Main Menu
Cyber Security
Microsoft Disrupts Fox Tempest Malware-Signing Service
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
SEPPMail Gateway Hit with 7 CVEs, Including CVSS 10.0 RCE Flaw
Grafana Breach Traced to TanStack npm Supply Chain Attack
CISA Orders Patch for Sixth Cisco SD-WAN Zero-Day of 2026
Exchange Server XSS CVE-2026-42897 Exploited via Crafted Email
Ghostwriter APT Deploys Cobalt Strike in Geofenced Ukraine Campaign
OpenAI Confirms Breach via Mini Shai-Hulud npm Supply Chain Attack
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
node-ipc npm Package Hid Credential Stealer Across Three Versions
PraisonAI CVE-2026-44338 Exploited 3h44m After Public Disclosure
Burst Statistics CVE-2026-8181 Draws 7,400 Attacks in 24 Hours
NGINX CVE-2026-42945 Under Active Exploitation After F5 Patch Drop
CoinbaseCartel Steals Grafana Source Code via GitHub Token
MiniPlasma Windows Exploit Grants SYSTEM Access with No Patch
Leaked Shai-Hulud Code Fuels npm Infostealer Wave Targeting Devs
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Pwn2Own Berlin 2026 Closes with $1.3M in Zero-Day Prizes
GitHub Actions Supply Chain Attack Hijacks actions-cool Tags
ShinyHunters Claims 600,000-Record 7-Eleven Salesforce Breach
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
18-Year NGINX Flaw CVE-2026-42945 Enables Unauthenticated RCE
FamousSparrow APT Hit Azerbaijani Energy Firm in Three Waves
MuddyWater Targeted South Korean Electronics Maker via DLL Sideloading
Linux Kernel Fragnesia CVE-2026-46300 Grants Root via Page Cache
YellowKey and GreenPlasma: Unpatched Windows Zero-Days Released
PLUGGYAPE Malware Targets Ukraine's Defense Amid Rising Cyber Threats
Cybersecurity
PLUGGYAPE Malware Targets Ukraine’s Defense Amid Rising Cyber Threats
Mitchell Langley January 15, 2026
CERT-UA reported recent cyberattacks targeting Ukraine's defense using PLUGGYAPE malware. Security experts associate these assaults with medium confidence to the Russian-affiliated Void Blizzard group.
Verizon Wireless Faces Widespread U.S. Outage and Service Issues
Cybersecurity
Verizon Wireless Faces Widespread U.S. Outage and Service Issues
Gabby Lee January 15, 2026
Verizon Wireless faces sweeping outages in the United States, leaving customers unable to access cellular services. Many report phones stuck in SOS mode, impacting communication ...
GoBruteforcer Botnet Exploits Weak Server Credentials to Target Crypto Ventures
Cybersecurity
GoBruteforcer Botnet Exploits Weak Server Credentials to Target Crypto Ventures
Mitchell Langley January 15, 2026
The GoBruteforcer botnet uses AI-driven server deployments with weak credentials to target crypto and blockchain projects. The botnet, by exploiting legacy web technologies, enhances its ...
Chrome Extension Impersonates Trading Tool to Steal MEXC API Keys
Application Security
Chrome Extension Impersonates Trading Tool to Steal MEXC API Keys
Gabby Lee January 14, 2026
Cybersecurity experts have identified a harmful Google Chrome extension that pretends to be a trading facilitator on the MEXC cryptocurrency exchange. Named MEXC API Automator, ...
Android Users Encounter Issue with Volume Buttons When Accessibility Features are Enabled
Application Security
Android Users Encounter Issue with Volume Buttons When Accessibility Features are Enabled
Andrew Doyle January 14, 2026
Users of Android devices face difficulties with the volume buttons not functioning properly due to a software bug affecting those with accessibility features enabled.
Fried Frank Data Breach Implications for High-Profile Clients
Data Security
Fried Frank Data Breach: Implications for High-Profile Clients
Andrew Doyle January 14, 2026
The prestigious law firm Fried Frank has recently experienced a data breach, affecting confidential information related to its high-profile clientele. Notable entities such as JPMorgan ...
CrowdStrike Enhances Browser Security Via $420M Seraphic Acquisition
Cybersecurity
CrowdStrike Enhances Browser Security Via $420M Seraphic Acquisition
Mitchell Langley January 14, 2026
CrowdStrike announces a $420 million deal to acquire Seraphic, bolstering its capabilities in browser security. This acquisition, following a recent identity security purchase, reinforces CrowdStrike's ...
Ongoing Web Skimming Threats Targeting Payment Networks and Clients
Cybersecurity
Ongoing Web Skimming Threats Targeting Payment Networks and Clients
Mitchell Langley January 14, 2026
Cybersecurity experts have uncovered a large-scale web skimming attack targeting notable payment providers, including American Express and Mastercard. The attack has threatened enterprise organizations since ...
Belgian Hospital Cyberattack Forces Operational Halt and Patient Transfers
Cybersecurity
Belgian Hospital Cyberattack Forces Operational Halt and Patient Transfers
Gabby Lee January 14, 2026
Belgian healthcare facility AZ Monica was hit by a cyberattack, leading to a temporary shutdown of all servers, the cancellation of procedures, and patient transfers. ...
Adobe's Latest Security Patches Address Critical Vulnerabilities in ColdFusion
Application Security
Adobe’s Latest Security Patches Address Critical Vulnerabilities in ColdFusion
Andrew Doyle January 14, 2026
Adobe recently released updates to resolve 25 vulnerabilities across its software products. A critical bug in ColdFusion, linked to Apache Tika, is among the flaws ...
Central Maine Healthcare Data Breach Sensitive Information of Over 145,000 at Risk
Data Security
Central Maine Healthcare Data Breach: Sensitive Information of Over 145,000 at Risk
Mitchell Langley January 14, 2026
Central Maine Healthcare suffered a data breach affecting more than 145,000 individuals. Sensitive data such as Social Security numbers and addresses was potentially exposed. Investigators ...
Microsoft Enhances Secure Boot Certificates for Windows 11
Application Security
Microsoft Enhances Secure Boot Certificates for Windows 11
Mitchell Langley January 14, 2026
Microsoft introduces updated Secure Boot certificates for eligible Windows 11 systems, aiming to bolster security through automated installations, adding precautionary measures against past vulnerabilities.
CISO Strategies for 2026 Navigating Future Cybersecurity Challenges
Cybersecurity
CISO Strategies for 2026: Navigating Future Cybersecurity Challenges
Andrew Doyle January 13, 2026
The cybersecurity landscape in 2026 demands that Chief Information Security Officers (CISOs) adapt to new challenges and opportunities. Strategic foresight into emerging threats, technological evolution, ...
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Cybersecurity
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Mitchell Langley January 13, 2026
The University of Hawaii’s Cancer Center faced a ransomware attack in August 2025, compromising study participants’ data, including old Social Security numbers.
Implementing Access Reviews to Enhance Security in Microsoft 365
Application Security
Implementing Access Reviews to Enhance Security in Microsoft 365
Andrew Doyle January 13, 2026
Microsoft 365 simplifies file sharing, potentially exposing organizations to data breaches. Access reviews can mitigate these risks by controlling permissions.
Telegram's Proxy Link Vulnerability Exposes IP Addresses
Application Security
Telegram’s Proxy Link Vulnerability Exposes IP Addresses
Andrew Doyle January 13, 2026
Users' IP addresses are at risk when interacting with seemingly harmless Telegram proxy links. Learn about how Telegram is enhancing its security to mitigate these ...
Endesa Cyberattack Results in Customer Data Exposure
Data Security
Endesa Cyberattack Results in Customer Data Exposure
Mitchell Langley January 13, 2026
Spanish energy provider Endesa, along with its subsidiary Energía XXI, reported hackers gained access to their systems, exposing customer contract information. Personal data, including financial ...
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Application Security
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Gabby Lee January 13, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) mandates government agencies to immediately secure systems against a high-severity Gogs vulnerability, CVE-2025-8110, exploited in the wild. Organizations ...
Meta Addresses Security Vulnerability in Instagram Password Resets
Application Security
Meta Addresses Security Vulnerability in Instagram Password Resets
Gabby Lee January 13, 2026
Meta recently resolved a flaw in Instagram’s password reset process that allowed unauthorized entities to trigger reset emails, raising security concerns. Despite addressing this issue, ...
AI and Security Block's CISO Discusses AI Agents' Potential
Cybersecurity
AI and Security: Block’s CISO Discusses AI Agents’ Potential
Andrew Doyle January 13, 2026
AI agents should surpass human capabilities in security, akin to self-driving cars, says Block's CISO James Nettesheim. In a discussion with The Register, Nettesheim outlines ...
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
Cybersecurity
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
Mitchell Langley May 20, 2026
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
Cybersecurity
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
Mitchell Langley May 20, 2026
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Andrew Doyle May 20, 2026
Cybersecurity
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
Gabby Lee May 19, 2026

TOP CYBERSECURITY HEADLINES

Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
Cybersecurity
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Application Security
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys

This Week’s Security Spotlight

Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
Application Security
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
Andrew Doyle May 20, 2026
Cybersecurity
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Andrew Doyle May 19, 2026
Application Security
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
Gabby Lee May 13, 2026
CVE Vulnerability Alerts
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
Mitchell Langley May 13, 2026
More In News
Trending
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike
August 28, 2025
Podcasts
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime
August 28, 2025
Podcasts
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
August 28, 2025

Cyber Security News

Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
Cybersecurity
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
April 8, 2026
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat
Cybersecurity
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat
April 8, 2026
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
CVE Vulnerability Alerts
Docker Engine Vulnerability CVE-2026-34040 Allows Attackers to Bypass Authorization
April 8, 2026
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
Cybersecurity
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
April 8, 2026
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
Cybersecurity
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
April 8, 2026
Anthropic's Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
Cybersecurity
Anthropic’s Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
April 8, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Chrome Extension Impersonates Trading Tool to Steal MEXC API Keys
January 14, 2026
Cybersecurity experts have identified a harmful Google Chrome extension that pretends to be a trading facilitator on the MEXC cryptocurrency exchange. Named MEXC API Automator, ...
Android Users Encounter Issue with Volume Buttons When Accessibility Features are Enabled
January 14, 2026
Users of Android devices face difficulties with the volume buttons not functioning properly due to a software bug affecting those with accessibility features enabled.
Fried Frank Data Breach: Implications for High-Profile Clients
January 14, 2026
The prestigious law firm Fried Frank has recently experienced a data breach, affecting confidential information related to its high-profile clientele. Notable entities such as JPMorgan ...
CrowdStrike Enhances Browser Security Via $420M Seraphic Acquisition
January 14, 2026
CrowdStrike announces a $420 million deal to acquire Seraphic, bolstering its capabilities in browser security. This acquisition, following a recent identity security purchase, reinforces CrowdStrike's ...
Ongoing Web Skimming Threats Targeting Payment Networks and Clients
January 14, 2026
Cybersecurity experts have uncovered a large-scale web skimming attack targeting notable payment providers, including American Express and Mastercard. The attack has threatened enterprise organizations since ...
Belgian Hospital Cyberattack Forces Operational Halt and Patient Transfers
January 14, 2026
Belgian healthcare facility AZ Monica was hit by a cyberattack, leading to a temporary shutdown of all servers, the cancellation of procedures, and patient transfers. ...
Adobe’s Latest Security Patches Address Critical Vulnerabilities in ColdFusion
January 14, 2026
Adobe recently released updates to resolve 25 vulnerabilities across its software products. A critical bug in ColdFusion, linked to Apache Tika, is among the flaws ...
Central Maine Healthcare Data Breach: Sensitive Information of Over 145,000 at Risk
January 14, 2026
Central Maine Healthcare suffered a data breach affecting more than 145,000 individuals. Sensitive data such as Social Security numbers and addresses was potentially exposed. Investigators ...
Microsoft Enhances Secure Boot Certificates for Windows 11
January 14, 2026
Microsoft introduces updated Secure Boot certificates for eligible Windows 11 systems, aiming to bolster security through automated installations, adding precautionary measures against past vulnerabilities.
CISO Strategies for 2026: Navigating Future Cybersecurity Challenges
January 13, 2026
The cybersecurity landscape in 2026 demands that Chief Information Security Officers (CISOs) adapt to new challenges and opportunities. Strategic foresight into emerging threats, technological evolution, ...
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
January 13, 2026
The University of Hawaii’s Cancer Center faced a ransomware attack in August 2025, compromising study participants’ data, including old Social Security numbers.
Implementing Access Reviews to Enhance Security in Microsoft 365
January 13, 2026
Microsoft 365 simplifies file sharing, potentially exposing organizations to data breaches. Access reviews can mitigate these risks by controlling permissions.
Telegram’s Proxy Link Vulnerability Exposes IP Addresses
January 13, 2026
Users' IP addresses are at risk when interacting with seemingly harmless Telegram proxy links. Learn about how Telegram is enhancing its security to mitigate these ...
Endesa Cyberattack Results in Customer Data Exposure
January 13, 2026
Spanish energy provider Endesa, along with its subsidiary Energía XXI, reported hackers gained access to their systems, exposing customer contract information. Personal data, including financial ...
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
January 13, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) mandates government agencies to immediately secure systems against a high-severity Gogs vulnerability, CVE-2025-8110, exploited in the wild. Organizations ...
Meta Addresses Security Vulnerability in Instagram Password Resets
January 13, 2026
Meta recently resolved a flaw in Instagram’s password reset process that allowed unauthorized entities to trigger reset emails, raising security concerns. Despite addressing this issue, ...
AI and Security: Block’s CISO Discusses AI Agents’ Potential
January 13, 2026
AI agents should surpass human capabilities in security, akin to self-driving cars, says Block's CISO James Nettesheim. In a discussion with The Register, Nettesheim outlines ...
Apex Legends Players Face Unprecedented Character Hijacking Over Weekend
January 13, 2026
Apex Legends players were rudely interrupted over the weekend when malicious actors took control of their in-game characters. The intrusions included disconnecting players and tampering ...
Target’s Source Code Allegedly Exposed in Cyber Breach
January 13, 2026
Allegations have surfaced of hackers offering Target Corporation’s internal code for sale. The incident came to light after files suggesting a breach were seen on ...
Drones Are Now Critical Infrastructure—and Their Networks are the New Attack Surface
January 13, 2026
Drones are now embedded in public safety, energy, and defense operations, making their networks a critical attack surface. This blog explores how fragile connectivity, legacy ...
Microsoft Disrupts Fox Tempest Malware-Signing Service
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
SEPPMail Gateway Hit with 7 CVEs, Including CVSS 10.0 RCE Flaw
Grafana Breach Traced to TanStack npm Supply Chain Attack
CISA Orders Patch for Sixth Cisco SD-WAN Zero-Day of 2026
Exchange Server XSS CVE-2026-42897 Exploited via Crafted Email
Ghostwriter APT Deploys Cobalt Strike in Geofenced Ukraine Campaign
OpenAI Confirms Breach via Mini Shai-Hulud npm Supply Chain Attack
KongTuke IAB Uses Microsoft Teams to Deploy ModeloRAT in 5 Minutes
node-ipc npm Package Hid Credential Stealer Across Three Versions
PraisonAI CVE-2026-44338 Exploited 3h44m After Public Disclosure
Burst Statistics CVE-2026-8181 Draws 7,400 Attacks in 24 Hours
NGINX CVE-2026-42945 Under Active Exploitation After F5 Patch Drop
CoinbaseCartel Steals Grafana Source Code via GitHub Token
MiniPlasma Windows Exploit Grants SYSTEM Access with No Patch
Leaked Shai-Hulud Code Fuels npm Infostealer Wave Targeting Devs