Main Menu
Cyber Security
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
ShadowV2 Botnet: A Test Run Amidst AWS Outage
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
London Councils Face Cyberattack: Resident Data Potentially Compromised
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Gainsight Data Breach: Company Downplays Impact
HashJack Attack Unveils a New Cybersecurity Vulnerability
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Tor Introduces Counter Galois Onion Encryption for Improved Security
Microsoft Exchange Online Outage: Customer Access Disrupted
Delta Dental of Virginia Incident Exposes Personal and Health Information
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
SitusAMC Admits to Data Breach Impacting Client Information
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
Defensive Strategies Against New ClickFix Ransomware Tactics
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Harvard Experiences Data Breach via Vishing Attack
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
News
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Andrew Doyle November 21, 2025
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Cybersecurity
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Gabby Lee November 21, 2025
Cybersecurity startup Mate has emerged from stealth with a $15.5M seed round to accelerate its enterprise-focused cloud security platform. The company plans to expand engineering, ...
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Cybersecurity
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Mitchell Langley November 21, 2025
Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
News
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
Andrew Doyle November 21, 2025
Amazon’s threat intelligence team has linked Iranian state-backed hackers to cyber intrusions that directly supported physical military operations. The findings show Tehran merging digital espionage ...
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Cybersecurity
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Gabby Lee November 21, 2025
The U.S., U.K., and Australia have jointly sanctioned Russian nationals Aleksandr Ermakov and Aleksandr Rakitin, along with several bulletproof hosting providers, for enabling ransomware groups ...
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
Endpoint Security
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
Andrew Doyle November 21, 2025
Operation WrtHug is hijacking tens of thousands of outdated ASUS routers worldwide by exploiting old firmware flaws and default credentials. The botnet is growing rapidly, ...
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
Application Security
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
Mitchell Langley November 21, 2025
A new campaign in Brazil hijacks WhatsApp accounts to spread the Eternidade Stealer banking trojan. Attackers use trusted contacts to deliver malicious files, enabling credential ...
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
Application Security
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
Mitchell Langley November 21, 2025
A critical flaw in the W3 Total Cache plugin allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious payloads into WordPress comments. With ...
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
CVE Vulnerability Alerts
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
Andrew Doyle November 21, 2025
A newly disclosed 7-Zip vulnerability, CVE-2025-11001, is being actively exploited, allowing remote code execution through malicious archive files. NHS England warns organizations to urgently update ...
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Cybersecurity
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Gabby Lee November 21, 2025
Provincial investigations found Canadian school boards unprepared for a 2024 PowerSchool cyberattack, affecting 5.2 million people and revealing inadequate breach response and oversight protocols.
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Application Security
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Mitchell Langley November 19, 2025
Microsoft is adding a false-positive reporting feature to Teams, allowing users to flag messages incorrectly quarantined by Defender for Office 365. The feedback will help ...
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
Application Security
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
Andrew Doyle November 19, 2025
Microsoft is bringing one of its most widely-used threat detection tools, Sysmon (System Monitor), into the Windows operating system itself—removing ...
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
Cybersecurity
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
Mitchell Langley November 19, 2025
The U.S. is preparing to expand offensive cyber operations in response to escalating nation-state attacks, according to National Cyber Director Sean Cairncross. While timelines remain ...
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
Application Security
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
Gabby Lee November 19, 2025
Microsoft is introducing two new Windows 11 recovery tools—Point-in-Time Restore and Cloud Rebuild—to help enterprises quickly recover from misconfigurations, faulty updates, or system failures. The ...
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
News
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Gabby Lee November 19, 2025
The Sneaky 2FA phishing platform now incorporates Browser-in-the-Browser deception, enabling attackers to convincingly mimic legitimate login windows and harvest credentials and MFA codes. This upgrade ...
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
Cybersecurity
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
Mitchell Langley November 19, 2025
The FCC is preparing to vote on rolling back cybersecurity rules imposed after the Salt Typhoon espionage campaign, following heavy telecom industry pushback. Carriers argue ...
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Network Security
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Andrew Doyle November 18, 2025
A configuration error at Cloudflare on November 18 caused a major global outage affecting ChatGPT, Shopify, X, and multiple public-sector sites. Though resolved within an ...
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
News
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
Gabby Lee November 18, 2025
MI5 warns that Chinese intelligence operatives are using LinkedIn and fake recruiters to target UK professionals with access to sensitive information. Thousands have reportedly been ...
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Cybersecurity
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Andrew Doyle November 18, 2025
A ransomware attack by the Inc Ransom group has hit the Pennsylvania Office of the Attorney General, with attackers claiming to have stolen over 700GB ...
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
Endpoint Security
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
Mitchell Langley November 18, 2025
ShadowRay 2.0 is exploiting an unauthenticated RCE flaw in older Ray Cluster deployments, infecting more than 5,000 exposed nodes and turning them into a self-spreading ...
Asahi Cyberattack Exposes Extensive Data Breach A Blow to Japan's Brewer Giant
Cybersecurity
Asahi Cyberattack Exposes Extensive Data Breach: A Blow to Japan’s Brewer Giant
Gabby Lee November 28, 2025
Comcast's $1.5 Million Settlement in Data Breach Incident with FCC
Data Security
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
Andrew Doyle November 27, 2025
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Cybersecurity
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Andrew Doyle November 27, 2025
ShadowV2 Botnet A Test Run Amidst AWS Outage
Cybersecurity
ShadowV2 Botnet: A Test Run Amidst AWS Outage
Andrew Doyle November 27, 2025

TOP CYBERSECURITY HEADLINES

Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Cybersecurity
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Network Security
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Comcast's $1.5 Million Settlement in Data Breach Incident with FCC
Data Security
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC

This Week’s Security Spotlight

Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Mitchell Langley November 27, 2025
London Councils Face Cyberattack Resident Data Potentially Compromised
Cybersecurity
London Councils Face Cyberattack: Resident Data Potentially Compromised
Mitchell Langley November 27, 2025
Microsoft Exchange Online Outage Customer Access Disrupted
Cybersecurity
Microsoft Exchange Online Outage: Customer Access Disrupted
Gabby Lee November 26, 2025
Harvard Experiences Data Breach via Vishing Attack
Data Security
Harvard Experiences Data Breach via Vishing Attack
Gabby Lee November 25, 2025
More In News
Trending
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak
October 24, 2025
Podcasts
Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution
October 24, 2025
Podcasts
BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws
October 24, 2025

Cyber Security News

Tor Introduces Counter Galois Onion Encryption for Improved Security
Cybersecurity
Tor Introduces Counter Galois Onion Encryption for Improved Security
November 26, 2025
Microsoft Exchange Online Outage Customer Access Disrupted
Cybersecurity
Microsoft Exchange Online Outage: Customer Access Disrupted
November 26, 2025
Delta Dental of Virginia Incident Exposes Personal and Health Information
Data Security
Delta Dental of Virginia Incident Exposes Personal and Health Information
November 25, 2025
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
Cybersecurity
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
November 25, 2025
SitusAMC Admits to Data Breach Impacting Client Information
Data Security
SitusAMC Admits to Data Breach Impacting Client Information
November 25, 2025
Amazon Web Services Confronts Service Failures What Went Wrong and Lessons Learned
Cybersecurity
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
November 25, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
November 21, 2025
Amazon’s threat intelligence team has linked Iranian state-backed hackers to cyber intrusions that directly supported physical military operations. The findings show Tehran merging digital espionage ...
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
November 21, 2025
The U.S., U.K., and Australia have jointly sanctioned Russian nationals Aleksandr Ermakov and Aleksandr Rakitin, along with several bulletproof hosting providers, for enabling ransomware groups ...
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
November 21, 2025
Operation WrtHug is hijacking tens of thousands of outdated ASUS routers worldwide by exploiting old firmware flaws and default credentials. The botnet is growing rapidly, ...
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
November 21, 2025
A new campaign in Brazil hijacks WhatsApp accounts to spread the Eternidade Stealer banking trojan. Attackers use trusted contacts to deliver malicious files, enabling credential ...
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
November 21, 2025
A critical flaw in the W3 Total Cache plugin allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious payloads into WordPress comments. With ...
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
November 21, 2025
A newly disclosed 7-Zip vulnerability, CVE-2025-11001, is being actively exploited, allowing remote code execution through malicious archive files. NHS England warns organizations to urgently update ...
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
November 21, 2025
Provincial investigations found Canadian school boards unprepared for a 2024 PowerSchool cyberattack, affecting 5.2 million people and revealing inadequate breach response and oversight protocols.
Microsoft Adds False-Positive Reporting to Teams Security Alerts
November 19, 2025
Microsoft is adding a false-positive reporting feature to Teams, allowing users to flag messages incorrectly quarantined by Defender for Office 365. The feedback will help ...
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
November 19, 2025
Microsoft is bringing one of its most widely-used threat detection tools, Sysmon (System Monitor), into the Windows operating system itself—removing the need for administrators to ...
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
November 19, 2025
The U.S. is preparing to expand offensive cyber operations in response to escalating nation-state attacks, according to National Cyber Director Sean Cairncross. While timelines remain ...
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
November 19, 2025
Microsoft is introducing two new Windows 11 recovery tools—Point-in-Time Restore and Cloud Rebuild—to help enterprises quickly recover from misconfigurations, faulty updates, or system failures. The ...
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
November 19, 2025
The Sneaky 2FA phishing platform now incorporates Browser-in-the-Browser deception, enabling attackers to convincingly mimic legitimate login windows and harvest credentials and MFA codes. This upgrade ...
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
November 19, 2025
The FCC is preparing to vote on rolling back cybersecurity rules imposed after the Salt Typhoon espionage campaign, following heavy telecom industry pushback. Carriers argue ...
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
November 18, 2025
A configuration error at Cloudflare on November 18 caused a major global outage affecting ChatGPT, Shopify, X, and multiple public-sector sites. Though resolved within an ...
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
November 18, 2025
MI5 warns that Chinese intelligence operatives are using LinkedIn and fake recruiters to target UK professionals with access to sensitive information. Thousands have reportedly been ...
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
November 18, 2025
A ransomware attack by the Inc Ransom group has hit the Pennsylvania Office of the Attorney General, with attackers claiming to have stolen over 700GB ...
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
November 18, 2025
ShadowRay 2.0 is exploiting an unauthenticated RCE flaw in older Ray Cluster deployments, infecting more than 5,000 exposed nodes and turning them into a self-spreading ...
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
November 18, 2025
A new wave of attacks is compromising unsecured Ray clusters and turning them into self-replicating botnets. By abusing exposed Ray endpoints, attackers deploy malware that ...
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
November 18, 2025
A malware campaign tied to the EVALUSION threat cluster is abusing fake ClickFix utilities to deploy Amatera Stealer or NetSupport RAT. The attackers use staged ...
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
November 18, 2025
Government auditors warn that DoD personnel may be unintentionally leaking sensitive details on social media, including deployment data and unit locations. Outdated policies, weak training, ...
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
ShadowV2 Botnet: A Test Run Amidst AWS Outage
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
London Councils Face Cyberattack: Resident Data Potentially Compromised
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Gainsight Data Breach: Company Downplays Impact
HashJack Attack Unveils a New Cybersecurity Vulnerability
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Tor Introduces Counter Galois Onion Encryption for Improved Security
Microsoft Exchange Online Outage: Customer Access Disrupted
Delta Dental of Virginia Incident Exposes Personal and Health Information
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
SitusAMC Admits to Data Breach Impacting Client Information