Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Application Security
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Andrew Doyle November 12, 2025
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers a critical Hyper-V remote code ...
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
CVE Vulnerability Alerts
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
Mitchell Langley November 12, 2025
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
News
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
Gabby Lee November 12, 2025
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via malicious WhatsApp messages, Maverick shares ...
Rhadamanthys Infostealer Operation Disrupted Customers Lose Server Access
Cybersecurity
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
Andrew Doyle November 12, 2025
Operations behind the Rhadamanthys infostealer have abruptly gone dark, locking out users from control panels and servers. The disruption—possibly a law enforcement takedown or exit ...
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Endpoint Security
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Mitchell Langley November 12, 2025
Synology patched a critical RCE flaw (CVE-2025-22082) in its BeeStation storage devices after researchers exploited it live at Pwn2Own 2025. The pre-authentication bug allowed full ...
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Cybersecurity
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Gabby Lee November 12, 2025
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Application Security
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Andrew Doyle November 12, 2025
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Application Security
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Mitchell Langley November 12, 2025
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
Cybersecurity
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
Gabby Lee November 12, 2025
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
Application Security
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
Andrew Doyle November 12, 2025
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Cybersecurity
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Mitchell Langley November 11, 2025
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
Cybersecurity
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
Gabby Lee November 11, 2025
The Thayer Hotel at West Point notified customers that unauthorized access compromised names, ID document numbers and, for a small number, Social Security numbers of 33,000+ individuals.
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
Application Security
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
Andrew Doyle November 11, 2025
APT37 leveraged phishing, credential theft, and Google Find Hub to execute destructive Android wipes from compromised Windows systems, demonstrating an advanced hybrid desktop-to-mobile attack chain.
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Gabby Lee November 11, 2025
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Mitchell Langley November 11, 2025
Sensitive credentials and configuration secrets tied to high-profile artificial intelligence (AI) companies were found exposed on public GitHub repositories, potentially ...
Critical Vulnerability in 'expr-eval' Library Enables Remote Code Execution
Application Security
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
Mitchell Langley November 11, 2025
A critical flaw in the popular JavaScript library expr-eval allows remote code execution through unsafe expression parsing. With over 800,000 weekly NPM downloads, the issue ...
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
News
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Gabby Lee November 11, 2025
Cybercriminals are increasingly using LinkedIn to launch phishing campaigns targeting executives through direct messages. By exploiting professional trust and bypassing email defenses, attackers deliver malicious ...
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Cybersecurity
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Andrew Doyle November 11, 2025
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Application Security
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Mitchell Langley November 11, 2025
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CVE Vulnerability Alerts
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
Gabby Lee November 11, 2025
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Google Patches 111 Android Flaws in September 2025, Including Two Zero-Days Under Attack
September 4, 2025
Podcasts
Google Warns of Sitecore Zero-Day: ViewState Deserialization Under Fire
September 4, 2025
Podcasts
Brokewell Malware Targets Android Users via Fake TradingView Ads on Meta
September 2, 2025

Cyber Security News

CISA Expands Catalog to Include New Vulnerabilities Exploited by Ransomware Groups
Cybersecurity
CISA Expands Catalog to Include New Vulnerabilities Exploited by Ransomware Groups
January 6, 2026
Kimwolf Botnet A New Threat to Millions of Android Devices
Cybersecurity
Kimwolf Botnet: A New Threat to Millions of Android Devices
January 6, 2026
Ledger Breach Due to Global-e Attack Compromises Customer Data
Data Security
Ledger Breach Due to Global-e Attack Compromises Customer Data
January 6, 2026
Russia-Aligned Threat Actor UAC-0184 Utilizes Viber to Target Ukrainian Military and Government
Application Security
Russia-Aligned Threat Actor UAC-0184 Utilizes Viber to Target Ukrainian Military and Government
January 6, 2026
Sedgwick Breach Raises Concerns Over Security of Government Data Transfers
Data Security
Sedgwick Breach Raises Concerns Over Security of Government Data Transfers
January 6, 2026
Brightspeed Experiences Large-Scale Data Breach Claimed by Crimson Collective
Cybersecurity
Brightspeed Experiences Large-Scale Data Breach Claimed by Crimson Collective
January 6, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
November 12, 2025
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via malicious WhatsApp messages, Maverick shares ...
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
November 12, 2025
Operations behind the Rhadamanthys infostealer have abruptly gone dark, locking out users from control panels and servers. The disruption—possibly a law enforcement takedown or exit ...
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
November 12, 2025
Synology patched a critical RCE flaw (CVE-2025-22082) in its BeeStation storage devices after researchers exploited it live at Pwn2Own 2025. The pre-authentication bug allowed full ...
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
November 12, 2025
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
November 12, 2025
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
November 12, 2025
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
November 12, 2025
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
November 12, 2025
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
November 11, 2025
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
November 11, 2025
The Thayer Hotel at West Point notified customers that unauthorized access compromised names, ID document numbers and, for a small number, Social Security numbers of 33,000+ individuals.
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
November 11, 2025
APT37 leveraged phishing, credential theft, and Google Find Hub to execute destructive Android wipes from compromised Windows systems, demonstrating an advanced hybrid desktop-to-mobile attack chain.
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
November 11, 2025
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
November 11, 2025
Sensitive credentials and configuration secrets tied to high-profile artificial intelligence (AI) companies were found exposed on public GitHub repositories, potentially allowing attackers unauthorized access to ...
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
November 11, 2025
A critical flaw in the popular JavaScript library expr-eval allows remote code execution through unsafe expression parsing. With over 800,000 weekly NPM downloads, the issue ...
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
November 11, 2025
Cybercriminals are increasingly using LinkedIn to launch phishing campaigns targeting executives through direct messages. By exploiting professional trust and bypassing email defenses, attackers deliver malicious ...
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
November 11, 2025
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
November 11, 2025
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
November 11, 2025
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
November 11, 2025
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
November 11, 2025
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited