Cyber Security
CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data
GitLost Prompt Injection Leaks Private GitHub Repos via Public Issues
WriteOut Flaw Let Attackers Hijack Any Writer AI Enterprise Account
Japan Arrests Teen Who Used ChatGPT to Cancel 46,812 Bandai Accounts
BeyondTrust CVE-2026-40138 Auth Bypass Left Self-Hosted Users Exposed
CERT/CC Finds Hidden Admin Backdoor CVE-2026-11405 in Tenda Firmware
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Unit 42 Exposes EtherRAT: Teams Calls Deliver Blockchain-Backed RAT
UNK_MassTraction Exploits Roundcube XSS to Hit US Physics Departments
Fake Job Interview Phishing Hits Marketing Pros Across 30 Brand Lures
North Korea PolinRider Poisons 108 Packages via Compromised Accounts
CVE-2026-33697: Attested TLS Relay Flaw Hits WhatsApp, Cocos AI
QuimaRAT MaaS Sells Cross-Platform Java RAT for Windows, Linux, macOS
Opera GX Flaw Let Malicious Sites Silently Install Mods on 25M Users
TrojPix Leaks Data from Air-Gapped PCs via Video Cable Emissions
SkillCloak Lets Malicious AI Agent Skills Evade 90% of Static Scanners
Zscaler: Two Active Campaigns Hijack AI Agents for Crypto Theft
Google and FBI Seize NetNut Proxy Network Used by 316 Threat Actors
PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords
CVE-2026-8451 Exploited Within 24 Hours of Citrix NetScaler Patch
ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently
Apple Hide My Email Still Leaks Real Addresses After Claimed Fix
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Unit 42 Confirms 13,000 Malicious Phantom Squatting Sites
Trump Administration Lifts Claude Fable 5 Access Restrictions
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Chrome's Gemini Live Feature Left Users Exposed to Malicious Extensions
Cybersecurity
Chrome’s Gemini Live Feature Left Users Exposed to Malicious Extensions
A Chrome vulnerability allowed malicious extensions to exploit Gemini Live, potentially hijacking the AI assistant to spy on users and steal their fil...
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Cybersecurity
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Google Chrome rolls out an experimental program to improve HTTPS certificate security against future quantum threats.
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Cybersecurity
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Florida resident sentenced to 22 months in prison for trafficking thousands of stolen Microsoft COA labels over several years.
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
Cybersecurity
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
Understand how deepfake and injection attacks affect identity verification processes and what enterprises can do to defend against them.
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Cybersecurity
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Malicious websites exploited a WebSocket flaw to hijack AI agents via OpenClaw.
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
Cybersecurity
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
Scammers impersonate police in Dubai, exploiting a crisis to access bank accounts.
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
Cybersecurity
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
Russia-linked APT28 may have exploited MSHTML zero-day CVE-2026-21513, a high-severity flaw, before Microsoft issued a fix.
Madison Square Garden Cyber Incident Revealed Months Later
Cybersecurity
Madison Square Garden Cyber Incident Revealed Months Later
Madison Square Garden disclosed a data breach months after being targeted in a hacking campaign.
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Cybersecurity
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Samsung resolves allegations of unauthorized data collection via smart TVs with Texas settlement.
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
Cybersecurity
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
Hackers used Claude Code to infiltrate Mexican government systems, exfiltrating 150GB of sensitive data using AI-assisted exploits and automated theft...
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido's Full Customer Database
Cybersecurity
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido’s Full Customer Database
ShinyHunters group exposes a significant data breach at Odido, shaking the Dutch telecommunications sector.
How Safety Technology Is Transforming Workplace Protection
Blog
How Safety Technology Is Transforming Workplace Protection
Companies are placing a greater emphasis on protecting their workforce. This shift from a reactive safety culture to a proactive ...
'Sandworm_Mode' Supply Chain Attack Hits the NPM Ecosystem
Cybersecurity
‘Sandworm_Mode’ Supply Chain Attack Hits the NPM Ecosystem
Analysis of the Sandworm_Mode supply chain attack impacting NPM.
ICO Fines Reddit £14.47 Million for Failing to Protect Children's Data
Cybersecurity
ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Data
The ICO has fined Reddit for collecting data on children under 13 without adequate safety measures in place.
ShinyHunters Leak Exposes Millions of CarGurus User Records
Cybersecurity
ShinyHunters Leak Exposes Millions of CarGurus User Records
ShinyHunters have exposed over 12 million records reportedly taken from CarGurus, an automotive digital platform.
RoguePilot Vulnerability in GitHub Codespaces Has Been Patched by Microsoft
Cybersecurity
RoguePilot Vulnerability in GitHub Codespaces Has Been Patched by Microsoft
A vulnerability called RoguePilot in GitHub Codespaces risked repository control.
Broadcom Releases Patches for VMware Aria Operations Vulnerabilities
Cybersecurity
Broadcom Releases Patches for VMware Aria Operations Vulnerabilities
Broadcom addresses critical VMware Aria Operations vulnerabilities; users urged to update.
Lazarus Group Expands Its Ransomware Arsenal with Medusa
News
Lazarus Group Expands Its Ransomware Arsenal with Medusa
North Korea's Lazarus Group deploys Medusa ransomware against critical sectors, targeting US healthcare.
Optimizely Suffers a Data Breach Through a Voice Phishing Attack
News
Optimizely Suffers a Data Breach Through a Voice Phishing Attack
Optimizely has reported a data breach caused by a voice phishing attack, compromising customer data.
Cryptojacking Campaign Exploits Pirated Software to Deploy XMRig Miner
Application Security
Cryptojacking Campaign Exploits Pirated Software to Deploy XMRig Miner
New cryptojacking campaign uses pirated software to deliver XMRig miner payloads onto hosts.
CVE Vulnerability Alerts
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Cybersecurity
CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Application Security
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
Understand how deepfake and injection attacks affect identity verification processes and what enterprises can do to defend against them.
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
Russia-linked APT28 may have exploited MSHTML zero-day CVE-2026-21513, a high-severity flaw, before Microsoft issued a fix.
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
Scammers impersonate police in Dubai, exploiting a crisis to access bank accounts.
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Malicious websites exploited a WebSocket flaw to hijack AI agents via OpenClaw.
Madison Square Garden Cyber Incident Revealed Months Later
Madison Square Garden disclosed a data breach months after being targeted in a hacking campaign.
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Samsung resolves allegations of unauthorized data collection via smart TVs with Texas settlement.
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
Hackers used Claude Code to infiltrate Mexican government systems, exfiltrating 150GB of sensitive data using AI-assisted exploits and automated theft...
Netherlands Faces Its Biggest Data Breach as ShinyHunters Leaks Odido’s Full Customer Database
ShinyHunters group exposes a significant data breach at Odido, shaking the Dutch telecommunications sector.
How Safety Technology Is Transforming Workplace Protection
Companies are placing a greater emphasis on protecting their workforce. This shift from a reactive safety culture to a proactive one is creating new demand ...
‘Sandworm_Mode’ Supply Chain Attack Hits the NPM Ecosystem
Analysis of the Sandworm_Mode supply chain attack impacting NPM.
ICO Fines Reddit £14.47 Million for Failing to Protect Children’s Data
The ICO has fined Reddit for collecting data on children under 13 without adequate safety measures in place.
Broadcom Releases Patches for VMware Aria Operations Vulnerabilities
Broadcom addresses critical VMware Aria Operations vulnerabilities; users urged to update.
RoguePilot Vulnerability in GitHub Codespaces Has Been Patched by Microsoft
A vulnerability called RoguePilot in GitHub Codespaces risked repository control.
ShinyHunters Leak Exposes Millions of CarGurus User Records
ShinyHunters have exposed over 12 million records reportedly taken from CarGurus, an automotive digital platform.
Lazarus Group Expands Its Ransomware Arsenal with Medusa
North Korea's Lazarus Group deploys Medusa ransomware against critical sectors, targeting US healthcare.
Optimizely Suffers a Data Breach Through a Voice Phishing Attack
Optimizely has reported a data breach caused by a voice phishing attack, compromising customer data.
Cryptojacking Campaign Exploits Pirated Software to Deploy XMRig Miner
New cryptojacking campaign uses pirated software to deliver XMRig miner payloads onto hosts.
Arkanix Stealer Malware Quickly Vanishes After Its Initial Launch
The newly launched Arkanix Stealer malware vanished shortly after targeting sensitive system and browser data.
Microsoft Investigates Vanishing Mouse Pointer Bug in Classic Outlook
Microsoft investigates an issue causing Outlook's mouse pointer to disappear for some users.
GitHub’s Dependabot is Under Fire for Alert Accuracy Issues
A Go library maintainer questions the effectiveness of GitHub's Dependabot due to alert fatigue from inaccurate dependency-scanning alerts.