Cyber Security
Application Security
ReliaQuest GreyMatter Review — Agentic AI Security Operations for Enterprise Protection
ReliaQuest GreyMatter delivers an agentic AI security operations platform that enables CISOs to detect threats at the source, reduce alert noise, and respond within minutes.
Application Security
North Korean Hackers Enhance Malware with Merged BeaverTail and OtterCookie Tools
North Korean hackers have merged the BeaverTail and OtterCookie malware into a new espionage tool, OtterCookie v5, targeting developers and cryptocurrency firms. The modular malware ...
Cybersecurity
Experian Fined €2.7 Million by Dutch Regulator for Mass Collection of Personal Data
Experian Netherlands was fined €2.7 million for using aggregated public and private data to build large consumer profiles without informing individuals or obtaining appropriate consent ...
Application Security
Envoy Air Data Breach: Oracle EBS Exploit Exposes Sensitive Data
Envoy Air confirmed a cybersecurity breach tied to Oracle’s E-Business Suite zero-day (CVE-2025-61882), exploited by the Clop ransomware group. While no sensitive customer data was ...
Cybersecurity
Everest Ransomware Group Claims Collins Aerospace Attack Linked to Europe’s Airport Disruptions
The Everest ransomware group claimed responsibility for Collins Aerospace’s cyberattack, linking it to last month’s European airport chaos that disrupted check-in systems across multiple major ...
Cybersecurity
TikTok Videos Instructing Users To Run PowerShell Commands
Researchers warn of a TikTok campaign where short “activation” videos urge users to paste PowerShell commands that secretly download malware. The scripts install credential stealers, ...
News
Microsoft Ties Storm-1175 to Medusa Ransomware via GoAnywhere Flaw (CVSS 10.0)
Microsoft has linked the exploitation of a critical GoAnywhere MFT vulnerability (CVE-2025-10035) to the Storm-1175 threat group, operators of the Medusa ransomware. The flaw, rated ...
Cybersecurity
Pwn2Own Automotive 2026 Offers $3M+ in Prizes for Security Vulnerabilities
Trend Micro’s Zero Day Initiative will host Pwn2Own Automotive 2026 in Tokyo, offering over $3 million for exploits targeting Tesla systems, EV chargers, and automotive ...
News
Muji Suspends Online Sales in Japan After Askul Ransomware Attack
Muji has halted its Japanese online sales following a ransomware attack on its logistics partner, Askul Corporation, disrupting orders, shipments, and digital retail services.
Threat Actors
Violet Typhoon: China-Nexus Espionage Actor
Violet Typhoon, a China-linked cyber-espionage actor active since 2015, targets governments, NGOs, and academic institutions using SharePoint zero-day exploits. Its “ToolShell” campaign installs web shells, ...
Application Security
ConnectWise Automate Patches Critical Flaws Allowing AitM and Malicious Updates
Critical flaws in ConnectWise Automate allow agents to communicate over unencrypted HTTP and accept unsigned updates, opening the door to adversary-in-the-middle attacks and malicious code ...
Data Security
Netcore Cloud Data Leak: 13TB Breach Exposes 40 Billion Records
A massive data breach at Netcore Cloud exposed more than 40 billion records in a 13.4TB unsecured database, leaking email logs, healthcare messages, partial banking ...
Cybersecurity
F5 Releases Urgent BIG-IP Patches After Stolen Vulnerability Breach
A newly disclosed breach of F5 Networks has triggered an unprecedented federal response after state-linked attackers stole BIG-IP source code and internal vulnerability data. Fearing ...
Application Security
Microsoft Patches Highest-Severity ASP.NET Core Flaw Enabling Remote Code Execution
Microsoft has released an emergency patch for CVE-2025-55315, a critical ASP.NET Core vulnerability in the Kestrel web server with a record-high CVSS score of 9.9. ...
News
Europol Cracks SIM-Cartel: €4.5M Fraud Losses Mitigated in Cybercrime Campaign
European authorities have dismantled SIMCARTEL, a massive cybercrime-as-a-service network that used 1,200 SIM boxes and 40,000 active SIM cards to power large-scale smishing, fraud, and ...
Cybersecurity
Europe Endures 300 Daily Cyberattacks: Geopolitical Tensions Fuel Digital Risk
Cyberattacks in Europe have surged due to rising geopolitical tensions, particularly the Russia-Ukraine conflict, making the region one of the world’s most targeted. Critical infrastructure, ...
Cybersecurity
US Power Grid at Risk: Unified Cybersecurity Framework Urged to Combat Industrial Vulnerabilities
Cyberattacks on U.S. utilities surged 70% in 2024 as legacy systems, poor cyber hygiene, and fragmented regulations leave the power grid dangerously exposed. Experts warn ...
Application Security
AI-Powered Villager Pen Test Tool Hits 11K Downloads, Sparks Abuse Concerns
Villager, an AI-driven penetration testing tool released on PyPI, has surged past 11,000 downloads by automating network scanning, exploitation, and privilege escalation via natural language ...
Application Security
Oracle E-Business Suite Hit by Cl0p Ransomware Using CVE-2025-61882
Cl0p ransomware is actively exploiting a zero-day in Oracle E-Business Suite (CVE-2025-61882), allowing unauthenticated remote code execution via the BI Publisher component. The attacks have ...
Application Security
Microsoft Revokes 200+ Fraudulent Certificates: Thwarts Rhysida Ransomware Campaign
Microsoft has revoked over 200 compromised digital certificates to disrupt a ransomware campaign abusing fake Microsoft Teams installers. Threat actor Vanilla Tempest used SEO poisoning ...
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
TOP CYBERSECURITY HEADLINES
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
This Week’s Security Spotlight
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft
Oregon-based Jewett-Cameron Company, a manufacturer of fencing, kennels, and specialty wood products, has confirmed that it was the victim of a double-extortion ransomware attack on ...
Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot
The Russian state-sponsored hacking group Star Blizzard — also tracked as ColdRiver, Seaborgium, and UNC4057 — has undergone a major transformation in its operations following ...
Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents
San Francisco-based Keycard has officially emerged from stealth mode, announcing $38 million in funding across seed and Series A rounds to build what may become ...
Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover
Security researchers are urging immediate action after TP-Link disclosed multiple critical vulnerabilities in its Omada gateway line, affecting a wide range of ER, G, and ...
TARmageddon: The Rust Library Flaw Exposing Supply Chains to Remote Code Execution
A critical new vulnerability known as TARmageddon (CVE-2025-62518) has sent shockwaves through the Rust developer community and the broader cybersecurity world. This high-severity desynchronization flaw, ...
Vidar 2.0: The C-Rewritten Stealer Poised to Dominate the Cybercrime Market
A new evolution in information-stealing malware has arrived — and it’s already drawing serious attention from researchers and defenders alike. The release of Vidar 2.0 ...
Dataminr Acquires ThreatConnect for $290M to Create the Next Generation of Tailored Threat Intelligence
Dataminr, the AI powerhouse known for its real-time risk and event detection platform, has announced plans to acquire ThreatConnect, a cybersecurity firm specializing in threat ...
Veeam Acquires Securiti AI for $1.725 Billion to Unite Data Resilience, Security, and AI
In one of the largest cybersecurity acquisitions of 2025, Veeam Software has announced plans to acquire Securiti AI for $1.725 billion in cash and stock, ...
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Hackers exposed data of nearly 1,000 DHS, DOJ, and FBI staff, escalating threats against federal officers amid politically charged cyberattacks and cartel-linked bounty schemes.
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
INC Ransom claims to have stolen 47GB of data from Summit Golf Brands, threatening a public leak as part of its escalating multi-extortion ransomware campaign.
Attackers Exploit OAuth Tokens After Password Resets
Proofpoint warns hackers are abusing internal OAuth apps to maintain access even after password resets and MFA, enabling persistent control of Microsoft 365 mailboxes and ...
Defakto Raises $30.75 Million to Redefine Machine Identity Security
California-based cybersecurity firm Defakto has raised $30.75 million in Series B funding, led by XYZ Venture Capital, bringing its total investment to roughly $50 million. ...
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
Attackers are exploiting CVE-2025-33073 in Windows SMB to gain SYSTEM privileges, prompting CISA to mandate urgent patching and SMB signing enforcement before November 10.
Dr. Allan Friedman Joins NetRise: The Father of SBOMs Goes Private to Fuse AI and Supply Chain Security
In a landmark move for the cybersecurity industry, Dr. Allan Friedman — often called the Father of SBOMs — has joined supply chain security firm ...
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact, and practical strategies to prevent ...
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
CISA confirmed active exploitation of Oracle E-Business Suite CVE-2025-61884 SSRF, urging immediate patching and network hardening after leaked exploits enabled data-theft and extortion campaigns.
Microsoft Sentinel Review — Cloud-Native SIEM, Analytics & Threat Response for Enterprises
Microsoft Sentinel delivers cloud-scale threat detection, intelligence-enriched analytics, automated playbooks and behavior analysis, enabling enterprise security operations to investigate and respond in real time.
CISA Updates KEV Catalog: 5 Exploited Vulnerabilities Confirmed
CISA has added 15 actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog for October 2025, covering flaws in Microsoft, Oracle, Apple, Juniper, and ...
Supply Chain Attack: ‘GlassWorm’ Malware Infects VS Code Extensions
A newly discovered malware dubbed GlassWorm has infected over 35,800 Visual Studio Code extensions, marking one of the most advanced supply chain attacks to date. ...
Prosper Data Breach: 17.6 Million Accounts Compromised
Prosper has confirmed a major data breach affecting 17.6 million individuals after attackers accessed its customer databases. Exposed data includes names, SSNs, and employment details, ...