Main Menu
Cyber Security
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
ShadowV2 Botnet: A Test Run Amidst AWS Outage
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
London Councils Face Cyberattack: Resident Data Potentially Compromised
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Gainsight Data Breach: Company Downplays Impact
HashJack Attack Unveils a New Cybersecurity Vulnerability
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Tor Introduces Counter Galois Onion Encryption for Improved Security
Microsoft Exchange Online Outage: Customer Access Disrupted
Delta Dental of Virginia Incident Exposes Personal and Health Information
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
SitusAMC Admits to Data Breach Impacting Client Information
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
Defensive Strategies Against New ClickFix Ransomware Tactics
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Harvard Experiences Data Breach via Vishing Attack
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Cybersecurity
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Andrew Doyle November 24, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies about the need to patch a vulnerability in Oracle Identity Manager identified as ...
Inside Job CrowdStrike Hacked by Insider Leaking Screenshots
Cybersecurity
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
Mitchell Langley November 23, 2025
CrowdStrike has confirmed an insider leaked internal screenshots to hackers. The incident, involving Scattered Lapsus$ Hunters, underscores the persistent insider threat in cybersecurity. As a ...
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
CVE Vulnerability Alerts
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
Gabby Lee November 23, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Mitchell Langley November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Cybersecurity
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Gabby Lee November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Application Security
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Andrew Doyle November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Mitchell Langley November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
Data Security
Italian Railway Data Breach Traced to Third-Party IT Compromise
Andrew Doyle November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
News
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Mitchell Langley November 21, 2025
APT24, a China-linked threat group, used a custom malware called BadAudio in a three-year surveillance operation, now evolving with advanced techniques.
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
News
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
Gabby Lee November 21, 2025
Thai authorities, helped by a tip from the FBI, have arrested a Russian hacking suspect in Phuket, linking the individual to major cyber breaches.
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
Application Security
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
Mitchell Langley November 21, 2025
The new Android malware dubbed Sturnus bypasses strong encryption in secure messaging apps by recording on-screen content and enabling full device control.
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Application Security
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Andrew Doyle November 21, 2025
A vulnerability in WhatsApp's contact discovery protocol exposed the risk of mass account enumeration, allowing attackers to confirm up to 3.5 billion accounts.
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Cybersecurity
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Gabby Lee November 21, 2025
The U.S. Securities and Exchange Commission has ended its litigation against SolarWinds and its CISO, closing a controversial chapter stemming from the 2020 SUNBURST attack.
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Cybersecurity
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Andrew Doyle November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat Palo Alto Networks CEO Predicts Security Overhaul by 2029
Cybersecurity
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Mitchell Langley November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
News
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
Andrew Doyle November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Cybersecurity
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Mitchell Langley November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
News
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
Gabby Lee November 21, 2025
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
News
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
Andrew Doyle November 21, 2025
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Application Security
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Mitchell Langley November 21, 2025
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
Asahi Cyberattack Exposes Extensive Data Breach A Blow to Japan's Brewer Giant
Cybersecurity
Asahi Cyberattack Exposes Extensive Data Breach: A Blow to Japan’s Brewer Giant
Gabby Lee November 28, 2025
Comcast's $1.5 Million Settlement in Data Breach Incident with FCC
Data Security
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
Andrew Doyle November 27, 2025
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Cybersecurity
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Andrew Doyle November 27, 2025
ShadowV2 Botnet A Test Run Amidst AWS Outage
Cybersecurity
ShadowV2 Botnet: A Test Run Amidst AWS Outage
Andrew Doyle November 27, 2025

TOP CYBERSECURITY HEADLINES

Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Cybersecurity
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Network Security
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Comcast's $1.5 Million Settlement in Data Breach Incident with FCC
Data Security
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC

This Week’s Security Spotlight

Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Mitchell Langley November 27, 2025
London Councils Face Cyberattack Resident Data Potentially Compromised
Cybersecurity
London Councils Face Cyberattack: Resident Data Potentially Compromised
Mitchell Langley November 27, 2025
Microsoft Exchange Online Outage Customer Access Disrupted
Cybersecurity
Microsoft Exchange Online Outage: Customer Access Disrupted
Gabby Lee November 26, 2025
Harvard Experiences Data Breach via Vishing Attack
Data Security
Harvard Experiences Data Breach via Vishing Attack
Gabby Lee November 25, 2025
More In News
Trending
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Microsoft Rushes Emergency Fix for WSUS Remote Code Execution Flaw (CVE-2025-59287)
October 27, 2025
Podcasts
Perplexity Comet AI Browser Launch Exploited in Coordinated Impersonation Scam
October 27, 2025
Podcasts
Lazarus Group Targets European UAV Firms in North Korea’s Drone Espionage Push
October 27, 2025

Cyber Security News

Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
Identity and Access Management
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
November 27, 2025
London Councils Face Cyberattack Resident Data Potentially Compromised
Cybersecurity
London Councils Face Cyberattack: Resident Data Potentially Compromised
November 27, 2025
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Cybersecurity
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
November 27, 2025
Gainsight Data Breach Company Downplays Impact
Cybersecurity
Gainsight Data Breach: Company Downplays Impact
November 27, 2025
HashJack Attack Unveils a New Cybersecurity Vulnerability
Cybersecurity
HashJack Attack Unveils a New Cybersecurity Vulnerability
November 26, 2025
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Cybersecurity
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
November 26, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
November 21, 2025
APT24, a China-linked threat group, used a custom malware called BadAudio in a three-year surveillance operation, now evolving with advanced techniques.
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
November 21, 2025
Thai authorities, helped by a tip from the FBI, have arrested a Russian hacking suspect in Phuket, linking the individual to major cyber breaches.
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
November 21, 2025
The new Android malware dubbed Sturnus bypasses strong encryption in secure messaging apps by recording on-screen content and enabling full device control.
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
November 21, 2025
A vulnerability in WhatsApp's contact discovery protocol exposed the risk of mass account enumeration, allowing attackers to confirm up to 3.5 billion accounts.
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
November 21, 2025
The U.S. Securities and Exchange Commission has ended its litigation against SolarWinds and its CISO, closing a controversial chapter stemming from the 2020 SUNBURST attack.
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
November 21, 2025
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
November 21, 2025
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
November 21, 2025
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
November 21, 2025
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
November 21, 2025
Cybersecurity startup Mate has emerged from stealth with a $15.5M seed round to accelerate its enterprise-focused cloud security platform. The company plans to expand engineering, ...
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
November 21, 2025
Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
ShadowV2 Botnet: A Test Run Amidst AWS Outage
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
London Councils Face Cyberattack: Resident Data Potentially Compromised
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Gainsight Data Breach: Company Downplays Impact
HashJack Attack Unveils a New Cybersecurity Vulnerability
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Tor Introduces Counter Galois Onion Encryption for Improved Security
Microsoft Exchange Online Outage: Customer Access Disrupted
Delta Dental of Virginia Incident Exposes Personal and Health Information
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
SitusAMC Admits to Data Breach Impacting Client Information