Main Menu
Cyber Security
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Sensitive Data at OB/GYN Associates Exposed in Data Breach
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Hawaiian Airlines Investigates Cybersecurity Event Amid IT Outage, Ransomware Suspected
News
Hawaiian Airlines Investigates Cybersecurity Event Amid IT Outage, Ransomware Suspected
Mitchell Langley June 27, 2025
Hawaiian Airlines reports a major cybersecurity event affecting its IT systems. Flights remain operational as authorities investigate a possible ransomware attack targeting the aviation sector. ...
Nth Degree Data Breach Exposes Nearly 40,000 Identities, Including Event Staff and Partners
News
Nth Degree Data Breach Exposes Nearly 40,000 Identities, Including Event Staff and Partners
Andrew Doyle June 27, 2025
A data breach at event vendor Nth Degree exposed nearly 40,000 records, including full names and SSNs, raising privacy concerns across high-profile client organizations.
Ahold Delhaize USA Cyberattack Exposes Over 2 Million Individuals in Widespread Data Breach
News
Ahold Delhaize USA Cyberattack Exposes Over 2 Million Individuals in Widespread Data Breach
Mitchell Langley June 27, 2025
Ahold Delhaize USA confirms over 2.2 million individuals impacted in a 2024 cyberattack that exposed personal, financial, and medical data from internal company systems.
Why External Attack Surface Management Belongs at the Core of Your Cybersecurity Strategy
Application Security
Why External Attack Surface Management Belongs at the Core of Your Cybersecurity Strategy
Mitchell Langley June 26, 2025
Discover why External Attack Surface Management (EASM) is vital for modern digital risk protection and how it enhances visibility, threat detection, and cyber resilience strategies. ...
Pro-Russian Hackers Disrupt Dutch Government Websites Amid Heightened NATO Security
News
Pro-Russian Hackers Disrupt Dutch Government Websites Amid Heightened NATO Security
Andrew Doyle June 26, 2025
Pro-Russian hacker group NoName057(16) claims responsibility for a DDoS attack that disrupted Dutch municipal websites during the NATO Summit’s peak security deployment.
OneClik Campaign Exploits Microsoft ClickOnce and AWS to Breach Energy and Industrial Networks
News
OneClik Campaign Exploits Microsoft ClickOnce and AWS to Breach Energy and Industrial Networks
Mitchell Langley June 26, 2025
A stealthy malware campaign abuses Microsoft ClickOnce and AWS services to deploy Golang-based RunnerBeacon backdoors targeting energy and industrial organizations with advanced evasion techniques.
Columbia University Struggles to Restore Services Following Suspected Cyberattack
News
Columbia University Struggles to Restore Services Following Suspected Cyberattack
Mitchell Langley June 26, 2025
Columbia University is working to restore critical systems following a suspected cyberattack that has caused widespread outages, impacting thousands of students and faculty.
CISA Confirms Active Exploitation of Critical AMI MegaRAC BMC Vulnerability Enabling Remote Server Hijack
News
CISA Confirms Active Exploitation of Critical AMI MegaRAC BMC Vulnerability Enabling Remote Server Hijack
Mitchell Langley June 26, 2025
CISA confirms that a critical vulnerability in AMI MegaRAC BMC firmware is being exploited to hijack servers remotely, prompting urgent patching across government and enterprise ...
Hacker 'IntelBroker' Indicted in $25M Global Data Theft Campaign
News
Hacker ‘IntelBroker’ Indicted in $25M Global Data Theft Campaign
Andrew Doyle June 26, 2025
British hacker ‘IntelBroker’ charged by U.S. authorities for stealing and selling sensitive data worldwide, causing $25 million in damage to governments and global enterprises.
French Authorities Arrest BreachForums v2 Operators Behind Global Data Theft Campaigns
News
French Authorities Arrest BreachForums v2 Operators Behind Global Data Theft Campaigns
Andrew Doyle June 26, 2025
French police arrest BreachForums v2 operators, including ShinyHunters and IntelBroker, tied to major global and national data breaches affecting millions of users and enterprises.
Scattered Spider: What You Know About It and What You Don’t
Blog
Scattered Spider: The Threat You Think You Know
Gabby Lee June 25, 2025
Scattered Spider isn’t a single group but a sprawling web of identity-based attackers exploiting help desks, MFA gaps, and cloud admin tools to breach enterprises. ...
New FileFix Attack Exploits Windows File Explorer to Deliver Stealthy Commands
News
New FileFix Attack Exploits Windows File Explorer to Deliver Stealthy Commands
Andrew Doyle June 25, 2025
A researcher has revealed a new FileFix attack that abuses Windows File Explorer’s address bar to stealthily execute commands, expanding on previous ClickFix phishing techniques. ...
Trojanized SonicWall NetExtender Client Targets VPN Credentials via Spoofed Sites
News
Trojanized SonicWall NetExtender Client Targets VPN Credentials via Spoofed Sites
Mitchell Langley June 25, 2025
SonicWall and Microsoft have discovered a trojanized version of the NetExtender VPN client being distributed via spoofed websites, stealing remote access credentials from unsuspecting users. ...
New Spear Phishing Campaign Targets Financial Executives Using Legitimate Remote Access Tools
News
New Spear Phishing Campaign Targets Financial Executives Using Legitimate Remote Access Tools
Mitchell Langley June 25, 2025
A sophisticated spear phishing campaign is targeting CFOs and finance leaders worldwide, using legitimate tools like NetBird and OpenSSH to quietly breach enterprise networks.
Two Healthcare Data Breaches Expose Over 220,000 Records at Mainline Health and Select Medical
News
Two Healthcare Data Breaches Expose Over 220,000 Records at Mainline Health and Select Medical
Mitchell Langley June 25, 2025
Mainline Health and Select Medical Holdings have disclosed separate data breaches impacting more than 220,000 individuals, with ransomware and third-party compromise behind the incidents.
UK Government Warns of £1.6 Million in Ticket Scams Ahead of Glastonbury Festival
News
UK Government Warns of £1.6 Million in Ticket Scams Ahead of Glastonbury Festival
Andrew Doyle June 25, 2025
Concertgoers in the UK have lost over £1.6 million to ticket fraud in 2024, prompting urgent warnings from the government as festival season begins.
170K-Record Database Exposes Unencrypted PII from Real Estate Sector
News
170K-Record Database Exposes Unencrypted PII from Real Estate Sector
Andrew Doyle June 24, 2025
A misconfigured database tied to a U.S. real estate firm exposed 170,000 records of sensitive personal and internal data, including Social Security numbers and employment ...
Anubis Ransomware: A Destructive, Cross-Platform Threat
Resources
Anubis Ransomware: A Destructive, Cross-Platform Threat
Mitchell Langley June 24, 2025
Anubis ransomware combines encryption and file-wiping capabilities, targeting Windows, Linux, and NAS systems with stealthy command-line execution and affiliate-driven campaigns across multiple industries.
Steel Giant Nucor Confirms Data Theft in Recent Cybersecurity Breach
News
Steel Giant Nucor Confirms Data Theft in Recent Cybersecurity Breach
Mitchell Langley June 24, 2025
Nucor, North America’s largest steel producer, has confirmed data theft following a cybersecurity breach that temporarily disrupted operations and forced system shutdowns.
Chinese APT Group ‘Salt Typhoon’ Breaches Canadian Telecom Firm Using Cisco IOS XE Vulnerability
News
Chinese APT Group ‘Salt Typhoon’ Breaches Canadian Telecom Firm Using Cisco IOS XE Vulnerability
Mitchell Langley June 24, 2025
Canada confirms a state-sponsored breach in its telecom sector, where Salt Typhoon exploited an unpatched Cisco vulnerability to compromise devices and reroute sensitive network traffic. ...
CISO Forum 2025 Summit Explores AI, Cloud Risk, and Governance Realities
Cybersecurity
CISO Forum 2025: Summit Explores AI, Cloud Risk, and Governance Realities
Gabby Lee November 13, 2025
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Mitchell Langley November 11, 2025
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
News
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
Gabby Lee November 12, 2025
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Gabby Lee November 9, 2025

TOP CYBERSECURITY HEADLINES

China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
Cybersecurity
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
News
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Application Security
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
CVE Vulnerability Alerts
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day

This Week’s Security Spotlight

Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Endpoint Security
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Mitchell Langley November 12, 2025
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Gabby Lee November 11, 2025
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Gabby Lee November 6, 2025
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
More In News
Trending
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
How Device Code Phishing Abuses OAuth Flows on Google and Azure

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
AI-Powered Polymorphic Phishing: The New Era of Social Engineering
August 28, 2025
Podcasts
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations
August 28, 2025
Podcasts
Silk Typhoon’s Fake Adobe Update: How China-Backed Hackers Target Diplomats
August 27, 2025

Cyber Security News

Red Hat Data Breach Escalates as ShinyHunters Joins Extortion
Cybersecurity
Red Hat Data Breach Escalates as ShinyHunters Joins Extortion
October 7, 2025
RediShell Zero-Day in Redis Permits Remote Code Execution on Exposed Instances
Cybersecurity
RediShell Zero-Day in Redis Permits Remote Code Execution on Exposed Instances
October 7, 2025
Oracle E-Business Suite Zero-Day Exploited, Authorities Urge Immediate Patching
Cybersecurity
Oracle E-Business Suite Zero-Day Exploited, Authorities Urge Immediate Patching
October 7, 2025
NIST Flags DeepSeek Adoption Over Security, Censorship and Cost Concerns
Cybersecurity
NIST Flags DeepSeek Adoption Over Security, Censorship and Cost Concerns
October 7, 2025
Unity Engine Flaw Permits Code Execution on Android and Escalation on Windows
Cybersecurity
Unity Engine Flaw Permits Code Execution on Android and Escalation on Windows
October 7, 2025
Salesforce Faces Extortion Threat After Salesloft OAuth Token Exploits
Cybersecurity
Salesforce Faces Extortion Threat After Salesloft OAuth Token Exploits
October 6, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Cisco Reports Data Breach Following Vishing Attack on Employee
August 7, 2025
Cisco disclosed a data breach impacting Cisco.com user accounts after a vishing attack on an employee, exposing basic user details but no passwords or sensitive ...
Rhysida Ransomware Group Claims Attack on Cookeville Regional Medical Center
August 6, 2025
Rhysida ransomware gang has claimed the attack on Cookeville Regional Medical Center, threatening to leak sensitive patient and financial data unless the hospital pays a ...
Pandora Confirms Data Breach Linked to Salesforce Credential Theft Campaign
August 6, 2025
Pandora confirms a data breach linked to Salesforce credential theft campaigns, exposing customer data while attackers continue to target global enterprises through phishing and OAuth ...
PBS Confirms Data Breach After Employee Information Circulates on Discord
August 6, 2025
PBS confirmed a data breach after corporate contact details for nearly 4,000 employees were leaked and shared on Discord communities, raising concerns over unauthorized exposure ...
New Linux Backdoor “Plague” Evades Detection for Months
August 6, 2025
A stealthy Linux backdoor named Plague has evaded antivirus detection for months, exploiting PAM authentication modules to provide attackers with persistent SSH access and near-total ...
From Google to LVMH: ShinyHunters’ Salesforce Breaches Spark Global Ransom Crisis
August 6, 2025
A new wave of cyber extortion is sweeping across global enterprises, and the battlefield is Salesforce CRM. The notorious **ShinyHunters group—tracked internally by Google as ...
Cisco Hit by Vishing Attack: CRM Breach Exposes Millions of User Profiles
August 6, 2025
Cisco has confirmed a new data breach after a vishing (voice phishing) attack tricked a company representative into exposing access to a third-party CRM system. ...
Ox Security Unveils Agent Ox: AI Tool That Writes Tailored Fixes for Software Vulnerabilities
August 6, 2025
The world of application security is shifting dramatically as AI begins to move from simply flagging vulnerabilities to actively fixing them. Ox Security has launched ...
Meta Deletes 6.8 Million Scam Accounts as AI-Powered Fraud Rings Exploit WhatsApp
August 6, 2025
Meta has removed 6.8 million accounts tied to criminal scam centers in the first half of 2025, marking one of the most aggressive crackdowns on ...
APT28 / Fancy Bear: Russian State Sponsored APT
August 6, 2025
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical infrastructure.
Meta Found Liable: Jury Rules Against Tech Giant in Flo Health Privacy Case
August 5, 2025
In a landmark decision, a California jury has ruled Meta guilty of violating user privacy laws in a class-action lawsuit tied to the popular Flo ...
TSMC Insider Threat: Six Arrested in Taiwan Over 2nm Chip Trade Secrets
August 5, 2025
In a stunning development, Taiwanese authorities have arrested six individuals suspected of stealing trade secrets from Taiwan Semiconductor Manufacturing Co. (TSMC), the world’s most advanced ...
Approov Secures £5M to Fortify Mobile App and API Security Against AI-Driven Threats
August 5, 2025
In a major step for mobile and API cybersecurity, Approov, the Edinburgh-based security firm specializing in real-time mobile attestation and API protection, has raised £5 ...
Pwn2Own Ireland 2025: $1M WhatsApp Exploit Bounty Raises the Stakes
August 5, 2025
This October, Pwn2Own Ireland 2025 will take over Cork with one of the most ambitious cybersecurity competitions yet. Co-sponsored by Meta and organized by Trend ...
FraudOnTok Malware Campaign Targets TikTok Shop Users Through Fake Apps and Phishing Tactics
August 5, 2025
CTM360 exposes the FraudOnTok campaign targeting TikTok Shop users through fake apps and phishing, using SparkKitty spyware to steal crypto wallet data and drain funds. ...
Palo Alto Networks to Acquire CyberArk in $25 Billion Deal to Strengthen Identity Security
August 5, 2025
Palo Alto Networks will acquire CyberArk for $25 billion to combine AI-powered security with identity and privilege controls, targeting evolving enterprise threats.
Chanel Confirms US Customer Data Breach Linked to Salesforce Social Engineering Attacks
August 5, 2025
Chanel confirms a U.S.-based data breach from Salesforce social engineering attacks, exposing contact details amid a broader extortion campaign targeting global enterprise brands.
CurXecute Prompt-Injection Flaw in Cursor IDE Enables Remote Code Execution
August 5, 2025
Cursor IDE’s CurXecute flaw lets malicious prompts escalate to remote code execution; Pi-hole donor emails leaked via GiveWP plugin misconfiguration. Patches released.
Ransomware Gangs Exploit Microsoft SharePoint Flaws in Widespread Attack Campaign
August 5, 2025
Ransomware groups are exploiting Microsoft SharePoint flaws in a global attack campaign, affecting over 148 organizations and linking to Chinese state-backed threat actors.
348,000 Patients Impacted in Mt. Baker Imaging Data Breach
August 5, 2025
A cyberattack on Mt. Baker Imaging exposed sensitive data for 348,000 Washington patients, including medical and financial records, triggering a class action lawsuit.
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign