Main Menu
Cyber Security
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
Cybersecurity
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
Gabby Lee January 18, 2026
Google's Fast Pair protocol is facing scrutiny due to a significant vulnerability that permits unauthorized Bluetooth device hijacking, tracking, and eavesdropping.
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
Cybersecurity
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
Andrew Doyle January 18, 2026
Cybersecurity experts have unveiled a novel attack strategy, Reprompt, that facilitates unauthorized data extraction from AI chatbots like Microsoft Copilot. Exploiting this vulnerability involves a ...
Critical Security Vulnerabilities Redis Found at Risk of Unauthenticated RCE
Application Security
Critical Security Vulnerabilities: Redis Found at Risk of Unauthenticated RCE
Mitchell Langley January 18, 2026
Recent discovery of a security flaw in Redis has left the system vulnerable to unauthenticated remote code execution (RCE). This unsettling development can have dire ...
AMD's ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Endpoint Security
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Gabby Lee January 18, 2026
Researchers spotlight the ‘StackWarp’ attack, a novel methodology targeting AMD processors. This vulnerability enables remote code execution in confidential virtual machines (VMs), challenging security paradigms ...
Visual Studio Code's Copilot Studio Extension Now Widely Available
Application Security
Visual Studio Code’s Copilot Studio Extension Now Widely Available
Andrew Doyle January 18, 2026
Microsoft's Copilot Studio extension for Visual Studio Code, designed to bolster application security, is now accessible to all users. This extension aims to enhance development ...
AWS CodeBuild Critical Security Flaw Exposed GitHub Repositories
Application Security
AWS CodeBuild Critical Security Flaw Exposed GitHub Repositories
Mitchell Langley January 18, 2026
A significant flaw in AWS CodeBuild could have exposed the cloud provider's GitHub repositories to unauthorized access, posing risks to multiple AWS environments. Addressed by ...
Critical Vulnerability in Modular DS WordPress Plugin Exploited
Application Security
Critical Vulnerability in Modular DS WordPress Plugin Exploited
Gabby Lee January 18, 2026
A serious security flaw in the Modular DS WordPress plugin has been identified and exploited, permitting unauthenticated privilege escalation. This vulnerability, CVE-2026-23550, has a maximum ...
OAuth Phishing Technique ConsentFix Poses New Threat to Microsoft Accounts
News
OAuth Phishing Technique ConsentFix Poses New Threat to Microsoft Accounts
Andrew Doyle January 15, 2026
ConsentFix exploits browser-based OAuth flows to hijack Microsoft accounts. Understanding its mechanisms can help protect against this evolving phishing threat.
Microsoft and Law Enforcement Collaborate to Dismantle RedVDS
Cybersecurity
Microsoft and Law Enforcement Collaborate to Dismantle RedVDS
Mitchell Langley January 15, 2026
Microsoft and law enforcement have disrupted the RedVDS cybercrime operation, which facilitated phishing and other malicious activities. This operation involves seizing digital infrastructure and pursuing ...
Critical Remote Code Execution Threat in Fortinet's SIEM Solution Exposed
Cybersecurity
Critical Remote Code Execution Threat in Fortinet’s SIEM Solution Exposed
Andrew Doyle January 15, 2026
A significant vulnerability has been identified in Fortinet's Security Information and Event Management (SIEM) product. This flaw could let a remote attacker execute commands or ...
New Linux Malware, VoidLink, Exploits Cloud Infrastructures with Over 30 Plugins
Cybersecurity
New Linux Malware, VoidLink, Exploits Cloud Infrastructures with Over 30 Plugins
Mitchell Langley January 15, 2026
VoidLink, a sophisticated Linux malware, exploits cloud environments with 37 plugins enabling activities from reconnaissance to lateral movement, posing serious risks.
Malware Campaign Exploits DLL Side-Loading in c-ares Library
Application Security
Malware Campaign Exploits DLL Side-Loading in c-ares Library
Andrew Doyle January 15, 2026
Security experts uncovered a malware scheme bypassing security via DLL side-loading in c-ares library. Attackers leverage a malicious libcares-2.dll to deploy trojans.
Fortinet's Latest Patches Target Critical Vulnerabilities in FortiFone and FortiSIEM
Application Security
Fortinet’s Latest Patches Target Critical Vulnerabilities in FortiFone and FortiSIEM
Mitchell Langley January 15, 2026
Fortinet's recent patch release addresses six security vulnerabilities, with two significant vulnerabilities found in FortiFone and FortiSIEM. These critical issues could be exploited without authentication, ...
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Cybersecurity
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Mitchell Langley January 15, 2026
A judicial decision marked a win for CrowdStrike as an investor lawsuit was dismissed due to inadequate evidence of intent to defraud investors following a ...
Lumen Technologies Disrupts AISURU and Kimwolf Botnet Networks
Cybersecurity
Lumen Technologies Disrupts AISURU and Kimwolf Botnet Networks
Gabby Lee January 15, 2026
Lumen Technologies’ Black Lotus Labs null-routed traffic to more than 550 command-and-control nodes since October 2025, targeting AISURU and Kimwolf botnets. These networks exploit devices ...
Telecom Giants Face Significant GDPR Fines Due to Data Breaches
Data Security
Telecom Giants Face Significant GDPR Fines Due to Data Breaches
Andrew Doyle January 15, 2026
Two French telecom companies were fined €42 million by CNIL for GDPR violations. The breaches revealed significant lapses in security protocols.
Aikido Security Secures $60 Million Investment at $1 Billion Valuation
Cybersecurity
Aikido Security Secures $60 Million Investment at $1 Billion Valuation
Andrew Doyle January 15, 2026
Aikido Security, a firm dedicated to developer security, recently raised $60 million, elevating its valuation to $1 billion. This milestone is part of their broader ...
PLUGGYAPE Malware Targets Ukraine's Defense Amid Rising Cyber Threats
Cybersecurity
PLUGGYAPE Malware Targets Ukraine’s Defense Amid Rising Cyber Threats
Mitchell Langley January 15, 2026
CERT-UA reported recent cyberattacks targeting Ukraine's defense using PLUGGYAPE malware. Security experts associate these assaults with medium confidence to the Russian-affiliated Void Blizzard group.
Verizon Wireless Faces Widespread U.S. Outage and Service Issues
Cybersecurity
Verizon Wireless Faces Widespread U.S. Outage and Service Issues
Gabby Lee January 15, 2026
Verizon Wireless faces sweeping outages in the United States, leaving customers unable to access cellular services. Many report phones stuck in SOS mode, impacting communication ...
GoBruteforcer Botnet Exploits Weak Server Credentials to Target Crypto Ventures
Cybersecurity
GoBruteforcer Botnet Exploits Weak Server Credentials to Target Crypto Ventures
Mitchell Langley January 15, 2026
The GoBruteforcer botnet uses AI-driven server deployments with weak credentials to target crypto and blockchain projects. The botnet, by exploiting legacy web technologies, enhances its ...
Cybersecurity
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Gabby Lee May 22, 2026
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Cybersecurity
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Gabby Lee May 22, 2026
Cybersecurity
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Gabby Lee May 22, 2026
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Andrew Doyle May 20, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Cybersecurity
Deleted Google API Keys Stay Active for Up to 23 Minutes
Application Security
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Cybersecurity
Texas AG Sues Meta Over WhatsApp Encryption Claims

This Week’s Security Spotlight

CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Gabby Lee May 21, 2026
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Andrew Doyle May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
AI-Powered Polymorphic Phishing: The New Era of Social Engineering
August 28, 2025
Podcasts
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations
August 28, 2025
Podcasts
Silk Typhoon’s Fake Adobe Update: How China-Backed Hackers Target Diplomats
August 27, 2025

Cyber Security News

OpenAI Responds to Supply Chain Attack Affecting macOS Security
Application Security
OpenAI Responds to Supply Chain Attack Affecting macOS Security
April 14, 2026
Juniper Networks Addresses Critical Junos OS Vulnerabilities
Cybersecurity
Juniper Networks Addresses Critical Junos OS Vulnerabilities
April 13, 2026
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
Application Security
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
April 13, 2026
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
Cybersecurity
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
April 13, 2026
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
Cybersecurity
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
April 13, 2026
AI Browser Extensions Pose a Hidden Risk to Network Security
Application Security
AI Browser Extensions Pose a Hidden Risk to Network Security
April 13, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
January 18, 2026
Researchers spotlight the ‘StackWarp’ attack, a novel methodology targeting AMD processors. This vulnerability enables remote code execution in confidential virtual machines (VMs), challenging security paradigms ...
Visual Studio Code’s Copilot Studio Extension Now Widely Available
January 18, 2026
Microsoft's Copilot Studio extension for Visual Studio Code, designed to bolster application security, is now accessible to all users. This extension aims to enhance development ...
AWS CodeBuild Critical Security Flaw Exposed GitHub Repositories
January 18, 2026
A significant flaw in AWS CodeBuild could have exposed the cloud provider's GitHub repositories to unauthorized access, posing risks to multiple AWS environments. Addressed by ...
Critical Vulnerability in Modular DS WordPress Plugin Exploited
January 18, 2026
A serious security flaw in the Modular DS WordPress plugin has been identified and exploited, permitting unauthenticated privilege escalation. This vulnerability, CVE-2026-23550, has a maximum ...
OAuth Phishing Technique ConsentFix Poses New Threat to Microsoft Accounts
January 15, 2026
ConsentFix exploits browser-based OAuth flows to hijack Microsoft accounts. Understanding its mechanisms can help protect against this evolving phishing threat.
Microsoft and Law Enforcement Collaborate to Dismantle RedVDS
January 15, 2026
Microsoft and law enforcement have disrupted the RedVDS cybercrime operation, which facilitated phishing and other malicious activities. This operation involves seizing digital infrastructure and pursuing ...
Critical Remote Code Execution Threat in Fortinet’s SIEM Solution Exposed
January 15, 2026
A significant vulnerability has been identified in Fortinet's Security Information and Event Management (SIEM) product. This flaw could let a remote attacker execute commands or ...
New Linux Malware, VoidLink, Exploits Cloud Infrastructures with Over 30 Plugins
January 15, 2026
VoidLink, a sophisticated Linux malware, exploits cloud environments with 37 plugins enabling activities from reconnaissance to lateral movement, posing serious risks.
Malware Campaign Exploits DLL Side-Loading in c-ares Library
January 15, 2026
Security experts uncovered a malware scheme bypassing security via DLL side-loading in c-ares library. Attackers leverage a malicious libcares-2.dll to deploy trojans.
Fortinet’s Latest Patches Target Critical Vulnerabilities in FortiFone and FortiSIEM
January 15, 2026
Fortinet's recent patch release addresses six security vulnerabilities, with two significant vulnerabilities found in FortiFone and FortiSIEM. These critical issues could be exploited without authentication, ...
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
January 15, 2026
A judicial decision marked a win for CrowdStrike as an investor lawsuit was dismissed due to inadequate evidence of intent to defraud investors following a ...
Lumen Technologies Disrupts AISURU and Kimwolf Botnet Networks
January 15, 2026
Lumen Technologies’ Black Lotus Labs null-routed traffic to more than 550 command-and-control nodes since October 2025, targeting AISURU and Kimwolf botnets. These networks exploit devices ...
Telecom Giants Face Significant GDPR Fines Due to Data Breaches
January 15, 2026
Two French telecom companies were fined €42 million by CNIL for GDPR violations. The breaches revealed significant lapses in security protocols.
Aikido Security Secures $60 Million Investment at $1 Billion Valuation
January 15, 2026
Aikido Security, a firm dedicated to developer security, recently raised $60 million, elevating its valuation to $1 billion. This milestone is part of their broader ...
PLUGGYAPE Malware Targets Ukraine’s Defense Amid Rising Cyber Threats
January 15, 2026
CERT-UA reported recent cyberattacks targeting Ukraine's defense using PLUGGYAPE malware. Security experts associate these assaults with medium confidence to the Russian-affiliated Void Blizzard group.
Verizon Wireless Faces Widespread U.S. Outage and Service Issues
January 15, 2026
Verizon Wireless faces sweeping outages in the United States, leaving customers unable to access cellular services. Many report phones stuck in SOS mode, impacting communication ...
GoBruteforcer Botnet Exploits Weak Server Credentials to Target Crypto Ventures
January 15, 2026
The GoBruteforcer botnet uses AI-driven server deployments with weak credentials to target crypto and blockchain projects. The botnet, by exploiting legacy web technologies, enhances its ...
Chrome Extension Impersonates Trading Tool to Steal MEXC API Keys
January 14, 2026
Cybersecurity experts have identified a harmful Google Chrome extension that pretends to be a trading facilitator on the MEXC cryptocurrency exchange. Named MEXC API Automator, ...
Android Users Encounter Issue with Volume Buttons When Accessibility Features are Enabled
January 14, 2026
Users of Android devices face difficulties with the volume buttons not functioning properly due to a software bug affecting those with accessibility features enabled.
Fried Frank Data Breach: Implications for High-Profile Clients
January 14, 2026
The prestigious law firm Fried Frank has recently experienced a data breach, affecting confidential information related to its high-profile clientele. Notable entities such as JPMorgan ...
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints