Main Menu
Cyber Security
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
FleetWave Users Left Without Service After Chevin Takes Platform Offline
Authorities Crack a $45 Million Global Cryptocurrency Scam and Recover $12 Million
EngageLab SDK Vulnerability Threatens Millions of Android Cryptocurrency Wallets
Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs
Smart Slider 3 Pro Plugin Update System Was Hijacked to Push Backdoored Versions
Covert PDF Exploitation: Hackers Use Adobe Acrobat Reader for Targeted Payload Delivery
Stolen Credentials Are Turning Authentication Systems Into Attack Surfaces
Microsoft’s Communication Breakdown Leaves Developers Locked Out Without Warning
Google Enhances Chrome Security with Device Bound Session Credentials
New Bypass Technique Bypasses Apple’s AI Safeguards
ChipSoft’s Website Goes Offline After Ransomware Attack While Email Stays Operational
Telehealth Company Hims & Hers Health Discloses Data Breach Involving Support Tickets
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat
Docker Engine Vulnerability CVE-2026-34040 Allows Attackers to Bypass Authorization
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
Anthropic’s Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
Trent AI Emerges From Stealth With $13 Million in Funding
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Automated Pentesting Tools Fall Short Past the “PoC Cliff”
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
Exchange Online Mailbox Access Issues Impact Outlook Users
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
How Artificial Intelligence is Being Integrated into Security Operations
Cybersecurity
How Artificial Intelligence is Being Integrated into Security Operations
Mitchell Langley December 31, 2025
As AI becomes a fixture in Security Operations Centers (SOCs), aligning its role with operational processes remains a challenge, affecting its effective deployment and value ...
Mustang Panda’s Novel Kernel-Mode Rootkit Used in Mid-2025 Cyber Attack Analysis
Application Security
Mustang Panda’s Novel Kernel-Mode Rootkit Used in Mid-2025 Cyber Attack Analysis
Gabby Lee December 31, 2025
Mustang Panda leverages a kernel-mode rootkit and a new TONESHELL backdoor variant in a mid-2025 cyber attack on an Asian entity, as reported by Kaspersky.
Coupang to Distribute $1.17 Billion in Vouchers Following Data Breach
Cybersecurity
Coupang to Distribute $1.17 Billion in Vouchers Following Data Breach
Gabby Lee December 29, 2025
Coupang addresses a data breach affecting 33.7 million users by issuing $1.17 billion in vouchers, aiming to restore trust and mitigate the breach impacts.
Renewed Exploitation of FortiOS Two-Factor Authentication Bypass
CVE Vulnerability Alerts
Renewed Exploitation of FortiOS Two-Factor Authentication Bypass
Mitchell Langley December 29, 2025
Fortinet has flagged a resurgence in the exploitation of CVE-2020-12812, a vulnerability in FortiOS that allows attackers to bypass two-factor authentication. This poses significant risks ...
Lovely Extortion Group Claims Massive Data Breach at Conde Nast
News
Lovely Extortion Group Claims Massive Data Breach at Conde Nast
Gabby Lee December 29, 2025
The extortion threat to Conde Nast by the criminal group, Lovely, emphasizes the vulnerability of major publishers to cyberattacks. Lovely claims to have unauthorized access ...
Ransomware Attack Disrupts Operations at Romania's Oltenia Energy Complex During Christmas
Cybersecurity
Ransomware Attack Disrupts Operations at Romania’s Oltenia Energy Complex During Christmas
Andrew Doyle December 29, 2025
Oltenia Energy Complex, Romania's primary coal-based energy producer, faced a ransomware attack on the second day of Christmas, severely impacting its IT infrastructure and highlighting ...
OWASP’s Agentic AI Top 10 Highlights Emerging Security Threats
Cybersecurity
OWASP’s Agentic AI Top 10 Highlights Emerging Security Threats
Gabby Lee December 29, 2025
OWASP introduces vulnerabilities impacting AI systems, emphasizing agent tool attacks. Koi Security's assessments illustrate real incidents linked to this list.
Korean Air Data Breach Exposes Thousands of Employee Records via KC&D Hack
Data Security
Korean Air Data Breach Exposes Thousands of Employee Records via KC&D Hack
Mitchell Langley December 29, 2025
Korean Air encountered a significant data security breach affecting thousands of employees following an attack on its supplier, Korean Air Catering & Duty-Free, leading to ...
Why Cybersecurity Is Critical to Vendor Risk Management
Blog
Why Cybersecurity is Critical to Vendor Risk Management
Gabby Lee December 29, 2025
As organizations rely more on third-party vendors, cybersecurity has become central to vendor risk management. Understanding evolving supply-chain threats, assessing vendor security posture, and implementing ...
Sax Accounting Firm's Year-long Investigation Exposes Data Breach Affecting 220,000
Information Security
Sax Accounting Firm’s Year-long Investigation Exposes Data Breach Affecting 220,000
Gabby Lee December 29, 2025
Sax, a major US accounting firm, has disclosed a data breach affecting over 220,000 clients, revealing vulnerabilities in their data security systems after a protracted ...
Arrest Linked to KMSAuto Malware Campaign That Hit 2.8 Million Systems
Cybersecurity
Arrest Linked to KMSAuto Malware Campaign That Hit 2.8 Million Systems
Andrew Doyle December 29, 2025
Authorities arrest a Lithuanian individual suspected of deploying clipboard-stealer malware through KMSAuto, impacting 2.8 million computers. The tool, camouflaged as a utility for unauthorized Windows ...
Trust Wallet Compromise Results in $7 Million Loss from Crypto Accounts
Data Security
Trust Wallet Compromise Results in $7 Million Loss from Crypto Accounts
Mitchell Langley December 29, 2025
Trust Wallet users suffer a $7M loss after a targeted attack on the browser extension impacts 3,000 crypto addresses just before Christmas.
Ex-Coinbase Support Agent in India Arrested for Involvement in Data Theft
Data Security
Ex-Coinbase Support Agent in India Arrested for Involvement in Data Theft
Gabby Lee December 29, 2025
A former Coinbase agent in India was detained for aiding hackers to infiltrate company databases, allowing unlawful access to sensitive client data.
Spotify Disables User Accounts to Combat Massive Data Scraping
Data Security
Spotify Disables User Accounts to Combat Massive Data Scraping
Andrew Doyle December 29, 2025
Spotify took action against data scraping by deactivating accounts after Anna’s Archive released data on 86 million songs from its platform.
Ubisoft's Rainbow Six Siege Breach Enables Hackers to Exploit Internal Systems
Application Security
Ubisoft’s Rainbow Six Siege Breach Enables Hackers to Exploit Internal Systems
Mitchell Langley December 28, 2025
Rainbow Six Siege faces a security breach allowing hackers to manipulate in-game systems, impacting player bans and economic balance, compromising integrity.
Hackers Breach Condé Nast Systems, Exposing WIRED Subscriber Data
Cybersecurity
Hackers Breach Condé Nast Systems, Exposing WIRED Subscriber Data
Gabby Lee December 28, 2025
A hacker claims responsibility for a breach at Condé Nast, exposing over 2.3 million WIRED subscriber records. The attacker threatens to release up to 40 ...
Malicious NPM Package ‘Lotusbail’ Targets WhatsApp Credentials
Application Security
Malicious NPM Package ‘Lotusbail’ Targets WhatsApp Credentials
Gabby Lee December 28, 2025
The malicious NPM package ‘Lotusbail’ covertly stole WhatsApp credentials through a backdoor. With more than 56,000 downloads over a six-month period, it emphasized the need ...
LangChain Core Critical Vulnerability Risks for Data Security and LLM Integrity
Application Security
LangChain Core Critical Vulnerability: Risks for Data Security and LLM Integrity
Andrew Doyle December 28, 2025
Critical LangChain Core flaw may enable data theft and LLM response manipulation, impacting system security and integrity.
Cyber Espionage Campaign Involving a China-Linked APT Utilizing DNS Poisoning (1)
Cybersecurity
Cyber Espionage Campaign Involving a China-Linked APT Utilizing DNS Poisoning
Mitchell Langley December 28, 2025
Kaspersky has attributed a China-linked advanced persistent threat group with a DNS poisoning technique to deploy the MgBot backdoor for cyber espionage in Türkiye, China, ...
Aflac Confirms Data Breach Impacting Over 22 Million Customers
Data Security
Aflac Confirms Data Breach Impacting Over 22 Million Customers
Gabby Lee December 28, 2025
A data breach at Aflac has exposed sensitive personal information of over 22 million customers. The company confirmed detecting unusual activities on its systems in ...
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Cybersecurity
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Mitchell Langley April 10, 2026
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Cybersecurity
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Gabby Lee April 10, 2026
Chaos Malware Expands Its Reach to Cloud Deployments
Cybersecurity
Chaos Malware Expands Its Reach to Cloud Deployments
Gabby Lee April 10, 2026
Qilin Ransomware Group Targets German Political Party Die Linke
News
Qilin Ransomware Group Targets German Political Party Die Linke
Mitchell Langley April 7, 2026

TOP CYBERSECURITY HEADLINES

Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
Cybersecurity
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Application Security
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
Cybersecurity
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Cybersecurity
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking

This Week’s Security Spotlight

New Bypass Technique Bypasses Apple's AI Safeguards
Application Security
New Bypass Technique Bypasses Apple’s AI Safeguards
Gabby Lee April 10, 2026
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Cybersecurity
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Mitchell Langley April 8, 2026
Bogus Traffic Violation Text Scam Targeting Americans
News
Bogus Traffic Violation Text Scam Targeting Americans
Andrew Doyle April 7, 2026
Apple Rolls Out DarkSword Exploit Protection to More Devices
Cybersecurity
Apple Rolls Out DarkSword Exploit Protection to More Devices
Mitchell Langley April 3, 2026
More In News
Trending
Bogus Traffic Violation Text Scam Targeting Americans
EvilTokens Kit Uses Device Code Phishing to Target Microsoft Accounts
Ukrainian CERT Impersonated in Phishing Campaign Distributing AGEWHEEZE
New Phishing Techniques Threaten TikTok Business Account Security

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
FireCompass Raises $20M to Scale AI-Powered Offensive Security
September 8, 2025
Podcasts
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems
September 8, 2025
Podcasts
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto
September 8, 2025

Cyber Security News

Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido's Full Customer Database
Cybersecurity
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido’s Full Customer Database
March 2, 2026
'Sandworm_Mode' Supply Chain Attack Hits the NPM Ecosystem
Cybersecurity
‘Sandworm_Mode’ Supply Chain Attack Hits the NPM Ecosystem
February 25, 2026
ICO Fines Reddit £14.47 Million for Failing to Protect Children's Data
Cybersecurity
ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Data
February 25, 2026
ShinyHunters Leak Exposes Millions of CarGurus User Records
Cybersecurity
ShinyHunters Leak Exposes Millions of CarGurus User Records
February 25, 2026
RoguePilot Vulnerability in GitHub Codespaces Has Been Patched by Microsoft
Cybersecurity
RoguePilot Vulnerability in GitHub Codespaces Has Been Patched by Microsoft
February 25, 2026
Broadcom Releases Patches for VMware Aria Operations Vulnerabilities
Cybersecurity
Broadcom Releases Patches for VMware Aria Operations Vulnerabilities
February 25, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Renewed Exploitation of FortiOS Two-Factor Authentication Bypass
December 29, 2025
Fortinet has flagged a resurgence in the exploitation of CVE-2020-12812, a vulnerability in FortiOS that allows attackers to bypass two-factor authentication. This poses significant risks ...
Lovely Extortion Group Claims Massive Data Breach at Conde Nast
December 29, 2025
The extortion threat to Conde Nast by the criminal group, Lovely, emphasizes the vulnerability of major publishers to cyberattacks. Lovely claims to have unauthorized access ...
Ransomware Attack Disrupts Operations at Romania’s Oltenia Energy Complex During Christmas
December 29, 2025
Oltenia Energy Complex, Romania's primary coal-based energy producer, faced a ransomware attack on the second day of Christmas, severely impacting its IT infrastructure and highlighting ...
OWASP’s Agentic AI Top 10 Highlights Emerging Security Threats
December 29, 2025
OWASP introduces vulnerabilities impacting AI systems, emphasizing agent tool attacks. Koi Security's assessments illustrate real incidents linked to this list.
Korean Air Data Breach Exposes Thousands of Employee Records via KC&D Hack
December 29, 2025
Korean Air encountered a significant data security breach affecting thousands of employees following an attack on its supplier, Korean Air Catering & Duty-Free, leading to ...
Why Cybersecurity is Critical to Vendor Risk Management
December 29, 2025
As organizations rely more on third-party vendors, cybersecurity has become central to vendor risk management. Understanding evolving supply-chain threats, assessing vendor security posture, and implementing ...
Sax Accounting Firm’s Year-long Investigation Exposes Data Breach Affecting 220,000
December 29, 2025
Sax, a major US accounting firm, has disclosed a data breach affecting over 220,000 clients, revealing vulnerabilities in their data security systems after a protracted ...
Arrest Linked to KMSAuto Malware Campaign That Hit 2.8 Million Systems
December 29, 2025
Authorities arrest a Lithuanian individual suspected of deploying clipboard-stealer malware through KMSAuto, impacting 2.8 million computers. The tool, camouflaged as a utility for unauthorized Windows ...
Trust Wallet Compromise Results in $7 Million Loss from Crypto Accounts
December 29, 2025
Trust Wallet users suffer a $7M loss after a targeted attack on the browser extension impacts 3,000 crypto addresses just before Christmas.
Ex-Coinbase Support Agent in India Arrested for Involvement in Data Theft
December 29, 2025
A former Coinbase agent in India was detained for aiding hackers to infiltrate company databases, allowing unlawful access to sensitive client data.
Spotify Disables User Accounts to Combat Massive Data Scraping
December 29, 2025
Spotify took action against data scraping by deactivating accounts after Anna’s Archive released data on 86 million songs from its platform.
Ubisoft’s Rainbow Six Siege Breach Enables Hackers to Exploit Internal Systems
December 28, 2025
Rainbow Six Siege faces a security breach allowing hackers to manipulate in-game systems, impacting player bans and economic balance, compromising integrity.
Hackers Breach Condé Nast Systems, Exposing WIRED Subscriber Data
December 28, 2025
A hacker claims responsibility for a breach at Condé Nast, exposing over 2.3 million WIRED subscriber records. The attacker threatens to release up to 40 ...
Malicious NPM Package ‘Lotusbail’ Targets WhatsApp Credentials
December 28, 2025
The malicious NPM package ‘Lotusbail’ covertly stole WhatsApp credentials through a backdoor. With more than 56,000 downloads over a six-month period, it emphasized the need ...
LangChain Core Critical Vulnerability: Risks for Data Security and LLM Integrity
December 28, 2025
Critical LangChain Core flaw may enable data theft and LLM response manipulation, impacting system security and integrity.
Cyber Espionage Campaign Involving a China-Linked APT Utilizing DNS Poisoning
December 28, 2025
Kaspersky has attributed a China-linked advanced persistent threat group with a DNS poisoning technique to deploy the MgBot backdoor for cyber espionage in Türkiye, China, ...
Aflac Confirms Data Breach Impacting Over 22 Million Customers
December 28, 2025
A data breach at Aflac has exposed sensitive personal information of over 22 million customers. The company confirmed detecting unusual activities on its systems in ...
Grubhub Users Face Sophisticated Phishing Scam Promising Bitcoin Payouts
December 28, 2025
Grubhub customers received deceptive messages, seemingly from a company email, promising tenfold bitcoin returns. This scam misled users into transferring cryptocurrency to a specific wallet.
Trust Wallet Urges Users to Update Chrome Extension Due to Security Incident
December 28, 2025
Trust Wallet experienced a critical security breach affecting its Google Chrome extension, leading to losses of approximately $7 million. Users are urged to update to ...
Active Exploitation of FortiOS SSL VPN Vulnerability CVE-2020-12812
December 28, 2025
Fortinet has identified ongoing exploitation of the five-year-old FortiOS SSL VPN flaw CVE-2020-12812, revealing it poses significant risks in specific configurations.
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
FleetWave Users Left Without Service After Chevin Takes Platform Offline
Authorities Crack a $45 Million Global Cryptocurrency Scam and Recover $12 Million
EngageLab SDK Vulnerability Threatens Millions of Android Cryptocurrency Wallets
Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs
New Extortion Crew Uses Phishing to Breach High-Value Corporations
Smart Slider 3 Pro Plugin Update System Was Hijacked to Push Backdoored Versions
Covert PDF Exploitation: Hackers Use Adobe Acrobat Reader for Targeted Payload Delivery
Stolen Credentials Are Turning Authentication Systems Into Attack Surfaces
Microsoft’s Communication Breakdown Leaves Developers Locked Out Without Warning
Google Enhances Chrome Security with Device Bound Session Credentials
New Bypass Technique Bypasses Apple’s AI Safeguards
ChipSoft’s Website Goes Offline After Ransomware Attack While Email Stays Operational
Telehealth Company Hims & Hers Health Discloses Data Breach Involving Support Tickets
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat