Main Menu
Cyber Security
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
What is Cloud Detection and Response (CDR) and How Does it Work
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
France’s Tchap Messaging App Breached, 643K Messages Exposed
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
CISA Catalog Includes BeyondTrust Flaw Vulnerability
CVE Vulnerability Alerts
CISA Catalog Includes BeyondTrust Flaw Vulnerability
Andrew Doyle February 17, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a vulnerability in BeyondTrust RS and PRA, identified as CVE-2026-1731, to its Known Exploited ...
CANFAIL Malware Unveiled Amidst Russian Cyber Influence Allegations
Cybersecurity
CANFAIL Malware Unveiled Amidst Russian Cyber Influence Allegations
Andrew Doyle February 17, 2026
A previously undocumented threat actor, possibly linked to Russian intelligence services, has been identified targeting Ukrainian defense, government, and energy sectors using CANFAIL malware, raising ...
Social Engineering Attack Compromises Fintech Company Figure's Security
Cybersecurity
Social Engineering Attack Compromises Fintech Company Figure’s Security
Gabby Lee February 17, 2026
Fintech firm Figure confirmed a data breach following a social engineering attack that deceived an employee. The incident enabled hackers to gain access and steal ...
Ivanti Endpoint Manager Mobile Critical Vulnerabilities Exploited by a Single Threat Actor
Application Security
Ivanti Endpoint Manager Mobile Critical Vulnerabilities Exploited by a Single Threat Actor
Andrew Doyle February 17, 2026
Cybersecurity experts have identified a single threat actor responsible for exploiting critical vulnerabilities in Ivanti Endpoint Manager Mobile. These vulnerabilities, CVE-2026-21962 and CVE-2026-24061, are actively ...
UAT-9921 Emerges with VoidLink to Challenge Technology and Financial Entities
News
UAT-9921 Emerges with VoidLink to Challenge Technology and Financial Entities
Mitchell Langley February 17, 2026
The newly identified threat actor UAT-9921 is utilizing VoidLink, a sophisticated modular attack framework, to compromise technology and financial sectors, according to Cisco Talos.
Dangerous Chrome Extensions Leak Personal Data and Track Users
Application Security
Dangerous Chrome Extensions Leak Personal Data and Track Users
Gabby Lee February 16, 2026
A recent investigation revealed that over 300 Chrome extensions, collectively downloaded more than 37 million times, are involved in leaking or stealing user data. These ...
Trezor and Ledger Crypto Wallets Targeted by Mail Scam
Cybersecurity
Trezor and Ledger Crypto Wallets Targeted by Mail Scam
Andrew Doyle February 16, 2026
Threat actors are exploiting trust in security hardware brands by sending fake letters impersonating Trezor and Ledger, targeting cryptocurrency users. This deception aims to collect ...
Google Groups Exploited in Lumma Stealer Malware Campaign
Application Security
Google Groups Exploited in Lumma Stealer Malware Campaign
Mitchell Langley February 16, 2026
Attackers are using Google Groups to distribute Lumma Stealer malware, targeting credentials across Windows and Linux platforms. They exploit Google services, deploying trojanized "Ninja Browser" ...
Malicious JavaScript Targets Cryptocurrency Users Via Pastebin
Cybersecurity
Malicious JavaScript Targets Cryptocurrency Users Via Pastebin
Andrew Doyle February 16, 2026
Cybercriminals employ a new strategy using Pastebin to execute ClickFix-style attacks, targeting cryptocurrency users’ Bitcoin transactions. The attackers use malicious JavaScript to hijack swaps, leading ...
Social Engineering Resurfaces The ClickFix Attack Using DNS Lookups
Cybersecurity
Social Engineering Resurfaces: The ClickFix Attack Using DNS Lookups
Mitchell Langley February 16, 2026
Microsoft's research reveals a new iteration of the ClickFix tactic, exploiting DNS lookups for payload retrieval. This tactic employs the "nslookup" command in Windows to ...
Texas-Based Financial Services Provider Marquis Cites SonicWall Breach for Ransomware Incident
Application Security
Texas-Based Financial Services Provider Marquis Cites SonicWall Breach for Ransomware Incident
Mitchell Langley February 16, 2026
Marquis Software Solutions suffered a ransomware attack in August 2025, impacting multiple banks. Rolling out explanations, the company attributes this compromise to a security flaw ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
Following the identification of a critical vulnerability in SolarWinds Web Help Desk, CISA has instructed federal agencies to patch their systems within three days. This ...
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Iron Mountain, a reputed data storage provider, has confirmed a breach by the Everest extortion group, affecting primarily marketing data. The company reassures clients of ...
RADICL Secures $31 Million to Boost Development of Autonomous vSOC
Cybersecurity
RADICL Secures $31 Million to Boost Development of Autonomous vSOC
Gabby Lee February 4, 2026
RADICL raises $31 million to enhance its virtual security operations center, aiming to revolutionize cybersecurity with autonomous threat detection features.
RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
Andrew Doyle February 4, 2026
RapidFort has successfully raised $42 million in funding to further automate software supply chain security. This financial boost will aid the company in boosting its ...
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
The UK's data protection authority targets X's AI assistant, Grok, in a probe following claims of generating non-consensual sexual images. This investigation highlights data privacy ...
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
Gabby Lee February 4, 2026
Researchers recently identified a critical flaw named DockerDash in Ask Gordon. This AI assistant, integrated into Docker Desktop and CLI, exposed users to risks of ...
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
Gabby Lee February 4, 2026
CISA silently updated 59 vulnerability notices in 2025 to indicate ransomware links. Experts argue transparency in such updates is vital for cybersecurity integrity.
React Native's Metro Server Vulnerability A Growing Cyber Threat
Cybersecurity
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Andrew Doyle February 4, 2026
A critical flaw in React Native's Metro server is being exploited to propagate malware across Windows and Linux systems. The attacks, despite escalating in severity, ...
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
Cybersecurity
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
Mitchell Langley February 4, 2026
A coordinated reconnaissance campaign used thousands of proxies to target Citrix NetScaler, aiming to pinpoint login panels. This marks a substantial cyber concern due to ...
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Gabby Lee June 12, 2026
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
Mitchell Langley June 12, 2026
Blog
Triple Extortion Ransomware: How It Works and How to Stop It
Andrew Doyle June 12, 2026
Cybersecurity
Europol Dismantles AudiA6 Crypto Laundering Service
Gabby Lee June 12, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers

This Week’s Security Spotlight

Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Andrew Doyle June 10, 2026
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Gabby Lee June 10, 2026
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
More In News
Trending
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Auchan Data Breach: Hundreds of Thousands of Loyalty Accounts Compromised
August 27, 2025
Podcasts
Docker Desktop Vulnerability: Why Containers Aren’t as Safe as You Think
August 26, 2025
Podcasts
Arch Linux Website, Forums, and AUR Targeted in Sustained Cyber Assault
August 26, 2025

Cyber Security News

Cybersecurity
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
May 21, 2026
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
May 21, 2026
Cybersecurity
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
May 21, 2026
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
May 21, 2026
Application Security
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
May 21, 2026
Application Security
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
May 21, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Ivanti Endpoint Manager Mobile Critical Vulnerabilities Exploited by a Single Threat Actor
February 17, 2026
Cybersecurity experts have identified a single threat actor responsible for exploiting critical vulnerabilities in Ivanti Endpoint Manager Mobile. These vulnerabilities, CVE-2026-21962 and CVE-2026-24061, are actively ...
UAT-9921 Emerges with VoidLink to Challenge Technology and Financial Entities
February 17, 2026
The newly identified threat actor UAT-9921 is utilizing VoidLink, a sophisticated modular attack framework, to compromise technology and financial sectors, according to Cisco Talos.
Dangerous Chrome Extensions Leak Personal Data and Track Users
February 16, 2026
A recent investigation revealed that over 300 Chrome extensions, collectively downloaded more than 37 million times, are involved in leaking or stealing user data. These ...
Trezor and Ledger Crypto Wallets Targeted by Mail Scam
February 16, 2026
Threat actors are exploiting trust in security hardware brands by sending fake letters impersonating Trezor and Ledger, targeting cryptocurrency users. This deception aims to collect ...
Google Groups Exploited in Lumma Stealer Malware Campaign
February 16, 2026
Attackers are using Google Groups to distribute Lumma Stealer malware, targeting credentials across Windows and Linux platforms. They exploit Google services, deploying trojanized "Ninja Browser" ...
Malicious JavaScript Targets Cryptocurrency Users Via Pastebin
February 16, 2026
Cybercriminals employ a new strategy using Pastebin to execute ClickFix-style attacks, targeting cryptocurrency users’ Bitcoin transactions. The attackers use malicious JavaScript to hijack swaps, leading ...
Social Engineering Resurfaces: The ClickFix Attack Using DNS Lookups
February 16, 2026
Microsoft's research reveals a new iteration of the ClickFix tactic, exploiting DNS lookups for payload retrieval. This tactic employs the "nslookup" command in Windows to ...
Texas-Based Financial Services Provider Marquis Cites SonicWall Breach for Ransomware Incident
February 16, 2026
Marquis Software Solutions suffered a ransomware attack in August 2025, impacting multiple banks. Rolling out explanations, the company attributes this compromise to a security flaw ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
February 4, 2026
Following the identification of a critical vulnerability in SolarWinds Web Help Desk, CISA has instructed federal agencies to patch their systems within three days. This ...
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
February 4, 2026
Iron Mountain, a reputed data storage provider, has confirmed a breach by the Everest extortion group, affecting primarily marketing data. The company reassures clients of ...
RADICL Secures $31 Million to Boost Development of Autonomous vSOC
February 4, 2026
RADICL raises $31 million to enhance its virtual security operations center, aiming to revolutionize cybersecurity with autonomous threat detection features.
RapidFort Secures $42 Million to Enhance Software Security Automation
February 4, 2026
RapidFort has successfully raised $42 million in funding to further automate software supply chain security. This financial boost will aid the company in boosting its ...
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
February 4, 2026
The UK's data protection authority targets X's AI assistant, Grok, in a probe following claims of generating non-consensual sexual images. This investigation highlights data privacy ...
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
February 4, 2026
Researchers recently identified a critical flaw named DockerDash in Ask Gordon. This AI assistant, integrated into Docker Desktop and CLI, exposed users to risks of ...
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
February 4, 2026
CISA silently updated 59 vulnerability notices in 2025 to indicate ransomware links. Experts argue transparency in such updates is vital for cybersecurity integrity.
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
February 4, 2026
A critical flaw in React Native's Metro server is being exploited to propagate malware across Windows and Linux systems. The attacks, despite escalating in severity, ...
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
February 4, 2026
A coordinated reconnaissance campaign used thousands of proxies to target Citrix NetScaler, aiming to pinpoint login panels. This marks a substantial cyber concern due to ...
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
February 4, 2026
Chinese hackers hijacked Notepad++ updates for months, claims the developer. State-sponsored involvement underlines cybersecurity challenges. Key details on tactics and duration shared.
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
February 4, 2026
Over 1,400 MongoDB servers, lacking secure access controls, have been seized by hackers who wiped data and left ransom notes. Cybercriminals demanded $500 in Bitcoin ...
Malicious VS Code Extensions Spread GlassWorm Loader
February 4, 2026
Hackers hijacked an account to publish harmful VS Code extensions, distributing the GlassWorm malware loader. This compromised open-source repositories impacting numerous users by embedding malicious ...
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies