Main Menu
Cyber Security
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
GitHub's Dependabot is Under Fire for Alert Accuracy Issues
Application Security
GitHub’s Dependabot is Under Fire for Alert Accuracy Issues
Gabby Lee February 25, 2026
A Go library maintainer questions the effectiveness of GitHub's Dependabot due to alert fatigue from inaccurate dependency-scanning alerts.
BeyondTrust RS and PRA Vulnerability Is Being Actively Exploited by Threat Actors
Cybersecurity
BeyondTrust RS and PRA Vulnerability Is Being Actively Exploited by Threat Actors
Gabby Lee February 25, 2026
Attackers exploit CVE-2026-1731 in BeyondTrust RS and PRA, leveraging VShell for persistence, lateral movement, and system control.
Microsoft Expands Data Loss Prevention Controls for Microsoft 365 Copilot
Cybersecurity
Microsoft Expands Data Loss Prevention Controls for Microsoft 365 Copilot
Andrew Doyle February 25, 2026
Microsoft expands data loss prevention (DLP) controls to block Microsoft 365 Copilot from accessing and processing confidential Word, Excel, and Power...
New Security Concerns Arise with the Proliferation of Internal LLMs
Cybersecurity
New Security Concerns Arise with the Proliferation of Internal LLMs
Mitchell Langley February 25, 2026
As organizations implement LLMs, security concerns shift to the infrastructure.
Cybercriminal Group Exploits Hundreds of FortiGate Firewalls Using Off-the-Shelf AI Tools
Application Security
Cybercriminal Group Exploits Hundreds of FortiGate Firewalls Using Off-the-Shelf AI Tools
Gabby Lee February 24, 2026
A cybercrime group used off-the-shelf AI tools to target FortiGate firewalls in 55 countries.
Ring Bets $10,000 That Nobody Can Hack Its Local Streaming Feature
Cybersecurity
Ring Bets $10,000 That Nobody Can Hack Its Local Streaming Feature
Andrew Doyle February 24, 2026
Ring offers $10,000 for finding security flaws in its new local streaming feature. The company's goal is to limit video access to device owners' trust...
Romanian Hacker Admits to Selling Oregon State Network Access in Court
Cybersecurity
Romanian Hacker Admits to Selling Oregon State Network Access in Court
Mitchell Langley February 23, 2026
A Romanian hacker pleads guilty to selling digital access to a US state office network.
Privacy Groups Demand Compliance From Generative AI Image Creators
Cybersecurity
Privacy Groups Demand Compliance From Generative AI Image Creators
Gabby Lee February 23, 2026
Privacy watchdogs insist generative AI makers adhere to data protection laws.
Spanish Hacker Arrested for Booking Luxury Hotel Rooms for One Cent
Cybersecurity
Spanish Hacker Arrested for Booking Luxury Hotel Rooms for One Cent
Andrew Doyle February 23, 2026
Spanish police apprehended a hacker for booking luxury rooms for €0.01 each through an exploited payment system.
Anthropic Introduces Claude Code Security for Vulnerability Detection
Application Security
Anthropic Introduces Claude Code Security for Vulnerability Detection
Mitchell Langley February 23, 2026
Anthropic's new feature scans code for vulnerabilities, suggesting targeted patches.
PayPal Data Breach Exposed User Data for Six Months Due to Software Bug
Cybersecurity
PayPal Data Breach Exposed User Data for Six Months Due to Software Bug
Mitchell Langley February 23, 2026
A six-month data breach at PayPal exposed sensitive user information due to a software flaw in its Working Capital app.
Critical Grandstream Phone Vulnerability Allows for Eavesdropping Opportunities
CVE Vulnerability Alerts
Critical Grandstream Phone Vulnerability Allows for Eavesdropping Opportunities
Gabby Lee February 23, 2026
A critical flaw in Grandstream phones enables remote code execution without authentication.
Ukrainian National Sentenced in US Federal Court for Aiding North Korean IT Fraud
Cybersecurity
Ukrainian National Sentenced in US Federal Court for Aiding North Korean IT Fraud
Andrew Doyle February 23, 2026
Ukrainian Oleksandr Didenko sentenced to 5 years for aiding North Korean IT workers in employment fraud.
Deutsche Bahn Hit by a Large-Scale DDoS Attack Disrupting Rail Services
Cybersecurity
Deutsche Bahn Hit by a Large-Scale DDoS Attack Disrupting Rail Services
Mitchell Langley February 20, 2026
Deutsche Bahn's services were disrupted by a DDoS attack, leading to significant travel complications across Germany's national rail network.
Snyk CEO Steps Down to Make Way for AI-Focused Leadership
Cybersecurity
Snyk CEO Steps Down to Make Way for AI-Focused Leadership
Andrew Doyle February 20, 2026
Snyk's CEO announces departure to align leadership with AI advancements in code review.
Advantest Cyberattack Sparks Fears of Employee and Client Data Exposure
Cybersecurity
Advantest Cyberattack Sparks Fears of Employee and Client Data Exposure
Mitchell Langley February 20, 2026
Advantest faces a ransomware attack, investigating potential data breach impact.
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Cybersecurity
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
Mitchell Langley February 20, 2026
Discover how PromptSpy malware uses Gemini AI at runtime to analyze on-screen elements and maintain persistence on Android devices even after a reboot...
Ukrainian National Gets Five Years for Helping North Korean IT Workers Infiltrate U.S. Companies
News
Ukrainian National Gets Five Years for Helping North Korean IT Workers Infiltrate U.S. Companies
Mitchell Langley February 20, 2026
A Ukrainian hacker aided North Korea in infiltrating U.S. companies by providing stolen identities, resulting in a five-year prison sentence.
Former Google Engineers Indicted for Alleged Trade Secret Theft Linked to Iran
Cybersecurity
Former Google Engineers Indicted for Alleged Trade Secret Theft Linked to Iran
Gabby Lee February 20, 2026
Former Google engineers indicted for allegedly stealing trade secrets and transferring sensitive data to unauthorized locations, including Iran.
Operation Red Card 2.0 Dismantles Online Scam Networks Across Africa
Cybersecurity
Operation Red Card 2.0 Dismantles Online Scam Networks Across Africa
Andrew Doyle February 20, 2026
Operation Red Card 2.0 led to 651 arrests and disrupted online scam networks in Africa.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Mitchell Langley June 17, 2026
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
Gabby Lee June 17, 2026
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Mitchell Langley June 17, 2026
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle June 17, 2026

TOP CYBERSECURITY HEADLINES

Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps

This Week’s Security Spotlight

Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Mitchell Langley June 17, 2026
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
More In News
Trending
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike
August 28, 2025
Podcasts
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime
August 28, 2025
Podcasts
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
August 28, 2025

Cyber Security News

Application Security
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
June 1, 2026
Cybersecurity
California AG Sues 23andMe Successor Over 2023 Genetic Data Breach
June 1, 2026
Cybersecurity
LLMShare Campaign Hosts Infostealer Downloads on ChatGPT’s Own Domain
June 1, 2026
Cybersecurity
NC Man Gets 121 Months for Selling Elderly Americans’ Data to Scammers
June 1, 2026
Application Security
Microsoft: 14 npm Packages Linked to Single Actor Stealing AWS Keys
June 1, 2026
Cybersecurity
Play Ransomware Lists MyPillow, US Telecom in Six-Victim Batch
June 1, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
New Security Concerns Arise with the Proliferation of Internal LLMs
February 25, 2026
As organizations implement LLMs, security concerns shift to the infrastructure.
Cybercriminal Group Exploits Hundreds of FortiGate Firewalls Using Off-the-Shelf AI Tools
February 24, 2026
A cybercrime group used off-the-shelf AI tools to target FortiGate firewalls in 55 countries.
Ring Bets $10,000 That Nobody Can Hack Its Local Streaming Feature
February 24, 2026
Ring offers $10,000 for finding security flaws in its new local streaming feature. The company's goal is to limit video access to device owners' trust...
Romanian Hacker Admits to Selling Oregon State Network Access in Court
February 23, 2026
A Romanian hacker pleads guilty to selling digital access to a US state office network.
Privacy Groups Demand Compliance From Generative AI Image Creators
February 23, 2026
Privacy watchdogs insist generative AI makers adhere to data protection laws.
Spanish Hacker Arrested for Booking Luxury Hotel Rooms for One Cent
February 23, 2026
Spanish police apprehended a hacker for booking luxury rooms for €0.01 each through an exploited payment system.
Anthropic Introduces Claude Code Security for Vulnerability Detection
February 23, 2026
Anthropic's new feature scans code for vulnerabilities, suggesting targeted patches.
PayPal Data Breach Exposed User Data for Six Months Due to Software Bug
February 23, 2026
A six-month data breach at PayPal exposed sensitive user information due to a software flaw in its Working Capital app.
Critical Grandstream Phone Vulnerability Allows for Eavesdropping Opportunities
February 23, 2026
A critical flaw in Grandstream phones enables remote code execution without authentication.
Ukrainian National Sentenced in US Federal Court for Aiding North Korean IT Fraud
February 23, 2026
Ukrainian Oleksandr Didenko sentenced to 5 years for aiding North Korean IT workers in employment fraud.
Deutsche Bahn Hit by a Large-Scale DDoS Attack Disrupting Rail Services
February 20, 2026
Deutsche Bahn's services were disrupted by a DDoS attack, leading to significant travel complications across Germany's national rail network.
Snyk CEO Steps Down to Make Way for AI-Focused Leadership
February 20, 2026
Snyk's CEO announces departure to align leadership with AI advancements in code review.
Advantest Cyberattack Sparks Fears of Employee and Client Data Exposure
February 20, 2026
Advantest faces a ransomware attack, investigating potential data breach impact.
PromptSpy Android Malware Abuses Gemini AI at Runtime for Persistence
February 20, 2026
Discover how PromptSpy malware uses Gemini AI at runtime to analyze on-screen elements and maintain persistence on Android devices even after a reboot...
Ukrainian National Gets Five Years for Helping North Korean IT Workers Infiltrate U.S. Companies
February 20, 2026
A Ukrainian hacker aided North Korea in infiltrating U.S. companies by providing stolen identities, resulting in a five-year prison sentence.
Former Google Engineers Indicted for Alleged Trade Secret Theft Linked to Iran
February 20, 2026
Former Google engineers indicted for allegedly stealing trade secrets and transferring sensitive data to unauthorized locations, including Iran.
Operation Red Card 2.0 Dismantles Online Scam Networks Across Africa
February 20, 2026
Operation Red Card 2.0 led to 651 arrests and disrupted online scam networks in Africa.
MIT CSAIL’s 2025 AI Agent Index Puts System Transparency Under the Microscope
February 20, 2026
Academic researchers spotlighted the growing role and impact of AI agents across industries, raising critical questions about transparency, accountabi...
FBI Issues Warning on Escalating ATM Jackpotting Losses
February 20, 2026
The FBI alerts the public on ATM jackpotting, reporting $20M losses and 1,900 incidents since 2020 in the U.S.
Microsoft Addresses High-Severity Flaw in Windows Admin Center
February 20, 2026
Windows Admin Center's security flaw, CVE-2026-26119, allowed privilege escalation vulnerabilities.
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach