Main Menu
Cyber Security
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Indian Government Issues High-Severity Warning for Google Chrome Users
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Identity and Access Management
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Mitchell Langley November 3, 2025
Cybercriminals are increasingly exploiting the OAuth 2.0 device code flow to bypass multi-factor authentication, a tactic known as device code phishing. Researchers warn that while ...
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
Cybersecurity
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
Gabby Lee November 3, 2025
A sophisticated exploit has drained over $128 million from Balancer Protocol’s v2 liquidity pools, marking one of DeFi’s largest breaches this year. Attackers used flash ...
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
Microsoft has uncovered a new backdoor malware strain using OpenAI’s Assistants API as a covert command-and-control channel. The discovery marks one of the first cases ...
Indian Government Issues High-Severity Warning for Google Chrome Users
Application Security
Indian Government Issues High-Severity Warning for Google Chrome Users
Andrew Doyle November 3, 2025
CERT-In warns Chrome users in India to update immediately after multiple high-severity vulnerabilities were discovered that allow remote attackers to hijack systems via malicious webpages.
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Cybersecurity
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Mitchell Langley November 3, 2025
South Korea’s telecom giants SK Telecom, KT, and LG Uplus are facing severe cyberattacks, financial losses, and leadership shakeups, exposing systemic weaknesses in national telecom ...
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
Data Security
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
Gabby Lee November 3, 2025
Proton’s Data Breach Observatory uncovered 300 million stolen credentials circulating on the dark web, exposing corporations and individuals worldwide to identity theft and financial fraud ...
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
News
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
Andrew Doyle November 2, 2025
Ukrainian national Oleksii Lytvynenko has been extradited to the U.S. to face charges for aiding the Conti ransomware group, marking a major milestone in cross-border ...
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Data Security
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Andrew Doyle November 2, 2025
A data breach at the University of Pennsylvania has reportedly exposed the personal information of 1.2 million donors after a hacker—who began by emailing “we ...
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
Application Security
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
Mitchell Langley November 2, 2025
A credential leak in the Open VSX registry allowed attackers to publish malicious VS Code extensions, exposing a major supply chain risk. Swift token revocation ...
Australia Issues Urgent Warning as Cisco IOS XE Exploit Sees Ongoing Attacks
CVE Vulnerability Alerts
Australia Issues Urgent Warning as Cisco IOS XE Exploit Sees Ongoing Attacks
Gabby Lee November 2, 2025
Australian authorities have issued an urgent warning over active exploitation of CVE-2023-20198, a critical Cisco IOS XE flaw used to deploy the persistent “BadCandy” webshell. ...
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
Application Security
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
Mitchell Langley November 2, 2025
China-linked APT group Bronze Butler exploited a zero-day flaw in Motex Lanscope Endpoint Manager to deploy an upgraded Gokcpdoor malware variant in targeted Japanese organizations. ...
Google’s AI-Powered Search Signals the Return of Ads What it Means for Security and Strategy
Application Security
Google’s AI-Powered Search Signals the Return of Ads: What it Means for Security and Strategy
Gabby Lee November 2, 2025
Google is integrating advertising into its AI-powered Search Generative Experience (SGE), embedding sponsored results directly within AI summaries and answer boxes. The move redefines ad ...
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
News
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
Andrew Doyle November 2, 2025
China-linked APT group UNC6384 has launched a cyberespionage campaign exploiting a Windows zero-day flaw to infiltrate European diplomatic networks. Researchers say the operation, uncovered by ...
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
Cybersecurity
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
Andrew Doyle October 31, 2025
A misconfigured server at Reputation.com exposed 120 million internal logs containing session cookies and backend data, potentially allowing attackers to hijack customer social media accounts.
Hackers Claim Breach of Viz Media Executive Account, Exfiltrating 250GB of Corporate Data
Cybersecurity
Hackers Claim Breach of Viz Media Executive Account, Exfiltrating 250GB of Corporate Data
Mitchell Langley October 31, 2025
Hackers claim to have breached Viz Media’s vice president’s Google Drive, stealing 250GB of corporate data, credentials, and licensing documents now being sold on dark ...
Russian Police Arrest Teenagers Behind Meduza Infostealer Operation
Cybersecurity
Russian Police Arrest Teenagers Behind Meduza Infostealer Operation
Andrew Doyle October 31, 2025
Russian police arrested three teenagers behind the Meduza Infostealer operation, exposing a teenage-run malware service that stole credentials and state data across multiple systems.
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers
Application Security
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers
Gabby Lee October 31, 2025
CISA and NSA have issued new guidance to secure Microsoft Exchange servers, urging organizations to minimize exposure, disable legacy protocols, and adopt Zero Trust to ...
Former L3Harris Executive Admits to Selling Classified Cybersecurity Data to Russian Exploit Dealer
Cybersecurity
Former L3Harris Executive Admits to Selling Classified Cybersecurity Data to Russian Exploit Dealer
Andrew Doyle October 31, 2025
A former L3Harris executive pleaded guilty to leaking U.S. cyber exploit intelligence to a Russian broker. The insider threat case exposes severe national security and ...
WhatsApp Enhances Security With Passkey-Enforced Encrypted Chat Backups
Application Security
WhatsApp Enhances Security With Passkey-Enforced Encrypted Chat Backups
Mitchell Langley October 31, 2025
WhatsApp is rolling out passkey-encrypted backups for Android and iOS, securing chat history in the cloud with biometric or screen-lock authentication to enhance end-to-end encryption.
Critical “Brash” Vulnerability in Chromium’s Blink Engine Can Instantly Crash Browsers
Application Security
Critical “Brash” Vulnerability in Chromium’s Blink Engine Can Instantly Crash Browsers
Mitchell Langley October 30, 2025
A flaw in Chromium’s Blink engine, dubbed “Brash,” lets attackers crash browsers like Chrome and Edge with a single malicious URL, exposing a major denial-of-service ...
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Application Security
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Andrew Doyle November 7, 2025
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Cybersecurity
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Gabby Lee November 6, 2025
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Mitchell Langley November 6, 2025
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
News
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Mitchell Langley November 6, 2025

TOP CYBERSECURITY HEADLINES

Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
News
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Cybersecurity
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
Application Security
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Cybersecurity
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack

This Week’s Security Spotlight

Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Gabby Lee November 6, 2025
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Data Security
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Andrew Doyle November 2, 2025
More In News
Trending
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
11 Types of Social Engineering Attacks and How to Prevent Them
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Microsoft Rushes Emergency Fix for WSUS Remote Code Execution Flaw (CVE-2025-59287)
October 27, 2025
Podcasts
Perplexity Comet AI Browser Launch Exploited in Coordinated Impersonation Scam
October 27, 2025
Podcasts
Lazarus Group Targets European UAV Firms in North Korea’s Drone Espionage Push
October 27, 2025

Cyber Security News

Malware Learns to Think Google Warns of AI-Powered Evasive Techniques
Cybersecurity
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
November 6, 2025
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
November 6, 2025
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
Application Security
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
November 6, 2025
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
Information Security
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
November 6, 2025
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
Cybersecurity
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
November 6, 2025
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
Cybersecurity
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
November 6, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Indian Government Issues High-Severity Warning for Google Chrome Users
November 3, 2025
CERT-In warns Chrome users in India to update immediately after multiple high-severity vulnerabilities were discovered that allow remote attackers to hijack systems via malicious webpages.
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
November 3, 2025
South Korea’s telecom giants SK Telecom, KT, and LG Uplus are facing severe cyberattacks, financial losses, and leadership shakeups, exposing systemic weaknesses in national telecom ...
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
November 3, 2025
Proton’s Data Breach Observatory uncovered 300 million stolen credentials circulating on the dark web, exposing corporations and individuals worldwide to identity theft and financial fraud ...
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
November 2, 2025
Ukrainian national Oleksii Lytvynenko has been extradited to the U.S. to face charges for aiding the Conti ransomware group, marking a major milestone in cross-border ...
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
November 2, 2025
A data breach at the University of Pennsylvania has reportedly exposed the personal information of 1.2 million donors after a hacker—who began by emailing “we ...
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
November 2, 2025
A credential leak in the Open VSX registry allowed attackers to publish malicious VS Code extensions, exposing a major supply chain risk. Swift token revocation ...
Australia Issues Urgent Warning as Cisco IOS XE Exploit Sees Ongoing Attacks
November 2, 2025
Australian authorities have issued an urgent warning over active exploitation of CVE-2023-20198, a critical Cisco IOS XE flaw used to deploy the persistent “BadCandy” webshell. ...
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
November 2, 2025
China-linked APT group Bronze Butler exploited a zero-day flaw in Motex Lanscope Endpoint Manager to deploy an upgraded Gokcpdoor malware variant in targeted Japanese organizations. ...
Google’s AI-Powered Search Signals the Return of Ads: What it Means for Security and Strategy
November 2, 2025
Google is integrating advertising into its AI-powered Search Generative Experience (SGE), embedding sponsored results directly within AI summaries and answer boxes. The move redefines ad ...
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
November 2, 2025
China-linked APT group UNC6384 has launched a cyberespionage campaign exploiting a Windows zero-day flaw to infiltrate European diplomatic networks. Researchers say the operation, uncovered by ...
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
October 31, 2025
A misconfigured server at Reputation.com exposed 120 million internal logs containing session cookies and backend data, potentially allowing attackers to hijack customer social media accounts.
Hackers Claim Breach of Viz Media Executive Account, Exfiltrating 250GB of Corporate Data
October 31, 2025
Hackers claim to have breached Viz Media’s vice president’s Google Drive, stealing 250GB of corporate data, credentials, and licensing documents now being sold on dark ...
Russian Police Arrest Teenagers Behind Meduza Infostealer Operation
October 31, 2025
Russian police arrested three teenagers behind the Meduza Infostealer operation, exposing a teenage-run malware service that stole credentials and state data across multiple systems.
Trend Vision One Identity Security Review: Unified Identity-Centric Threat Detection and Risk Management for the Enterprise
October 31, 2025
Trend Vision One Identity Security delivers unified visibility into human and non-human identities, posture assessment and threat detection across cloud, hybrid and on-premises infrastructure for ...
CISA and NSA Issue Joint Guidance to Secure Microsoft Exchange Servers
October 31, 2025
CISA and NSA have issued new guidance to secure Microsoft Exchange servers, urging organizations to minimize exposure, disable legacy protocols, and adopt Zero Trust to ...
Former L3Harris Executive Admits to Selling Classified Cybersecurity Data to Russian Exploit Dealer
October 31, 2025
A former L3Harris executive pleaded guilty to leaking U.S. cyber exploit intelligence to a Russian broker. The insider threat case exposes severe national security and ...
WhatsApp Enhances Security With Passkey-Enforced Encrypted Chat Backups
October 31, 2025
WhatsApp is rolling out passkey-encrypted backups for Android and iOS, securing chat history in the cloud with biometric or screen-lock authentication to enhance end-to-end encryption.
Critical “Brash” Vulnerability in Chromium’s Blink Engine Can Instantly Crash Browsers
October 30, 2025
A flaw in Chromium’s Blink engine, dubbed “Brash,” lets attackers crash browsers like Chrome and Edge with a single malicious URL, exposing a major denial-of-service ...
CISA Adds XWiki and Broadcom VMware Flaws to Known Exploited Vulnerabilities Catalog
October 30, 2025
CISA has added critical XWiki and VMware vulnerabilities to its Known Exploited list, confirming active attacks and urging immediate patching under federal security mandates.
OpenAI Upgrades GPT-5 to Better Handle Conversations Involving Emotional Distress
October 30, 2025
OpenAI’s October GPT-4 update improves how the model handles emotionally charged conversations. The upgrade enhances safety, empathy, and redirection for users expressing distress while reducing ...
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
U.S. Sanctions North Korean Financial Network Over Cybercrime-Funded Weapons Program
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
Gootloader Resurfaces After Hiatus, Leveraging SEO Poisoning to Spread Malware
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
CISA Warns of Ongoing Exploitation of Critical CentOS Web Panel Flaw
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak