Cyber Security
News
Predatory Sparrow Drains and Burns $90M in Cyberattack on Iran’s Nobitex Exchange
Predatory Sparrow claims responsibility for a politically motivated cyberattack on Iran’s Nobitex exchange, draining and burning over $90 million in unusable cryptocurrency.
News
BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support Software
BeyondTrust patched a critical vulnerability (CVE-2025-5309) in its Remote Support software that allowed unauthenticated attackers to gain full remote code execution on servers.
News
Viasat Confirms Salt Typhoon Espionage Hack in 2024 U.S. Telecom Cyber Campaign
China-backed Salt Typhoon breached Viasat in a broader espionage campaign against U.S. telecoms ahead of the 2024 election, targeting both government and private networks.
News
Freedman Healthcare Hit by World Leaks Ransomware, Impacts 27 U.S. State Public Health Agencies
A World Leaks ransomware attack on Freedman Healthcare may expose over 42,000 sensitive files. The health tech firm supports data systems for 27 U.S. state ...
News
TP-Link Router Vulnerabilities Actively Exploited by Hackers, CISA Urges Immediate Disconnection
CISA warns of active exploitation targeting outdated TP-Link routers with command injection flaws. Users and federal agencies must act fast to avoid security breaches.
News
Scattered Spider Suspected in Erie Indemnity Attack as Insurance Sector Faces New Cyber Threat
Scattered Spider may have pivoted from retail to insurance, with Erie Indemnity likely its first U.S. victim. Experts urge insurers to prepare for advanced phishing ...
News
EDRi Calls for Complete Spyware Ban Across EU to Protect Democracy and Digital Rights
EDRi is calling for a full ban on spyware in the EU, warning that unchecked surveillance software threatens human rights, democratic institutions, and cybersecurity.
News
Washington Post Email Accounts Hacked in Suspected Nation-State Cyberattack
Several Washington Post journalists’ Microsoft email accounts were compromised in a cyberattack believed to be the work of a foreign government targeting national security reporting. ...
News
Hackers Shift Focus to U.S. Insurance Sector, Mimic Scattered Spider Playbook
Cybercriminals are now targeting the U.S. insurance sector with Scattered Spider-style tactics—experts warn of imminent threats involving phishing, SIM swapping, and MFA abuse.
News
Zoomcar Confirms Data Breach Impacting 8.4 Million Users Following Threat Actor Alert
Zoomcar has confirmed a cybersecurity breach affecting 8.4 million users, exposing names, contact details, and vehicle data—but not financial information or passwords.
News
Hackers Claim Breach of Scania’s Corporate Insurance Arm, 34,000 Files Allegedly Stolen
Hackers claim to have breached Scania’s corporate insurance arm, stealing 34,000 internal files. The targeted platform remains offline, citing maintenance.
News
Fasana Ransomware Attack Triggers Insolvency at 100-Year-Old German Manufacturer
A ransomware attack forced Germany’s century-old napkin manufacturer Fasana into insolvency, halting production, delaying salaries, and causing losses over €2 million in two weeks.
Cybersecurity
64 Million T-Mobile Customer Records Allegedly Exposed in New Data Leak
Hackers have claimed to leak a database containing 64 million records linked to T-Mobile, one of the largest mobile carriers ...
News
Debt Collection Breach at CCC Exposes Data of Over 9 Million Americans
A cyberattack on Credit Control Corporation exposed data of 9.1 million Americans, including personal and financial records. Attackers may exploit the information for targeted scams. ...
News
Yes24 Ransomware Attack Disrupts South Korea’s Entertainment Industry, Exposes Millions to Risk
A ransomware attack on Yes24, South Korea’s leading ticket platform, brought services to a halt, disrupted major K-pop events, and triggered fears over customer data ...
News
Cyberattack Disrupts WestJet Internal Systems, Airline Investigating with Authorities
A cyberattack on Canada’s second-largest airline, WestJet, disrupted internal systems and app access, prompting an ongoing investigation involving law enforcement and transport authorities.
News
Over 46,000 Grafana Instances Still Vulnerable to ‘Grafana Ghost’ Account Takeover Bug
A critical vulnerability in Grafana leaves over 46,000 internet-facing instances exposed to account hijacking and JavaScript injection through malicious plugin redirects.
News
Victoria’s Secret Restores Critical Systems Following Cyberattack That Delayed Q1 Earnings
Victoria’s Secret confirms full restoration of core systems after a May cyberattack disrupted corporate operations and forced a delay in the company’s Q1 earnings release. ...
News
Graphite Spyware Used in Zero-Click iOS Attacks on European Journalists
Citizen Lab confirms Paragon’s Graphite spyware exploited an iOS zero-day to launch zero-click attacks on European journalists through iMessage without any user interaction.
News
Password-Spraying Campaign Hits Over 80,000 Microsoft Entra ID Accounts with TeamFiltration Tool
Threat actor UNK_SneakyStrike used TeamFiltration to launch password-spraying attacks on over 80,000 Microsoft Entra ID accounts across hundreds of global organizations.
TOP CYBERSECURITY HEADLINES
SECURITYWEEK INDUSTRY EXPERTS
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Threat Actors
- Threat Detection Tools
- Uncategorized
New FileFix Attack Exploits Windows File Explorer to Deliver Stealthy Commands
A researcher has revealed a new FileFix attack that abuses Windows File Explorer’s address bar to stealthily execute commands, expanding on previous ClickFix phishing techniques. ...
Trojanized SonicWall NetExtender Client Targets VPN Credentials via Spoofed Sites
SonicWall and Microsoft have discovered a trojanized version of the NetExtender VPN client being distributed via spoofed websites, stealing remote access credentials from unsuspecting users. ...
Two Healthcare Data Breaches Expose Over 220,000 Records at Mainline Health and Select Medical
Mainline Health and Select Medical Holdings have disclosed separate data breaches impacting more than 220,000 individuals, with ransomware and third-party compromise behind the incidents.
New Spear Phishing Campaign Targets Financial Executives Using Legitimate Remote Access Tools
A sophisticated spear phishing campaign is targeting CFOs and finance leaders worldwide, using legitimate tools like NetBird and OpenSSH to quietly breach enterprise networks.
The Siemens-Microsoft Antivirus Dilemma Threatening OT Security
This episode examines a serious conflict between Siemens’ Simatic PCS industrial control systems and Microsoft Defender Antivirus. The absence of an “alert only” mode in ...
Prometei Botnet’s Global Surge: A Threat to Linux and Windows Systems Alike
Prometei is one of the most persistent and sophisticated botnet threats in circulation today. First identified in 2020—and active since at least 2016—this modular malware ...
UK Government Warns of £1.6 Million in Ticket Scams Ahead of Glastonbury Festival
Concertgoers in the UK have lost over £1.6 million to ticket fraud in 2024, prompting urgent warnings from the government as festival season begins.
Patient Trust on the Line: The Fallout from McLaren Health Care’s 2024 Breach
In this episode, we dive into the 2024 McLaren Health Care data breach that compromised the sensitive information of over 743,000 individuals—just one year after ...
170K-Record Database Exposes Unencrypted PII from Real Estate Sector
A misconfigured database tied to a U.S. real estate firm exposed 170,000 records of sensitive personal and internal data, including Social Security numbers and employment ...
NeuralTrust’s Echo Chamber: The AI Jailbreak That Slipped Through the Cracks
This podcast dives deep into one of the most pressing vulnerabilities in modern AI — the rise of sophisticated “jailbreaking” attacks against large language models ...
AT&T, Verizon, and Beyond: How Salt Typhoon Targets Global Telcos
In this episode, we dive deep into the alarming revelations about Salt Typhoon—a Chinese state-sponsored advanced persistent threat (APT) actor, also known as RedMike, Earth ...
Anubis Ransomware: A Destructive, Cross-Platform Threat
Anubis ransomware combines encryption and file-wiping capabilities, targeting Windows, Linux, and NAS systems with stealthy command-line execution and affiliate-driven campaigns across multiple industries.
Fake Microsoft, Netflix, & Apple Support: The Scam Lurking in Google Search
In this eye-opening episode, we break down a sophisticated new trend in tech support scams (TSS) that’s catching even the most cautious users off guard. ...
Steel Giant Nucor Confirms Data Theft in Recent Cybersecurity Breach
Nucor, North America’s largest steel producer, has confirmed data theft following a cybersecurity breach that temporarily disrupted operations and forced system shutdowns.
Chinese APT Group ‘Salt Typhoon’ Breaches Canadian Telecom Firm Using Cisco IOS XE Vulnerability
Canada confirms a state-sponsored breach in its telecom sector, where Salt Typhoon exploited an unpatched Cisco vulnerability to compromise devices and reroute sensitive network traffic. ...
Russia-Linked Hackers Deploy Sophisticated Social Engineering Attack and Evade MFA
Russian state-sponsored hackers targeted a critic of the Kremlin using a novel social engineering tactic that tricked the victim into bypassing multi-factor authentication protections.
16 Billion Passwords Exposed in Record-Breaking Breach: A Deep Dive into the Data Leak That Affects Everyone
A massive breach has exposed 16 billion login credentials, potentially affecting services like Facebook, Google, and Apple. This fresh infostealer data opens the door to ...
APT28 Hackers Use Signal to Target Ukraine with New Malware Families BeardShell and SlimAgent
Russian threat group APT28 is using Signal messages to deliver new malware—BeardShell and SlimAgent—targeting Ukrainian government entities through sophisticated phishing and loader tactics.
Anubis Ransomware Gang Claims 64GB Disneyland Paris Leak in Alleged Construction Data Breach
Anubis ransomware group claims to hold 64GB of Disneyland Paris data, including engineering plans and behind-the-scenes content, though the source and sensitivity remain unclear.
Oxford City Council Cyberattack Exposes Two Decades of Election Worker Data
Oxford City Council has confirmed a cybersecurity breach involving legacy systems, exposing election worker data from 2001 to 2022 after detecting unauthorized access to its ...