Main Menu
Cyber Security
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
Russia Seeks Extremist Label for Cyber Partisans and Silent Crow
Play Ransomware Hits Law Firm, Food Tech, Church, and Factory
Akira Threatens to Publish 53 GB from US Parts Maker and Ohio MLS
Qilin Ransomware Hits Avcon Jet, Slovenian Food Group, and Trican
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
WorldLeaks Targets Thai Infrastructure Giant CH Karnchang
Supreme Court Upholds $200M FCC Fines on AT&T and Verizon
FTC Seeks Public Comment on X Corp Bid to Void Twitter Settlement
CISA Orders Patch for Linux Container Escape CVE-2022-0492
NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat
Threat Actors
NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat
Andrew Doyle January 22, 2026
Decentralized pro-Russian hacktivist cells execute targeted DDoS campaigns across Europe, leveraging volunteer botnets and pre-announced attacks to disrupt governments, banks, and public services, aligning with ...
CVE Vulnerability Alert! CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
CVE Vulnerability Alerts
CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
Mitchell Langley January 22, 2026
CVE-2025-64671 enables remote code execution in GitHub Copilot for JetBrains through cross prompt injection, allowing attackers to manipulate AI-generated instructions within developer environments.
VMware Carbon Black Review Advanced Endpoint Detection and Response
Product Reviews
VMware Carbon Black Review: Advanced Endpoint Detection and Response
Gabby Lee January 22, 2026
VMware Carbon Black is an enterprise-class security platform designed to deliver continuous visibility, behavioral analytics, and real-time detection and response ...
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Cybersecurity
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Mitchell Langley January 22, 2026
Misconfigured security training apps are increasingly targeted by threat actors, leading to cloud breaches in major organizations. As training apps are widely used, this new ...
aiFWall Launches to Elevate AI Protection in Cyber Security
Application Security
aiFWall Launches to Elevate AI Protection in Cyber Security
Andrew Doyle January 22, 2026
aiFWall, a company that has recently come out of stealth mode, has introduced a groundbreaking AI-powered firewall technology. Designed specifically to enhance the protection of ...
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Application Security
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Gabby Lee January 22, 2026
After the recent Windows security updates, Outlook users have reported system freezes. Microsoft has now offered a workaround to mitigate this impact, allowing users to ...
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
Cybersecurity
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
Andrew Doyle January 22, 2026
Cloudflare patched a vulnerability in its ACME validation mechanism. The issue involved handling requests to the "/.well-known/acme-challenge/" directory, posing security risks.
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Cybersecurity
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Mitchell Langley January 22, 2026
CyberNut has secured $5 million in growth capital, building upon the initial $800k pre-seed funding. This investment is aimed at advancing its cybersecurity platform's capabilities, ...
Contagious Interview Campaign Targets Multiple Sectors Worldwide
News
Contagious Interview Campaign Targets Multiple Sectors Worldwide
Mitchell Langley January 22, 2026
The Contagious Interview cyber campaign targets multiple sectors worldwide, impacting IP addresses and organizations in AI, finance, and other industries.
Zoom's Critical Security Update Resolves Severe Vulnerability
CVE Vulnerability Alerts
Zoom’s Critical Security Update Resolves Severe Vulnerability
Mitchell Langley January 22, 2026
Zoom released a critical security update addressing CVE-2026-22844, a severe vulnerability that could facilitate remote code execution. With a CVSS score of 9.9, this flaw ...
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Application Security
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Andrew Doyle January 22, 2026
Zoom has fixed a critical flaw in its Node Multimedia Routers, while GitLab tackles multiple vulnerabilities, some allowing remote code execution. Security updates are essential ...
Under Armour Account Breach 72.7 Million Accounts Impacted
Data Security
Under Armour Account Breach: 72.7 Million Accounts Impacted
Gabby Lee January 22, 2026
Under Armour experiences a major security incident, with personal information of 72.7 million accounts potentially exposed due to an alleged ransomware attack.
PcComponentes Faces Credential Stuffing Attack Denies Data Breach Claims
Cybersecurity
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
Gabby Lee January 22, 2026
PcComponentes, a leading technology retailer in Spain, has experienced a credential stuffing attack, refuting claims of a 16 million-user data breach. The attack highlights vulnerabilities ...
LastPass Users Targeted by Deceptive Phishing Campaign
News
LastPass Users Targeted by Deceptive Phishing Campaign
Mitchell Langley January 22, 2026
LastPass issues an alert about a phishing scheme cloaked as a maintenance notice, coercing users into a counterfeit data vault backup. Threat actors exploit trust, ...
Cybercriminals Exploit Social Media Messages for Malicious Payloads
News
Cybercriminals Exploit Social Media Messages for Malicious Payloads
Gabby Lee January 22, 2026
A novel phishing campaign leverages private messages on social media platforms to deliver payloads, aided by Dynamic Link Library sideloading.
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
Application Security
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
Andrew Doyle January 22, 2026
Three significant vulnerabilities have emerged in mcp-server-git, enabling potential exploitation through prompt injection. Attackers could manipulate an AI assistant to access or delete files and ...
Serious Bugs in Chainlit Could Expose Sensitive Credentials
Cybersecurity
Serious Bugs in Chainlit Could Expose Sensitive Credentials
Mitchell Langley January 22, 2026
Security flaws in Chainlit software can risk unauthorized exposure of sensitive information. Experts signal that misuse can lead to leaked credentials and databases.
Google Gemini's Vulnerability to Prompt Injection Accessing Sensitive Calendar Information
Cybersecurity
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
Gabby Lee January 22, 2026
Researchers demonstrated how Google's AI, Gemini, could be tricked into revealing confidential Calendar data through prompt injection. This technique involves manipulating the AI into bypassing ...
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
Cybersecurity
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
Mitchell Langley January 20, 2026
Learn about the SolyxImmortal information stealer, which exploits legitimate APIs to siphon data to Discord. This novel threat is targeting secure communications, leveraging trusted channels ...
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Application Security
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Gabby Lee January 20, 2026
Cybersecurity experts have identified a flaw in Google Gemini that exploits indirect prompt injection to manipulate Google Calendar for unauthorized data access.
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026

TOP CYBERSECURITY HEADLINES

TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Application Security
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Cybersecurity
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
Cybersecurity
TVING Data Breach Triggers South Korean Government Probe

This Week’s Security Spotlight

Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
Andrew Doyle June 8, 2026
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Gabby Lee June 5, 2026
Cybersecurity
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
Gabby Lee June 5, 2026
More In News
Trending
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
PipeMagic Backdoor: How Ransomware Actors Exploited a Windows Zero-Day
August 20, 2025
Podcasts
270,000 Intel Employee Records at Risk from Authentication Bypass and Hardcoded Credentials
August 20, 2025
Podcasts
How Social Engineering and Vendor Weaknesses Led to Allianz Life’s Massive Breach
August 19, 2025

Cyber Security News

Cybersecurity
FCC Extends Foreign Router Update Window to 2029 Amid Volt Typhoon
May 12, 2026
Cybersecurity
Skoda Online Shop Breach Exposes Customer Data and Password Hashes
May 12, 2026
Cybersecurity
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
May 12, 2026
Application Security
cPanel Patches Three CVEs as Sorry Ransomware Hits 44K Servers
May 12, 2026
Application Security
Checkmarx Jenkins Plugin Backdoored in TeamPCP Supply Chain
May 12, 2026
Cybersecurity
University Student’s TETRA Replay Attack Halts Taiwan Bullet Train
May 12, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
January 22, 2026
Misconfigured security training apps are increasingly targeted by threat actors, leading to cloud breaches in major organizations. As training apps are widely used, this new ...
aiFWall Launches to Elevate AI Protection in Cyber Security
January 22, 2026
aiFWall, a company that has recently come out of stealth mode, has introduced a groundbreaking AI-powered firewall technology. Designed specifically to enhance the protection of ...
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
January 22, 2026
After the recent Windows security updates, Outlook users have reported system freezes. Microsoft has now offered a workaround to mitigate this impact, allowing users to ...
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
January 22, 2026
Cloudflare patched a vulnerability in its ACME validation mechanism. The issue involved handling requests to the "/.well-known/acme-challenge/" directory, posing security risks.
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
January 22, 2026
CyberNut has secured $5 million in growth capital, building upon the initial $800k pre-seed funding. This investment is aimed at advancing its cybersecurity platform's capabilities, ...
Contagious Interview Campaign Targets Multiple Sectors Worldwide
January 22, 2026
The Contagious Interview cyber campaign targets multiple sectors worldwide, impacting IP addresses and organizations in AI, finance, and other industries.
Zoom’s Critical Security Update Resolves Severe Vulnerability
January 22, 2026
Zoom released a critical security update addressing CVE-2026-22844, a severe vulnerability that could facilitate remote code execution. With a CVSS score of 9.9, this flaw ...
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
January 22, 2026
Zoom has fixed a critical flaw in its Node Multimedia Routers, while GitLab tackles multiple vulnerabilities, some allowing remote code execution. Security updates are essential ...
Under Armour Account Breach: 72.7 Million Accounts Impacted
January 22, 2026
Under Armour experiences a major security incident, with personal information of 72.7 million accounts potentially exposed due to an alleged ransomware attack.
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
January 22, 2026
PcComponentes, a leading technology retailer in Spain, has experienced a credential stuffing attack, refuting claims of a 16 million-user data breach. The attack highlights vulnerabilities ...
LastPass Users Targeted by Deceptive Phishing Campaign
January 22, 2026
LastPass issues an alert about a phishing scheme cloaked as a maintenance notice, coercing users into a counterfeit data vault backup. Threat actors exploit trust, ...
Cybercriminals Exploit Social Media Messages for Malicious Payloads
January 22, 2026
A novel phishing campaign leverages private messages on social media platforms to deliver payloads, aided by Dynamic Link Library sideloading.
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
January 22, 2026
Three significant vulnerabilities have emerged in mcp-server-git, enabling potential exploitation through prompt injection. Attackers could manipulate an AI assistant to access or delete files and ...
Serious Bugs in Chainlit Could Expose Sensitive Credentials
January 22, 2026
Security flaws in Chainlit software can risk unauthorized exposure of sensitive information. Experts signal that misuse can lead to leaked credentials and databases.
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
January 22, 2026
Researchers demonstrated how Google's AI, Gemini, could be tricked into revealing confidential Calendar data through prompt injection. This technique involves manipulating the AI into bypassing ...
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
January 20, 2026
Learn about the SolyxImmortal information stealer, which exploits legitimate APIs to siphon data to Discord. This novel threat is targeting secure communications, leveraging trusted channels ...
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
January 20, 2026
Cybersecurity experts have identified a flaw in Google Gemini that exploits indirect prompt injection to manipulate Google Calendar for unauthorized data access.
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
January 20, 2026
The defendant in a US court admitted selling unauthorized access to compromised enterprise networks. This operation involved an undercover agent, revealing how access brokers monetize ...
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
January 20, 2026
In a ransomware attack, Ingram Micro revealed a significant data breach impacting approximately 42,000 individuals. Compromised information includes names, birth dates, Social Security Numbers, and ...
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats
January 20, 2026
U.K. authorities caution against Russian-aligned hacktivists launching disruptive DDoS attacks. The focus is on critical infrastructure and local government services. This has raised significant cybersecurity ...
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack