Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
Chinese APT Leveraged Claude AI for Automated Espionage Operation
News
Chinese APT Leveraged Claude AI for Automated Espionage Operation
Andrew Doyle November 17, 2025
Chinese APT group GTG-1002 has been caught abusing Anthropic’s Claude AI to automate phishing, malware development, and reconnaissance tasks. The campaign marks a major shift ...
North Korean ‘Contagious Interview’ Campaign Evolves With JSON-Based Malware Delivery
News
North Korean ‘Contagious Interview’ Campaign Evolves With JSON-Based Malware Delivery
Gabby Lee November 17, 2025
North Korea’s “Contagious Interview” campaign is evolving with new stealth techniques, using legitimate JSON-based storage services to host malware delivered through trojanized developer tools. NVISO ...
Amazon Identifies Massive NPM Package Flooding Attack as Token-Farming Campaign
Cybersecurity
Amazon Identifies Massive NPM Package Flooding Attack as Token-Farming Campaign
Mitchell Langley November 17, 2025
Attackers flooded the npm registry with thousands of benign-looking packages designed to harvest crypto-related authentication tokens rather than deploy malware. Amazon researchers say the large-scale ...
Logitech Confirms Data Breach After Clop Ransomware Attacks Oracle Systems
Application Security
Logitech Confirms Data Breach After Clop Ransomware Attacks Oracle Systems
Gabby Lee November 17, 2025
Clop exploited an unpatched Oracle E-Business Suite flaw to steal corporate data from Logitech, prompting the company to confirm exposure while emphasizing no operational disruption. ...
U.S. DOJ Secures Guilty Pleas in North Korea IT Worker and Crypto Fraud Case
Cybersecurity
U.S. DOJ Secures Guilty Pleas in North Korea IT Worker and Crypto Fraud Case
Gabby Lee November 17, 2025
A recently unsealed DOJ case reveals five defendants have pleaded guilty to helping North Korean operatives infiltrate U.S. companies as remote IT workers using stolen ...
CISA Warns of Akira Ransomware Targeting Nutanix AHV Virtual Machines
Application Security
CISA Warns of Akira Ransomware Targeting Nutanix AHV Virtual Machines
Andrew Doyle November 17, 2025
Akira ransomware now targets Nutanix AHV virtual machines, encrypting .qcow2 files, exploiting SonicWall vulnerabilities, and rapidly exfiltrating data across Linux-based enterprise environments.
DoorDash Discloses October Cybersecurity Breach Exposing User Contact Information
Cybersecurity
DoorDash Discloses October Cybersecurity Breach Exposing User Contact Information
Mitchell Langley November 17, 2025
DoorDash disclosed a new data breach after a social engineering attack exposed user contact information in October, prompting concerns over delayed notification and heightened phishing ...
IndonesianFoods Worm Overwhelms npm With 100,000 Auto-Generated Packages
Cybersecurity
IndonesianFoods Worm Overwhelms npm With 100,000 Auto-Generated Packages
Gabby Lee November 16, 2025
A self-replicating npm worm named IndonesianFoods has flooded the registry with over 100,000 packages, raising major supply-chain security concerns despite the absence of malicious code.
Kraken Ransomware Evolves With System Benchmarking, Cisco Warns
News
Kraken Ransomware Evolves With System Benchmarking, Cisco Warns
Andrew Doyle November 16, 2025
Kraken ransomware benchmarks system performance to choose full or partial encryption, enabling efficient data theft and encryption across Windows, Linux, and VMware ESXi networks globally.
Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts
Cybersecurity
Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts
Mitchell Langley November 16, 2025
A FortiWeb path traversal flaw is being actively exploited to create unauthorized admin accounts on unpatched devices, prompting urgent patching and security reviews by administrators.
ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers
CVE Vulnerability Alerts
ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers
Gabby Lee November 16, 2025
ASUS released urgent firmware updates to fix a critical authentication bypass flaw in multiple DSL routers, warning users to patch immediately and disable internet-exposed services.
Hamburg’s Miniatur Wunderland Hit by Cyberattack Exposing Credit Card Data
Cybersecurity
Hamburg’s Miniatur Wunderland Hit by Cyberattack Exposing Credit Card Data
Mitchell Langley November 13, 2025
Hamburg’s Miniatur Wunderland suffered a cyberattack that compromised its online ticket system, leaking visitors’ credit card data and potentially exposing thousands to fraud and identity ...
Data Leak Exposes Francis Frith’s Historic Photo Archive Customers
Cybersecurity
Data Leak Exposes Francis Frith’s Historic Photo Archive Customers
Gabby Lee November 13, 2025
A misconfigured database exposed over 300,000 Francis Frith customers’ personal details, including names and emails, putting buyers of the UK’s historic photo archive at phishing ...
Microsoft Expands Passwordless Security With Third-Party Passkey Manager Support in Windows 11
Application Security
Microsoft Expands Passwordless Security With Third-Party Passkey Manager Support in Windows 11
Andrew Doyle November 13, 2025
Windows 11 now supports third-party passkey managers like 1Password and Bitwarden, allowing users to authenticate with FIDO-compliant passkeys beyond Microsoft’s own tools. The update strengthens ...
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
Cybersecurity
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
Mitchell Langley November 13, 2025
The U.K. is overhauling its cybersecurity laws to better protect critical infrastructure from escalating cyberattacks, expanding NIS regulations to cover more sectors and third-party providers. ...
CISO Forum 2025 Summit Explores AI, Cloud Risk, and Governance Realities
Cybersecurity
CISO Forum 2025: Summit Explores AI, Cloud Risk, and Governance Realities
Gabby Lee November 13, 2025
The 2025 CISO Forum Virtual Summit highlighted how modern CISOs must balance innovation with expanding attack surfaces. Sessions focused on AI governance, cloud security, and ...
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Cybersecurity
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Andrew Doyle November 13, 2025
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
News
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
Mitchell Langley November 13, 2025
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
Cybersecurity
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
Gabby Lee November 13, 2025
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
News
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
Andrew Doyle November 13, 2025
Google has filed a lawsuit against a China-based cybercriminal group behind the “Lighthouse” Phishing-as-a-Service toolkit, used in mass SMS phishing (smishing) attacks. The case seeks ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Cato Networks Acquires Aim Security to Bolster AI Defense in SASE
September 4, 2025
Podcasts
Tidal Cyber Secures $10M to Advance Threat-Informed Defense
September 4, 2025
Podcasts
Disney Fined $10M for COPPA Violations Over Mislabeling Kids’ Content on YouTube
September 4, 2025

Cyber Security News

Generative AI Elevates Active Directory Password Attacks
Identity and Access Management
Generative AI Elevates Active Directory Password Attacks
January 7, 2026
Unpatched Vulnerability in TOTOLINK EX200 Puts Devices at Risk
Cybersecurity
Unpatched Vulnerability in TOTOLINK EX200 Puts Devices at Risk
January 7, 2026
Chrome Extensions Compromise Privacy by Exfiltrating ChatGPT and DeepSeek Conversations
Application Security
Chrome Extensions Compromise Privacy by Exfiltrating ChatGPT and DeepSeek Conversations
January 7, 2026
Android’s January 2026 Update Patches Critical Dolby Audio Decoder Vulnerability
Cybersecurity
Android’s January 2026 Update Patches Critical Dolby Audio Decoder Vulnerability
January 6, 2026
D-Link Routers Face New Threat as Attackers Exploit Legacy Vulnerability
Endpoint Security
D-Link Routers Face New Threat as Attackers Exploit Legacy Vulnerability
January 6, 2026
NordVPN Denies Salesforce Server Breach Claims, Clarifying Access to Dummy Data
Application Security
NordVPN Denies Salesforce Server Breach Claims, Clarifying Access to Dummy Data
January 6, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Amazon Identifies Massive NPM Package Flooding Attack as Token-Farming Campaign
November 17, 2025
Attackers flooded the npm registry with thousands of benign-looking packages designed to harvest crypto-related authentication tokens rather than deploy malware. Amazon researchers say the large-scale ...
Logitech Confirms Data Breach After Clop Ransomware Attacks Oracle Systems
November 17, 2025
Clop exploited an unpatched Oracle E-Business Suite flaw to steal corporate data from Logitech, prompting the company to confirm exposure while emphasizing no operational disruption. ...
U.S. DOJ Secures Guilty Pleas in North Korea IT Worker and Crypto Fraud Case
November 17, 2025
A recently unsealed DOJ case reveals five defendants have pleaded guilty to helping North Korean operatives infiltrate U.S. companies as remote IT workers using stolen ...
CISA Warns of Akira Ransomware Targeting Nutanix AHV Virtual Machines
November 17, 2025
Akira ransomware now targets Nutanix AHV virtual machines, encrypting .qcow2 files, exploiting SonicWall vulnerabilities, and rapidly exfiltrating data across Linux-based enterprise environments.
DoorDash Discloses October Cybersecurity Breach Exposing User Contact Information
November 17, 2025
DoorDash disclosed a new data breach after a social engineering attack exposed user contact information in October, prompting concerns over delayed notification and heightened phishing ...
IndonesianFoods Worm Overwhelms npm With 100,000 Auto-Generated Packages
November 16, 2025
A self-replicating npm worm named IndonesianFoods has flooded the registry with over 100,000 packages, raising major supply-chain security concerns despite the absence of malicious code.
Kraken Ransomware Evolves With System Benchmarking, Cisco Warns
November 16, 2025
Kraken ransomware benchmarks system performance to choose full or partial encryption, enabling efficient data theft and encryption across Windows, Linux, and VMware ESXi networks globally.
Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts
November 16, 2025
A FortiWeb path traversal flaw is being actively exploited to create unauthorized admin accounts on unpatched devices, prompting urgent patching and security reviews by administrators.
ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers
November 16, 2025
ASUS released urgent firmware updates to fix a critical authentication bypass flaw in multiple DSL routers, warning users to patch immediately and disable internet-exposed services.
Hamburg’s Miniatur Wunderland Hit by Cyberattack Exposing Credit Card Data
November 13, 2025
Hamburg’s Miniatur Wunderland suffered a cyberattack that compromised its online ticket system, leaking visitors’ credit card data and potentially exposing thousands to fraud and identity ...
Data Leak Exposes Francis Frith’s Historic Photo Archive Customers
November 13, 2025
A misconfigured database exposed over 300,000 Francis Frith customers’ personal details, including names and emails, putting buyers of the UK’s historic photo archive at phishing ...
Microsoft Expands Passwordless Security With Third-Party Passkey Manager Support in Windows 11
November 13, 2025
Windows 11 now supports third-party passkey managers like 1Password and Bitwarden, allowing users to authenticate with FIDO-compliant passkeys beyond Microsoft’s own tools. The update strengthens ...
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
November 13, 2025
The U.K. is overhauling its cybersecurity laws to better protect critical infrastructure from escalating cyberattacks, expanding NIS regulations to cover more sectors and third-party providers. ...
CISO Forum 2025: Summit Explores AI, Cloud Risk, and Governance Realities
November 13, 2025
The 2025 CISO Forum Virtual Summit highlighted how modern CISOs must balance innovation with expanding attack surfaces. Sessions focused on AI governance, cloud security, and ...
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
November 13, 2025
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
November 13, 2025
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
November 13, 2025
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
November 13, 2025
Google has filed a lawsuit against a China-based cybercriminal group behind the “Lighthouse” Phishing-as-a-Service toolkit, used in mass SMS phishing (smishing) attacks. The case seeks ...
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
November 12, 2025
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers a critical Hyper-V remote code ...
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
November 12, 2025
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited