Main Menu
Cyber Security
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Hacking the Hackers: What a Security Vendor Breach Really Means
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Five Intelligence Agencies Agree: Slow Down Your AI Agents
275 Million Students’ Records Allegedly Stolen in Canvas Breach
Tax Season Never Really Ends for Hackers
When Amazon Sends the Phishing Email
WhatsApp Patches Flaws That Let Hackers Hide Malware in Plain Sight
North Korea Turned a Gaming App Into a Spyware Platform
Debug Mode Left Open: Enterprise Platform Hit With Unauthenticated RCE
One Zero-Day, 40,000 Servers: The cPanel Mass-Compromise
Confident Posture: Navigating Ransomware Incidents with Expert Guidance
Threat Actors Are Ramping Up Microsoft Teams Exploitation for Network Access
Cybercriminals Are Bending Trust, Not Breaking Systems
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Severe Command Injection Flaw Discovered in SGLang
Serial-to-IP Converter Flaws in Lantronix and Silex Products Put Critical Systems at Risk
Microsoft Enhances Secure Boot Certificates for Windows 11
Application Security
Microsoft Enhances Secure Boot Certificates for Windows 11
Mitchell Langley January 14, 2026
Microsoft introduces updated Secure Boot certificates for eligible Windows 11 systems, aiming to bolster security through automated installations, adding precautionary measures against past vulnerabilities.
CISO Strategies for 2026 Navigating Future Cybersecurity Challenges
Cybersecurity
CISO Strategies for 2026: Navigating Future Cybersecurity Challenges
Andrew Doyle January 13, 2026
The cybersecurity landscape in 2026 demands that Chief Information Security Officers (CISOs) adapt to new challenges and opportunities. Strategic foresight into emerging threats, technological evolution, ...
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Cybersecurity
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Mitchell Langley January 13, 2026
The University of Hawaii’s Cancer Center faced a ransomware attack in August 2025, compromising study participants’ data, including old Social Security numbers.
Implementing Access Reviews to Enhance Security in Microsoft 365
Application Security
Implementing Access Reviews to Enhance Security in Microsoft 365
Andrew Doyle January 13, 2026
Microsoft 365 simplifies file sharing, potentially exposing organizations to data breaches. Access reviews can mitigate these risks by controlling permissions.
Telegram's Proxy Link Vulnerability Exposes IP Addresses
Application Security
Telegram’s Proxy Link Vulnerability Exposes IP Addresses
Andrew Doyle January 13, 2026
Users' IP addresses are at risk when interacting with seemingly harmless Telegram proxy links. Learn about how Telegram is enhancing its security to mitigate these ...
Endesa Cyberattack Results in Customer Data Exposure
Data Security
Endesa Cyberattack Results in Customer Data Exposure
Mitchell Langley January 13, 2026
Spanish energy provider Endesa, along with its subsidiary Energía XXI, reported hackers gained access to their systems, exposing customer contract information. Personal data, including financial ...
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Application Security
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Gabby Lee January 13, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) mandates government agencies to immediately secure systems against a high-severity Gogs vulnerability, CVE-2025-8110, exploited in the wild. Organizations ...
Meta Addresses Security Vulnerability in Instagram Password Resets
Application Security
Meta Addresses Security Vulnerability in Instagram Password Resets
Gabby Lee January 13, 2026
Meta recently resolved a flaw in Instagram’s password reset process that allowed unauthorized entities to trigger reset emails, raising security concerns. Despite addressing this issue, ...
AI and Security Block's CISO Discusses AI Agents' Potential
Cybersecurity
AI and Security: Block’s CISO Discusses AI Agents’ Potential
Andrew Doyle January 13, 2026
AI agents should surpass human capabilities in security, akin to self-driving cars, says Block's CISO James Nettesheim. In a discussion with The Register, Nettesheim outlines ...
Apex Legends Players Face Unprecedented Character Hijacking Over Weekend
Application Security
Apex Legends Players Face Unprecedented Character Hijacking Over Weekend
Mitchell Langley January 13, 2026
Apex Legends players were rudely interrupted over the weekend when malicious actors took control of their in-game characters. The intrusions included disconnecting players and tampering ...
Target's Source Code Allegedly Exposed in Cyber Breach
Cybersecurity
Target’s Source Code Allegedly Exposed in Cyber Breach
Andrew Doyle January 13, 2026
Allegations have surfaced of hackers offering Target Corporation’s internal code for sale. The incident came to light after files suggesting a breach were seen on ...
Drones Are Now Critical Infrastructure—and Their Networks are the New Attack Surface
Blog
Drones Are Now Critical Infrastructure—and Their Networks are the New Attack Surface
Gabby Lee January 13, 2026
Drones are now embedded in public safety, energy, and defense operations, making their networks a critical attack surface. This blog explores how fragile connectivity, legacy ...
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Data Security
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Gabby Lee January 12, 2026
Datamasters faces legal action for selling health and personal data without proper registration. Learn how the agency enforces California's data privacy laws.
Instagram Data Breach Affects 17.5 Million Users Security Implications Explored
Application Security
Instagram Data Breach Affects 17.5 Million Users: Security Implications Explored
Mitchell Langley January 12, 2026
A significant data breach has compromised the personal details of approximately 17.5 million Instagram users. This breach, as reported by Malwarebytes Labs researchers, has exposed ...
U.S. Immigration and Customs Enforcement's Surveillance Tactics Scrutinized
Information Security
U.S. Immigration and Customs Enforcement’s Surveillance Tactics Scrutinized
Gabby Lee January 12, 2026
The U.S. Immigration and Customs Enforcement (ICE) is under scrutiny for its substantial investment in surveillance technology, drawing criticism for privacy implications and its role ...
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Cybersecurity
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Andrew Doyle January 12, 2026
The UK's cybersecurity standards are in question after breaches at the Legal Aid Agency and Foreign Office. Without legal obligations to meet previous EU standards, ...
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
News
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
Andrew Doyle January 12, 2026
Officials in Spain apprehended 34 individuals linked to a sophisticated cyber fraud organization. Suspected of affiliations with the notorious Black Axe group, these arrests are ...
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
Data Security
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
Andrew Doyle January 12, 2026
Ireland's Foreign Affairs Department has recalled 13,000 passports after a software update led to a printing issue, rendering them non-compliant with international standards and potentially ...
BreachForums Re-emerges Only to Fall Victim to Data Breach
Application Security
BreachForums Re-emerges Only to Fall Victim to Data Breach
Mitchell Langley January 12, 2026
The latest iteration of BreachForums, a well-known hacking community, has suffered a data breach with its user database leaked online. The breach occurred despite recent ...
Anthropic Responds to Viral Allegations of Account Bans
Cybersecurity
Anthropic Responds to Viral Allegations of Account Bans
Gabby Lee January 12, 2026
Anthropic, the company behind Claude AI, addresses allegations of unauthorized account bans. The viral post on X stirred significant discussion among users.
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
FTC Bans Data Broker Kochava from Selling Americans Location Data
Cybersecurity
FTC Bans Data Broker Kochava from Selling Americans Location Data
Andrew Doyle May 6, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

MetInfo CVE-2026-29014 Exploited -- Unauthenticated PHP Code Injection
Application Security
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Cybersecurity
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP2 -- Patch to 2.4.67
Application Security
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Cybersecurity
China-Linked UAT-8302 Targets Governments in South America and Europe

This Week’s Security Spotlight

Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
Signed, Sealed, Stolen Hackers Used DigiCert to Certify Malware
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Gabby Lee May 5, 2026
When Amazon Sends the Phishing Email
Cybersecurity
When Amazon Sends the Phishing Email
Andrew Doyle May 5, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Mitchell Langley April 21, 2026
More In News
Trending
When Amazon Sends the Phishing Email
Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers
U.S. and Indonesian Authorities Dismantle the Global Phishing Platform “W3LL”
Phony Root Certificate Scheme Puts Open Source Developers at Risk

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
FireCompass Raises $20M to Scale AI-Powered Offensive Security
September 8, 2025
Podcasts
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems
September 8, 2025
Podcasts
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto
September 8, 2025

Cyber Security News

Major Announcements from RSAC 2026 What Day 1 Revealed
Cybersecurity
Major Announcements from RSAC 2026: What Day 1 Revealed
March 25, 2026
QualDerm Partners Data Breach Hits Over 3.1 Million People
Cybersecurity
QualDerm Partners Data Breach Hits Over 3.1 Million People
March 25, 2026
Microsoft Fixes Gmail and Yahoo Synchronization Issues for Classic Outlook Users
Cybersecurity
Microsoft Fixes Gmail and Yahoo Synchronization Issues for Classic Outlook Users
March 25, 2026
Gartner Publishes Its First Market Guide for Guardian Agents
Cybersecurity
Gartner Publishes Its First Market Guide for Guardian Agents
March 25, 2026
Software Supply Chains Are the New Frontline for Cyber Risk
Cybersecurity
Software Supply Chains Are the New Frontline for Cyber Risk
March 19, 2026
Sam Altman's Eyeball-Scanning Orb Takes on a New Role in AI Integration
Cybersecurity
Sam Altman’s Eyeball-Scanning Orb Takes on a New Role in AI Integration
March 18, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Implementing Access Reviews to Enhance Security in Microsoft 365
January 13, 2026
Microsoft 365 simplifies file sharing, potentially exposing organizations to data breaches. Access reviews can mitigate these risks by controlling permissions.
Telegram’s Proxy Link Vulnerability Exposes IP Addresses
January 13, 2026
Users' IP addresses are at risk when interacting with seemingly harmless Telegram proxy links. Learn about how Telegram is enhancing its security to mitigate these ...
Endesa Cyberattack Results in Customer Data Exposure
January 13, 2026
Spanish energy provider Endesa, along with its subsidiary Energía XXI, reported hackers gained access to their systems, exposing customer contract information. Personal data, including financial ...
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
January 13, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) mandates government agencies to immediately secure systems against a high-severity Gogs vulnerability, CVE-2025-8110, exploited in the wild. Organizations ...
Meta Addresses Security Vulnerability in Instagram Password Resets
January 13, 2026
Meta recently resolved a flaw in Instagram’s password reset process that allowed unauthorized entities to trigger reset emails, raising security concerns. Despite addressing this issue, ...
AI and Security: Block’s CISO Discusses AI Agents’ Potential
January 13, 2026
AI agents should surpass human capabilities in security, akin to self-driving cars, says Block's CISO James Nettesheim. In a discussion with The Register, Nettesheim outlines ...
Apex Legends Players Face Unprecedented Character Hijacking Over Weekend
January 13, 2026
Apex Legends players were rudely interrupted over the weekend when malicious actors took control of their in-game characters. The intrusions included disconnecting players and tampering ...
Target’s Source Code Allegedly Exposed in Cyber Breach
January 13, 2026
Allegations have surfaced of hackers offering Target Corporation’s internal code for sale. The incident came to light after files suggesting a breach were seen on ...
Drones Are Now Critical Infrastructure—and Their Networks are the New Attack Surface
January 13, 2026
Drones are now embedded in public safety, energy, and defense operations, making their networks a critical attack surface. This blog explores how fragile connectivity, legacy ...
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
January 12, 2026
Datamasters faces legal action for selling health and personal data without proper registration. Learn how the agency enforces California's data privacy laws.
Instagram Data Breach Affects 17.5 Million Users: Security Implications Explored
January 12, 2026
A significant data breach has compromised the personal details of approximately 17.5 million Instagram users. This breach, as reported by Malwarebytes Labs researchers, has exposed ...
U.S. Immigration and Customs Enforcement’s Surveillance Tactics Scrutinized
January 12, 2026
The U.S. Immigration and Customs Enforcement (ICE) is under scrutiny for its substantial investment in surveillance technology, drawing criticism for privacy implications and its role ...
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
January 12, 2026
The UK's cybersecurity standards are in question after breaches at the Legal Aid Agency and Foreign Office. Without legal obligations to meet previous EU standards, ...
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
January 12, 2026
Officials in Spain apprehended 34 individuals linked to a sophisticated cyber fraud organization. Suspected of affiliations with the notorious Black Axe group, these arrests are ...
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
January 12, 2026
Ireland's Foreign Affairs Department has recalled 13,000 passports after a software update led to a printing issue, rendering them non-compliant with international standards and potentially ...
BreachForums Re-emerges Only to Fall Victim to Data Breach
January 12, 2026
The latest iteration of BreachForums, a well-known hacking community, has suffered a data breach with its user database leaked online. The breach occurred despite recent ...
Anthropic Responds to Viral Allegations of Account Bans
January 12, 2026
Anthropic, the company behind Claude AI, addresses allegations of unauthorized account bans. The viral post on X stirred significant discussion among users.
Iranian APT Group MuddyWater Launches Sophisticated Spear-Phishing Campaign
January 12, 2026
MuddyWater, an Iranian threat actor, is running a spear-phishing campaign targeting multiple sectors in the Middle East using Rust-based implants. The attack leverages icon spoofing ...
CISA Streamlines Security Measures With Vulnerability Catalog Adoption
January 11, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) officially retired 10 emergency directives, transferring security focus toward the Known Exploited Vulnerabilities catalog, which offers a more ...
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
January 11, 2026
Using a compromised SonicWall VPN device, Chinese-speaking hackers allegedly targeted a VMware ESXi system with a potential exploit dating back to February 2024. The cybersecurity ...
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
11 Million Downloads, One Poisoned Version: PyTorch’s Close Call
Hacking the Hackers: What a Security Vendor Breach Really Means
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Five Intelligence Agencies Agree: Slow Down Your AI Agents
275 Million Students’ Records Allegedly Stolen in Canvas Breach
Tax Season Never Really Ends for Hackers
When Amazon Sends the Phishing Email