Main Menu
Cyber Security
NSW Health Data Breach Exposes Personal and Professional Records Of Nearly 600 Doctors
Threat Actor Upgrades Docker API Attacks, Moves Toward Botnet Development
Dynatrace Confirms Customer Data Exposure in Salesforce Supply Chain Breach
Wealthsimple Data Breach Exposes Government IDs in Third-Party Attack
External Attack Surface Management: CISO’s Guide to Mitigating Risk Before It Strikes
Salesloft Data Breach Exposes 700 Companies Through OAuth Token Attack
U.S. Charges Ukrainian National for Administering Ransomware
Doctors Outraged After NSW Health Department Leaks Personal and Professional Data
Salt Typhoon Breach Exposes U.S. Telecom Wiretap Systems
China Is Blurring the Lines Between Civilian AI and Military Power
Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack
Lovesac Confirms Data Breach Following Ransomware Attack
GhostAction Supply Chain Attack on GitHub Exposes 3,325 Secrets
Qantas Airways Reduces CEO’s Bonus Following July Data Breach
This Week In Cybersecurity: September 1–5, 2025
Czech Cybersecurity Agency Warns Against Chinese Technology in Critical Infrastructure
Social Engineering Breach Opens Door to Google Salesforce Data Leak
Cybersecurity Leadership: An Expert Talks Executive Risk
Hack on In-Flight Connectivity Provider Anuvu Exposes Starlink User Data
Wealthsimple Data Breach Leaked Client Information Online
Jaguar Land Rover Cyberattack Severely Disrupts Production, Systems Taken Offline
GPS Jamming Attack Forces Ursula Von Der Leyen’s Plane to Land Without Navigation
Santa Fe County Website “Hack” Likely Based on Old Source Code
Salesforce Supply Chain Breach Hits Palo Alto Networks Customers
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Exploring Ransomware EDR-Killer Tools: How New Tactics Undermine Endpoint Security
Agentic AI Steals Spotlight at Black Hat 2025 with Real-Time Threat Response
DHS Cuts $27M Cybersecurity Support: Impact on 19,000 Local Governments
TamperedChef Infostealer Delivered Through Fraudulent PDF Editor Ads
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
CVE Vulnerability Alerts
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
Gabby Lee August 28, 2025
Citrix patches critical NetScaler RCE CVE-2025-7775 exploited in zero-day attacks; admins must upgrade affected NetScaler ADC and Gateway builds immediately.
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
Application Security
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
Gabby Lee August 28, 2025
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18, with services disrupted for nearly ...
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
Cybersecurity
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
Andrew Doyle August 28, 2025
Forbes found over 370,000 Grok conversations indexed by search engines after users clicked "share," exposing personal data, attachments, passwords, and illicit instructions including assassination plans.
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
Cybersecurity
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
Gabby Lee August 28, 2025
Murky Panda hijacks trusted cloud relationships to reach downstream customers, abusing Entra ID and DAP paths, reading email, and escalating privileges after initial access via ...
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
Cybersecurity
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
Andrew Doyle August 28, 2025
Salesloft breach exposed Drift OAuth tokens used to access Salesforce instances; attackers extracted AWS keys, passwords, and Snowflake tokens to pivot and exfiltrate data.
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
Application Security
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
Mitchell Langley August 28, 2025
A newly advertised data-scraping service claims to index 1.8 billion Discord messages, 207 million voice sessions, and profiles from 35 million users. Researchers warn the ...
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
Application Security
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
Gabby Lee August 28, 2025
Silk Typhoon used captive-portal AitM redirects to deliver a signed dropper that decrypts and side-loads a PlugX-variant backdoor, GTIG reports and blocks domains.
Farmers Insurance Data Breach Impacts 1.1 Million Customers in Salesforce Attack
Cybersecurity
Farmers Insurance Data Breach Impacts 1.1 Million Customers in Salesforce Cyberattack
Andrew Doyle August 28, 2025
Farmers Insurance confirmed a third-party vendor database was breached on May 29, exposing PII for 1,111,386 customers in the wider Salesforce data theft campaign.
AI Summary Injection Turns Summaries Into Malware Delivery
Cybersecurity
AI Summary Injection Turns Summaries into Malware Delivery
Gabby Lee August 28, 2025
Researchers show attackers hide malicious payloads in HTML using CSS obfuscation and prompt overdose so AI summaries output malware instructions that lead to ransomware execution.
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Cybersecurity
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Mitchell Langley August 28, 2025
Nissan has confirmed a data breach at its Tokyo-based subsidiary, Creative Box Inc. (CBI), following unauthorized access on August 16, 2025. The Qilin ransomware group ...
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
Resources
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
Gabby Lee August 28, 2025
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims spanning healthcare, manufacturing, and IT, ...
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Blog
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Andrew Doyle August 28, 2025
Australia is facing a surge in AI-driven cyberattacks, from deepfake phishing and malware development to supply chain compromises. With over 70 major incidents in 2025 ...
CISA Expands Known Exploited Vulnerabilities Catalog 47 New Threats Identified
CVE Vulnerability Alerts
CISA Expands Known Exploited Vulnerabilities Catalog: 47 New Threats Identified
Mitchell Langley August 28, 2025
CISA has added 47 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, including flaws in SharePoint, Google Chromium, and Cisco devices. The ...
Arizona Seeks 10M to Bolster Election Cybersecurity
Cybersecurity
Arizona Seeks $10M to Bolster Election Cybersecurity: Post-Attack Response Plan
Gabby Lee August 28, 2025
A cyberattack on Arizona’s election portal, linked to Iranian-affiliated actors, has spurred calls for $10 million in cybersecurity funding and $3.5 million annually. Secretary of ...
Microsoft Patches Teams Vulnerability Critical Fix Against Remote Code Risks
Application Security
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
Mitchell Langley August 28, 2025
Microsoft has patched CVE-2025-53783, a heap-based buffer overflow in Teams that enables remote code execution across desktop, mobile, and hardware devices. Though exploitation requires social ...
Apple Patches Zero-Day Exploit Immediate Fix for CVE-2025-43300 Threat
Cybersecurity
Apple Patches Zero-Day Exploit: Immediate Fix for CVE-2025-43300 Threat
Andrew Doyle August 28, 2025
Apple has released emergency patches for CVE-2025-43300, a zero-day flaw in the Image I/O framework enabling remote code execution via malicious images. Actively exploited in ...
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
News
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
Gabby Lee August 28, 2025
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised as PDFs, these droppers fetch ...
Google to Verify Android Developers A New Era in App Security Emerges
Application Security
Google to Verify Android Developers: A New Era in App Security Emerges
Mitchell Langley August 27, 2025
Google is rolling out its Developer Verification program, requiring all Android developers—inside and outside the Play Store—to verify their identity by 2027. The policy aims ...
Okta Raises FY26 Forecast as Identity Verification Demand Surges
Data Security
Okta Raises Annual Forecasts Amid Surging Demand for Cybersecurity Tools
Gabby Lee August 27, 2025
Okta has lifted its fiscal 2026 revenue forecast after reporting strong Q2 results, driven by soaring demand for identity verification tools. As AI-powered impersonation attacks ...
The Dual Role of AI in Cybersecurity Weapon and Shield
Blog
The Dual Role of AI in Cybersecurity: Weapon and Shield
Mitchell Langley August 26, 2025
AI hacking has moved from speculation to reality, enabling deepfake phishing, automated malware, and large-scale social engineering. While defenders deploy AI for detection and response, ...
National Cyber Director Pushes for Aggressive Cyber Strategy to Shift Risk to Adversaries
Cybersecurity
National Cyber Director Pushes for Aggressive Cyber Strategy to Shift Risk to Adversaries
Gabby Lee September 11, 2025
Evertec Confirms 130M Fraud Attempt in Sinqia Pix Cyberattack
Cybersecurity
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
Gabby Lee September 4, 2025
Maryland’s Paratransit Ransomware Strike Cyberattack Disrupts Disabled Transit Services
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley September 2, 2025
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
News
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
Gabby Lee August 19, 2025

TOP CYBERSECURITY HEADLINES

NSW Health Data Breach Exposes Personal and Professional Records Of Nearly 600 Doctors
Cybersecurity
NSW Health Data Breach Exposes Personal and Professional Records Of Nearly 600 Doctors
Threat Actor Upgrades Docker API Attacks, Moves Toward Botnet Development
Cybersecurity
Threat Actor Upgrades Docker API Attacks, Moves Toward Botnet Development
Dynatrace Confirms Customer Data Exposure in Salesforce Supply Chain Breach
Cybersecurity
Dynatrace Confirms Customer Data Exposure in Salesforce Supply Chain Breach
Wealthsimple Data Breach Exposes Government IDs in Third-Party Attack
Cybersecurity
Wealthsimple Data Breach Exposes Government IDs in Third-Party Attack

This Week’s Security Spotlight

This Week In Cybersecurity: September 1–5, 2025
Cybersecurity
This Week In Cybersecurity: September 1–5, 2025
Andrew Doyle September 8, 2025
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Cybersecurity
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Andrew Doyle September 4, 2025
Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees
Cybersecurity
Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees
Mitchell Langley September 3, 2025
SK Telecom Fined 96.9M After Data Breach Hits 23M Users
Cybersecurity
SK Telecom Hit with Record US$96.9 Million Fine After Data Breach Exposes 23 Million Users
Gabby Lee September 3, 2025
More In News
Trending
ClickFix Phishing Campaign Targets Booking.com Using Infostealers and RATs
Darcula PhaaS 3.0 Auto-Generates Phishing Kits for Any Brand
Sophisticated Gmail Attacks Target Users: FBI Issues “Do Not Click” Alert
This Facebook Phishing Attack Could Steal EVERYTHING!

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Brokewell Malware Targets Android Users via Fake TradingView Ads on Meta
September 2, 2025
Podcasts
Von der Leyen and Shapps Flights Hit by Suspected Russian Electronic Warfare
September 2, 2025
Podcasts
Salesforce and Google Workspace Compromised in Largest SaaS Breach
September 2, 2025

Cyber Security News

Czech Cybersecurity Agency Warns Against Chinese Technology in Critical Infrastructure
Cybersecurity
Czech Cybersecurity Agency Warns Against Chinese Technology in Critical Infrastructure
September 8, 2025
Social Engineering Breach Opens Door to Google Salesforce Data Leak
Cybersecurity
Social Engineering Breach Opens Door to Google Salesforce Data Leak
September 8, 2025
Cybersecurity Leadership: An Expert Talks Executive Risk
Cybersecurity
Cybersecurity Leadership: An Expert Talks Executive Risk
September 8, 2025
Hack on In-Flight Connectivity Provider Anuvu Exposes Starlink User Data
Cybersecurity
Hack on In-Flight Connectivity Provider Anuvu Exposes Starlink User Data
September 8, 2025
Wealthsimple Data Breach Leaked Client Information Online
Cybersecurity
Wealthsimple Data Breach Leaked Client Information Online
September 8, 2025
Jaguar Land Rover Cyberattack Severely Disrupts Production, Systems Taken Offline
Cybersecurity
Jaguar Land Rover Cyberattack Severely Disrupts Production, Systems Taken Offline
September 5, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Detection Tools
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike
August 28, 2025
Sweden is reeling from one of the largest public sector cyber incidents in its history. A ransomware attack on Miljödata, an IT services provider supporting ...
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime
August 28, 2025
The cybersecurity world has entered a new era: AI-powered ransomware. Researchers recently uncovered PromptLock, a proof-of-concept malware that uses OpenAI’s gpt-oss:20b model and Lua scripting ...
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
August 28, 2025
The 2025 Purple Knight Report paints a stark picture of enterprise identity security: the average security assessment score for hybrid Active Directory (AD) and Entra ...
AI-Powered Polymorphic Phishing: The New Era of Social Engineering
August 28, 2025
Cybercrime is entering a new phase—one marked by AI-powered phishing attacks, the weaponization of legitimate remote access tools, and the rise of professionalized underground markets. ...
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
August 28, 2025
CPAP’s systems were breached in December 2024, exposing names, SSNs, and protected health information for over 90,000 individuals including military beneficiaries.
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
August 28, 2025
Healthcare Services Group reports a late-2024 intrusion that exposed personal data for 624,000 people; company offers identity protection and continues forensic investigations.
PromptLock Ransomware Uses AI to Encrypt and Steal Data
August 28, 2025
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights risks of weaponized AI in ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
August 28, 2025
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand of 1.5 BTC was reported.
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations
August 28, 2025
The recent Salesforce data breach underscores a growing reality in cybersecurity: even when core SaaS platforms are secure, their third-party integrations often aren’t. Between August ...
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
August 28, 2025
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple AI platforms.
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
August 28, 2025
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not impacted, CNIL was notified.
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
August 28, 2025
A critical SSRF in Docker Desktop (CVE-2025-9074) let containers reach the Docker Engine API and bind host storage; Docker issued Docker Desktop 4.44.3 to fix ...
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
August 28, 2025
CISA warns of actively exploited Git vulnerability CVE-2025-48384 that enables arbitrary code execution via crafted submodules; federal patch deadline set for September 15.
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
August 28, 2025
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing credential-based attacks during US back-to-school ...
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
August 28, 2025
Citrix patches critical NetScaler RCE CVE-2025-7775 exploited in zero-day attacks; admins must upgrade affected NetScaler ADC and Gateway builds immediately.
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
August 28, 2025
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18, with services disrupted for nearly ...
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
August 28, 2025
Forbes found over 370,000 Grok conversations indexed by search engines after users clicked "share," exposing personal data, attachments, passwords, and illicit instructions including assassination plans.
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
August 28, 2025
Murky Panda hijacks trusted cloud relationships to reach downstream customers, abusing Entra ID and DAP paths, reading email, and escalating privileges after initial access via ...
Threat Actor Upgrades Docker API Attacks, Moves Toward Botnet Development
NSW Health Data Breach Exposes Personal and Professional Records Of Nearly 600 Doctors
Wealthsimple Data Breach Exposes Government IDs in Third-Party Attack
Dynatrace Confirms Customer Data Exposure in Salesforce Supply Chain Breach
External Attack Surface Management: CISO’s Guide to Mitigating Risk Before It Strikes
Salesloft Data Breach Exposes 700 Companies Through OAuth Token Attack
U.S. Charges Ukrainian National for Administering Ransomware
Doctors Outraged After NSW Health Department Leaks Personal and Professional Data
Salt Typhoon Breach Exposes U.S. Telecom Wiretap Systems
China Is Blurring the Lines Between Civilian AI and Military Power
Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack
Lovesac Confirms Data Breach Following Ransomware Attack
GhostAction Supply Chain Attack on GitHub Exposes 3,325 Secrets
Qantas Airways Reduces CEO’s Bonus Following July Data Breach
The “s1ngularity” Attack: How Hackers Hijacked Nx and Leaked Thousands of Repositories
Canadian Investment Giant Wealthsimple Hit by Vendor Compromise
FireCompass Raises $20M to Scale AI-Powered Offensive Security
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto
Social Engineering Breach Opens Door to Google Salesforce Data Leak