security Secures $60 Million Investment at $1 Billion Valuation
January 15, 2026
Aikido Security, a firm dedicated to developer security, recently raised $60 million, elevating its valuation to $1 billion. This milestone is part of their broader ...
PLUGGYAPE Malware Targets Ukraine’s Defense Amid Rising Cyber Threats
January 15, 2026
CERT-UA reported recent cyberattacks targeting Ukraine's defense using PLUGGYAPE malware. Security experts associate these assaults with medium confidence to the Russian-affiliated Void Blizzard group.
Verizon Wireless Faces Widespread U.S. Outage and Service Issues
January 15, 2026
Verizon Wireless faces sweeping outages in the United States, leaving customers unable to access cellular services. Many report phones stuck in SOS mode, impacting communication ...
GoBruteforcer Botnet Exploits Weak Server Credentials to Target Crypto Ventures
January 15, 2026
The GoBruteforcer botnet uses AI-driven server deployments with weak credentials to target crypto and blockchain projects. The botnet, by exploiting legacy web technologies, enhances its ...
Chrome Extension Impersonates Trading Tool to Steal MEXC API Keys
January 14, 2026
Cybersecurity experts have identified a harmful Google Chrome extension that pretends to be a trading facilitator on the MEXC cryptocurrency exchange. Named MEXC API Automator, ...
Android Users Encounter Issue with Volume Buttons When Accessibility Features are Enabled
January 14, 2026
Users of Android devices face difficulties with the volume buttons not functioning properly due to a software bug affecting those with accessibility features enabled.
Fried Frank Data Breach: Implications for High-Profile Clients
January 14, 2026
The prestigious law firm Fried Frank has recently experienced a data breach, affecting confidential information related to its high-profile clientele. Notable entities such as JPMorgan ...
CrowdStrike Enhances Browser Security Via $420M Seraphic Acquisition
January 14, 2026
CrowdStrike announces a $420 million deal to acquire Seraphic, bolstering its capabilities in browser security. This acquisition, following a recent identity security purchase, reinforces CrowdStrike's ...
Ongoing Web Skimming Threats Targeting Payment Networks and Clients
January 14, 2026
Cybersecurity experts have uncovered a large-scale web skimming attack targeting notable payment providers, including American Express and Mastercard. The attack has threatened enterprise organizations since ...
Belgian Hospital Cyberattack Forces Operational Halt and Patient Transfers
January 14, 2026
Belgian healthcare facility AZ Monica was hit by a cyberattack, leading to a temporary shutdown of all servers, the cancellation of procedures, and patient transfers. ...
Adobe’s Latest Security Patches Address Critical Vulnerabilities in ColdFusion
January 14, 2026
Adobe recently released updates to resolve 25 vulnerabilities across its software products. A critical bug in ColdFusion, linked to Apache Tika, is among the flaws ...
Central Maine Healthcare Data Breach: Sensitive Information of Over 145,000 at Risk
January 14, 2026
Central Maine Healthcare suffered a data breach affecting more than 145,000 individuals. Sensitive data such as Social Security numbers and addresses was potentially exposed. Investigators ...
Microsoft Enhances Secure Boot Certificates for Windows 11
January 14, 2026
Microsoft introduces updated Secure Boot certificates for eligible Windows 11 systems, aiming to bolster security through automated installations, adding precautionary measures against past vulnerabilities.
CISO Strategies for 2026: Navigating Future Cybersecurity Challenges
January 13, 2026
The cybersecurity landscape in 2026 demands that Chief Information Security Officers (CISOs) adapt to new challenges and opportunities. Strategic foresight into emerging threats, technological evolution, ...
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
January 13, 2026
The University of Hawaii’s Cancer Center faced a ransomware attack in August 2025, compromising study participants’ data, including old Social Security numbers.
Implementing Access Reviews to Enhance Security in Microsoft 365
January 13, 2026
Microsoft 365 simplifies file sharing, potentially exposing organizations to data breaches. Access reviews can mitigate these risks by controlling permissions.
Telegram’s Proxy Link Vulnerability Exposes IP Addresses
January 13, 2026
Users' IP addresses are at risk when interacting with seemingly harmless Telegram proxy links. Learn about how Telegram is enhancing its security to mitigate these ...
Endesa Cyberattack Results in Customer Data Exposure
January 13, 2026
Spanish energy provider Endesa, along with its subsidiary Energía XXI, reported hackers gained access to their systems, exposing customer contract information. Personal data, including financial ...
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67