Cyber Security
BioShocking Attack Turns AI Browsers Into Credential Thieves
Working Exploit Published for LoadMaster CVE-2026-8037 RCE
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
Three Daktronics Controller Flaws Allow Remote Highway Sign Hijack
Gitea CVE-2026-20896 Auth Bypass Exploited via One HTTP Header
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store
Public PoC Drops for Critical libssh2 Flaw CVE-2026-55200
Hijacked npm and Go Packages Exploit VS Code MCP to Deploy Infostealer
SBU and FBI Expose Russian FSB and GRU Signal Key Theft Campaign
US Offers $10M Bounty for Russian Hackers UNC5792 and UNC4221
Mozilla 0DIN Shows AI Coding Agents Can Be Tricked via DNS TXT
White House Cybersecurity Review Restricts GPT-5.6 and Anthropic
Athena Coalition Finds 20,000+ Flaws in 500 Open-Source Projects
Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce
Law Enforcement Clears 15,000 SocGholish WordPress Sites
ShapedPlugin Update System Hacked, Malicious Code Pushed to Customers
Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
DOJ Seizes Huione Group Cloud Accounts in $4B Fraud Crackdown
Cisco Unified CM SSRF Flaw CVE-2026-20230 Under Active Exploit
Two Scattered Spider Members Plead Guilty in TfL Hack Case
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
Algerian Phishing Marketplace Operator Extradited to US
Anthropic’s Mythos AI Found Flaws in Classified US Government Systems
Samsung KNOX Kernel Flaw CVE-2026-20971 Affects Galaxy S9 to S25
macOS ClickFix Variant Silently Mounts DMG to Deploy AMOS Stealer
Dify DifyTap Flaws Expose Cross-Tenant AI App Data
Blog
What Is Data Security Posture Management? A Complete DSPM Guide
Data security posture management (DSPM) continuously discovers and classifies sensitive data to reduce breach risk in multi-cloud environments.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Attackers hijacked a dormant npm contributor account and backdoored 144 Mastra AI packages, exposing 1.1 million weekly downloads to a RAT dropper payload.
Application Security
15 JetBrains Plugins Steal AI API Keys in Eight-Month Campaign
Fifteen malicious JetBrains Marketplace plugins stole OpenAI, DeepSeek, and SiliconFlow API keys from 70,000 IDE users across an eight-month campaign.
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
ShinyHunters claimed 2.2 million stolen Kodak records and set a publication deadline; Kodak confirmed a breach and engaged external cybersecurity experts.
Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
CISA added CVE-2026-48907 to its KEV catalog as automated exploit campaigns target the unauthenticated file upload flaw in the Joomla Content Editor plugin.
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Symantec found that DragonForce ransomware deployed Backdoor.Turn, a Go implant that hides C2 traffic inside Microsoft Teams TURN relay infrastructure.
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they then exfiltrated.
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Application Security
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed them.
Cybersecurity
GhostTree NTFS Junctions Paralyze Windows Defender Scans
Varonis disclosed GhostTree, an NTFS junction technique that uses recursive loops to block Windows Defender scans, requiring only standard user permissions.
Application Security
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Blog
Endpoint Security Solutions: How to Protect Every Enterprise Device
Discover what endpoint security solutions are, how EDR and EPP work, and how to implement enterprise endpoint protection.
Cybersecurity
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Google's GTIG disclosed UNC6508, a China-nexus group that maintained silent email forwarding inside US medical and military research networks for more than two years using ...
Application Security
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...
CVE Vulnerability Alerts
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued a 13-day federal deadline.
Application Security
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
Cybersecurity
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
Cybersecurity
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
DOJ seized CFAKE.com and SOCFAKE.com in the first TAKE IT DOWN Act enforcement, following a French arrest of the 31-year-old SOCFAKE operator and 340,000 registered ...
Cybersecurity
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
CybersecurityNews and SOCRadar exposed The Quarry, a PhaaS platform active since April 2026 running IRS and SSA impersonation campaigns that silently install ConnectWise ScreenConnect for ...
Cybersecurity
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
Application Security
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
CVE Vulnerability Alerts
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
Cybersecurity
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Application Security
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
CVE Vulnerability Alerts
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
Cybersecurity
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
ShinyHunters claimed 2.2 million stolen Kodak records and set a publication deadline; Kodak confirmed a breach and engaged external cybersecurity experts.
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
CISA added CVE-2026-48907 to its KEV catalog as automated exploit campaigns target the unauthenticated file upload flaw in the Joomla Content Editor plugin.
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Symantec found that DragonForce ransomware deployed Backdoor.Turn, a Go implant that hides C2 traffic inside Microsoft Teams TURN relay infrastructure.
iRhythm Confirms PHI Exfiltration via Social Engineering
iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they then exfiltrated.
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed them.
GhostTree NTFS Junctions Paralyze Windows Defender Scans
Varonis disclosed GhostTree, an NTFS junction technique that uses recursive loops to block Windows Defender scans, requiring only standard user permissions.
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Endpoint Security Solutions: How to Protect Every Enterprise Device
Discover what endpoint security solutions are, how EDR and EPP work, and how to implement enterprise endpoint protection.
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Google's GTIG disclosed UNC6508, a China-nexus group that maintained silent email forwarding inside US medical and military research networks for more than two years using ...
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued a 13-day federal deadline.
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
DOJ seized CFAKE.com and SOCFAKE.com in the first TAKE IT DOWN Act enforcement, following a French arrest of the 31-year-old SOCFAKE operator and 340,000 registered ...
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
CybersecurityNews and SOCRadar exposed The Quarry, a PhaaS platform active since April 2026 running IRS and SSA impersonation campaigns that silently install ConnectWise ScreenConnect for ...
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
ShinyHunters claims 61 million records stolen from Sysco's Salesforce CRM, including pricing schedules and contact data, with a June 18 publication deadline.