Main Menu
Cyber Security
New Chrome Extensions Disguised as HR Tools Pose Security Threat
Verizon Offers Compensation after Nationwide Wireless Service Outage
Microsoft Patch Tuesday Update Sparks Unrest in PCs
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
Project Eleven Secures $20 Million Funding to Propel Post-Quantum Security
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
XSS Vulnerability in StealC Malware’s Control Panel Uncovered
Analyzing AI in Security Testing: SQL Injection Strong yet Fails in Controls
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
Critical Security Vulnerabilities: Redis Found at Risk of Unauthenticated RCE
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Visual Studio Code’s Copilot Studio Extension Now Widely Available
AWS CodeBuild Critical Security Flaw Exposed GitHub Repositories
Critical Vulnerability in Modular DS WordPress Plugin Exploited
Microsoft and Law Enforcement Collaborate to Dismantle RedVDS
Critical Remote Code Execution Threat in Fortinet’s SIEM Solution Exposed
New Linux Malware, VoidLink, Exploits Cloud Infrastructures with Over 30 Plugins
Malware Campaign Exploits DLL Side-Loading in c-ares Library
Fortinet’s Latest Patches Target Critical Vulnerabilities in FortiFone and FortiSIEM
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Lumen Technologies Disrupts AISURU and Kimwolf Botnet Networks
Telecom Giants Face Significant GDPR Fines Due to Data Breaches
Aikido Security Secures $60 Million Investment at $1 Billion Valuation
PLUGGYAPE Malware Targets Ukraine’s Defense Amid Rising Cyber Threats
Verizon Wireless Faces Widespread U.S. Outage and Service Issues
GoBruteforcer Botnet Exploits Weak Server Credentials to Target Crypto Ventures
Chrome Extension Impersonates Trading Tool to Steal MEXC API Keys
Android Users Encounter Issue with Volume Buttons When Accessibility Features are Enabled
Fried Frank Data Breach: Implications for High-Profile Clients
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Cybersecurity
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Andrew Doyle October 28, 2025
HSBC USA confirmed a cybersecurity breach exposing sensitive financial and personal data through unauthorized vendor access. The bank strengthened encryption, monitoring, and multi-layered authentication systems ...
Pwn2Own Ireland 2025 $1M Reward for 73 Zero-Day Exploits Uncovered
Cybersecurity
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
Gabby Lee October 28, 2025
Pwn2Own Ireland 2025 awarded over $1 million for 73 zero-day discoveries across phones, NAS devices, and smart tech. The Summoning Team won “Master of Pwn,” ...
OpenAI Atlas Omnibox Vulnerability Prompt Injection Flaw Exposes Unauthorized Access Risks
Application Security
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Gabby Lee October 27, 2025
Researchers discovered a prompt injection flaw in OpenAI’s ChatGPT Atlas browser that lets attackers manipulate its AI agent via malformed omnibox input. The bug exposes ...
Keycard Emerges from Stealth $38M Funding Fuels IAM Innovation for AI Agents
Identity and Access Management
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
Mitchell Langley October 27, 2025
San Francisco startup Keycard has emerged from stealth with $38M in funding to launch an IAM platform built for AI agents. Designed to secure autonomous ...
SailPoint Identity Risk Review Intelligent Identity Threat Detection
Product Reviews
SailPoint Identity Risk Review: Intelligent Identity Threat Detection
Andrew Doyle October 27, 2025
SailPoint Identity Risk delivers advanced visibility into identity-based threats across human and machine accounts. It unifies access intelligence, behavioral analytics, and risk-based policy automation for ...
Massive Gmail Data Breach Exposes 183 Million User Credentials
Application Security
Massive Gmail Data Breach Exposes 183 Million User Credentials
Mitchell Langley October 27, 2025
A massive Gmail breach exposed 183 million user credentials compiled by Synthient, prompting cybersecurity warnings about reused passwords and urging users to enable multi-factor authentication.
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
Application Security
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
Gabby Lee October 27, 2025
Malware built on the RedTiger red-teaming toolkit is actively stealing Discord tokens, browser credentials and crypto wallet data, enabling account takeover even after victims reset ...
SS7 Alarm TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
Application Security
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
Andrew Doyle October 27, 2025
Researchers uncovered a TCAP-layer SS7 bypass that lets attackers intercept SMS, reroute calls, manipulate billing, and track locations by embedding extended TCAP tags to evade ...
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
Cybersecurity
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
Mitchell Langley October 27, 2025
The Philippine privacy regulator is investigating GCash over unauthorized user transactions while the e-wallet operator denies any data leak, raising concerns about mobile wallet security ...
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
Application Security
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
Gabby Lee October 27, 2025
Meta has patched two low-risk WhatsApp flaws—CVE-2025-55177 and CVE-2025-30401—affecting desktop and mobile sync features. Both required user interaction and posed no remote code execution risk, ...
TP-Link Patches Critical Omada Gateway Vulnerabilities Preventing Remote Attacks
CVE Vulnerability Alerts
TP-Link Patches Critical Omada Gateway Vulnerabilities Preventing Remote Attacks
Gabby Lee October 27, 2025
TP-Link has patched four critical flaws—two enabling unauthenticated remote code execution—affecting Omada gateway devices. The vulnerabilities (CVE-2025-6542, -6541, -7850, -7851) impact multiple ER, G, and ...
CoPhish Exploit via Microsoft Copilot OAuth Token Theft Exposes Trusted Domains
Application Security
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
Mitchell Langley October 27, 2025
A new phishing technique called “CoPhish” exploits Microsoft Copilot Studio to deliver OAuth-based attacks through legitimate Microsoft domains. By embedding malicious login flows in Copilot ...
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
Application Security
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
Andrew Doyle October 27, 2025
A global wave of remote code execution attacks is targeting outdated WordPress plugins, including GutenKit, Hunk Companion, and WP Ghost. Despite available patches, sluggish updates ...
Exploitable Bug in Rust async-tar Library — TARmageddon Gives Attackers RCE
Application Security
Exploitable Bug in Rust async-tar Library — TARmageddon Gives Attackers RCE
Mitchell Langley October 27, 2025
The TARmageddon flaw (CVE-2025-62518) in Rust’s async-tar and tokio-tar libraries allows remote code execution via desynchronized TAR parsing. Exploited through nested archives, it threatens CI/CD, ...
Critical WSUS Flaw (CVE-2025-61884) Drives Elevated RCE Attacks on Windows Server
CVE Vulnerability Alerts
Critical WSUS Flaw (CVE-2025-61884) Drives Elevated RCE Attacks on Windows Server
Mitchell Langley October 27, 2025
A critical RCE flaw, CVE-2025-59287, in Microsoft WSUS allows unauthenticated attackers to gain SYSTEM access via unsafe deserialization. Despite patches, active exploitation continues, prompting urgent ...
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
Application Security
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
Gabby Lee October 27, 2025
SessionReaper (CVE-2025-54236) is being actively exploited in Adobe Commerce and Magento stores, enabling account takeover and web-shell deployment as more than 60% of installations remain ...
Blue Cross Blue Shield of Montana Breach Exposes Data of 462,000 Members
Cybersecurity
Blue Cross Blue Shield of Montana Breach Exposes Data of 462,000 Members
Andrew Doyle October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Post-Patch 'ToolShell' Exploit CVE-2025-53770 Abused in Microsoft SharePoint
Application Security
Post-Patch ‘ToolShell’ Exploit: CVE-2025-53770 Abused in Microsoft SharePoint
Mitchell Langley October 27, 2025
Chinese state-backed hackers are exploiting a critical Microsoft SharePoint flaw, CVE-2025-53770 “ToolShell,” enabling unauthenticated remote code execution and data theft. Despite emergency patches, exploitation persists, ...
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
CVE Vulnerability Alerts
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
Andrew Doyle October 27, 2025
CISA warns that a critical Lanscope Endpoint Manager flaw (CVE-2025-61932) is being exploited in the wild, prompting urgent patching and endpoint management lockdowns globally.
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
Cybersecurity
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
Mitchell Langley October 27, 2025
Moroccan cybercriminals—tracked as Jingle Thief/Atlas Lion/Storm-0539—use sophisticated phishing and Entra ID abuse to hijack Microsoft 365 workflows and issue fraudulent gift cards at scale. Their ...
Google Chrome Introduces Option to Delete Local AI Models
Cybersecurity
Google Chrome Introduces Option to Delete Local AI Models
Andrew Doyle January 19, 2026
Canada's Investment Watchdog Suffers Massive Data Breach 750,000 Impacted by CIRO Security Incident
Data Security
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
Mitchell Langley January 18, 2026
GootLoader Employs Malformed ZIP Files to Evade Detection
News
GootLoader Employs Malformed ZIP Files to Evade Detection
Gabby Lee January 19, 2026
Law Enforcement Identifies Black Basta Ransomware Leader
News
Law Enforcement Identifies Black Basta Ransomware Leader
Gabby Lee January 19, 2026

TOP CYBERSECURITY HEADLINES

New Chrome Extensions Disguised as HR Tools Pose Security Threat
Cybersecurity
New Chrome Extensions Disguised as HR Tools Pose Security Threat
GootLoader Employs Malformed ZIP Files to Evade Detection
News
GootLoader Employs Malformed ZIP Files to Evade Detection
Verizon Offers Compensation after Nationwide Wireless Service Outage
Network Security
Verizon Offers Compensation after Nationwide Wireless Service Outage
Microsoft Patch Tuesday Update Sparks Unrest in PCs
Cybersecurity
Microsoft Patch Tuesday Update Sparks Unrest in PCs

This Week’s Security Spotlight

Canada's Investment Watchdog Suffers Massive Data Breach 750,000 Impacted by CIRO Security Incident
Data Security
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
Mitchell Langley January 18, 2026
AMD's ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Endpoint Security
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Gabby Lee January 18, 2026
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Cybersecurity
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Mitchell Langley January 15, 2026
Fried Frank Data Breach Implications for High-Profile Clients
Data Security
Fried Frank Data Breach: Implications for High-Profile Clients
Andrew Doyle January 14, 2026
More In News
Trending
How Misconfigured Email Routing Opens the Door for Credential Theft
Phishers Pose as Booking.com to Compromise European Hotels
Phishing Campaign Targets Users with Google Cloud Application Exploitation
Silver Fox Exploits Tax Lures in India to Spread ValleyRAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Google Patches 111 Android Flaws in September 2025, Including Two Zero-Days Under Attack
September 4, 2025
Podcasts
Google Warns of Sitecore Zero-Day: ViewState Deserialization Under Fire
September 4, 2025
Podcasts
Brokewell Malware Targets Android Users via Fake TradingView Ads on Meta
September 2, 2025

Cyber Security News

Echo Secures $35 Million Series A Funding to Advance Cybersecurity Tools
Cybersecurity
Echo Secures $35 Million Series A Funding to Advance Cybersecurity Tools
December 17, 2025
Verisoul Secures $8.8 Million to Enhance Fraud Prevention Technology
Cybersecurity
Verisoul Secures $8.8 Million to Enhance Fraud Prevention Technology
December 17, 2025
Understanding Ransomware Attacks on Hypervisors A Growing Threat
Endpoint Security
Understanding Ransomware Attacks on Hypervisors: A Growing Threat
December 17, 2025
CISO Communities Provide a Tactical Edge for Cybersecurity Challenges
Cybersecurity
CISO Communities Provide a Tactical Edge for Cybersecurity Challenges
December 17, 2025
PDVSA's Recent Cyberattack Reveals Vulnerabilities in Export Operations
Cybersecurity
PDVSA’s Recent Cyberattack Reveals Vulnerabilities in Export Operations
December 17, 2025
Amazon's Operation Disrupts GRU Hackers Targeting Cloud Infrastructure
Cybersecurity
Amazon’s Operation Disrupts GRU Hackers Targeting Cloud Infrastructure
December 17, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
October 28, 2025
An Italian spyware vendor has been linked to Google Chrome zero-day attacks targeting Android and Windows users, exploiting CVE-2025-1234 to deliver advanced surveillance tools globally.
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
October 28, 2025
QNAP warned that its Windows-based NetBak Replicator backup software is vulnerable to the critical ASP.NET flaw CVE-2024-43491, urging users to apply Microsoft’s latest security patches ...
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
October 28, 2025
NCX exchange exposed over 5 million records including wallet addresses, hashed passwords, 2FA codes and KYC documents—highlighting serious custodial risk and credential exploitation potential.
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
October 28, 2025
Russian-linked ransomware group claims to have stolen 1.5 million records from Dublin Airport’s passenger systems, raising urgent concerns around aviation supply-chain cybersecurity and travel-data exposure.
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
October 28, 2025
HSBC USA confirmed a cybersecurity breach exposing sensitive financial and personal data through unauthorized vendor access. The bank strengthened encryption, monitoring, and multi-layered authentication systems ...
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
October 28, 2025
Pwn2Own Ireland 2025 awarded over $1 million for 73 zero-day discoveries across phones, NAS devices, and smart tech. The Summoning Team won “Master of Pwn,” ...
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
October 27, 2025
Researchers discovered a prompt injection flaw in OpenAI’s ChatGPT Atlas browser that lets attackers manipulate its AI agent via malformed omnibox input. The bug exposes ...
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
October 27, 2025
San Francisco startup Keycard has emerged from stealth with $38M in funding to launch an IAM platform built for AI agents. Designed to secure autonomous ...
SailPoint Identity Risk Review: Intelligent Identity Threat Detection
October 27, 2025
SailPoint Identity Risk delivers advanced visibility into identity-based threats across human and machine accounts. It unifies access intelligence, behavioral analytics, and risk-based policy automation for ...
Massive Gmail Data Breach Exposes 183 Million User Credentials
October 27, 2025
A massive Gmail breach exposed 183 million user credentials compiled by Synthient, prompting cybersecurity warnings about reused passwords and urging users to enable multi-factor authentication.
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
October 27, 2025
Malware built on the RedTiger red-teaming toolkit is actively stealing Discord tokens, browser credentials and crypto wallet data, enabling account takeover even after victims reset ...
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
October 27, 2025
Researchers uncovered a TCAP-layer SS7 bypass that lets attackers intercept SMS, reroute calls, manipulate billing, and track locations by embedding extended TCAP tags to evade ...
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
October 27, 2025
The Philippine privacy regulator is investigating GCash over unauthorized user transactions while the e-wallet operator denies any data leak, raising concerns about mobile wallet security ...
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
October 27, 2025
Meta has patched two low-risk WhatsApp flaws—CVE-2025-55177 and CVE-2025-30401—affecting desktop and mobile sync features. Both required user interaction and posed no remote code execution risk, ...
$1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk”
October 27, 2025
The Pwn2Own Ireland 2025 hacking competition was set to feature one of its most anticipated moments — a $1 million zero-click remote code execution exploit ...
OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw
October 27, 2025
A serious vulnerability has been discovered in the OpenAI Atlas omnibox, a hybrid interface designed to handle both URLs and user prompts. Researchers at NeuralTrust ...
Microsoft Rushes Emergency Fix for WSUS Remote Code Execution Flaw (CVE-2025-59287)
October 27, 2025
A critical remote code execution (RCE) flaw, tracked as CVE-2025-59287, has put thousands of enterprise networks at risk by exposing the Windows Server Update Service ...
TP-Link Patches Critical Omada Gateway Vulnerabilities Preventing Remote Attacks
October 27, 2025
TP-Link has patched four critical flaws—two enabling unauthenticated remote code execution—affecting Omada gateway devices. The vulnerabilities (CVE-2025-6542, -6541, -7850, -7851) impact multiple ER, G, and ...
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
October 27, 2025
A new phishing technique called “CoPhish” exploits Microsoft Copilot Studio to deliver OAuth-based attacks through legitimate Microsoft domains. By embedding malicious login flows in Copilot ...
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
October 27, 2025
A global wave of remote code execution attacks is targeting outdated WordPress plugins, including GutenKit, Hunk Companion, and WP Ghost. Despite available patches, sluggish updates ...
New Chrome Extensions Disguised as HR Tools Pose Security Threat
GootLoader Employs Malformed ZIP Files to Evade Detection
Verizon Offers Compensation after Nationwide Wireless Service Outage
Microsoft Patch Tuesday Update Sparks Unrest in PCs
Law Enforcement Identifies Black Basta Ransomware Leader
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
Project Eleven Secures $20 Million Funding to Propel Post-Quantum Security
UAT-8837 Threat Actor Linked to China Targeting North American Infrastructure
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
XSS Vulnerability in StealC Malware’s Control Panel Uncovered
Fleeing Ransomware Leader Now Among Germany’s Most Wanted
Analyzing AI in Security Testing: SQL Injection Strong yet Fails in Controls
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
Critical Security Vulnerabilities: Redis Found at Risk of Unauthenticated RCE
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Visual Studio Code’s Copilot Studio Extension Now Widely Available
AWS CodeBuild Critical Security Flaw Exposed GitHub Repositories
Critical Vulnerability in Modular DS WordPress Plugin Exploited
OAuth Phishing Technique ConsentFix Poses New Threat to Microsoft Accounts