Main Menu
Cyber Security
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Indian Government Issues High-Severity Warning for Google Chrome Users
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
CISA Adds XWiki and Broadcom VMware Flaws to Known Exploited Vulnerabilities Catalog
CVE Vulnerability Alerts
CISA Adds XWiki and Broadcom VMware Flaws to Known Exploited Vulnerabilities Catalog
Gabby Lee October 30, 2025
CISA has added critical XWiki and VMware vulnerabilities to its Known Exploited list, confirming active attacks and urging immediate patching under federal security mandates.
OpenAI Upgrades GPT-5 to Better Handle Conversations Involving Emotional Distress
Application Security
OpenAI Upgrades GPT-5 to Better Handle Conversations Involving Emotional Distress
Mitchell Langley October 30, 2025
OpenAI’s October GPT-4 update improves how the model handles emotionally charged conversations. The upgrade enhances safety, empathy, and redirection for users expressing distress while reducing ...
Surge in NFC Relay Malware Hits Android Users Across Eastern Europe
Application Security
Surge in NFC Relay Malware Hits Android Users Across Eastern Europe
Andrew Doyle October 30, 2025
Over 760 malicious Android apps are exploiting NFC tap-to-pay features to steal payment credentials in real time. The surge in NFC relay malware highlights rising ...
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
Application Security
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
Mitchell Langley October 30, 2025
A data breach at Conduent has exposed personal and medical information of over 10.5 million people through the MOVEit vulnerability, underscoring the massive risks of ...
Proton Launches Dark Web Data Breach Observatory to Expose Hidden Cyber Threats
Cybersecurity
Proton Launches Dark Web Data Breach Observatory to Expose Hidden Cyber Threats
Gabby Lee October 30, 2025
Proton launched its Data Breach Observatory to detect and report dark web data exposures, providing real-time alerts and insights to help organizations prevent and mitigate ...
PhantomRaven Campaign Exploits AI Package Suggestions to Get into Developer Systems
Cybersecurity
PhantomRaven Campaign Exploits AI Package Suggestions to Get into Developer Systems
Gabby Lee October 30, 2025
The PhantomRaven campaign weaponized AI-generated package names to distribute malicious npm modules, stealing developer credentials and CI/CD tokens in a stealthy software supply chain attack.
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
Cybersecurity
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
Andrew Doyle October 30, 2025
Canadian authorities revealed multiple hacktivist intrusions into water, energy, and agricultural systems, manipulating industrial controls in opportunistic attacks that risked operational safety but aimed mainly ...
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
Cybersecurity
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
Mitchell Langley October 30, 2025
Nation-state hackers breached U.S. telecom provider Ribbon Communications, maintaining covert access for nearly a year and exposing sensitive customer data in a targeted cyberespionage campaign.
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
Application Security
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
Gabby Lee October 30, 2025
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates to prevent data exposure.
Phoenix Contact UPS Vulnerabilities Critical Flaws May Cause Denial-of-Service
Cybersecurity
Phoenix Contact UPS Vulnerabilities: Critical Flaws May Cause Denial-of-Service
Andrew Doyle October 30, 2025
Critical flaws in Phoenix Contact’s QUINT4 UPS devices could let attackers shut down power or steal credentials. One unpatched Modbus flaw risks remote “power denial” ...
Fuji Electric HMI Configurator Flaws Industrial Software Vulnerabilities Expose Hack Risks
Cybersecurity
Fuji Electric HMI Configurator Flaws: Industrial Software Vulnerabilities Expose Hack Risks
Gabby Lee October 30, 2025
Fuji Electric’s Monitouch V-SFT, Tellus Lite V-Simulator, and V-Server Lite tools contain critical flaws (CVE-2024-11787, others) enabling remote code execution. CISA urges urgent patching.
Atroposia Malware Now Comes With Built-In Local Vulnerability Scanner
Cybersecurity
Atroposia Malware Now Comes With Built-In Local Vulnerability Scanner
Mitchell Langley October 29, 2025
Atroposia is a newly surfaced malware-as-a-service kit that integrates remote access, credential theft and a built-in vulnerability scanner, enabling low-skill attackers to execute advanced campaigns.
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
Endpoint Security
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
Gabby Lee October 29, 2025
The TEE.Fail side-channel attack allows extraction of cryptographic keys from Intel SGX, AMD SEV-SNP and NVIDIA GPU confidential environments via low-cost DDR5 memory bus interposers.
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
CVE Vulnerability Alerts
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
Mitchell Langley October 29, 2025
CISA warns that two vulnerabilities in DELMIA Apriso (CVE-2025-6204 and CVE-2025-6205) are under active exploitation, urging immediate patching across manufacturing operations.
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Application Security
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Gabby Lee October 29, 2025
The Australian regulator alleges Microsoft misled 2.7 million consumers into Copilot-integrated Microsoft 365 plans by concealing a cheaper Classic tier, prompting legal action and potential ...
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Cybersecurity
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Andrew Doyle October 29, 2025
Qilin ransomware now exploits the Windows Subsystem for Linux to deploy Linux encryptors on Windows hosts, blending BYOVD attacks and remote-management tools for stealth/
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
Cybersecurity
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
Mitchell Langley October 29, 2025
Dentsu has confirmed a cyberattack on its UK operations via Merkle’s servers, exposing employee payroll and personal details, raising identity theft and phishing concerns.
Palo Alto Networks Unveils AI Security Suite Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
Cybersecurity
Palo Alto Networks Unveils AI Security Suite: Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
Gabby Lee October 29, 2025
Palo Alto Networks has launched Cortex Cloud 2.0 and Prisma AIRS 2.0—AI-driven platforms for cloud and AI application security. Combining automation, real-time threat detection, and ...
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
Cybersecurity
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
Andrew Doyle October 28, 2025
An Italian spyware vendor has been linked to Google Chrome zero-day attacks targeting Android and Windows users, exploiting CVE-2025-1234 to deliver advanced surveillance tools globally.
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
Cybersecurity
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
Mitchell Langley October 28, 2025
QNAP warned that its Windows-based NetBak Replicator backup software is vulnerable to the critical ASP.NET flaw CVE-2024-43491, urging users to apply Microsoft’s latest security patches ...
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Application Security
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Andrew Doyle November 7, 2025
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Cybersecurity
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Gabby Lee November 6, 2025
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Mitchell Langley November 6, 2025
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
News
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Mitchell Langley November 6, 2025

TOP CYBERSECURITY HEADLINES

Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
News
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Cybersecurity
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
Application Security
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Cybersecurity
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack

This Week’s Security Spotlight

Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Gabby Lee November 6, 2025
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Data Security
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Andrew Doyle November 2, 2025
More In News
Trending
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
11 Types of Social Engineering Attacks and How to Prevent Them
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak
October 24, 2025
Podcasts
Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution
October 24, 2025
Podcasts
BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws
October 24, 2025

Cyber Security News

Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Cybersecurity
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
November 5, 2025
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
Application Security
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
November 5, 2025
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
November 4, 2025
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Application Security
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
November 4, 2025
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Data Security
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
November 4, 2025
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Application Security
Microsoft Plans to Retire Defender Application Guard for Office by 2027
November 4, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Surge in NFC Relay Malware Hits Android Users Across Eastern Europe
October 30, 2025
Over 760 malicious Android apps are exploiting NFC tap-to-pay features to steal payment credentials in real time. The surge in NFC relay malware highlights rising ...
Conduent Discloses Data Breach Impacting 10.5 Million Individuals
October 30, 2025
A data breach at Conduent has exposed personal and medical information of over 10.5 million people through the MOVEit vulnerability, underscoring the massive risks of ...
Proton Launches Dark Web Data Breach Observatory to Expose Hidden Cyber Threats
October 30, 2025
Proton launched its Data Breach Observatory to detect and report dark web data exposures, providing real-time alerts and insights to help organizations prevent and mitigate ...
PhantomRaven Campaign Exploits AI Package Suggestions to Get into Developer Systems
October 30, 2025
The PhantomRaven campaign weaponized AI-generated package names to distribute malicious npm modules, stealing developer credentials and CI/CD tokens in a stealthy software supply chain attack.
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
October 30, 2025
Canadian authorities revealed multiple hacktivist intrusions into water, energy, and agricultural systems, manipulating industrial controls in opportunistic attacks that risked operational safety but aimed mainly ...
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
October 30, 2025
Nation-state hackers breached U.S. telecom provider Ribbon Communications, maintaining covert access for nearly a year and exposing sensitive customer data in a targeted cyberespionage campaign.
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
October 30, 2025
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates to prevent data exposure.
Phoenix Contact UPS Vulnerabilities: Critical Flaws May Cause Denial-of-Service
October 30, 2025
Critical flaws in Phoenix Contact’s QUINT4 UPS devices could let attackers shut down power or steal credentials. One unpatched Modbus flaw risks remote “power denial” ...
Fuji Electric HMI Configurator Flaws: Industrial Software Vulnerabilities Expose Hack Risks
October 30, 2025
Fuji Electric’s Monitouch V-SFT, Tellus Lite V-Simulator, and V-Server Lite tools contain critical flaws (CVE-2024-11787, others) enabling remote code execution. CISA urges urgent patching.
Atroposia Malware Now Comes With Built-In Local Vulnerability Scanner
October 29, 2025
Atroposia is a newly surfaced malware-as-a-service kit that integrates remote access, credential theft and a built-in vulnerability scanner, enabling low-skill attackers to execute advanced campaigns.
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
October 29, 2025
The TEE.Fail side-channel attack allows extraction of cryptographic keys from Intel SGX, AMD SEV-SNP and NVIDIA GPU confidential environments via low-cost DDR5 memory bus interposers.
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
October 29, 2025
CISA warns that two vulnerabilities in DELMIA Apriso (CVE-2025-6204 and CVE-2025-6205) are under active exploitation, urging immediate patching across manufacturing operations.
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
October 29, 2025
The Australian regulator alleges Microsoft misled 2.7 million consumers into Copilot-integrated Microsoft 365 plans by concealing a cheaper Classic tier, prompting legal action and potential ...
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
October 29, 2025
Qilin ransomware now exploits the Windows Subsystem for Linux to deploy Linux encryptors on Windows hosts, blending BYOVD attacks and remote-management tools for stealth/
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
October 29, 2025
Dentsu has confirmed a cyberattack on its UK operations via Merkle’s servers, exposing employee payroll and personal details, raising identity theft and phishing concerns.
Palo Alto Networks Unveils AI Security Suite: Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
October 29, 2025
Palo Alto Networks has launched Cortex Cloud 2.0 and Prisma AIRS 2.0—AI-driven platforms for cloud and AI application security. Combining automation, real-time threat detection, and ...
Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs
October 29, 2025
A newly uncovered cyber-espionage operation known as Operation ForumTroll has revealed the resurgence of commercial spyware in state-sponsored surveillance campaigns. According to new research from ...
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
October 28, 2025
A global smishing campaign of unprecedented scale has been uncovered by Palo Alto Networks, revealing the vast operations of a Chinese-speaking threat actor known as ...
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
October 28, 2025
The global ransomware economy is collapsing under growing resistance from its targets. According to new data from cybersecurity firm Coveware, the third quarter of 2025 ...
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
October 28, 2025
Mozilla is taking a decisive step toward transparency and user control by requiring all Firefox extensions to disclose how they collect and handle personal data. ...
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
U.S. Sanctions North Korean Financial Network Over Cybercrime-Funded Weapons Program
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
Gootloader Resurfaces After Hiatus, Leveraging SEO Poisoning to Spread Malware
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
CISA Warns of Ongoing Exploitation of Critical CentOS Web Panel Flaw
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak