Main Menu
Cyber Security
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Application Security
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Gabby Lee January 20, 2026
Cybersecurity experts have identified a flaw in Google Gemini that exploits indirect prompt injection to manipulate Google Calendar for unauthorized data access.
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
Cybersecurity
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
Andrew Doyle January 20, 2026
The defendant in a US court admitted selling unauthorized access to compromised enterprise networks. This operation involved an undercover agent, revealing how access brokers monetize ...
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
News
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
Andrew Doyle January 20, 2026
In a ransomware attack, Ingram Micro revealed a significant data breach impacting approximately 42,000 individuals. Compromised information includes names, birth dates, Social Security Numbers, and ...
U.K. Authorities Alerted to Russian-aligned Hacktivist DDoS Threats
Cybersecurity
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats
Mitchell Langley January 20, 2026
U.K. authorities caution against Russian-aligned hacktivists launching disruptive DDoS attacks. The focus is on critical infrastructure and local government services. This has raised significant cybersecurity ...
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
A critical security flaw in TP-Link’s VIGI cameras has been patched, following discovery by a researcher of over 2,500 vulnerable, internet-exposed devices. The flaw allowed ...
Google Chrome Introduces Option to Delete Local AI Models
Cybersecurity
Google Chrome Introduces Option to Delete Local AI Models
Andrew Doyle January 19, 2026
Google's Chrome browser introduces a new feature enabling users to delete local AI models linked to its Enhanced Protection feature. This change offers users greater ...
Tennessee Hacker Admits Guilt in Supreme Court Filing System Breach
Cybersecurity
Tennessee Hacker Admits Guilt in Supreme Court Filing System Breach
Mitchell Langley January 19, 2026
Nicholas Moore, a Tennessee man, confessed to hacking the U.S. Supreme Court’s filing system. His illegal activities also impacted other federal agencies, including AmeriCorps and ...
Monnai Secures $12 Million to Bolster Identity and Risk Data Services
Identity and Access Management
Monnai Secures $12 Million to Bolster Identity and Risk Data Services
Mitchell Langley January 19, 2026
The recent funding will enable Monnai to enhance its identity verification and risk management services, targeting financial institutions and digital firms.
New Chrome Extensions Disguised as HR Tools Pose Security Threat
Cybersecurity
New Chrome Extensions Disguised as HR Tools Pose Security Threat
Mitchell Langley January 19, 2026
Researchers have identified five Chrome extensions disguising themselves as HR and ERP tools. These malicious extensions aim to steal authentication tokens, obstruct incident response, and ...
GootLoader Employs Malformed ZIP Files to Evade Detection
News
GootLoader Employs Malformed ZIP Files to Evade Detection
Gabby Lee January 19, 2026
Cybersecurity analysts have discovered that GootLoader is using malformed ZIP archives in a bid to circumvent detection. By concatenating 500 to 1,000 archives, it employs ...
Verizon Offers Compensation after Nationwide Wireless Service Outage
Network Security
Verizon Offers Compensation after Nationwide Wireless Service Outage
Andrew Doyle January 19, 2026
Verizon Wireless addresses last week's widespread outage by informing affected customers about a $20 account credit. Customers are receiving text messages with precise steps on ...
Microsoft Patch Tuesday Update Sparks Unrest in PCs
Cybersecurity
Microsoft Patch Tuesday Update Sparks Unrest in PCs
Mitchell Langley January 19, 2026
Microsoft’s recent Patch Tuesday update introduced a peculiar bug affecting some PCs, preventing them from shutting down or entering hibernation. The issue, tied to Secure ...
Law Enforcement Identifies Black Basta Ransomware Leader
News
Law Enforcement Identifies Black Basta Ransomware Leader
Gabby Lee January 19, 2026
Ukraine and Germany confirm the identity of the Black Basta ransomware leader, now on the Europol and Interpol wanted lists. Law enforcement's collaboration highlights global ...
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
Application Security
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
Andrew Doyle January 18, 2026
Over 40,000 cyberattacks in four hours exploited a critical HPE OneView vulnerability. The attacks primarily targeted government agencies, utilizing the RondoDox botnet to execute mass, ...
Project Eleven Secures Significant Funding to Propel Post-Quantum Security
Cybersecurity
Project Eleven Secures $20 Million Funding to Propel Post-Quantum Security
Mitchell Langley January 18, 2026
Project Eleven has successfully raised $20 million in funding to develop infrastructure and tools essential for organizations transitioning to post-quantum computing. With this substantial investment, ...
UAT-8837 Threat Actor Linked to China Targeting North American Infrastructure
News
UAT-8837 Threat Actor Linked to China Targeting North American Infrastructure
Andrew Doyle January 18, 2026
The cyber threat actor UAT-8837, associated with China, targets North American critical infrastructure through the exploitation of known and zero-day vulnerabilities. This sophisticated adversary demonstrates ...
Canada's Investment Watchdog Suffers Massive Data Breach 750,000 Impacted by CIRO Security Incident
Data Security
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
Mitchell Langley January 18, 2026
The Canadian Investment Regulatory Organization (CIRO), responsible for regulating investment dealers, reported a significant data breach. Threat actors stole personal information from 750,000 people, highlighting ...
XSS Vulnerability in StealC Malware's Control Panel Uncovered
Application Security
XSS Vulnerability in StealC Malware’s Control Panel Uncovered
Gabby Lee January 18, 2026
Security researchers exploiting an XSS flaw in StealC malware's control panel gained visibility into attackers' activities and hardware details. This access offers critical insights into ...
Fleeing Ransomware Leader Now Among Germany's Most Wanted
News
Fleeing Ransomware Leader Now Among Germany’s Most Wanted
Andrew Doyle January 18, 2026
Russian national Oleg Evgenievich Nefekov, involved in major ransomware activities, has evaded capture, reportedly returning to his homeland. German authorities have now placed him on ...
Analyzing AI in Security Testing SQL Injection Strong yet Fails in Controls
Cybersecurity
Analyzing AI in Security Testing: SQL Injection Strong yet Fails in Controls
Mitchell Langley January 18, 2026
A recent test assessed AI's ability to tackle SQL injection (SQLi) vulnerabilities and security controls, revealing mixed outcomes. The AI agents adeptly handled SQLi but ...
Cybersecurity
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Gabby Lee May 22, 2026
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Cybersecurity
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Gabby Lee May 22, 2026
Cybersecurity
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Gabby Lee May 22, 2026
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Andrew Doyle May 20, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Cybersecurity
Deleted Google API Keys Stay Active for Up to 23 Minutes
Application Security
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Cybersecurity
Texas AG Sues Meta Over WhatsApp Encryption Claims

This Week’s Security Spotlight

CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Gabby Lee May 21, 2026
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Andrew Doyle May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike
August 28, 2025
Podcasts
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime
August 28, 2025
Podcasts
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
August 28, 2025

Cyber Security News

Stolen Credentials and Zero Trust - Preventing Privilege Escalation in Security Breaches
Cybersecurity
Stolen Credentials and Zero Trust: Preventing Privilege Escalation in Security Breaches
April 15, 2026
Cybersecurity
Cybercriminals Use Ad Fraud With AI and SEO Tactics to Push Scareware
April 15, 2026
JanelaRAT - Continuing Threat to Latin American Financial Institutions
Cybersecurity
JanelaRAT: Continuing Threat to Latin American Financial Institutions
April 14, 2026
Information Theft Revolutionized - No Local Decryption in This Security Threat
Cybersecurity
Information Theft Revolutionized: No Local Decryption in This Security Threat
April 14, 2026
Booking.com Confirms Unauthorized Access Compromising User Data
Application Security
Booking.com Confirms Unauthorized Access Compromising User Data
April 14, 2026
LinkedIn's Browser Extension Draws Corporate Espionage Allegations
Application Security
LinkedIn’s Browser Extension Draws Corporate Espionage Allegations
April 14, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats
January 20, 2026
U.K. authorities caution against Russian-aligned hacktivists launching disruptive DDoS attacks. The focus is on critical infrastructure and local government services. This has raised significant cybersecurity ...
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
January 20, 2026
A critical security flaw in TP-Link’s VIGI cameras has been patched, following discovery by a researcher of over 2,500 vulnerable, internet-exposed devices. The flaw allowed ...
Google Chrome Introduces Option to Delete Local AI Models
January 19, 2026
Google's Chrome browser introduces a new feature enabling users to delete local AI models linked to its Enhanced Protection feature. This change offers users greater ...
Tennessee Hacker Admits Guilt in Supreme Court Filing System Breach
January 19, 2026
Nicholas Moore, a Tennessee man, confessed to hacking the U.S. Supreme Court’s filing system. His illegal activities also impacted other federal agencies, including AmeriCorps and ...
Monnai Secures $12 Million to Bolster Identity and Risk Data Services
January 19, 2026
The recent funding will enable Monnai to enhance its identity verification and risk management services, targeting financial institutions and digital firms.
New Chrome Extensions Disguised as HR Tools Pose Security Threat
January 19, 2026
Researchers have identified five Chrome extensions disguising themselves as HR and ERP tools. These malicious extensions aim to steal authentication tokens, obstruct incident response, and ...
GootLoader Employs Malformed ZIP Files to Evade Detection
January 19, 2026
Cybersecurity analysts have discovered that GootLoader is using malformed ZIP archives in a bid to circumvent detection. By concatenating 500 to 1,000 archives, it employs ...
Verizon Offers Compensation after Nationwide Wireless Service Outage
January 19, 2026
Verizon Wireless addresses last week's widespread outage by informing affected customers about a $20 account credit. Customers are receiving text messages with precise steps on ...
Microsoft Patch Tuesday Update Sparks Unrest in PCs
January 19, 2026
Microsoft’s recent Patch Tuesday update introduced a peculiar bug affecting some PCs, preventing them from shutting down or entering hibernation. The issue, tied to Secure ...
Law Enforcement Identifies Black Basta Ransomware Leader
January 19, 2026
Ukraine and Germany confirm the identity of the Black Basta ransomware leader, now on the Europol and Interpol wanted lists. Law enforcement's collaboration highlights global ...
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
January 18, 2026
Over 40,000 cyberattacks in four hours exploited a critical HPE OneView vulnerability. The attacks primarily targeted government agencies, utilizing the RondoDox botnet to execute mass, ...
Project Eleven Secures $20 Million Funding to Propel Post-Quantum Security
January 18, 2026
Project Eleven has successfully raised $20 million in funding to develop infrastructure and tools essential for organizations transitioning to post-quantum computing. With this substantial investment, ...
UAT-8837 Threat Actor Linked to China Targeting North American Infrastructure
January 18, 2026
The cyber threat actor UAT-8837, associated with China, targets North American critical infrastructure through the exploitation of known and zero-day vulnerabilities. This sophisticated adversary demonstrates ...
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
January 18, 2026
The Canadian Investment Regulatory Organization (CIRO), responsible for regulating investment dealers, reported a significant data breach. Threat actors stole personal information from 750,000 people, highlighting ...
XSS Vulnerability in StealC Malware’s Control Panel Uncovered
January 18, 2026
Security researchers exploiting an XSS flaw in StealC malware's control panel gained visibility into attackers' activities and hardware details. This access offers critical insights into ...
Fleeing Ransomware Leader Now Among Germany’s Most Wanted
January 18, 2026
Russian national Oleg Evgenievich Nefekov, involved in major ransomware activities, has evaded capture, reportedly returning to his homeland. German authorities have now placed him on ...
Analyzing AI in Security Testing: SQL Injection Strong yet Fails in Controls
January 18, 2026
A recent test assessed AI's ability to tackle SQL injection (SQLi) vulnerabilities and security controls, revealing mixed outcomes. The AI agents adeptly handled SQLi but ...
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
January 18, 2026
Google's Fast Pair protocol is facing scrutiny due to a significant vulnerability that permits unauthorized Bluetooth device hijacking, tracking, and eavesdropping.
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
January 18, 2026
Cybersecurity experts have unveiled a novel attack strategy, Reprompt, that facilitates unauthorized data extraction from AI chatbots like Microsoft Copilot. Exploiting this vulnerability involves a ...
Critical Security Vulnerabilities: Redis Found at Risk of Unauthenticated RCE
January 18, 2026
Recent discovery of a security flaw in Redis has left the system vulnerable to unauthenticated remote code execution (RCE). This unsettling development can have dire ...
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints