Cyber Security
Cybersecurity
Hackers Leak Sensitive Healthcare Data of 433,000 U.S. Doctors
Andrew Doyle
September 3, 2025
Hackers leaked data on 433,000 U.S. doctors, exposing names, addresses, and emails. Experts warn of phishing, identity theft, and ransomware risks targeting healthcare professionals and ...
Cybersecurity
Tea App Data Breach Exposes Sensitive Images
Gabby Lee
September 2, 2025
Tea Dating Advice confirmed a July 2025 breach affecting 4,244 users, exposing sensitive PII, identity documents, and private images, raising concerns over larger-scale data exposure.
Application Security
NCSC Warns of Malware Campaign Using Fake PDF Editors
Mitchell Langley
September 2, 2025
The NCSC uncovered a malware campaign using fake PDF editors and manual finder tools to turn devices into residential proxies, enabling criminals to mask their ...
Cybersecurity
TransUnion Data Breach Exposes Personal Information of 4.4 Million
Gabby Lee
September 2, 2025
TransUnion confirmed a cyberattack exposing data of over 4.4 million U.S. consumers, tied to Salesforce breaches attributed to ShinyHunters and UNC6395 extortion groups.
Application Security
Brokewell Android Malware Spread Through Fake TradingView Ads
Andrew Doyle
September 2, 2025
Cybercriminals are exploiting Meta’s ad network to push fake TradingView Premium apps that secretly install Brokewell malware on Android devices, stealing data and hijacking user ...
Cybersecurity
SentinelOne Q3 Revenue Jumps 22% Amid Cybersecurity Surge
Andrew Doyle
September 2, 2025
SentinelOne has raised its annual revenue forecast amid surging demand for AI-driven cybersecurity. With its Singularity platform and growing ARR surpassing $1 billion, the company ...
Cybersecurity
U.S. and Allies Expose Salt Typhoon Cyber Espionage Network
Mitchell Langley
September 2, 2025
A sweeping international advisory accuses Chinese tech firms of fueling cyber espionage campaigns tied to Salt Typhoon and related groups. The attacks span telecom networks, ...
Cybersecurity
Senator Wyden Demands Independent Cybersecurity Review of Federal Courts
Gabby Lee
September 2, 2025
A wave of breaches exposing sealed court records and confidential informant data has drawn sharp criticism of the judiciary’s outdated IT. Senator Ron Wyden is ...
Endpoint Security
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
Andrew Doyle
September 2, 2025
A DHS audit prompted FEMA to fire 24 staff, including top IT leaders, over cybersecurity failures such as weak authentication and outdated protocols, highlighting federal ...
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley
September 2, 2025
A ransomware attack on Maryland’s Mobility paratransit system has disrupted critical transportation for disabled residents, blocking new reservations and rebookings. While core transit services remain ...
Application Security
Critical SharePoint Zero-Day Exploited: Immediate Steps Against CVE-2025-53770 Vulnerability
Gabby Lee
September 2, 2025
A critical zero-day in Microsoft SharePoint, tracked as CVE-2025-53770, is being widely exploited in espionage and ransomware campaigns. Dubbed “ToolShell,” the flaw enables unauthenticated remote ...
Cybersecurity
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
Gabby Lee
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Cybersecurity
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
Andrew Doyle
August 28, 2025
CPAP’s systems were breached in December 2024, exposing names, SSNs, and protected health information for over 90,000 individuals including military beneficiaries.
Cybersecurity
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
Mitchell Langley
August 28, 2025
Healthcare Services Group reports a late-2024 intrusion that exposed personal data for 624,000 people; company offers identity protection and continues forensic investigations.
Cybersecurity
PromptLock Ransomware Uses AI to Encrypt and Steal Data
Gabby Lee
August 28, 2025
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights risks of weaponized AI in ...
Application Security
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Andrew Doyle
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Cybersecurity
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Gabby Lee
August 28, 2025
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand of 1.5 BTC was reported.
Cybersecurity
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Mitchell Langley
August 28, 2025
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple AI platforms.
Cybersecurity
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Andrew Doyle
August 28, 2025
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not impacted, CNIL was notified.
Cybersecurity
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
Gabby Lee
August 28, 2025
A critical SSRF in Docker Desktop (CVE-2025-9074) let containers reach the Docker Engine API and bind host storage; Docker issued Docker Desktop 4.44.3 to fix ...
Cybersecurity
Apple Warns Users of Sophisticated Spyware Attacks Across Multiple Countries
Mitchell Langley
September 15, 2025
Cybersecurity
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
Gabby Lee
September 4, 2025
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley
September 2, 2025
News
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
Gabby Lee
August 19, 2025
TOP CYBERSECURITY HEADLINES
This Week’s Security Spotlight
Cybersecurity
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Andrew Doyle
September 4, 2025
Cybersecurity
Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees
Mitchell Langley
September 3, 2025
Cybersecurity
SK Telecom Hit with Record US$96.9 Million Fine After Data Breach Exposes 23 Million Users
Gabby Lee
September 3, 2025
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Detection Tools
Cato Networks Acquires Aim Security to Bolster AI Defense in SASE
September 4, 2025
Cato Networks, a leader in Secure Access Service Edge (SASE), has made its first acquisition, purchasing Aim Security, an AI security startup founded in 2022. ...
Tidal Cyber Secures $10M to Advance Threat-Informed Defense
September 4, 2025
Cybersecurity startup Tidal Cyber, founded in 2022 by three former MITRE experts, has raised $10 million in Series A funding, bringing its total capital to ...
Disney Fined $10M for COPPA Violations Over Mislabeling Kids’ Content on YouTube
September 4, 2025
Disney has reached a $10 million settlement with the U.S. Federal Trade Commission (FTC) after being found in violation of the Children’s Online Privacy Protection ...
Google Patches 111 Android Flaws in September 2025, Including Two Zero-Days Under Attack
September 4, 2025
Google has released its September 2025 Android security patches, addressing a staggering 111 unique vulnerabilities, including two actively exploited zero-day flaws that are already being ...
Santa Fe County Website “Hack” Likely Based on Old Source Code
September 4, 2025
Hackers claimed to leak Santa Fe County’s website source code, but researchers found the data outdated, likely from the early 2010s, raising doubts about its ...
Salesforce Supply Chain Breach Hits Palo Alto Networks Customers
September 4, 2025
Palo Alto Networks confirmed exposure of customer records in a Salesforce breach via Drift tokens, as Unit 42 warned attackers mass-exfiltrated sensitive data and credentials ...
Google Warns of Sitecore Zero-Day: ViewState Deserialization Under Fire
September 4, 2025
A critical zero-day vulnerability, CVE-2025-53690, is being actively exploited in the wild, targeting Sitecore Experience Manager (XM) and Experience Platform (XP) systems deployed with outdated ...
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
September 4, 2025
Hackers breached Evertec’s Brazilian subsidiary Sinqia, attempting a $130 million theft via Pix. Using stolen vendor credentials, they initiated unauthorized transfers before operations were suspended ...
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
September 4, 2025
Cloudflare confirmed its Salesforce instance was breached through compromised SalesLoft and Drift integrations, exposing customer data in a campaign affecting 700+ companies. The company’s detailed ...
Exploring Ransomware EDR-Killer Tools: How New Tactics Undermine Endpoint Security
September 4, 2025
A new wave of EDR-killer tools is reshaping ransomware tactics, enabling groups like RansomHub, Medusa, and Blacksuit to disable endpoint defenses. By exploiting vulnerable drivers ...
Agentic AI Steals Spotlight at Black Hat 2025 with Real-Time Threat Response
September 4, 2025
Agentic AI took center stage at Black Hat USA 2025, marking a definitive pivot from conceptual discussions to real-world deployment. As the cybersecurity industry grapples ...
DHS Cuts $27M Cybersecurity Support: Impact on 19,000 Local Governments
September 4, 2025
The Department of Homeland Security (DHS) will halt $27 million in annual federal funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC) by the ...
TamperedChef Infostealer Delivered Through Fraudulent PDF Editor Ads
September 3, 2025
Cybercriminals used fraudulent Google Ads to spread a fake PDF Editor app delivering TamperedChef infostealer, leveraging code-signing certificates, residential proxy enrollment
Amazon Disrupts Midnight Blizzard Campaign Targeting Microsoft 365
September 3, 2025
Amazon disrupted a Midnight Blizzard campaign where Russian hackers used compromised websites, fake Cloudflare pages, and Microsoft device code abuse to target enterprise Microsoft 365 ...
Zscaler Data Breach Exposes Customer Information After Salesloft Drift Compromise
September 3, 2025
Zscaler confirmed a Salesforce data breach linked to the Salesloft Drift compromise, exposing customer information but not its core services. The incident highlights escalating OAuth ...
Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees
September 3, 2025
Hackers calling themselves Scattered LapSus Hunters threatened to leak Google databases unless two employees are dismissed, linking their demand to recent Salesforce-driven phishing attacks.
SK Telecom Hit with Record US$96.9 Million Fine After Data Breach Exposes 23 Million Users
September 3, 2025
SK Telecom has been fined $96.9 million after a breach exposed 23 million users’ data, marking the largest privacy penalty ever imposed on a South ...
Hackers Leak Sensitive Healthcare Data of 433,000 U.S. Doctors
September 3, 2025
Hackers leaked data on 433,000 U.S. doctors, exposing names, addresses, and emails. Experts warn of phishing, identity theft, and ransomware risks targeting healthcare professionals and ...
Brokewell Malware Targets Android Users via Fake TradingView Ads on Meta
September 2, 2025
A new and highly sophisticated Android malware campaign, dubbed Brokewell, has emerged as one of the most dangerous mobile threats of 2024–2025. First spotted in ...
Von der Leyen and Shapps Flights Hit by Suspected Russian Electronic Warfare
September 2, 2025
Aviation safety and geopolitics collided when multiple flights carrying high-ranking European and UK officials were hit by suspected Russian GPS jamming. European Commission President Ursula ...