Main Menu
Cyber Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Sensitive Data at OB/GYN Associates Exposed in Data Breach
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
The New Era of AI in Cybersecurity How AI-Generated Malware is Shaping Threats
Blog
The New Era of AI in Cybersecurity: How AI-Generated Malware is Shaping Threats
Mitchell Langley June 6, 2025
The integration of artificial intelligence (AI) into both cybercrime and cybersecurity has created a pivotal shift. This blog delves into the dangers of AI-generated malware, ...
APT40: Chinese State Sponsored APT
Resources
APT40: Chinese State Sponsored APT
Mitchell Langley June 5, 2025
APT40, also known as ATK29, BRONZE MOHAWK, G0065, GADOLINIUM, Gingham Typhoon, ISLANDDREAMS, ITG09, KRYPTONITE PANDA, Leviathan, MUDCARP, Red Ladon, TA423, TEMP.Jumper, and TEMP.Periscope, is an ...
The North Face Confirms Credential Stuffing Attack, Customer Accounts Exposed
News
The North Face Confirms Credential Stuffing Attack, Customer Accounts Exposed
Mitchell Langley June 5, 2025
The North Face warns customers of a credential stuffing attack in April that compromised account information but left payment card data untouched, thanks to tokenized ...
Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records
News
Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records
Mitchell Langley June 5, 2025
Hackers claim to have breached Cyprus Airways, stealing 41GB of passenger and staff data and maintaining real-time access to flight systems and travel information.
Gunra Ransomware Group Claims Massive Breach at American Hospital Dubai
News
Gunra Ransomware Group Claims Massive Breach at American Hospital Dubai
Andrew Doyle June 5, 2025
Gunra ransomware claims to have stolen 450 million records from American Hospital Dubai, threatening to leak the data if ransom demands are not met by ...
Cartier Cyberattack Exposes Customer Data as Retail Sector Faces Ongoing Threats
News
Cartier Cyberattack Exposes Customer Data as Retail Sector Faces Ongoing Threats
Andrew Doyle June 5, 2025
Cartier confirms a cyberattack exposed customer data as cyber threats rise across the retail sector, affecting brands like Marks & Spencer, Victoria’s Secret, and Harrods. ...
Medical Data Breach Affected Dental Service Infrastructure
News
Medical Data Breach Affected Dental Service Infrastructure
Andrew Doyle June 4, 2025
An exposed MongoDB database revealed 2.7 million patient records and 8.8 million appointments, likely linked to Gargle, a dental marketing provider, prompting HIPAA scrutiny.
GhostSec: From Hacktivist Roots to RaaS Powerhouse
Resources
GhostSec: From Hacktivist Roots to RaaS Powerhouse
Gabby Lee June 4, 2025
GhostSec evolved from anti-ISIS hacktivists into a global ransomware threat, deploying GhostLocker via RaaS and targeting critical infrastructure with sophisticated, multi-stage infiltration tactics.
Malicious RubyGems Impersonate Fastlane Plugins to Steal Telegram Bot Data
News
Malicious RubyGems Impersonate Fastlane Plugins to Steal Telegram Bot Data
Andrew Doyle June 4, 2025
Two malicious RubyGems imitating Fastlane plugins redirect Telegram API calls to attacker-controlled proxies, harvesting bot tokens, chat content, and sensitive developer data.
Victoria’s Secret Postpones Q1 Earnings Amid System Restoration After Security Incident
News
Victoria’s Secret Postpones Q1 Earnings Amid System Restoration After Security Incident
Mitchell Langley June 4, 2025
Victoria’s Secret has postponed its Q1 2025 earnings release due to system restoration efforts following a May 24 cyber incident affecting corporate, retail, and online ...
The Exploding Threat of Cybercrime-as-a-Service (CaaS) How it's Reshaping the Cybercrime Landscape
Blog
The Exploding Threat of Cybercrime-as-a-Service (CaaS): How it’s Reshaping the Cybercrime Landscape
Andrew Doyle June 4, 2025
The rise of Cybercrime-as-a-Service (CaaS) is transforming the threat landscape, democratizing cyberattacks and making them more frequent and diverse. This blog explores the various CaaS ...
Volkswagen Probes Hacker Claims Amid Ongoing Ransomware Threats
News
Volkswagen Probes Hacker Claims Amid Ongoing Ransomware Threats
Mitchell Langley June 4, 2025
Volkswagen is investigating Stormous ransomware group’s breach claims, but internal reviews show no unauthorized access or compromised data within the company’s systems so far.
CISA Issues Alert on Actively Exploited ScreenConnect, ASUS Router, and Craft CMS Vulnerabilities
News
CISA Issues Alert on Actively Exploited ScreenConnect, ASUS Router, and Craft CMS Vulnerabilities
Mitchell Langley June 4, 2025
CISA has warned U.S. agencies of active attacks exploiting a ScreenConnect vulnerability and critical flaws in ASUS routers and Craft CMS. Patches and mitigations are ...
The North Face Discloses April Credential Stuffing Attack Impacting Customer Accounts
News
The North Face Discloses April Credential Stuffing Attack Impacting Customer Accounts
Mitchell Langley June 3, 2025
The North Face has confirmed a credential stuffing attack in April, exposing customer data including names, addresses, and emails. Payment information remains unaffected.
Nokota Packers Targeted in Ransomware Attack by Emerging J Group Gang
News
Nokota Packers Targeted in Ransomware Attack by Emerging J Group Gang
Andrew Doyle June 3, 2025
North Dakota-based Nokota Packers has reportedly suffered a ransomware attack by the J Group gang, with hackers claiming to have stolen 50GB of sensitive data. ...
Stormous Ransomware Gang Claims Volkswagen Hack Without Proof
News
Stormous Ransomware Gang Claims Volkswagen Hack Without Proof
Mitchell Langley June 3, 2025
Stormous ransomware gang claims a breach at Volkswagen, but provides no sample data. Researchers find no evidence yet of compromised systems or stolen information.
Cartier Confirms Customer Data Exposure Following Cybersecurity Breach
News
Cartier Confirms Customer Data Exposure Following Cybersecurity Breach
Andrew Doyle June 3, 2025
Cartier has confirmed a cyberattack that exposed limited customer data, including names and email addresses. Sensitive financial and login information was not compromised.
Russian Market Becomes Leading Hub for Stolen Credentials from Info-Stealer Malware
News
Russian Market Becomes Leading Hub for Stolen Credentials from Info-Stealer Malware
Mitchell Langley June 3, 2025
The Russian Market has surged in popularity as a major cybercrime marketplace, offering stolen credentials harvested by info-stealer malware like Lumma and Acreed.
Cisco IOS XE Wireless LAN Controller Vulnerability Exposes Enterprises to Remote Code Execution Risks
News
Cisco IOS XE Wireless LAN Controller Vulnerability Exposes Enterprises to Remote Code Execution Risks
Andrew Doyle June 1, 2025
Exploit details for a critical Cisco IOS XE Wireless LAN Controller vulnerability (CVE-2025-20188) are now public, raising urgent concerns about remote code execution risks.
Germany Identifies TrickBot and Conti Ransomware Ringleader as Vitaly Kovalev
News
Germany Identifies TrickBot and Conti Ransomware Ringleader as Vitaly Kovalev
Mitchell Langley June 1, 2025
Germany has named Vitaly Kovalev, aka "Stern," as the leader of the Conti ransomware and TrickBot gangs in a major breakthrough tied to Operation Endgame. ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Cybersecurity
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Mitchell Langley November 11, 2025
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Mitchell Langley November 11, 2025
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Gabby Lee November 9, 2025
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Mitchell Langley November 6, 2025

TOP CYBERSECURITY HEADLINES

Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in 'expr-eval' Library Enables Remote Code Execution
Application Security
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
News
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

This Week’s Security Spotlight

Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Gabby Lee November 11, 2025
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Gabby Lee November 6, 2025
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
More In News
Trending
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
How Device Code Phishing Abuses OAuth Flows on Google and Azure
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Data I/O Ransomware Attack: Supply Chain Cybersecurity in Crisis
August 26, 2025
Podcasts
BianLian Ransomware Strikes Aspire Rural Health: 138,000 Patients Exposed
August 26, 2025
Podcasts
OneFlip: How a Single Bit-Flip Can Hack AI Models
August 26, 2025

Cyber Security News

Maryland Department of Transportation Confirms Data Loss in Rhysida Ransomware Attack
Cybersecurity
Maryland Department of Transportation Confirms Data Loss in Rhysida Ransomware Attack
September 30, 2025
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
Cybersecurity
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
September 30, 2025
Texas Compliance Vendor Exposes 40K+ Sensitive DOT Records in S3 Leak
Cybersecurity
Texas Compliance Vendor Exposes 40K+ Sensitive DOT Records in S3 Leak
September 30, 2025
ICO Fines U.K. Energy Firms £550K for Unlawful Robo Marketing Calls
Cybersecurity
ICO Fines U.K. Energy Firms £550K for Unlawful Robo Marketing Calls
September 30, 2025
UK Arrests Suspect in Ransomware Attack That Disrupted European Airports
Cybersecurity
UK Arrests Suspect in Ransomware Attack That Disrupted European Airports
September 30, 2025
Dark Web Monitoring Guide for CISOs Turning Shadows into Signals
Application Security
Dark Web Monitoring Guide for CISOs: Turning Shadows into Signals
September 30, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Massive NPM Breach: Malicious Packages Spread via Compromised Maintainer Accounts
July 24, 2025
In this episode, we expose the alarming supply chain attack that compromised millions of JavaScript projects across the globe. This sophisticated breach targeted the NPM ...
Clorox Sues Cognizant Over $356M Cyberattack: Who’s Really to Blame?
July 24, 2025
In one of the most dramatic cybersecurity legal battles of the past year, Clorox has filed a lawsuit against IT services giant Cognizant, accusing the ...
HeroDevs Secures $125M to Extend Life of Critical Open Source Software
July 24, 2025
In this episode, we dive deep into HeroDevs’ recent $125 million strategic growth investment, a move that signals a major expansion in the fight against ...
UK Moves to Ban Ransomware Payments for Public Sector and Critical Infrastructure
July 23, 2025
In a landmark move to disrupt the financial engine powering ransomware attacks, the United Kingdom is pushing forward with legislation that would ban ransom payments ...
New SysAid Vulnerabilities Added to CISA’s KEV List: XXE Flaws Could Enable RCE
July 23, 2025
Two newly added vulnerabilities in SysAid’s On-Prem IT support software — CVE-2025-2775 and CVE-2025-2776 — have officially joined the Cybersecurity and Infrastructure Security Agency (CISA)’s ...
Chinese Espionage Groups Target SharePoint Servers in Large-Scale Exploitation Campaigns
July 23, 2025
Microsoft links SharePoint attacks to three Chinese espionage groups, urging immediate patching as critical vulnerabilities enable full server compromise without authentication.
Lumma Stealer Returns: Malware-as-a-Service Resurges After Global Takedown
July 23, 2025
In this episode, we unpack the rapid and concerning resurgence of Lumma Stealer, a sophisticated Malware-as-a-Service (MaaS) platform, just months after a major international takedown. ...
Cisco ISE Critical Flaws Now Actively Exploited: No Workarounds, Just Root Access
July 23, 2025
Hackers are actively exploiting a trio of critical zero-day vulnerabilities in Cisco’s Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC), prompting urgent patching directives ...
Interlock Ransomware Escalates Attacks on North America and Europe, Warns CISA
July 23, 2025
CISA and FBI warn that Interlock ransomware is accelerating attacks across North America and Europe, targeting healthcare and critical infrastructure with advanced RATs and extortion ...
AMEOS Healthcare Network Confirms Cyberattack, Patient and Employee Data Potentially Exposed
July 23, 2025
AMEOS Group, a leading healthcare provider in Central Europe, has confirmed a data breach affecting patients, employees, and partners. Investigation and containment measures are ongoing. ...
Scammers Exploit Net Financing and Corporate Identities to Steal High-Value Tech Equipment
July 23, 2025
Scammers posing as real businesses use stolen corporate identities and net financing to order expensive equipment—vanishing with goods before invoices come due.
Naval Group Suffers Cyberattack: Hackers Claim Access to French Warship Combat Systems
July 23, 2025
Naval Group, France’s top warship builder, is allegedly breached by hackers claiming access to combat systems source code, raising serious national security concerns.
ToolShell: SharePoint Zero-Day Chain Gives Hackers Full Remote Access
July 22, 2025
A new wave of zero-day attacks—collectively known as ToolShell—is actively targeting Microsoft SharePoint servers, with two vulnerabilities (CVE-2025-53770 and CVE-2025-53771) allowing unauthenticated remote code execution ...
Ransomware Attack Destroys 158-Year-Old Firm After Weak Password Breach
July 22, 2025
A weak employee password allowed ransomware hackers to cripple 158-year-old logistics firm KNP, causing 700 job losses and highlighting the growing threat of ransomware attacks. ...
Veeam Recovery Orchestrator Locks Out Users After MFA Rollout in Faulty Update
July 22, 2025
Veeam Recovery Orchestrator's latest update causes user lockouts after enabling MFA. A fix is available, but affected users must contact support for remediation.
CVE-2025-54309: CrushFTP Zero-Day Exploited in Global Admin Access Attacks
July 22, 2025
A critical zero-day vulnerability in CrushFTP (CVE-2025-54309) is being actively exploited, giving attackers administrative access to over a thousand unpatched servers globally. This severe security ...
Dell Breach by World Leaks: Extortion Attempt Hits Demo Platform
July 22, 2025
Dell Technologies is the latest target in a growing trend of data extortion attacks as threat actors pivot away from traditional ransomware. The cybercrime group ...
Termite Ransomware: The Silent Invader
July 22, 2025
Termite ransomware, active since at least late 2024, targets high-profile organizations. Recent victims include Blue Yonder and Zschimmer & Schwarz, highlighting its broad reach and ...
Ransomware-as-a-Service (RaaS): The Industrialization of Cybercrime and What Enterprises Must Do
July 22, 2025
Ransomware-as-a-Service (RaaS) enables cybercriminals to launch attacks at scale. Learn how it works, why it’s dangerous, and how enterprises can defend and recover effectively.
Critical VPN Vulnerability: ExpressVPN Exposed IPs via RDP Misrouting
July 22, 2025
A critical vulnerability in ExpressVPN’s Windows client has put a spotlight on the often-overlooked dangers of debug code making its way into production software. This ...
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Route Redirect Automates Large-Scale Microsoft 365 Phishing
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Sensitive Data at OB/GYN Associates Exposed in Data Breach
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach