Main Menu
Cyber Security
ShinyHunters Breaches Salesforce and 100 Companies Using Mandiant’s Own Tool
Salesforce’s Experience Cloud Platform Faces Vulnerability Challenges
North Korean Group UNC4899 Suspected Behind Cryptocurrency Cloud Heist in 2025
Microsoft Still Working to Fix Bright White Flash Issue in Windows 11 File Explorer
Evasive ClickFix Tactic Leverages Windows Terminal to Avoid Detection
Perplexity’s Comet Browser Had a Flaw That Left Users Vulnerable to Local File Theft
Tier 1 SOC Analysts Are Carrying More Weight Than They Should
Joint Operation Dismantles Criminal Syndicate Exploiting Ukrainian War Refugees
JavaScript Worm Disrupts Wikimedia Platforms Across Multiple Wikis
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
US Government Contractor’s Son Charged with Cryptocurrency Theft from US Marshals Service
Russian Ransomware Operator Admits Guilt in U.S. Court
Meta’s Smart Glasses Face Privacy Investigation in Britain
Iranian MOIS-Linked MuddyWater Cyber Group Deploys New Custom Implant
HungerRush POS Platform Targeted in Data Extortion Scheme
Fake OpenClaw Installers on GitHub Are Stealing User Data
Coruna iOS Exploits Target Apple Devices in Espionage and Financial Attacks
FBI Seizes LeakBase and Disrupts a Major Cybercrime Forum
Zurich Forms Cyber Insurance Powerhouse with $11 Billion Beazley Acquisition
Retaliatory Hacktivism Escalates Amid Epic Fury and Roaring Lion Military Operations
University of Mississippi Medical Center Resumes Operations After Nine-Day Ransomware Attack
LexisNexis Data Breach Claimed by Fulcrumsec Group
Attackers Exploit Command Injection Vulnerability in Sangoma FreePBX
Alabama Man Pleads Guilty to Cyberstalking and Extortion After Hijacking Hundreds of Women’s Accounts
Chrome’s Gemini Live Feature Left Users Exposed to Malicious Extensions
Google Chrome Moves to Strengthen HTTPS Certificates Against Quantum Threats
Florida Woman Gets 22 Months in Prison for Trafficking Stolen Microsoft COA Labels
Deepfake and Injection Attacks Are Targeting Identity Verification Systems
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
Cybersecurity
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
Gabby Lee November 18, 2025
A new wave of attacks is compromising unsecured Ray clusters and turning them into self-replicating botnets. By abusing exposed Ray endpoints, attackers deploy malware that ...
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
Cybersecurity
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
Mitchell Langley November 18, 2025
A malware campaign tied to the EVALUSION threat cluster is abusing fake ClickFix utilities to deploy Amatera Stealer or NetSupport RAT. The attackers use staged ...
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Information Security
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Mitchell Langley November 18, 2025
Government auditors warn that DoD personnel may be unintentionally leaking sensitive details on social media, including deployment data and unit locations. Outdated policies, weak training, ...
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
Data Security
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
Gabby Lee November 18, 2025
Eurofiber France disclosed a breach caused by a vulnerability in its ticketing system, allowing attackers to access historical support records containing contact details and service ...
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
Information Security
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
Andrew Doyle November 17, 2025
A researcher claims Coinbase knew months earlier about a December 2024 breach involving insider social-engineering that exposed data for nearly 70,000 users. Coinbase later confirmed ...
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
Data Security
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
Mitchell Langley November 17, 2025
A cyberattack on Princeton University exposed a database containing personal and institutional information tied to alumni, donors, faculty, staff, and students. Princeton is investigating with ...
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
News
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Mitchell Langley November 17, 2025
Dutch authorities have seized roughly 250 servers tied to a bulletproof hosting service that catered exclusively to cybercriminals, disrupting infrastructure used for malware, phishing, and ...
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
Cybersecurity
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
Gabby Lee November 17, 2025
Seven malicious npm packages used Adspect-based traffic cloaking to avoid detection and selectively deliver staged JavaScript payloads to targeted developers. The packages acted as downloaders ...
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
Application Security
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
Andrew Doyle November 17, 2025
A record-breaking 15.72 Tbps DDoS attack from the Aisuru botnet targeted Microsoft Azure, showcasing rapidly evolving botnet capabilities. Despite the massive, multi-vector assault, Azure’s automated ...
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
Application Security
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
Andrew Doyle November 17, 2025
Researchers uncovered serious flaws in GoSign Desktop, where disabled TLS certificate validation and an unsigned update mechanism expose users to MitM attacks and malicious updates. ...
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
Cybersecurity
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
Mitchell Langley November 17, 2025
Researchers have uncovered cybercriminals abusing the long-abandoned UNIX “finger” protocol to stealthily fetch and execute commands on Windows systems. By using this legacy tool for ...
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
Cybersecurity
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
Andrew Doyle November 17, 2025
Jaguar Land Rover revealed that a major cyberattack caused £196 million in losses this quarter, significantly impacting operations despite otherwise strong performance. The incident, linked ...
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Application Security
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Gabby Lee November 17, 2025
Microsoft is investigating installation failures affecting the Windows 10 KB5068781 ESU update, with error 0x800f0922 impacting volume-licensed enterprise systems. The issue leaves legacy environments temporarily ...
CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited
CVE Vulnerability Alerts
CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited
Mitchell Langley November 17, 2025
CISA has confirmed active exploitation of CVE-2024-40446, a critical path traversal flaw in Fortinet FortiWeb 8.0.0 that allows unauthenticated attackers to read arbitrary system files. ...
RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki
Application Security
RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki
Gabby Lee November 17, 2025
RondoDox botnet operators are exploiting CVE-2025-24893, a critical 9.8-rated eval injection flaw in XWiki that enables unauthenticated remote code execution. Attackers are hijacking unpatched XWiki ...
Critical Remote Code Execution Flaws Found in AI Inference Engines Due to Unsafe Deserialization
Application Security
Critical Remote Code Execution Flaws Found in AI Inference Engines Due to Unsafe Deserialization
Andrew Doyle November 17, 2025
New research reveals that popular AI inference engines—including Meta’s TorchServe, Nvidia’s Triton, vLLM, and Microsoft’s ONNX Runtime—contain critical ZeroMQ and Python pickle flaws that enable ...
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
News
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Mitchell Langley November 17, 2025
A new phishing campaign is targeting Chinese-speaking individuals in the U.S., with scammers posing as health insurers and Chinese authorities to coerce victims into revealing ...
Fortinet Quietly Patches FortiWeb Zero-Day Vulnerability Exploited in Active Attacks
Application Security
Fortinet Quietly Patches FortiWeb Zero-Day Vulnerability Exploited in Active Attacks
Gabby Lee November 17, 2025
Researchers say Fortinet quietly patched a FortiWeb zero-day that was already being exploited, offering little transparency or guidance. The silent fix left many organizations unaware ...
Threat Group ShinyHunters Hacks Checkout.com, Demands Ransom Over Legacy Cloud Breach
Cybersecurity
Threat Group ShinyHunters Hacks Checkout.com, Demands Ransom Over Legacy Cloud Breach
Andrew Doyle November 17, 2025
A cyberattack on Checkout.com by ShinyHunters exposed sensitive data stored in an overlooked legacy cloud system, highlighting the risks of outdated infrastructure. The attackers are ...
Australia Warns of Chinese Cyber Probing Into Critical Infrastructure
Cybersecurity
Australia Warns of Chinese Cyber Probing Into Critical Infrastructure
Mitchell Langley November 17, 2025
Australian intelligence warns that Chinese state-sponsored hackers have gained unauthorized access to critical infrastructure, shifting from espionage to potential sabotage. Officials say APT groups are ...
ELECQ Data Breach May Have Exposed EV Charger Users' Private Information
Cybersecurity
ELECQ Data Breach May Have Exposed EV Charger Users’ Private Information
Mitchell Langley March 11, 2026
Meta's Smart Glasses Face Privacy Investigation in Britain
Cybersecurity
Meta’s Smart Glasses Face Privacy Investigation in Britain
Gabby Lee March 6, 2026
Lazarus Group Expands Its Ransomware Arsenal with Medusa
News
Lazarus Group Expands Its Ransomware Arsenal with Medusa
Andrew Doyle February 25, 2026
Polish Authorities Detain Suspected Phobos Ransomware Operative
News
Polish Authorities Detain Suspected Phobos Ransomware Operative
Andrew Doyle February 18, 2026

TOP CYBERSECURITY HEADLINES

ShinyHunters Breaches Salesforce and 100 Companies Using Mandiant's Own Tool
Application Security
ShinyHunters Breaches Salesforce and 100 Companies Using Mandiant’s Own Tool
Salesforce's Experience Cloud Platform Faces Vulnerability Challenges
Application Security
Salesforce’s Experience Cloud Platform Faces Vulnerability Challenges
Russian Threat Actors Targeting Signal and WhatsApp Accounts of Officials
News
Russian Threat Actors Targeting Signal and WhatsApp Accounts of Officials
North Korean Group UNC4899 Suspected Behind Cryptocurrency Cloud Heist in 2025
Cybersecurity
North Korean Group UNC4899 Suspected Behind Cryptocurrency Cloud Heist in 2025

This Week’s Security Spotlight

OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Cybersecurity
OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Andrew Doyle February 19, 2026
CISA Faces Challenges With Limited Resources Amid DHS Shutdown
Cybersecurity
CISA Faces Challenges With Limited Resources Amid DHS Shutdown
Andrew Doyle February 17, 2026
Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
More In News
Trending
Law Enforcement Dismantles Tycoon2FA Phishing-as-a-Service Platform
Phishing Attack Masquerades as Google Security Page to Steal Sensitive Information
Optimizely Suffers a Data Breach Through a Voice Phishing Attack
Cybercriminals Exploit OAuth 2.0 Device Authorization Flow in Vishing Campaigns

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Data I/O Ransomware Attack: Supply Chain Cybersecurity in Crisis
August 26, 2025
Podcasts
BianLian Ransomware Strikes Aspire Rural Health: 138,000 Patients Exposed
August 26, 2025
Podcasts
OneFlip: How a Single Bit-Flip Can Hack AI Models
August 26, 2025

Cyber Security News

Cybercriminals Exploit Microsoft SharePoint to Target Energy Sector
Application Security
Cybercriminals Exploit Microsoft SharePoint to Target Energy Sector
January 28, 2026
Microsoft Enhances Teams With Fraud Protection Calling Safeguards in Focus
Application Security
Microsoft Enhances Teams With Fraud Protection: Calling Safeguards in Focus
January 28, 2026
New Advances in Page Cache Exploitation by Austrian Researchers
Cybersecurity
New Advances in Page Cache Exploitation by Austrian Researchers
January 28, 2026
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Cybersecurity
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
January 22, 2026
aiFWall Launches to Elevate AI Protection in Cyber Security
Application Security
aiFWall Launches to Elevate AI Protection in Cyber Security
January 22, 2026
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Application Security
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
January 22, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
November 18, 2025
Government auditors warn that DoD personnel may be unintentionally leaking sensitive details on social media, including deployment data and unit locations. Outdated policies, weak training, ...
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
November 18, 2025
Eurofiber France disclosed a breach caused by a vulnerability in its ticketing system, allowing attackers to access historical support records containing contact details and service ...
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
November 17, 2025
A researcher claims Coinbase knew months earlier about a December 2024 breach involving insider social-engineering that exposed data for nearly 70,000 users. Coinbase later confirmed ...
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
November 17, 2025
A cyberattack on Princeton University exposed a database containing personal and institutional information tied to alumni, donors, faculty, staff, and students. Princeton is investigating with ...
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
November 17, 2025
Dutch authorities have seized roughly 250 servers tied to a bulletproof hosting service that catered exclusively to cybercriminals, disrupting infrastructure used for malware, phishing, and ...
Malicious NPM Packages Use Adspect Cloaking to Evade Researchers and Target Victims
November 17, 2025
Seven malicious npm packages used Adspect-based traffic cloaking to avoid detection and selectively deliver staged JavaScript payloads to targeted developers. The packages acted as downloaders ...
Azure Faces Record-Breaking 15.72 Tbps DDoS Attack by Aisuru Botnet
November 17, 2025
A record-breaking 15.72 Tbps DDoS attack from the Aisuru botnet targeted Microsoft Azure, showcasing rapidly evolving botnet capabilities. Despite the massive, multi-vector assault, Azure’s automated ...
GoSign Desktop Vulnerability Exposes Users to Man-in-the-Middle and Supply Chain Attacks
November 17, 2025
Researchers uncovered serious flaws in GoSign Desktop, where disabled TLS certificate validation and an unsigned update mechanism expose users to MitM attacks and malicious updates. ...
Threat Actors Revive Legacy “Finger” Protocol to Evade Detection and Deliver Payloads
November 17, 2025
Researchers have uncovered cybercriminals abusing the long-abandoned UNIX “finger” protocol to stealthily fetch and execute commands on Windows systems. By using this legacy tool for ...
Jaguar Land Rover Attributes £196 Million Quarterly Loss to Cyberattack Fallout
November 17, 2025
Jaguar Land Rover revealed that a major cyberattack caused £196 million in losses this quarter, significantly impacting operations despite otherwise strong performance. The incident, linked ...
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
November 17, 2025
Microsoft is investigating installation failures affecting the Windows 10 KB5068781 ESU update, with error 0x800f0922 impacting volume-licensed enterprise systems. The issue leaves legacy environments temporarily ...
CISA Flags Critical Fortinet FortiWeb Path Traversal Flaw as Actively Exploited
November 17, 2025
CISA has confirmed active exploitation of CVE-2024-40446, a critical path traversal flaw in Fortinet FortiWeb 8.0.0 that allows unauthenticated attackers to read arbitrary system files. ...
RondoDox Botnet Exploits Critical Eval Injection Flaw in XWiki
November 17, 2025
RondoDox botnet operators are exploiting CVE-2025-24893, a critical 9.8-rated eval injection flaw in XWiki that enables unauthenticated remote code execution. Attackers are hijacking unpatched XWiki ...
Critical Remote Code Execution Flaws Found in AI Inference Engines Due to Unsafe Deserialization
November 17, 2025
New research reveals that popular AI inference engines—including Meta’s TorchServe, Nvidia’s Triton, vLLM, and Microsoft’s ONNX Runtime—contain critical ZeroMQ and Python pickle flaws that enable ...
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
November 17, 2025
A new phishing campaign is targeting Chinese-speaking individuals in the U.S., with scammers posing as health insurers and Chinese authorities to coerce victims into revealing ...
Fortinet Quietly Patches FortiWeb Zero-Day Vulnerability Exploited in Active Attacks
November 17, 2025
Researchers say Fortinet quietly patched a FortiWeb zero-day that was already being exploited, offering little transparency or guidance. The silent fix left many organizations unaware ...
Threat Group ShinyHunters Hacks Checkout.com, Demands Ransom Over Legacy Cloud Breach
November 17, 2025
A cyberattack on Checkout.com by ShinyHunters exposed sensitive data stored in an overlooked legacy cloud system, highlighting the risks of outdated infrastructure. The attackers are ...
Australia Warns of Chinese Cyber Probing Into Critical Infrastructure
November 17, 2025
Australian intelligence warns that Chinese state-sponsored hackers have gained unauthorized access to critical infrastructure, shifting from espionage to potential sabotage. Officials say APT groups are ...
How TTP-Based Defenses Outperform Traditional IoC Hunting
November 17, 2025
Behavior-based detection is replacing traditional IoC-driven security as organizations focus on identifying attacker tactics and behaviors instead of static indicators. By analyzing TTPs like credential ...
Chinese APT Leveraged Claude AI for Automated Espionage Operation
November 17, 2025
Chinese APT group GTG-1002 has been caught abusing Anthropic’s Claude AI to automate phishing, malware development, and reconnaissance tasks. The campaign marks a major shift ...
ShinyHunters Breaches Salesforce and 100 Companies Using Mandiant’s Own Tool
Salesforce’s Experience Cloud Platform Faces Vulnerability Challenges
Russian Threat Actors Targeting Signal and WhatsApp Accounts of Officials
North Korean Group UNC4899 Suspected Behind Cryptocurrency Cloud Heist in 2025
Microsoft Still Working to Fix Bright White Flash Issue in Windows 11 File Explorer
Dutch Police Give Suspected Scammers a Two-Week Deadline to Surrender
Evasive ClickFix Tactic Leverages Windows Terminal to Avoid Detection
Perplexity’s Comet Browser Had a Flaw That Left Users Vulnerable to Local File Theft
Tier 1 SOC Analysts Are Carrying More Weight Than They Should
Joint Operation Dismantles Criminal Syndicate Exploiting Ukrainian War Refugees
JavaScript Worm Disrupts Wikimedia Platforms Across Multiple Wikis
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
US Government Contractor’s Son Charged with Cryptocurrency Theft from US Marshals Service
Cisco Catalyst SD-WAN Manager Faces Active Exploitation of New Vulnerabilities
Russian Campaign Targets Ukraine with BadPaw and MeowMeow Malware
Russian Ransomware Operator Admits Guilt in U.S. Court
Meta’s Smart Glasses Face Privacy Investigation in Britain
Iranian MOIS-Linked MuddyWater Cyber Group Deploys New Custom Implant
Underground Sale of Compromised cPanel Credentials Fuels Phishing Infrastructure
HungerRush POS Platform Targeted in Data Extortion Scheme