Main Menu
Cyber Security
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
What is Cloud Detection and Response (CDR) and How Does it Work
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
France’s Tchap Messaging App Breached, 643K Messages Exposed
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
Law Enforcement Dismantles Tycoon2FA Phishing-as-a-Service Platform
News
Law Enforcement Dismantles Tycoon2FA Phishing-as-a-Service Platform
Gabby Lee March 5, 2026
Europol disables Tycoon2FA, a PhaaS platform responsible for tens of millions of phishing messages monthly.
LexisNexis Data Breach Claimed by Fulcrumsec Group
Cybersecurity
LexisNexis Data Breach Claimed by Fulcrumsec Group
Andrew Doyle March 5, 2026
LexisNexis confirms a breach in its Legal & Professional division using React2Shell, claiming 2 GB of stolen data.
Attackers Exploit Command Injection Vulnerability in Sangoma FreePBX
Cybersecurity
Attackers Exploit Command Injection Vulnerability in Sangoma FreePBX
Andrew Doyle March 3, 2026
Hundreds of Sangoma FreePBX systems compromised with web shells due to command injection flaw.
Alabama Man Pleads Guilty to Cyberstalking and Extortion After Hijacking Hundreds of Women's Accounts
Cybersecurity
Alabama Man Pleads Guilty to Cyberstalking and Extortion After Hijacking Hundreds of Women’s Accounts
Mitchell Langley March 3, 2026
A 22-year-old from Alabama pleaded guilty to cyberstalking, extortion, and computer fraud after hijacking the social media accounts of hundreds of you...
Phishing Attack Masquerades as Google Security Page to Steal Sensitive Information
News
Phishing Attack Masquerades as Google Security Page to Steal Sensitive Information
Mitchell Langley March 3, 2026
Cybercriminals deploy fake Google security pages to harvest one-time passcodes and cryptocurrency wallet addresses.
Chrome's Gemini Live Feature Left Users Exposed to Malicious Extensions
Cybersecurity
Chrome’s Gemini Live Feature Left Users Exposed to Malicious Extensions
Mitchell Langley March 3, 2026
A Chrome vulnerability allowed malicious extensions to exploit Gemini Live, potentially hijacking the AI assistant to spy on users and steal their fil...
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Cybersecurity
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Gabby Lee March 3, 2026
Google Chrome rolls out an experimental program to improve HTTPS certificate security against future quantum threats.
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Cybersecurity
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Mitchell Langley March 3, 2026
Florida resident sentenced to 22 months in prison for trafficking thousands of stolen Microsoft COA labels over several years.
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
Cybersecurity
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
Andrew Doyle March 3, 2026
Understand how deepfake and injection attacks affect identity verification processes and what enterprises can do to defend against them.
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Cybersecurity
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Gabby Lee March 3, 2026
Malicious websites exploited a WebSocket flaw to hijack AI agents via OpenClaw.
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
Cybersecurity
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
Mitchell Langley March 3, 2026
Scammers impersonate police in Dubai, exploiting a crisis to access bank accounts.
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
Cybersecurity
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
Gabby Lee March 3, 2026
Russia-linked APT28 may have exploited MSHTML zero-day CVE-2026-21513, a high-severity flaw, before Microsoft issued a fix.
Madison Square Garden Cyber Incident Revealed Months Later
Cybersecurity
Madison Square Garden Cyber Incident Revealed Months Later
Gabby Lee March 3, 2026
Madison Square Garden disclosed a data breach months after being targeted in a hacking campaign.
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Cybersecurity
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Andrew Doyle March 2, 2026
Samsung resolves allegations of unauthorized data collection via smart TVs with Texas settlement.
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
Cybersecurity
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
Gabby Lee March 2, 2026
Hackers used Claude Code to infiltrate Mexican government systems, exfiltrating 150GB of sensitive data using AI-assisted exploits and automated theft...
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido's Full Customer Database
Cybersecurity
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido’s Full Customer Database
Mitchell Langley March 2, 2026
ShinyHunters group exposes a significant data breach at Odido, shaking the Dutch telecommunications sector.
How Safety Technology Is Transforming Workplace Protection
Blog
How Safety Technology Is Transforming Workplace Protection
Gabby Lee March 1, 2026
Companies are placing a greater emphasis on protecting their workforce. This shift from a reactive safety culture to a proactive ...
'Sandworm_Mode' Supply Chain Attack Hits the NPM Ecosystem
Cybersecurity
‘Sandworm_Mode’ Supply Chain Attack Hits the NPM Ecosystem
Mitchell Langley February 25, 2026
Analysis of the Sandworm_Mode supply chain attack impacting NPM.
ICO Fines Reddit £14.47 Million for Failing to Protect Children's Data
Cybersecurity
ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Data
Gabby Lee February 25, 2026
The ICO has fined Reddit for collecting data on children under 13 without adequate safety measures in place.
ShinyHunters Leak Exposes Millions of CarGurus User Records
Cybersecurity
ShinyHunters Leak Exposes Millions of CarGurus User Records
Gabby Lee February 25, 2026
ShinyHunters have exposed over 12 million records reportedly taken from CarGurus, an automotive digital platform.
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Gabby Lee June 12, 2026
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
Mitchell Langley June 12, 2026
Blog
Triple Extortion Ransomware: How It Works and How to Stop It
Andrew Doyle June 12, 2026
Cybersecurity
Europol Dismantles AudiA6 Crypto Laundering Service
Gabby Lee June 12, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers

This Week’s Security Spotlight

Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Andrew Doyle June 10, 2026
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Gabby Lee June 10, 2026
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
More In News
Trending
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Cato Networks Acquires Aim Security to Bolster AI Defense in SASE
September 4, 2025
Podcasts
Tidal Cyber Secures $10M to Advance Threat-Informed Defense
September 4, 2025
Podcasts
Disney Fined $10M for COPPA Violations Over Mislabeling Kids’ Content on YouTube
September 4, 2025

Cyber Security News

Application Security
Underminr Flaw Lets Attackers Hide C2 Traffic on 88M Domains
May 25, 2026
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
May 25, 2026
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
May 25, 2026
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
May 25, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Alabama Man Pleads Guilty to Cyberstalking and Extortion After Hijacking Hundreds of Women’s Accounts
March 3, 2026
A 22-year-old from Alabama pleaded guilty to cyberstalking, extortion, and computer fraud after hijacking the social media accounts of hundreds of you...
Phishing Attack Masquerades as Google Security Page to Steal Sensitive Information
March 3, 2026
Cybercriminals deploy fake Google security pages to harvest one-time passcodes and cryptocurrency wallet addresses.
Chrome’s Gemini Live Feature Left Users Exposed to Malicious Extensions
March 3, 2026
A Chrome vulnerability allowed malicious extensions to exploit Gemini Live, potentially hijacking the AI assistant to spy on users and steal their fil...
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
March 3, 2026
Google Chrome rolls out an experimental program to improve HTTPS certificate security against future quantum threats.
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
March 3, 2026
Florida resident sentenced to 22 months in prison for trafficking thousands of stolen Microsoft COA labels over several years.
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
March 3, 2026
Understand how deepfake and injection attacks affect identity verification processes and what enterprises can do to defend against them.
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
March 3, 2026
Russia-linked APT28 may have exploited MSHTML zero-day CVE-2026-21513, a high-severity flaw, before Microsoft issued a fix.
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
March 3, 2026
Scammers impersonate police in Dubai, exploiting a crisis to access bank accounts.
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
March 3, 2026
Malicious websites exploited a WebSocket flaw to hijack AI agents via OpenClaw.
Madison Square Garden Cyber Incident Revealed Months Later
March 3, 2026
Madison Square Garden disclosed a data breach months after being targeted in a hacking campaign.
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
March 2, 2026
Samsung resolves allegations of unauthorized data collection via smart TVs with Texas settlement.
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
March 2, 2026
Hackers used Claude Code to infiltrate Mexican government systems, exfiltrating 150GB of sensitive data using AI-assisted exploits and automated theft...
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido’s Full Customer Database
March 2, 2026
ShinyHunters group exposes a significant data breach at Odido, shaking the Dutch telecommunications sector.
How Safety Technology Is Transforming Workplace Protection
March 1, 2026
Companies are placing a greater emphasis on protecting their workforce. This shift from a reactive safety culture to a proactive one is creating new demand ...
‘Sandworm_Mode’ Supply Chain Attack Hits the NPM Ecosystem
February 25, 2026
Analysis of the Sandworm_Mode supply chain attack impacting NPM.
ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Data
February 25, 2026
The ICO has fined Reddit for collecting data on children under 13 without adequate safety measures in place.
Broadcom Releases Patches for VMware Aria Operations Vulnerabilities
February 25, 2026
Broadcom addresses critical VMware Aria Operations vulnerabilities; users urged to update.
RoguePilot Vulnerability in GitHub Codespaces Has Been Patched by Microsoft
February 25, 2026
A vulnerability called RoguePilot in GitHub Codespaces risked repository control.
ShinyHunters Leak Exposes Millions of CarGurus User Records
February 25, 2026
ShinyHunters have exposed over 12 million records reportedly taken from CarGurus, an automotive digital platform.
Lazarus Group Expands Its Ransomware Arsenal with Medusa
February 25, 2026
North Korea's Lazarus Group deploys Medusa ransomware against critical sectors, targeting US healthcare.
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies