Main Menu
Cyber Security
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
CVE Vulnerability Alerts
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
Mitchell Langley March 12, 2026
Two critical security vulnerabilities in n8n automation platform have been patched.
Google Cloud Strengthens Its Position with the $32 Billion Acquisition of Wiz
Cybersecurity
Google Cloud Strengthens Its Position with the $32 Billion Acquisition of Wiz
Andrew Doyle March 12, 2026
Google completes $32 billion acquisition of cloud security leader Wiz, expanding its cybersecurity capabilities.
Fake Starlink Android Apps Spread BeatBanker Malware
Cybersecurity
Fake Starlink Android Apps Spread BeatBanker Malware
Gabby Lee March 12, 2026
BeatBanker Android malware targets users through fake apps.
ELECQ Data Breach May Have Exposed EV Charger Users' Private Information
Cybersecurity
ELECQ Data Breach May Have Exposed EV Charger Users’ Private Information
Mitchell Langley March 11, 2026
ELECQ warns of potential data theft after ransomware attack on its cloud systems.
Ericsson Inc. Faces Data Breach Through a Third-Party Service Provider
Cybersecurity
Ericsson Inc. Faces Data Breach Through a Third-Party Service Provider
Andrew Doyle March 11, 2026
Ericsson Inc. reports data theft affecting employees and customers due to a service provider breach.
Malicious npm Package Disguises as OpenClaw Installer for Data Theft
Application Security
Malicious npm Package Disguises as OpenClaw Installer for Data Theft
Andrew Doyle March 11, 2026
New npm threat involves package posing as OpenClaw installer deploying RAT to steal sensitive data.
ShinyHunters Breaches Salesforce and 100 Companies Using Mandiant's Own Tool
Application Security
ShinyHunters Breaches Salesforce and 100 Companies Using Mandiant’s Own Tool
Mitchell Langley March 11, 2026
ShinyHunters claims responsibility for a high-profile data breach affecting Salesforce and other major companies, utilizing an open-source tool develo...
Salesforce's Experience Cloud Platform Faces Vulnerability Challenges
Application Security
Salesforce’s Experience Cloud Platform Faces Vulnerability Challenges
Andrew Doyle March 11, 2026
Salesforce's Experience Cloud under scrutiny as vulnerabilities expose extensive data risks.
Russian Threat Actors Targeting Signal and WhatsApp Accounts of Officials
News
Russian Threat Actors Targeting Signal and WhatsApp Accounts of Officials
Mitchell Langley March 11, 2026
Russian hackers are targeting Signal and WhatsApp accounts of officials globally, posing cyber risks.
North Korean Group UNC4899 Suspected Behind Cryptocurrency Cloud Heist in 2025
Cybersecurity
North Korean Group UNC4899 Suspected Behind Cryptocurrency Cloud Heist in 2025
Gabby Lee March 11, 2026
North Korean state-sponsored threat actors are suspected of a 2025 cryptocurrency cloud heist.
Microsoft Still Working to Fix Bright White Flash Issue in Windows 11 File Explorer
Cybersecurity
Microsoft Still Working to Fix Bright White Flash Issue in Windows 11 File Explorer
Andrew Doyle March 11, 2026
Microsoft is still working to resolve a bright white flash issue in Windows 11's File Explorer that continues to affect users on certain systems.
Dutch Police Give Suspected Scammers a Two-Week Deadline to Surrender
News
Dutch Police Give Suspected Scammers a Two-Week Deadline to Surrender
Mitchell Langley March 11, 2026
Dutch police give 100 alleged scammers two weeks to surrender, or their images could be displayed nationwide.
Evasive ClickFix Tactic Leverages Windows Terminal to Avoid Detection
Cybersecurity
Evasive ClickFix Tactic Leverages Windows Terminal to Avoid Detection
Gabby Lee March 11, 2026
New ClickFix technique utilizes Windows Terminal instead of the Run dialog to bypass security measures.
Perplexity's Comet Browser Had a Flaw That Left Users Vulnerable to Local File Theft
Application Security
Perplexity’s Comet Browser Had a Flaw That Left Users Vulnerable to Local File Theft
Andrew Doyle March 6, 2026
A vulnerability in Perplexity's Comet browser exposed local files to potential theft via calendar events.
Tier 1 SOC Analysts Are Carrying More Weight Than They Should
Cybersecurity
Tier 1 SOC Analysts Are Carrying More Weight Than They Should
Mitchell Langley March 6, 2026
Tier 1 SOC analysts face unique challenges in threat detection due to their inexperience, affecting overall security operations center performance.
Joint Operation Dismantles Criminal Syndicate Exploiting Ukrainian War Refugees
Cybersecurity
Joint Operation Dismantles Criminal Syndicate Exploiting Ukrainian War Refugees
Gabby Lee March 6, 2026
Investigation dismantles online gambling criminal syndicate exploiting war-displaced women, highlights international collaboration in cybersecurity.
JavaScript Worm Disrupts Wikimedia Platforms Across Multiple Wikis
Cybersecurity
JavaScript Worm Disrupts Wikimedia Platforms Across Multiple Wikis
Mitchell Langley March 6, 2026
A JavaScript worm affects Wikimedia wikis, altering user scripts and pages, demanding a swift response to mitigate damage.
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
Application Security
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
Andrew Doyle March 6, 2026
A critical flaw in WordPress's User Registration & Membership plugin threatens over 60,000 sites, risking exploitation.
US Government Contractor's Son Charged with Cryptocurrency Theft from US Marshals Service
Cybersecurity
US Government Contractor’s Son Charged with Cryptocurrency Theft from US Marshals Service
Gabby Lee March 6, 2026
US contractor's son arrested for allegedly stealing $46M in digital currency from Marshals Service.
Cisco Catalyst SD-WAN Manager Faces Active Exploitation of New Vulnerabilities
CVE Vulnerability Alerts
Cisco Catalyst SD-WAN Manager Faces Active Exploitation of New Vulnerabilities
Gabby Lee March 6, 2026
Cisco reveals active exploitation of vulnerabilities in their Catalyst SD-WAN Manager.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Mitchell Langley June 17, 2026
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
Gabby Lee June 17, 2026
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Mitchell Langley June 17, 2026
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle June 17, 2026

TOP CYBERSECURITY HEADLINES

Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps

This Week’s Security Spotlight

Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Mitchell Langley June 17, 2026
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
More In News
Trending
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Cato Networks Acquires Aim Security to Bolster AI Defense in SASE
September 4, 2025
Podcasts
Tidal Cyber Secures $10M to Advance Threat-Informed Defense
September 4, 2025
Podcasts
Disney Fined $10M for COPPA Violations Over Mislabeling Kids’ Content on YouTube
September 4, 2025

Cyber Security News

CVE Vulnerability Alerts
CIFSwitch Linux Kernel Flaw Gets Public PoC, Root Access Possible
June 1, 2026
Application Security
Public Exploit Raises Flowise CVE-2026-40933 RCE to Immediate Risk
June 1, 2026
Cybersecurity
Western Officials Warn Russia Steals Tech Via Shell Firms and Hacks
June 1, 2026
Cybersecurity
Dashlane Suspends Accounts After Multi-Country Brute-Force Campaign
June 1, 2026
Cybersecurity
Russia Sends Submarines to Survey UK Undersea Internet Cables
June 1, 2026
Application Security
Microsoft: 14 npm Packages Linked to Single Actor Stealing AWS Keys
June 1, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
ELECQ Data Breach May Have Exposed EV Charger Users’ Private Information
March 11, 2026
ELECQ warns of potential data theft after ransomware attack on its cloud systems.
Ericsson Inc. Faces Data Breach Through a Third-Party Service Provider
March 11, 2026
Ericsson Inc. reports data theft affecting employees and customers due to a service provider breach.
Malicious npm Package Disguises as OpenClaw Installer for Data Theft
March 11, 2026
New npm threat involves package posing as OpenClaw installer deploying RAT to steal sensitive data.
ShinyHunters Breaches Salesforce and 100 Companies Using Mandiant’s Own Tool
March 11, 2026
ShinyHunters claims responsibility for a high-profile data breach affecting Salesforce and other major companies, utilizing an open-source tool develo...
Salesforce’s Experience Cloud Platform Faces Vulnerability Challenges
March 11, 2026
Salesforce's Experience Cloud under scrutiny as vulnerabilities expose extensive data risks.
Russian Threat Actors Targeting Signal and WhatsApp Accounts of Officials
March 11, 2026
Russian hackers are targeting Signal and WhatsApp accounts of officials globally, posing cyber risks.
North Korean Group UNC4899 Suspected Behind Cryptocurrency Cloud Heist in 2025
March 11, 2026
North Korean state-sponsored threat actors are suspected of a 2025 cryptocurrency cloud heist.
Microsoft Still Working to Fix Bright White Flash Issue in Windows 11 File Explorer
March 11, 2026
Microsoft is still working to resolve a bright white flash issue in Windows 11's File Explorer that continues to affect users on certain systems.
Dutch Police Give Suspected Scammers a Two-Week Deadline to Surrender
March 11, 2026
Dutch police give 100 alleged scammers two weeks to surrender, or their images could be displayed nationwide.
Evasive ClickFix Tactic Leverages Windows Terminal to Avoid Detection
March 11, 2026
New ClickFix technique utilizes Windows Terminal instead of the Run dialog to bypass security measures.
Perplexity’s Comet Browser Had a Flaw That Left Users Vulnerable to Local File Theft
March 6, 2026
A vulnerability in Perplexity's Comet browser exposed local files to potential theft via calendar events.
Tier 1 SOC Analysts Are Carrying More Weight Than They Should
March 6, 2026
Tier 1 SOC analysts face unique challenges in threat detection due to their inexperience, affecting overall security operations center performance.
Joint Operation Dismantles Criminal Syndicate Exploiting Ukrainian War Refugees
March 6, 2026
Investigation dismantles online gambling criminal syndicate exploiting war-displaced women, highlights international collaboration in cybersecurity.
JavaScript Worm Disrupts Wikimedia Platforms Across Multiple Wikis
March 6, 2026
A JavaScript worm affects Wikimedia wikis, altering user scripts and pages, demanding a swift response to mitigate damage.
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
March 6, 2026
A critical flaw in WordPress's User Registration & Membership plugin threatens over 60,000 sites, risking exploitation.
US Government Contractor’s Son Charged with Cryptocurrency Theft from US Marshals Service
March 6, 2026
US contractor's son arrested for allegedly stealing $46M in digital currency from Marshals Service.
Cisco Catalyst SD-WAN Manager Faces Active Exploitation of New Vulnerabilities
March 6, 2026
Cisco reveals active exploitation of vulnerabilities in their Catalyst SD-WAN Manager.
Russian Campaign Targets Ukraine with BadPaw and MeowMeow Malware
March 6, 2026
Russian hackers target Ukrainian entities using fresh malware BadPaw and MeowMeow delivered through phishing.
Russian Ransomware Operator Admits Guilt in U.S. Court
March 6, 2026
Russian cybercriminal faces U.S. justice after South Korean extradition.
Meta’s Smart Glasses Face Privacy Investigation in Britain
March 6, 2026
Britain's privacy watchdog questions Meta's AI-powered glasses after intimate footage review.
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach