Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
Maryland Paratransit Ransomware Disrupts Mobility New Ride Requests Halted
News
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
Andrew Doyle October 27, 2025
A ransomware attack on Maryland’s Transit Administration crippled paratransit scheduling, disrupting transportation for disabled riders. The Rhysida group claimed responsibility, demanding ransom after locking key ...
LG Uplus Confirms Major Server Breach Following Industrywide Cyberattacks
Cybersecurity
LG Uplus Confirms Major Server Breach Following Industrywide Cyberattacks
Mitchell Langley October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Toys “R” Us Canada Data Breach Customer Records Exposed to Cyber Threats
Data Security
Toys “R” Us Canada Data Breach: Customer Records Exposed to Cyber Threats
Gabby Lee October 27, 2025
Toys “R” Us Canada confirmed a cyber incident exposing customer names, addresses, emails, and phone numbers. While no financial data was leaked, experts warn the ...
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
Cybersecurity
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
Andrew Doyle October 27, 2025
PhantomCaptcha spear-phishing campaign targeted over a dozen Ukraine relief organisations using fake CAPTCHA and WebSocket RAT chains to infiltrate humanitarian networks and steal intelligence.
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
Cybersecurity
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
Mitchell Langley October 27, 2025
Lithuanian police dismantled a massive bot farm in Vilnius, seizing 75,000 SIM cards and hundreds of SIM boxes used for large-scale cyber fraud and fake ...
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
Cybersecurity
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
Gabby Lee October 27, 2025
FinWise’s insider breach exposed nearly 700,000 customer records and revealed weak encryption controls, underscoring that data encryption—and key governance—must stand as the final line of ...
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Cybersecurity
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Andrew Doyle October 22, 2025
Hackers exposed data of nearly 1,000 DHS, DOJ, and FBI staff, escalating threats against federal officers amid politically charged cyberattacks and cartel-linked bounty schemes.
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
Cybersecurity
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
Syed Arslan October 22, 2025
INC Ransom claims to have stolen 47GB of data from Summit Golf Brands, threatening a public leak as part of its escalating multi-extortion ransomware campaign.
Attackers Exploit OAuth Tokens After Password Resets
Cybersecurity
Attackers Exploit OAuth Tokens After Password Resets
Andrew Doyle October 22, 2025
Proofpoint warns hackers are abusing internal OAuth apps to maintain access even after password resets and MFA, enabling persistent control of Microsoft 365 mailboxes and ...
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
Cybersecurity
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
Mitchell Langley October 22, 2025
Attackers are exploiting CVE-2025-33073 in Windows SMB to gain SYSTEM privileges, prompting CISA to mandate urgent patching and SMB signing enforcement before November 10.
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
Resources
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
Gabby Lee October 22, 2025
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact, and practical strategies to prevent ...
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Application Security
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Andrew Doyle October 22, 2025
CISA confirmed active exploitation of Oracle E-Business Suite CVE-2025-61884 SSRF, urging immediate patching and network hardening after leaked exploits enabled data-theft and extortion campaigns.
CISA Updates KEV Catalog 5 Exploited Vulnerabilities Confirmed
CVE Vulnerability Alerts
CISA Updates KEV Catalog: 5 Exploited Vulnerabilities Confirmed
Mitchell Langley October 22, 2025
CISA has added 15 actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog for October 2025, covering flaws in Microsoft, Oracle, Apple, Juniper, and ...
Supply Chain Attack 'GlassWorm' Malware Infects VS Code Extensions
Application Security
Supply Chain Attack: ‘GlassWorm’ Malware Infects VS Code Extensions
Gabby Lee October 22, 2025
A newly discovered malware dubbed GlassWorm has infected over 35,800 Visual Studio Code extensions, marking one of the most advanced supply chain attacks to date. ...
Prosper Data Breach 17.6 Million Accounts Compromised
Data Security
Prosper Data Breach: 17.6 Million Accounts Compromised
Andrew Doyle October 22, 2025
Prosper has confirmed a major data breach affecting 17.6 million individuals after attackers accessed its customer databases. Exposed data includes names, SSNs, and employment details, ...
Myanmar Military Dismantles Cybercrime Hub, Over 2,000 Arrested
Cybersecurity
Myanmar Military Dismantles Cybercrime Hub, Over 2,000 Arrested
Andrew Doyle October 22, 2025
Myanmar’s military has dismantled the notorious KK Park scam compound near the Thai border, detaining over 2,000 people in one of Southeast Asia’s largest cybercrime ...
Odido Fined €1.5 Million for Inadequate Security in Wiretapping System
Cybersecurity
Odido Fined €1.5 Million for Inadequate Security in Wiretapping System
Gabby Lee October 22, 2025
The Dutch RDI fined Odido €1.5 million after finding external suppliers had access to its wiretapping system, risking exposure of state secrets and criminal data.
Verisure Data Breach Compromises 35,000 Swedish Alert Alarm Users
Cybersecurity
Verisure Data Breach Compromises 35,000 Swedish Alert Alarm Users
Mitchell Langley October 22, 2025
A data breach at Verisure’s third-party billing partner exposed personal details of 35,000 Alert Alarm users, prompting forensic analysis but leaving Verisure’s core systems unaffected.
Getir Probes Alleged Data Leak After Hackers Claim Breach of Company Intranet
Cybersecurity
Getir Probes Alleged Data Leak After Hackers Claim Breach of Company Intranet
Andrew Doyle October 22, 2025
Hackers claim to have breached Getir’s intranet, leaking internal metadata. Researchers suggest the data originated from a third-party provider, posing social engineering and system exposure ...
CISA Alert Actively Exploited Adobe AEM Forms Vulnerability
Application Security
CISA Alert: Actively Exploited Adobe AEM Forms Vulnerability
Gabby Lee October 22, 2025
A critical flaw in Adobe Experience Manager Forms (CVE-2025-54253) is being actively exploited, allowing unauthenticated remote code execution via a misconfigured Struts debug mode. CISA ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
PyPI Cracks Down on Domain Expiration Attacks to Protect Python Packages
August 20, 2025
Podcasts
AI Joins the Fight Against Exploits: Google and Mozilla Patch Dangerous Vulnerabilities
August 20, 2025
Podcasts
Britain Backs Down: UK Drops Encryption Backdoor Demand on Apple
August 20, 2025

Cyber Security News

Trust Wallet Urges Users to Update Chrome Extension Due to Security Incident
Application Security
Trust Wallet Urges Users to Update Chrome Extension Due to Security Incident
December 28, 2025
Active Exploitation of FortiOS SSL VPN Vulnerability CVE-2020-12812 Noted
CVE Vulnerability Alerts
Active Exploitation of FortiOS SSL VPN Vulnerability CVE-2020-12812
December 28, 2025
Ripple Effects of the 2022 LastPass Data Breach Cryptocurrency at Stake
Cybersecurity
Ripple Effects of the 2022 LastPass Data Breach: Cryptocurrency at Stake
December 28, 2025
U.S. Government Seizes Web3 Ads Panel Domain Linked To Cybercrime
Cybersecurity
U.S. Government Seizes Web3 Ads Panel Domain Linked to Cybercrime
December 28, 2025
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
Cybersecurity
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
December 28, 2025
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
Application Security
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
December 28, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
October 27, 2025
SessionReaper (CVE-2025-54236) is being actively exploited in Adobe Commerce and Magento stores, enabling account takeover and web-shell deployment as more than 60% of installations remain ...
Blue Cross Blue Shield of Montana Breach Exposes Data of 462,000 Members
October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Post-Patch ‘ToolShell’ Exploit: CVE-2025-53770 Abused in Microsoft SharePoint
October 27, 2025
Chinese state-backed hackers are exploiting a critical Microsoft SharePoint flaw, CVE-2025-53770 “ToolShell,” enabling unauthenticated remote code execution and data theft. Despite emergency patches, exploitation persists, ...
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
October 27, 2025
CISA warns that a critical Lanscope Endpoint Manager flaw (CVE-2025-61932) is being exploited in the wild, prompting urgent patching and endpoint management lockdowns globally.
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
October 27, 2025
Moroccan cybercriminals—tracked as Jingle Thief/Atlas Lion/Storm-0539—use sophisticated phishing and Entra ID abuse to hijack Microsoft 365 workflows and issue fraudulent gift cards at scale. Their ...
Iran-Linked APT Deploys Phoenix Backdoor Against 100+ Government Organisations
October 27, 2025
Iran-linked MuddyWater deployed Phoenix v4 backdoor via spear-phishing to over 100 government organisations, using trusted tools and stealth techniques to enable global espionage operations.
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
October 27, 2025
Researchers warn of rising “AI sidebar spoofing” attacks in browsers like Atlas and Comet, where fake AI panels mimic trusted interfaces to steal credentials, deploy ...
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
October 27, 2025
A ransomware attack on Maryland’s Transit Administration crippled paratransit scheduling, disrupting transportation for disabled riders. The Rhysida group claimed responsibility, demanding ransom after locking key ...
LG Uplus Confirms Major Server Breach Following Industrywide Cyberattacks
October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Toys “R” Us Canada Data Breach: Customer Records Exposed to Cyber Threats
October 27, 2025
Toys “R” Us Canada confirmed a cyber incident exposing customer names, addresses, emails, and phone numbers. While no financial data was leaked, experts warn the ...
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
October 27, 2025
PhantomCaptcha spear-phishing campaign targeted over a dozen Ukraine relief organisations using fake CAPTCHA and WebSocket RAT chains to infiltrate humanitarian networks and steal intelligence.
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
October 27, 2025
Lithuanian police dismantled a massive bot farm in Vilnius, seizing 75,000 SIM cards and hundreds of SIM boxes used for large-scale cyber fraud and fake ...
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
October 27, 2025
FinWise’s insider breach exposed nearly 700,000 customer records and revealed weak encryption controls, underscoring that data encryption—and key governance—must stand as the final line of ...
Perplexity Comet AI Browser Launch Exploited in Coordinated Impersonation Scam
October 27, 2025
The launch of Perplexity’s Comet AI browser — a major step forward in AI-assisted browsing — was almost immediately hijacked by cybercriminals. Within weeks of ...
Lazarus Group Targets European UAV Firms in North Korea’s Drone Espionage Push
October 27, 2025
A new wave of cyber-espionage attacks reveals North Korea’s deepening effort to steal critical defense technologies from Europe. In a sophisticated campaign dubbed Operation Dream ...
Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak
October 24, 2025
Toys “R” Us Canada has confirmed a customer data breach after records from its database appeared on the dark web on July 30, 2025, prompting ...
Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution
October 24, 2025
A dangerous zero-day vulnerability in Kyocera Communications subsidiary Motex’s Lanscope Endpoint Manager has triggered a global cybersecurity alert after being actively exploited in real-world attacks. ...
BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws
October 24, 2025
The Internet Systems Consortium (ISC) has released a series of critical BIND 9 updates to fix multiple high-severity vulnerabilities affecting DNS resolver systems worldwide. The ...
Adobe Confirms Active Exploitation of SessionReaper Vulnerability in Commerce Platforms
October 24, 2025
A critical new vulnerability is wreaking havoc across the global e-commerce ecosystem. Tracked as CVE-2025-54236 and dubbed SessionReaper, this flaw affects Adobe Commerce and Magento ...
AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces
October 24, 2025
Cybersecurity firm SquareX has unveiled a new and alarming threat to users of AI-enabled browsers — a technique called AI Sidebar Spoofing. This sophisticated attack ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited