Main Menu
Cyber Security
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Data Security
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Gabby Lee January 12, 2026
Datamasters faces legal action for selling health and personal data without proper registration. Learn how the agency enforces California's data privacy laws.
Instagram Data Breach Affects 17.5 Million Users Security Implications Explored
Application Security
Instagram Data Breach Affects 17.5 Million Users: Security Implications Explored
Mitchell Langley January 12, 2026
A significant data breach has compromised the personal details of approximately 17.5 million Instagram users. This breach, as reported by Malwarebytes Labs researchers, has exposed ...
U.S. Immigration and Customs Enforcement's Surveillance Tactics Scrutinized
Information Security
U.S. Immigration and Customs Enforcement’s Surveillance Tactics Scrutinized
Gabby Lee January 12, 2026
The U.S. Immigration and Customs Enforcement (ICE) is under scrutiny for its substantial investment in surveillance technology, drawing criticism for privacy implications and its role ...
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Cybersecurity
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Andrew Doyle January 12, 2026
The UK's cybersecurity standards are in question after breaches at the Legal Aid Agency and Foreign Office. Without legal obligations to meet previous EU standards, ...
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
News
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
Andrew Doyle January 12, 2026
Officials in Spain apprehended 34 individuals linked to a sophisticated cyber fraud organization. Suspected of affiliations with the notorious Black Axe group, these arrests are ...
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
Data Security
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
Andrew Doyle January 12, 2026
Ireland's Foreign Affairs Department has recalled 13,000 passports after a software update led to a printing issue, rendering them non-compliant with international standards and potentially ...
BreachForums Re-emerges Only to Fall Victim to Data Breach
Application Security
BreachForums Re-emerges Only to Fall Victim to Data Breach
Mitchell Langley January 12, 2026
The latest iteration of BreachForums, a well-known hacking community, has suffered a data breach with its user database leaked online. The breach occurred despite recent ...
Anthropic Responds to Viral Allegations of Account Bans
Cybersecurity
Anthropic Responds to Viral Allegations of Account Bans
Gabby Lee January 12, 2026
Anthropic, the company behind Claude AI, addresses allegations of unauthorized account bans. The viral post on X stirred significant discussion among users.
Iranian APT Group MuddyWater Launches Sophisticated Spear-Phishing Campaign
News
Iranian APT Group MuddyWater Launches Sophisticated Spear-Phishing Campaign
Mitchell Langley January 12, 2026
MuddyWater, an Iranian threat actor, is running a spear-phishing campaign targeting multiple sectors in the Middle East using Rust-based implants. The attack leverages icon spoofing ...
CISA Streamlines Security Measures With Vulnerability Catalog Adoption
Cybersecurity
CISA Streamlines Security Measures With Vulnerability Catalog Adoption
Gabby Lee January 11, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) officially retired 10 emergency directives, transferring security focus toward the Known Exploited Vulnerabilities catalog, which offers a more ...
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Application Security
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Gabby Lee January 11, 2026
Using a compromised SonicWall VPN device, Chinese-speaking hackers allegedly targeted a VMware ESXi system with a potential exploit dating back to February 2024. The cybersecurity ...
Illinois Man Charged for Snapchat Phishing Scheme
News
Illinois Man Charged for Snapchat Phishing Scheme
Andrew Doyle January 11, 2026
An Illinois individual faces charges for a phishing scam that compromised approximately 600 Snapchat accounts. The scheme involved stealing private photos of women.
Email Security's True Challenge Evaluating Post-access Threats
Blog
Email Security’s True Challenge: Evaluating Post-access Threats
Mitchell Langley January 11, 2026
While click rates often dominate phishing discussions, real threats emerge post-compromise. Material Security advocates prioritizing containment strategies and examining post-access activities to enhance email security ...
APT28 Intensifies Credential Harvesting on Nuclear and Energy Sectors
Cybersecurity
APT28 Intensifies Credential Harvesting on Nuclear and Energy Sectors
Gabby Lee January 11, 2026
Russian threat actors APT28 target Turkish energy sectors and European think tanks with credential-stealing attacks, focusing on nuclear research. North Macedonia and Uzbekistan agencies also ...
Diplomatic Exchange Between Nations Highlights Tensions in Cybercrime Prosecutions
News
Diplomatic Exchange Between Nations Highlights Tensions in Cybercrime Prosecutions
Mitchell Langley January 11, 2026
A geopolitical exchange took place involving France, the US, and Russia, resulting in the release of an alleged ransomware figure in return for a Swiss ...
NSA Announces Tim Kosiba as New Deputy Director
Cybersecurity
NSA Announces Tim Kosiba as New Deputy Director
Gabby Lee January 11, 2026
Tim Kosiba, with over three decades in the Intelligence Community, has been appointed as the NSA's Deputy Director. His extensive background in federal service makes ...
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
Endpoint Security
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
Andrew Doyle January 11, 2026
Cybercriminals are exploiting vulnerabilities in proxy servers, seeking unauthorized access to commercial large language models, posing significant cybersecurity concerns.
North Korean Hackers Exploit QR Codes to Breach Enterprise Cloud Security
News
North Korean Hackers Exploit QR Codes to Breach Enterprise Cloud Security
Mitchell Langley January 11, 2026
North Korean state-sponsored cyber actors leverage QR codes to bypass enterprise security systems, gaining unauthorized access to cloud platforms. The FBI highlights these tactics in ...
Illinois Department's Database Error Leads to Massive Data Exposure
Data Security
Illinois Department’s Database Error Leads to Massive Data Exposure
Gabby Lee January 11, 2026
The Illinois Department of Human Services recently disclosed a significant data breach affecting approximately 700,000 residents. A misconfigured privacy setting was identified as the cause, ...
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
Cybersecurity
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
Andrew Doyle January 11, 2026
Security company Trend Micro has resolved three critical vulnerabilities in its Apex Central management console, disclosed by Tenable. These issues, identified as CVE-2025-69258, CVE-2025-69259, and ...
Cybersecurity
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Gabby Lee May 22, 2026
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Cybersecurity
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Gabby Lee May 22, 2026
Cybersecurity
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Gabby Lee May 22, 2026
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Andrew Doyle May 20, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Cybersecurity
Deleted Google API Keys Stay Active for Up to 23 Minutes
Application Security
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Cybersecurity
Texas AG Sues Meta Over WhatsApp Encryption Claims

This Week’s Security Spotlight

CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Gabby Lee May 21, 2026
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Andrew Doyle May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Auchan Data Breach: Hundreds of Thousands of Loyalty Accounts Compromised
August 27, 2025
Podcasts
Docker Desktop Vulnerability: Why Containers Aren’t as Safe as You Think
August 26, 2025
Podcasts
Arch Linux Website, Forums, and AUR Targeted in Sustained Cyber Assault
August 26, 2025

Cyber Security News

Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Cybersecurity
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
April 10, 2026
Chaos Malware Expands Its Reach to Cloud Deployments
Cybersecurity
Chaos Malware Expands Its Reach to Cloud Deployments
April 10, 2026
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
Cybersecurity
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
April 10, 2026
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Application Security
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
April 10, 2026
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
Cybersecurity
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
April 10, 2026
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Cybersecurity
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
April 10, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
January 12, 2026
The UK's cybersecurity standards are in question after breaches at the Legal Aid Agency and Foreign Office. Without legal obligations to meet previous EU standards, ...
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
January 12, 2026
Officials in Spain apprehended 34 individuals linked to a sophisticated cyber fraud organization. Suspected of affiliations with the notorious Black Axe group, these arrests are ...
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
January 12, 2026
Ireland's Foreign Affairs Department has recalled 13,000 passports after a software update led to a printing issue, rendering them non-compliant with international standards and potentially ...
BreachForums Re-emerges Only to Fall Victim to Data Breach
January 12, 2026
The latest iteration of BreachForums, a well-known hacking community, has suffered a data breach with its user database leaked online. The breach occurred despite recent ...
Anthropic Responds to Viral Allegations of Account Bans
January 12, 2026
Anthropic, the company behind Claude AI, addresses allegations of unauthorized account bans. The viral post on X stirred significant discussion among users.
Iranian APT Group MuddyWater Launches Sophisticated Spear-Phishing Campaign
January 12, 2026
MuddyWater, an Iranian threat actor, is running a spear-phishing campaign targeting multiple sectors in the Middle East using Rust-based implants. The attack leverages icon spoofing ...
CISA Streamlines Security Measures With Vulnerability Catalog Adoption
January 11, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) officially retired 10 emergency directives, transferring security focus toward the Known Exploited Vulnerabilities catalog, which offers a more ...
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
January 11, 2026
Using a compromised SonicWall VPN device, Chinese-speaking hackers allegedly targeted a VMware ESXi system with a potential exploit dating back to February 2024. The cybersecurity ...
Illinois Man Charged for Snapchat Phishing Scheme
January 11, 2026
An Illinois individual faces charges for a phishing scam that compromised approximately 600 Snapchat accounts. The scheme involved stealing private photos of women.
Email Security’s True Challenge: Evaluating Post-access Threats
January 11, 2026
While click rates often dominate phishing discussions, real threats emerge post-compromise. Material Security advocates prioritizing containment strategies and examining post-access activities to enhance email security ...
APT28 Intensifies Credential Harvesting on Nuclear and Energy Sectors
January 11, 2026
Russian threat actors APT28 target Turkish energy sectors and European think tanks with credential-stealing attacks, focusing on nuclear research. North Macedonia and Uzbekistan agencies also ...
Diplomatic Exchange Between Nations Highlights Tensions in Cybercrime Prosecutions
January 11, 2026
A geopolitical exchange took place involving France, the US, and Russia, resulting in the release of an alleged ransomware figure in return for a Swiss ...
NSA Announces Tim Kosiba as New Deputy Director
January 11, 2026
Tim Kosiba, with over three decades in the Intelligence Community, has been appointed as the NSA's Deputy Director. His extensive background in federal service makes ...
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
January 11, 2026
Cybercriminals are exploiting vulnerabilities in proxy servers, seeking unauthorized access to commercial large language models, posing significant cybersecurity concerns.
North Korean Hackers Exploit QR Codes to Breach Enterprise Cloud Security
January 11, 2026
North Korean state-sponsored cyber actors leverage QR codes to bypass enterprise security systems, gaining unauthorized access to cloud platforms. The FBI highlights these tactics in ...
Illinois Department’s Database Error Leads to Massive Data Exposure
January 11, 2026
The Illinois Department of Human Services recently disclosed a significant data breach affecting approximately 700,000 residents. A misconfigured privacy setting was identified as the cause, ...
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
January 11, 2026
Security company Trend Micro has resolved three critical vulnerabilities in its Apex Central management console, disclosed by Tenable. These issues, identified as CVE-2025-69258, CVE-2025-69259, and ...
Vulnerability in Totolink Range Extender Firmware Allows Unauthorized Access
January 8, 2026
Totolink range extenders are at risk due to a firmware bug that leads to unauthenticated root-level Telnet service, allowing potential device takeovers. Security researchers encourage ...
Vibe Hacking: How AI is Transforming Cybercrime’s Landscape
January 8, 2026
The evolution of cybercrime from skill-based activities to AI-driven "vibe hacking" is reshaping attack strategies. By utilizing AI tools, cybercriminals gain access to advanced capabilities ...
How Misconfigured Email Routing Opens the Door for Credential Theft
January 8, 2026
Misconfigured email routing creates an opening for attackers using Phishing-as-a-Service platforms like Tycoon2FA to steal credentials. Such tactics enable attackers to replicate legitimate internal emails, ...
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints