Main Menu
Cyber Security
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
Madison Square Garden Cyber Incident Revealed Months Later
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido’s Full Customer Database
‘Sandworm_Mode’ Supply Chain Attack Hits the NPM Ecosystem
ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Data
ShinyHunters Leak Exposes Millions of CarGurus User Records
RoguePilot Vulnerability in GitHub Codespaces Has Been Patched by Microsoft
Broadcom Releases Patches for VMware Aria Operations Vulnerabilities
Cryptojacking Campaign Exploits Pirated Software to Deploy XMRig Miner
Arkanix Stealer Malware Quickly Vanishes After Its Initial Launch
Microsoft Investigates Vanishing Mouse Pointer Bug in Classic Outlook
GitHub’s Dependabot is Under Fire for Alert Accuracy Issues
BeyondTrust RS and PRA Vulnerability Is Being Actively Exploited by Threat Actors
Microsoft Expands Data Loss Prevention Controls for Microsoft 365 Copilot
New Security Concerns Arise with the Proliferation of Internal LLMs
Cybercriminal Group Exploits Hundreds of FortiGate Firewalls Using Off-the-Shelf AI Tools
Ring Bets $10,000 That Nobody Can Hack Its Local Streaming Feature
Romanian Hacker Admits to Selling Oregon State Network Access in Court
Privacy Groups Demand Compliance From Generative AI Image Creators
Spanish Hacker Arrested for Booking Luxury Hotel Rooms for One Cent
Anthropic Introduces Claude Code Security for Vulnerability Detection
PayPal Data Breach Exposed User Data for Six Months Due to Software Bug
Critical Grandstream Phone Vulnerability Allows for Eavesdropping Opportunities
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
Cybersecurity
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
Mitchell Langley November 19, 2025
The U.S. is preparing to expand offensive cyber operations in response to escalating nation-state attacks, according to National Cyber Director Sean Cairncross. While timelines remain ...
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
Application Security
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
Gabby Lee November 19, 2025
Microsoft is introducing two new Windows 11 recovery tools—Point-in-Time Restore and Cloud Rebuild—to help enterprises quickly recover from misconfigurations, faulty updates, or system failures. The ...
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
News
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Gabby Lee November 19, 2025
The Sneaky 2FA phishing platform now incorporates Browser-in-the-Browser deception, enabling attackers to convincingly mimic legitimate login windows and harvest credentials and MFA codes. This upgrade ...
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
Cybersecurity
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
Mitchell Langley November 19, 2025
The FCC is preparing to vote on rolling back cybersecurity rules imposed after the Salt Typhoon espionage campaign, following heavy telecom industry pushback. Carriers argue ...
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Network Security
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Andrew Doyle November 18, 2025
A configuration error at Cloudflare on November 18 caused a major global outage affecting ChatGPT, Shopify, X, and multiple public-sector sites. Though resolved within an ...
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
News
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
Gabby Lee November 18, 2025
MI5 warns that Chinese intelligence operatives are using LinkedIn and fake recruiters to target UK professionals with access to sensitive information. Thousands have reportedly been ...
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Cybersecurity
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Andrew Doyle November 18, 2025
A ransomware attack by the Inc Ransom group has hit the Pennsylvania Office of the Attorney General, with attackers claiming to have stolen over 700GB ...
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
Endpoint Security
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
Mitchell Langley November 18, 2025
ShadowRay 2.0 is exploiting an unauthenticated RCE flaw in older Ray Cluster deployments, infecting more than 5,000 exposed nodes and turning them into a self-spreading ...
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
Cybersecurity
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
Gabby Lee November 18, 2025
A new wave of attacks is compromising unsecured Ray clusters and turning them into self-replicating botnets. By abusing exposed Ray endpoints, attackers deploy malware that ...
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
Cybersecurity
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
Mitchell Langley November 18, 2025
A malware campaign tied to the EVALUSION threat cluster is abusing fake ClickFix utilities to deploy Amatera Stealer or NetSupport RAT. The attackers use staged ...
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Information Security
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Mitchell Langley November 18, 2025
Government auditors warn that DoD personnel may be unintentionally leaking sensitive details on social media, including deployment data and unit locations. Outdated policies, weak training, ...
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
Data Security
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
Gabby Lee November 18, 2025
Eurofiber France disclosed a breach caused by a vulnerability in its ticketing system, allowing attackers to access historical support records containing contact details and service ...
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
Information Security
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
Andrew Doyle November 17, 2025
A researcher claims Coinbase knew months earlier about a December 2024 breach involving insider social-engineering that exposed data for nearly 70,000 users. Coinbase later confirmed ...
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
Data Security
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
Mitchell Langley November 17, 2025
A cyberattack on Princeton University exposed a database containing personal and institutional information tied to alumni, donors, faculty, staff, and students. Princeton is investigating with ...
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
News
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Mitchell Langley November 17, 2025
Dutch authorities have seized roughly 250 servers tied to a bulletproof hosting service that catered exclusively to cybercriminals, disrupting infrastructure used for malware, phishing, and ...
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
Cybersecurity
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
Gabby Lee November 17, 2025
Seven malicious npm packages used Adspect-based traffic cloaking to avoid detection and selectively deliver staged JavaScript payloads to targeted developers. The packages acted as downloaders ...
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
Application Security
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
Andrew Doyle November 17, 2025
A record-breaking 15.72 Tbps DDoS attack from the Aisuru botnet targeted Microsoft Azure, showcasing rapidly evolving botnet capabilities. Despite the massive, multi-vector assault, Azure’s automated ...
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
Application Security
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
Andrew Doyle November 17, 2025
Researchers uncovered serious flaws in GoSign Desktop, where disabled TLS certificate validation and an unsigned update mechanism expose users to MitM attacks and malicious updates. ...
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
Cybersecurity
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
Mitchell Langley November 17, 2025
Researchers have uncovered cybercriminals abusing the long-abandoned UNIX “finger” protocol to stealthily fetch and execute commands on Windows systems. By using this legacy tool for ...
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
Cybersecurity
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
Andrew Doyle November 17, 2025
Jaguar Land Rover revealed that a major cyberattack caused £196 million in losses this quarter, significantly impacting operations despite otherwise strong performance. The incident, linked ...
Attackers Exploit Command Injection Vulnerability in Sangoma FreePBX
Cybersecurity
Attackers Exploit Command Injection Vulnerability in Sangoma FreePBX
Andrew Doyle March 3, 2026
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Cybersecurity
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Andrew Doyle March 2, 2026
Lazarus Group Expands Its Ransomware Arsenal with Medusa
News
Lazarus Group Expands Its Ransomware Arsenal with Medusa
Andrew Doyle February 25, 2026
Polish Authorities Detain Suspected Phobos Ransomware Operative
News
Polish Authorities Detain Suspected Phobos Ransomware Operative
Andrew Doyle February 18, 2026

TOP CYBERSECURITY HEADLINES

Chrome's Gemini Live Feature Left Users Exposed to Malicious Extensions
Cybersecurity
Chrome’s Gemini Live Feature Left Users Exposed to Malicious Extensions
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Cybersecurity
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Cybersecurity
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
Cybersecurity
Deepfake and Injection Attacks Are Targeting Identity Verification Systems

This Week’s Security Spotlight

OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Cybersecurity
OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Andrew Doyle February 19, 2026
CISA Faces Challenges With Limited Resources Amid DHS Shutdown
Cybersecurity
CISA Faces Challenges With Limited Resources Amid DHS Shutdown
Andrew Doyle February 17, 2026
Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
More In News
Trending
Germany Warns of Phishing Threats via Signal Targeting High-Profile Individuals
Dutch Police Arrest Suspect in JokerOTP Phishing Tool Operation
Trezor and Ledger Crypto Wallets Targeted by Mail Scam
Global Cloud Storage Scam Emails Threaten Users With False Data Deletion Alerts

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
FTC Warns Tech Giants: Don’t Weaken Encryption for Foreign Governments
August 27, 2025
Podcasts
Invisible Prompts: How Image Scaling Attacks Break AI Security
August 27, 2025
Podcasts
Healthcare Services Group Breach Exposes 624,000 Individuals’ Sensitive Data
August 27, 2025

Cyber Security News

Google Gemini's Vulnerability to Prompt Injection Accessing Sensitive Calendar Information
Cybersecurity
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
January 22, 2026
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
Cybersecurity
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
January 20, 2026
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Application Security
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
January 20, 2026
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
Cybersecurity
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
January 20, 2026
U.K. Authorities Alerted to Russian-aligned Hacktivist DDoS Threats
Cybersecurity
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats
January 20, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
January 20, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
November 19, 2025
The Sneaky 2FA phishing platform now incorporates Browser-in-the-Browser deception, enabling attackers to convincingly mimic legitimate login windows and harvest credentials and MFA codes. This upgrade ...
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
November 19, 2025
The FCC is preparing to vote on rolling back cybersecurity rules imposed after the Salt Typhoon espionage campaign, following heavy telecom industry pushback. Carriers argue ...
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
November 18, 2025
A configuration error at Cloudflare on November 18 caused a major global outage affecting ChatGPT, Shopify, X, and multiple public-sector sites. Though resolved within an ...
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
November 18, 2025
MI5 warns that Chinese intelligence operatives are using LinkedIn and fake recruiters to target UK professionals with access to sensitive information. Thousands have reportedly been ...
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
November 18, 2025
A ransomware attack by the Inc Ransom group has hit the Pennsylvania Office of the Attorney General, with attackers claiming to have stolen over 700GB ...
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
November 18, 2025
ShadowRay 2.0 is exploiting an unauthenticated RCE flaw in older Ray Cluster deployments, infecting more than 5,000 exposed nodes and turning them into a self-spreading ...
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
November 18, 2025
A new wave of attacks is compromising unsecured Ray clusters and turning them into self-replicating botnets. By abusing exposed Ray endpoints, attackers deploy malware that ...
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
November 18, 2025
A malware campaign tied to the EVALUSION threat cluster is abusing fake ClickFix utilities to deploy Amatera Stealer or NetSupport RAT. The attackers use staged ...
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
November 18, 2025
Government auditors warn that DoD personnel may be unintentionally leaking sensitive details on social media, including deployment data and unit locations. Outdated policies, weak training, ...
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
November 18, 2025
Eurofiber France disclosed a breach caused by a vulnerability in its ticketing system, allowing attackers to access historical support records containing contact details and service ...
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
November 17, 2025
A researcher claims Coinbase knew months earlier about a December 2024 breach involving insider social-engineering that exposed data for nearly 70,000 users. Coinbase later confirmed ...
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
November 17, 2025
A cyberattack on Princeton University exposed a database containing personal and institutional information tied to alumni, donors, faculty, staff, and students. Princeton is investigating with ...
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
November 17, 2025
Dutch authorities have seized roughly 250 servers tied to a bulletproof hosting service that catered exclusively to cybercriminals, disrupting infrastructure used for malware, phishing, and ...
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
November 17, 2025
Seven malicious npm packages used Adspect-based traffic cloaking to avoid detection and selectively deliver staged JavaScript payloads to targeted developers. The packages acted as downloaders ...
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
November 17, 2025
A record-breaking 15.72 Tbps DDoS attack from the Aisuru botnet targeted Microsoft Azure, showcasing rapidly evolving botnet capabilities. Despite the massive, multi-vector assault, Azure’s automated ...
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
November 17, 2025
Researchers uncovered serious flaws in GoSign Desktop, where disabled TLS certificate validation and an unsigned update mechanism expose users to MitM attacks and malicious updates. ...
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
November 17, 2025
Researchers have uncovered cybercriminals abusing the long-abandoned UNIX “finger” protocol to stealthily fetch and execute commands on Windows systems. By using this legacy tool for ...
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
November 17, 2025
Jaguar Land Rover revealed that a major cyberattack caused £196 million in losses this quarter, significantly impacting operations despite otherwise strong performance. The incident, linked ...
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
November 17, 2025
Microsoft is investigating installation failures affecting the Windows 10 KB5068781 ESU update, with error 0x800f0922 impacting volume-licensed enterprise systems. The issue leaves legacy environments temporarily ...
CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited
November 17, 2025
CISA has confirmed active exploitation of CVE-2024-40446, a critical path traversal flaw in Fortinet FortiWeb 8.0.0 that allows unauthenticated attackers to read arbitrary system files. ...
Chrome’s Gemini Live Feature Left Users Exposed to Malicious Extensions
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Madison Square Garden Cyber Incident Revealed Months Later
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido’s Full Customer Database
How Safety Technology Is Transforming Workplace Protection
‘Sandworm_Mode’ Supply Chain Attack Hits the NPM Ecosystem
ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Data
Broadcom Releases Patches for VMware Aria Operations Vulnerabilities
RoguePilot Vulnerability in GitHub Codespaces Has Been Patched by Microsoft
ShinyHunters Leak Exposes Millions of CarGurus User Records
Lazarus Group Expands Its Ransomware Arsenal with Medusa
Optimizely Suffers a Data Breach Through a Voice Phishing Attack
Cryptojacking Campaign Exploits Pirated Software to Deploy XMRig Miner