Cyber Security
ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently
Apple Hide My Email Still Leaks Real Addresses After Claimed Fix
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Unit 42 Confirms 13,000 Malicious Phantom Squatting Sites
Trump Administration Lifts Claude Fable 5 Access Restrictions
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
DeepSeek Built Browser Ransomware Using Chrome File System API
Scattered Spider Suspect Peter Stokes Extradited From Finland
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
BioShocking Attack Turns AI Browsers Into Credential Thieves
Working Exploit Published for LoadMaster CVE-2026-8037 RCE
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
Three Daktronics Controller Flaws Allow Remote Highway Sign Hijack
Gitea CVE-2026-20896 Auth Bypass Exploited via One HTTP Header
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store
VBS File Campaign Uses WhatsApp for Multi-Stage Malware Deployment
Application Security
VBS File Campaign Uses WhatsApp for Multi-Stage Malware Deployment
New campaign exploits WhatsApp to spread Visual Basic Script files, forming a multi-stage infection chain.
Android Malware NoVoice Found Hiding Across 50 Apps on Google Play
Application Security
Android Malware NoVoice Found Hiding Across 50 Apps on Google Play
Android malware NoVoice was stealthily embedded in over 50 apps on Google Play.
UK Government Allocates £630,000 for Digital Identity Card Discussion
Cybersecurity
UK Government Allocates £630,000 for Digital Identity Card Discussion
The UK government is investing £630,000 in a panel to examine digital identity card plans, aiming for diverse perspectives and trade-offs.
Hacker Charged in $55 Million Cryptocurrency Heist Involving Smart Contract Exploit
Cybersecurity
Hacker Charged in $55 Million Cryptocurrency Heist Involving Smart Contract Exploit
Investigators uncover how Jonathan Spalletta leveraged smart contract vulnerabilities, resulting in a major cryptocurrency theft that brought down the...
UNC1069 Linked to Axios NPM Supply Chain Attack for Financial Intrusion
Cybersecurity
UNC1069 Linked to Axios NPM Supply Chain Attack for Financial Intrusion
Google attributes Axios npm attack to North Korean threat group UNC1069, aiming for financial theft.
The Doctor No Problem Is Changing the Face of Enterprise Security
Cybersecurity
The “Doctor No” Problem Is Changing the Face of Enterprise Security
The controversial "Doctor No" role in security operations highlights a shift from mere obstruction to strategic decision-making.
Open VSX Bug Allowed Malicious VS Code Extensions Into the Registry
Cybersecurity
Open VSX Bug Allowed Malicious VS Code Extensions Into the Registry
Cybersecurity experts reveal details of an Open VSX scanning flaw that allowed malicious VS Code extensions to pass vetting and enter the registry.
OpenAI Introduces a Bug Bounty Program Targeting Safety Risks and Exploitable Issues
Cybersecurity
OpenAI Introduces a Bug Bounty Program Targeting Safety Risks and Exploitable Issues
OpenAI initiates a bug bounty program to uncover and mitigate abuse and safety vulnerabilities.
New Phishing Techniques Threaten TikTok Business Account Security
News
New Phishing Techniques Threaten TikTok Business Account Security
Cybercriminals use phishing tactics to hijack TikTok business accounts.
US and UK Seek Advanced Tech to Counter Underwater Drone Threats
Cybersecurity
US and UK Seek Advanced Tech to Counter Underwater Drone Threats
US and UK aim to strengthen maritime defense against underwater drones.
AFC Ajax Data Breach Exposed Systems and Allowed Intruder Control
Cybersecurity
AFC Ajax Data Breach Exposed Systems and Allowed Intruder Control
AFC Ajax confirms a significant data breach that exposed vulnerabilities in its internal systems, enabling unauthorized access.
TP-Link Routers Receive Patches for High-Severity Security Flaws
Cybersecurity
TP-Link Routers Receive Patches for High-Severity Security Flaws
TP-Link patches high-severity router flaws that could enable authentication bypass, arbitrary command execution, and configuration file decryption.
Cloudflare-Themed Scam Targets Macs With Infiniti Stealer Malware
Cybersecurity
Cloudflare-Themed Scam Targets Macs With Infiniti Stealer Malware
Cloudflare-themed attack uses ClickFix tactics to deliver Python-based Infiniti stealer on macOS systems.
Infinity Stealer Malware Takes Aim at macOS Systems
Cybersecurity
Infinity Stealer Malware Takes Aim at macOS Systems
New malware, Infinity Stealer, targeting macOS via Python payload compiled with Nuitka.
Iranian Hackers Breach FBI Director's Personal Email Account
Cybersecurity
Iranian Hackers Breach FBI Director’s Personal Email Account
Iranian-backed hackers penetrated FBI director's email, leaked sensitive information online.
Russian-Affiliated Attackers Deploy DarkSword Exploit Kit Targeting iOS Devices
News
Russian-Affiliated Attackers Deploy DarkSword Exploit Kit Targeting iOS Devices
Russian-based TA446 group wields DarkSword to compromise iOS devices, escalating cybersecurity threats.
European Commission Responds to Cloud Infrastructure Cyberattack
Cybersecurity
European Commission Responds to Cloud Infrastructure Cyberattack
The European Commission contained a cyberattack affecting its cloud infrastructure, ensuring no internal network disruption to Europa.eu websites.
Smart Slider 3 Plugin Flaw Lets Subscriber-Level Users Access Server Files
Application Security
Smart Slider 3 Plugin Flaw Lets Subscriber-Level Users Access Server Files
Security flaw in Smart Slider 3 WordPress plugin risks unauthorized file access across more than 800,000 websites.
Apple Alerts Users to Update Outdated iPhones and iPads Due to Active Web-Based Threats
Cybersecurity
Apple Alerts Users to Update Outdated iPhones and iPads Due to Active Web-Based Threats
Apple is urging iOS and iPadOS users to update their devices immediately due to active web-based security threats.
CareCloud Responds to a Potential Data Security Breach
Cybersecurity
CareCloud Responds to a Potential Data Security Breach
CareCloud investigates potential data breach in its electronic health record system, raising cybersecurity concerns.
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Hacker Charged in $55 Million Cryptocurrency Heist Involving Smart Contract Exploit
Investigators uncover how Jonathan Spalletta leveraged smart contract vulnerabilities, resulting in a major cryptocurrency theft that brought down the...
UNC1069 Linked to Axios NPM Supply Chain Attack for Financial Intrusion
Google attributes Axios npm attack to North Korean threat group UNC1069, aiming for financial theft.
The “Doctor No” Problem Is Changing the Face of Enterprise Security
The controversial "Doctor No" role in security operations highlights a shift from mere obstruction to strategic decision-making.
Open VSX Bug Allowed Malicious VS Code Extensions Into the Registry
Cybersecurity experts reveal details of an Open VSX scanning flaw that allowed malicious VS Code extensions to pass vetting and enter the registry.
OpenAI Introduces a Bug Bounty Program Targeting Safety Risks and Exploitable Issues
OpenAI initiates a bug bounty program to uncover and mitigate abuse and safety vulnerabilities.
New Phishing Techniques Threaten TikTok Business Account Security
Cybercriminals use phishing tactics to hijack TikTok business accounts.
US and UK Seek Advanced Tech to Counter Underwater Drone Threats
US and UK aim to strengthen maritime defense against underwater drones.
AFC Ajax Data Breach Exposed Systems and Allowed Intruder Control
AFC Ajax confirms a significant data breach that exposed vulnerabilities in its internal systems, enabling unauthorized access.
TP-Link Routers Receive Patches for High-Severity Security Flaws
TP-Link patches high-severity router flaws that could enable authentication bypass, arbitrary command execution, and configuration file decryption.
Cloudflare-Themed Scam Targets Macs With Infiniti Stealer Malware
Cloudflare-themed attack uses ClickFix tactics to deliver Python-based Infiniti stealer on macOS systems.
Infinity Stealer Malware Takes Aim at macOS Systems
New malware, Infinity Stealer, targeting macOS via Python payload compiled with Nuitka.
Iranian Hackers Breach FBI Director’s Personal Email Account
Iranian-backed hackers penetrated FBI director's email, leaked sensitive information online.
Russian-Affiliated Attackers Deploy DarkSword Exploit Kit Targeting iOS Devices
Russian-based TA446 group wields DarkSword to compromise iOS devices, escalating cybersecurity threats.
European Commission Responds to Cloud Infrastructure Cyberattack
The European Commission contained a cyberattack affecting its cloud infrastructure, ensuring no internal network disruption to Europa.eu websites.
Smart Slider 3 Plugin Flaw Lets Subscriber-Level Users Access Server Files
Security flaw in Smart Slider 3 WordPress plugin risks unauthorized file access across more than 800,000 websites.
Apple Alerts Users to Update Outdated iPhones and iPads Due to Active Web-Based Threats
Apple is urging iOS and iPadOS users to update their devices immediately due to active web-based security threats.
CareCloud Responds to a Potential Data Security Breach
CareCloud investigates potential data breach in its electronic health record system, raising cybersecurity concerns.
Cybercrime Group Targets Developers with Malicious Telnyx Package on PyPI
Cybercrime group associated with Trivy attack uploads malicious Telnyx packages to PyPI aiming to deploy credential-stealing malware.
Hackers Exploit a Critical Citrix Vulnerability to Steal Sensitive Data
Critical Citrix vulnerability CVE-2026-3055 is targeted by attackers to steal data.
A Hidden Flaw in OpenAI ChatGPT Turns Conversations Into Data Leaks
New vulnerability in OpenAI ChatGPT allows secret data leaks.