Main Menu
Cyber Security
Severe Command Injection Flaw Discovered in SGLang
Serial-to-IP Converter Flaws in Lantronix and Silex Products Put Critical Systems at Risk
Scottish Man Pleads Guilty in $8 Million Cryptocurrency Heist
Cyberattacks Are Outpacing MSP and Corporate Defenses
Huntress Identifies Active Exploitation of Microsoft Defender Vulnerabilities
Lawmakers’ Concerns About AI Include Worries of Potential ‘Destruction’
Microsoft Edge Update Introduces Bug Affecting Microsoft Teams Chats
Attackers Exploit Three Zero-Day Flaws in Microsoft Defender to Gain Elevated Access
Vercel Suffers Security Breach as Threat Actors Attempt to Sell Stolen Data
AI Security Challenges: Vendors’ Dual Messaging Raises Questions
NIST Alters Approach to Vulnerability Assessments, Ceasing Severity Scores for Lower-Priority Issues
Hackers Target Trucking and Logistics Firms in Organized Crime-Linked Cyber Campaign
Critical Nginx-UI Vulnerability Lets Attackers Seize Full Server Control
Digitally Signed Adware Disables Antivirus Across Multiple Sectors
Cybercriminals Are Weaponizing n8n to Launch Phishing Attacks
Microsoft Awards $2.3 Million to Researchers in Zero Day Quest Hacking Contest
Sweden Points to Pro-Russian Group in Cyberattack on Energy Infrastructure
Autovista Battles Ransomware Attack Across Europe and Australia
CISA Expands Known Exploited Vulnerabilities Catalog with Microsoft and Apple Flaws
A ‘By Design’ Flaw in Anthropic’s MCP Could Enable Widespread AI Supply Chain Attacks
Capsule Security Secures $7 Million to Protect AI Agents at Runtime
France’s Rising Kidnapping Cases Amid Crypto Extortion Schemes
Over 100 Malicious Chrome Extensions Are Stealing User Data and Creating Backdoors
Modern Trucking’s Cybersecurity Imperative: Industry Leaders Address Digital Threats
Microsoft Releases Windows 10 KB5082200 to Fix April 2026 Patch Tuesday Zero-Days
Fake Ledger Live App on macOS Drains $9.5 Million From Victims
Basic-Fit Data Breach Exposes Personal Information of One Million Members
McGraw-Hill Data Breach: Salesforce Misconfiguration Exploited by Hackers
Critical Security Flaws in Composer Put PHP Applications at Risk
Adobe’s ColdFusion Vulnerabilities Pose a Major Threat Amid Broader Security Concerns
Two US Cybersecurity Professionals Admit Guilt in Ransomware Schemes
News
Two US Cybersecurity Professionals Admit Guilt in Ransomware Schemes
Mitchell Langley January 5, 2026
Ryan Goldberg and Kevin Martin, two American cybersecurity professionals, have confessed to being affiliates of the notorious BlackCat/Alphv ransomware group. This revelation poses significant implications ...
Gavin Webb's Role in the Takedown of LockBit Ransomware
News
Gavin Webb’s Role in the Takedown of LockBit Ransomware
Gabby Lee January 5, 2026
Recognized for his exemplary public service, Gavin Webb spearheaded the strategic takedown of the notorious LockBit ransomware, marking a significant achievement in global cybersecurity efforts.
British Security Researcher Earns Australia's Prestigious Visa for Vulnerability Discovery
Cybersecurity
British Security Researcher Earns Australia’s Prestigious Visa for Vulnerability Discovery
Andrew Doyle January 5, 2026
British security analyst Jacob Riggs has achieved Australia's strictest, invite-only visa for exposure of a critical vulnerability in its government system.
Ongoing Cryptocurrency Thefts Linked to 2022 LastPass Breach
Cybersecurity
Ongoing Cryptocurrency Thefts Linked to 2022 LastPass Breach
Mitchell Langley January 5, 2026
Blockchain investigation has revealed that recent cryptocurrency thefts are tied to the 2022 LastPass breach. Attackers laundered stolen funds through Russian exchanges, exploiting vulnerabilities exposed ...
Pickett and Associates Data Breach Hacker Demands Bitcoin
News
Pickett and Associates Data Breach: Hacker Demands Bitcoin
Mitchell Langley January 5, 2026
A cybercriminal is selling stolen data from Pickett and Associates, impacting major utilities like Tampa Electric, Duke Energy, and American Electric Power.
Netflix Documentary Could Explore Crypto Crime Part 2 Potential
Cybersecurity
Netflix Documentary Could Explore Crypto Crime: Part 2 Potential
Gabby Lee January 5, 2026
Ilya Lichtenstein, linked to the 2016 Bitfinex bitcoin heist, has recently been released from prison after serving 14 months. Rumors suggest a Netflix documentary might ...
Covenant Health Ransomware Breach Impacts 478,000 Individuals Across Multiple States
News
Covenant Health Ransomware Breach Impacts 478,000 Individuals Across Multiple States
Andrew Doyle January 5, 2026
In May 2025, a ransomware attack by the Qilin group on Covenant Health compromised sensitive data of over 478,000 individuals at the healthcare organization located ...
OFAC Lifts Sanctions on Individuals Linked to Predator Spyware Consortium
Cybersecurity
OFAC Lifts Sanctions on Individuals Linked to Predator Spyware Consortium
Gabby Lee January 5, 2026
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) recently took a significant action by removing Merom Harpaz, Andrea Nicola Constantino Hermes ...
Disney Agrees to $10 Million Settlement for COPPA Violations
Data Security
Disney Agrees to $10 Million Settlement for COPPA Violations
Mitchell Langley January 5, 2026
Disney has settled COPPA violation allegations with a $10 million penalty, addressing claims about mislabeling videos and improper data use in targeted advertising. The case ...
DarkSpectre's Third Wave A New Browser Extension Threat
News
DarkSpectre’s Third Wave: A New Browser Extension Threat
Gabby Lee January 5, 2026
A new attack campaign codenamed DarkSpectre, attributed to a Chinese threat actor, has affected 2.2 million users across major web browsers. Leveraging two prior campaigns, ...
RondoDox Botnet Utilizes React2Shell Vulnerability to Infiltrate Servers
CVE Vulnerability Alerts
RondoDox Botnet Utilizes React2Shell Vulnerability to Infiltrate Servers
Andrew Doyle January 5, 2026
RondoDox is exploiting the React2Shell flaw in Next.js to gain remote code execution, deploy malware, and install cryptominers. The campaign highlights how unpatched web frameworks ...
New Variant of Shai Hulud Malware Found in npm Registry
Cybersecurity
New Variant of Shai Hulud Malware Found in npm Registry
Mitchell Langley January 5, 2026
Cybersecurity experts uncover a new Shai Hulud malware strain in the npm registry, stressing the importance of vigilant security practices within open-source ecosystems.
Unleash Protocol Experiences a $3.9 Million Cryptocurrency Loss
Cybersecurity
Unleash Protocol Experiences a $3.9 Million Cryptocurrency Loss
Gabby Lee January 5, 2026
Unleash Protocol has incurred a $3.9 million loss in cryptocurrency following an unauthorized contract upgrade that enabled asset withdrawals, exposing vulnerabilities within decentralized systems.
IBM Discloses Critical Security Vulnerability in API Connect
CVE Vulnerability Alerts
IBM Discloses Critical Security Vulnerability in API Connect
Andrew Doyle January 5, 2026
IBM has identified a critical vulnerability in its API Connect software, CVE-2025-13915, which allows attackers to bypass authentication and gain remote access. With a CVSS ...
European Space Agency Confirms Breach Impacting Servers with Unclassified Engineering Data
Endpoint Security
European Space Agency Confirms Breach Impacting Servers with Unclassified Engineering Data
Gabby Lee December 31, 2025
The European Space Agency disclosed a breach affecting external servers. These systems held unclassified engineering project data, raising concerns about data security in isolated networks.
BlackCat Ransomware Campaign Culminates in Guilty Pleas from Ex-Employees
News
BlackCat Ransomware Campaign Culminates in Guilty Pleas from Ex-Employees
Mitchell Langley December 31, 2025
Ex-Sygnia and DigitalMint employees confessed to deploying BlackCat ransomware against U.S. companies in 2023, using their insider knowledge for malicious aims.
'Zoom Stealer' Puts Millions at Risk via Web Extensions on Major Browsers
Application Security
‘Zoom Stealer’ Puts Millions at Risk via Web Extensions on Major Browsers
Andrew Doyle December 31, 2025
Over 2.2 million Chrome, Firefox, and Edge users are compromised by 'Zoom Stealer', a campaign targeting online meeting data via malicious extensions.
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
Application Security
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
Andrew Doyle December 31, 2025
The Cyber Security Agency of Singapore warns of a dangerous remote code execution vulnerability in SmarterTools SmarterMail, CVE-2025-52691, with a CVSS score of 10.0.
CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed
Application Security
CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed
Mitchell Langley December 31, 2025
A vulnerability in MongoDB, known as MongoBleed, is actively exploited, prompting CISA to direct U.S. federal agencies to patch this critical flaw. This vulnerability could ...
Silver Fox Exploits Tax Lures in India to Spread ValleyRAT
News
Silver Fox Exploits Tax Lures in India to Spread ValleyRAT
Gabby Lee December 31, 2025
Silver Fox targets India, using tax-themed phishing to spread ValleyRAT, including DLL hijacking in attacks.
Cybersecurity
Threat Actors Are Ramping Up Microsoft Teams Exploitation for Network Access
Gabby Lee April 21, 2026
Vercel Suffers Security Breach as Threat Actors Attempt to Sell Stolen Data
Cybersecurity
Vercel Suffers Security Breach as Threat Actors Attempt to Sell Stolen Data
Gabby Lee April 21, 2026
News
Seiko USA Faces Ransom Threat After Website Defacement
Mitchell Langley April 21, 2026
Autovista Battles Ransomware Attack Across Europe and Australia
Cybersecurity
Autovista Battles Ransomware Attack Across Europe and Australia
Gabby Lee April 16, 2026

TOP CYBERSECURITY HEADLINES

CVE Vulnerability Alerts
Severe Command Injection Flaw Discovered in SGLang
Cybersecurity
Serial-to-IP Converter Flaws in Lantronix and Silex Products Put Critical Systems at Risk
News
Seiko USA Faces Ransom Threat After Website Defacement
Cybersecurity
Scottish Man Pleads Guilty in $8 Million Cryptocurrency Heist

This Week’s Security Spotlight

Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Mitchell Langley April 21, 2026
Microsoft Awards $2.3 Million to Researchers in Zero Day Quest Hacking Contest
Cybersecurity
Microsoft Awards $2.3 Million to Researchers in Zero Day Quest Hacking Contest
Andrew Doyle April 16, 2026
Capsule Security Secures $7 Million to Protect AI Agents at Runtime
Cybersecurity
Capsule Security Secures $7 Million to Protect AI Agents at Runtime
Gabby Lee April 16, 2026
France's Rising Kidnapping Cases Amid Crypto Extortion Schemes
Cybersecurity
France’s Rising Kidnapping Cases Amid Crypto Extortion Schemes
Mitchell Langley April 16, 2026
More In News
Trending
APT28 Deploys PRISMEX Malware Against Ukraine and Its Allies
Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs
New Extortion Crew Uses Phishing to Breach High-Value Corporations
Bogus Traffic Violation Text Scam Targeting Americans

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Google Patches 111 Android Flaws in September 2025, Including Two Zero-Days Under Attack
September 4, 2025
Podcasts
Google Warns of Sitecore Zero-Day: ViewState Deserialization Under Fire
September 4, 2025
Podcasts
Brokewell Malware Targets Android Users via Fake TradingView Ads on Meta
September 2, 2025

Cyber Security News

'PhantomRaven' Supply-Chain Campaign Floods npm Registry with Malicious Packages
Application Security
‘PhantomRaven’ Supply-Chain Campaign Floods npm Registry with Malicious Packages
March 12, 2026
Stryker Healthcare Faces Cybersecurity Breach Linked to Hacktivist Group
Cybersecurity
Stryker Healthcare Faces Cybersecurity Breach Linked to Hacktivist Group
March 12, 2026
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
CVE Vulnerability Alerts
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
March 12, 2026
Google Cloud Strengthens Its Position with the $32 Billion Acquisition of Wiz
Cybersecurity
Google Cloud Strengthens Its Position with the $32 Billion Acquisition of Wiz
March 12, 2026
Fake Starlink Android Apps Spread BeatBanker Malware
Cybersecurity
Fake Starlink Android Apps Spread BeatBanker Malware
March 12, 2026
ELECQ Data Breach May Have Exposed EV Charger Users' Private Information
Cybersecurity
ELECQ Data Breach May Have Exposed EV Charger Users’ Private Information
March 11, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Ongoing Cryptocurrency Thefts Linked to 2022 LastPass Breach
January 5, 2026
Blockchain investigation has revealed that recent cryptocurrency thefts are tied to the 2022 LastPass breach. Attackers laundered stolen funds through Russian exchanges, exploiting vulnerabilities exposed ...
Pickett and Associates Data Breach: Hacker Demands Bitcoin
January 5, 2026
A cybercriminal is selling stolen data from Pickett and Associates, impacting major utilities like Tampa Electric, Duke Energy, and American Electric Power.
Netflix Documentary Could Explore Crypto Crime: Part 2 Potential
January 5, 2026
Ilya Lichtenstein, linked to the 2016 Bitfinex bitcoin heist, has recently been released from prison after serving 14 months. Rumors suggest a Netflix documentary might ...
Covenant Health Ransomware Breach Impacts 478,000 Individuals Across Multiple States
January 5, 2026
In May 2025, a ransomware attack by the Qilin group on Covenant Health compromised sensitive data of over 478,000 individuals at the healthcare organization located ...
OFAC Lifts Sanctions on Individuals Linked to Predator Spyware Consortium
January 5, 2026
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) recently took a significant action by removing Merom Harpaz, Andrea Nicola Constantino Hermes ...
Disney Agrees to $10 Million Settlement for COPPA Violations
January 5, 2026
Disney has settled COPPA violation allegations with a $10 million penalty, addressing claims about mislabeling videos and improper data use in targeted advertising. The case ...
DarkSpectre’s Third Wave: A New Browser Extension Threat
January 5, 2026
A new attack campaign codenamed DarkSpectre, attributed to a Chinese threat actor, has affected 2.2 million users across major web browsers. Leveraging two prior campaigns, ...
RondoDox Botnet Utilizes React2Shell Vulnerability to Infiltrate Servers
January 5, 2026
RondoDox is exploiting the React2Shell flaw in Next.js to gain remote code execution, deploy malware, and install cryptominers. The campaign highlights how unpatched web frameworks ...
New Variant of Shai Hulud Malware Found in npm Registry
January 5, 2026
Cybersecurity experts uncover a new Shai Hulud malware strain in the npm registry, stressing the importance of vigilant security practices within open-source ecosystems.
Unleash Protocol Experiences a $3.9 Million Cryptocurrency Loss
January 5, 2026
Unleash Protocol has incurred a $3.9 million loss in cryptocurrency following an unauthorized contract upgrade that enabled asset withdrawals, exposing vulnerabilities within decentralized systems.
IBM Discloses Critical Security Vulnerability in API Connect
January 5, 2026
IBM has identified a critical vulnerability in its API Connect software, CVE-2025-13915, which allows attackers to bypass authentication and gain remote access. With a CVSS ...
European Space Agency Confirms Breach Impacting Servers with Unclassified Engineering Data
December 31, 2025
The European Space Agency disclosed a breach affecting external servers. These systems held unclassified engineering project data, raising concerns about data security in isolated networks.
BlackCat Ransomware Campaign Culminates in Guilty Pleas from Ex-Employees
December 31, 2025
Ex-Sygnia and DigitalMint employees confessed to deploying BlackCat ransomware against U.S. companies in 2023, using their insider knowledge for malicious aims.
‘Zoom Stealer’ Puts Millions at Risk via Web Extensions on Major Browsers
December 31, 2025
Over 2.2 million Chrome, Firefox, and Edge users are compromised by 'Zoom Stealer', a campaign targeting online meeting data via malicious extensions.
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
December 31, 2025
The Cyber Security Agency of Singapore warns of a dangerous remote code execution vulnerability in SmarterTools SmarterMail, CVE-2025-52691, with a CVSS score of 10.0.
CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed
December 31, 2025
A vulnerability in MongoDB, known as MongoBleed, is actively exploited, prompting CISA to direct U.S. federal agencies to patch this critical flaw. This vulnerability could ...
Silver Fox Exploits Tax Lures in India to Spread ValleyRAT
December 31, 2025
Silver Fox targets India, using tax-themed phishing to spread ValleyRAT, including DLL hijacking in attacks.
A Record Year: Cybersecurity Acquisitions in 2025 Surpass $84 Billion
December 31, 2025
A remarkable year in cybersecurity M&A, 2025 saw total disclosed deals exceeding $84 billion. Eight significant acquisitions surpassed the $1 billion mark, representing a notable ...
How Artificial Intelligence is Being Integrated into Security Operations
December 31, 2025
As AI becomes a fixture in Security Operations Centers (SOCs), aligning its role with operational processes remains a challenge, affecting its effective deployment and value ...
Mustang Panda’s Novel Kernel-Mode Rootkit Used in Mid-2025 Cyber Attack Analysis
December 31, 2025
Mustang Panda leverages a kernel-mode rootkit and a new TONESHELL backdoor variant in a mid-2025 cyber attack on an Asian entity, as reported by Kaspersky.
Severe Command Injection Flaw Discovered in SGLang
Serial-to-IP Converter Flaws in Lantronix and Silex Products Put Critical Systems at Risk
Seiko USA Faces Ransom Threat After Website Defacement
Scottish Man Pleads Guilty in $8 Million Cryptocurrency Heist
Cyberattacks Are Outpacing MSP and Corporate Defenses
Huntress Identifies Active Exploitation of Microsoft Defender Vulnerabilities
Lawmakers’ Concerns About AI Include Worries of Potential ‘Destruction’
Microsoft Edge Update Introduces Bug Affecting Microsoft Teams Chats
Threat Actors Repurpose Tycoon 2FA Tools in New Phishing Schemes
Attackers Exploit Three Zero-Day Flaws in Microsoft Defender to Gain Elevated Access
Vercel Suffers Security Breach as Threat Actors Attempt to Sell Stolen Data
AI Security Challenges: Vendors’ Dual Messaging Raises Questions
NIST Alters Approach to Vulnerability Assessments, Ceasing Severity Scores for Lower-Priority Issues
Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers
Hackers Target Trucking and Logistics Firms in Organized Crime-Linked Cyber Campaign
Critical Nginx-UI Vulnerability Lets Attackers Seize Full Server Control
Digitally Signed Adware Disables Antivirus Across Multiple Sectors
Cybercriminals Are Weaponizing n8n to Launch Phishing Attacks
Microsoft Awards $2.3 Million to Researchers in Zero Day Quest Hacking Contest
Sweden Points to Pro-Russian Group in Cyberattack on Energy Infrastructure