Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
News
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Gabby Lee November 5, 2025
Rhysida ransomware is spreading malware via malicious Bing ads targeting Microsoft Teams, Zoom, and PuTTY users while abusing code-signing certificates to evade detection and appear ...
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Cybersecurity
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Andrew Doyle November 5, 2025
Russian hackers used Hyper-V to deploy a hidden Linux VM hosting custom malware, bypassing typical endpoint detection and enabling stealthy long-term access in target networks.
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
Application Security
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
Gabby Lee November 5, 2025
A zero-day flaw in the Post SMTP WordPress plugin—installed on over 400,000 sites—is under active exploitation, allowing attackers to hijack admin accounts via a misconfigured ...
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
Zscaler has uncovered a massive Android malware campaign distributing malicious apps through Google Play, amassing over 40 million downloads. The apps, posing as legitimate tools, ...
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Application Security
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Andrew Doyle November 4, 2025
Google’s November 2025 Android security bulletin fixes a critical remote code execution flaw in the Android System component that could allow network-based compromise without user ...
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Data Security
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Mitchell Langley November 4, 2025
Sweden’s privacy watchdog has launched a GDPR investigation into Miljödata after a major breach exposed sensitive health and employment records of 1.5 million people. The ...
Europol Busts €600M Crypto Fraud and Laundering Network
News
Europol Busts €600M Crypto Fraud and Laundering Network
Andrew Doyle November 4, 2025
Europol has arrested nine suspects accused of running a €600 million cryptocurrency fraud and laundering network spanning multiple countries. The operation, coordinated across Spain and ...
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Application Security
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Gabby Lee November 4, 2025
Microsoft will retire Defender Application Guard for Office beginning February 2026, with full end-of-support by December 2027. The move marks a strategic shift toward cloud-based ...
Apache Disputes Akira Ransomware Claims Against OpenOffice Project
News
Apache Disputes Akira Ransomware Claims Against OpenOffice Project
Mitchell Langley November 4, 2025
The Apache Software Foundation has denied claims by the Akira ransomware gang that it breached the Apache OpenOffice project and stole 23GB of data. ASF’s ...
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
Information Security
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
Gabby Lee November 4, 2025
Japanese media giant Nikkei has disclosed a Slack data breach exposing personal information of over 17,000 employees and partners. The incident, discovered in October 2023 ...
Critical React Native NPM Vulnerability Enables Cross-Platform Command Execution
CVE Vulnerability Alerts
Critical React Native NPM Vulnerability Enables Cross-Platform Command Execution
Andrew Doyle November 4, 2025
A critical flaw in a popular React Native NPM package, CVE-2025-11953, enables arbitrary code execution on Windows, macOS, and Linux, threatening CI/CD pipelines.
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
Application Security
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
Gabby Lee November 4, 2025
A rushed out-of-band patch for a critical WSUS vulnerability has unintentionally broken hotpatching on Windows Server 2025, disabling one of its key uptime features. Administrators ...
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
News
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
Mitchell Langley November 4, 2025
Cybercriminals are hijacking freight shipments by deploying legitimate Remote Monitoring and Management (RMM) tools through phishing campaigns. Once inside logistics networks, attackers use remote access ...
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
Application Security
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
Gabby Lee November 4, 2025
A new remote access trojan dubbed SleepyDuck is disguising itself as a legitimate Visual Studio Code extension to infect developers’ systems. The malware uniquely uses ...
Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
News
Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
Andrew Doyle November 4, 2025
Three former cybersecurity professionals have been indicted in the U.S. for allegedly aiding BlackCat ransomware attacks using insider expertise from their roles at major incident ...
Former Jabber Zeus Developer Extradited to U.S. to Face Cybercrime Charges
News
Former Jabber Zeus Developer Extradited to U.S. to Face Cybercrime Charges
Mitchell Langley November 3, 2025
Ukrainian national Yuriy “MrICQ” Rybtsov has been extradited to the U.S. for his alleged role in developing the infamous Jabber Zeus banking malware. The decade-old ...
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Identity and Access Management
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Mitchell Langley November 3, 2025
Cybercriminals are increasingly exploiting the OAuth 2.0 device code flow to bypass multi-factor authentication, a tactic known as device code phishing. Researchers warn that while ...
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
Cybersecurity
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
Gabby Lee November 3, 2025
A sophisticated exploit has drained over $128 million from Balancer Protocol’s v2 liquidity pools, marking one of DeFi’s largest breaches this year. Attackers used flash ...
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
Microsoft has uncovered a new backdoor malware strain using OpenAI’s Assistants API as a covert command-and-control channel. The discovery marks one of the first cases ...
Indian Government Issues High-Severity Warning for Google Chrome Users
Application Security
Indian Government Issues High-Severity Warning for Google Chrome Users
Andrew Doyle November 3, 2025
CERT-In warns Chrome users in India to update immediately after multiple high-severity vulnerabilities were discovered that allow remote attackers to hijack systems via malicious webpages.
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
AI-Powered Polymorphic Phishing: The New Era of Social Engineering
August 28, 2025
Podcasts
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations
August 28, 2025
Podcasts
Silk Typhoon’s Fake Adobe Update: How China-Backed Hackers Target Diplomats
August 27, 2025

Cyber Security News

European Space Agency Confirms Breach Impacting Servers with Unclassified Engineering Data
Endpoint Security
European Space Agency Confirms Breach Impacting Servers with Unclassified Engineering Data
December 31, 2025
'Zoom Stealer' Puts Millions at Risk via Web Extensions on Major Browsers
Application Security
‘Zoom Stealer’ Puts Millions at Risk via Web Extensions on Major Browsers
December 31, 2025
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
Application Security
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
December 31, 2025
CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed
Application Security
CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed
December 31, 2025
A Record Year Cybersecurity Acquisitions in 2025 Surpass $84 Billion
Cybersecurity
A Record Year: Cybersecurity Acquisitions in 2025 Surpass $84 Billion
December 31, 2025
How Artificial Intelligence is Being Integrated into Security Operations
Cybersecurity
How Artificial Intelligence is Being Integrated into Security Operations
December 31, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
November 5, 2025
A zero-day flaw in the Post SMTP WordPress plugin—installed on over 400,000 sites—is under active exploitation, allowing attackers to hijack admin accounts via a misconfigured ...
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
November 4, 2025
Zscaler has uncovered a massive Android malware campaign distributing malicious apps through Google Play, amassing over 40 million downloads. The apps, posing as legitimate tools, ...
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
November 4, 2025
Google’s November 2025 Android security bulletin fixes a critical remote code execution flaw in the Android System component that could allow network-based compromise without user ...
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
November 4, 2025
Sweden’s privacy watchdog has launched a GDPR investigation into Miljödata after a major breach exposed sensitive health and employment records of 1.5 million people. The ...
Europol Busts €600M Crypto Fraud and Laundering Network
November 4, 2025
Europol has arrested nine suspects accused of running a €600 million cryptocurrency fraud and laundering network spanning multiple countries. The operation, coordinated across Spain and ...
Microsoft Plans to Retire Defender Application Guard for Office by 2027
November 4, 2025
Microsoft will retire Defender Application Guard for Office beginning February 2026, with full end-of-support by December 2027. The move marks a strategic shift toward cloud-based ...
Apache Disputes Akira Ransomware Claims Against OpenOffice Project
November 4, 2025
The Apache Software Foundation has denied claims by the Akira ransomware gang that it breached the Apache OpenOffice project and stole 23GB of data. ASF’s ...
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
November 4, 2025
Japanese media giant Nikkei has disclosed a Slack data breach exposing personal information of over 17,000 employees and partners. The incident, discovered in October 2023 ...
Critical React Native NPM Vulnerability Enables Cross-Platform Command Execution
November 4, 2025
A critical flaw in a popular React Native NPM package, CVE-2025-11953, enables arbitrary code execution on Windows, macOS, and Linux, threatening CI/CD pipelines.
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
November 4, 2025
A rushed out-of-band patch for a critical WSUS vulnerability has unintentionally broken hotpatching on Windows Server 2025, disabling one of its key uptime features. Administrators ...
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
November 4, 2025
Cybercriminals are hijacking freight shipments by deploying legitimate Remote Monitoring and Management (RMM) tools through phishing campaigns. Once inside logistics networks, attackers use remote access ...
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
November 4, 2025
A new remote access trojan dubbed SleepyDuck is disguising itself as a legitimate Visual Studio Code extension to infect developers’ systems. The malware uniquely uses ...
Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
November 4, 2025
Three former cybersecurity professionals have been indicted in the U.S. for allegedly aiding BlackCat ransomware attacks using insider expertise from their roles at major incident ...
Former Jabber Zeus Developer Extradited to U.S. to Face Cybercrime Charges
November 3, 2025
Ukrainian national Yuriy “MrICQ” Rybtsov has been extradited to the U.S. for his alleged role in developing the infamous Jabber Zeus banking malware. The decade-old ...
How Device Code Phishing Abuses OAuth Flows on Google and Azure
November 3, 2025
Cybercriminals are increasingly exploiting the OAuth 2.0 device code flow to bypass multi-factor authentication, a tactic known as device code phishing. Researchers warn that while ...
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
November 3, 2025
A sophisticated exploit has drained over $128 million from Balancer Protocol’s v2 liquidity pools, marking one of DeFi’s largest breaches this year. Attackers used flash ...
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
November 3, 2025
Microsoft has uncovered a new backdoor malware strain using OpenAI’s Assistants API as a covert command-and-control channel. The discovery marks one of the first cases ...
Indian Government Issues High-Severity Warning for Google Chrome Users
November 3, 2025
CERT-In warns Chrome users in India to update immediately after multiple high-severity vulnerabilities were discovered that allow remote attackers to hijack systems via malicious webpages.
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
November 3, 2025
South Korea’s telecom giants SK Telecom, KT, and LG Uplus are facing severe cyberattacks, financial losses, and leadership shakeups, exposing systemic weaknesses in national telecom ...
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
November 3, 2025
Proton’s Data Breach Observatory uncovered 300 million stolen credentials circulating on the dark web, exposing corporations and individuals worldwide to identity theft and financial fraud ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited