Main Menu
Cyber Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Sensitive Data at OB/GYN Associates Exposed in Data Breach
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Critical React Native NPM Vulnerability Enables Cross-Platform Command Execution
CVE Vulnerability Alerts
Critical React Native NPM Vulnerability Enables Cross-Platform Command Execution
Andrew Doyle November 4, 2025
A critical flaw in a popular React Native NPM package, CVE-2025-11953, enables arbitrary code execution on Windows, macOS, and Linux, threatening CI/CD pipelines.
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
Application Security
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
Gabby Lee November 4, 2025
A rushed out-of-band patch for a critical WSUS vulnerability has unintentionally broken hotpatching on Windows Server 2025, disabling one of its key uptime features. Administrators ...
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
News
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
Mitchell Langley November 4, 2025
Cybercriminals are hijacking freight shipments by deploying legitimate Remote Monitoring and Management (RMM) tools through phishing campaigns. Once inside logistics networks, attackers use remote access ...
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
Application Security
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
Gabby Lee November 4, 2025
A new remote access trojan dubbed SleepyDuck is disguising itself as a legitimate Visual Studio Code extension to infect developers’ systems. The malware uniquely uses ...
Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
News
Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
Andrew Doyle November 4, 2025
Three former cybersecurity professionals have been indicted in the U.S. for allegedly aiding BlackCat ransomware attacks using insider expertise from their roles at major incident ...
Former Jabber Zeus Developer Extradited to U.S. to Face Cybercrime Charges
News
Former Jabber Zeus Developer Extradited to U.S. to Face Cybercrime Charges
Mitchell Langley November 3, 2025
Ukrainian national Yuriy “MrICQ” Rybtsov has been extradited to the U.S. for his alleged role in developing the infamous Jabber Zeus banking malware. The decade-old ...
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Identity and Access Management
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Mitchell Langley November 3, 2025
Cybercriminals are increasingly exploiting the OAuth 2.0 device code flow to bypass multi-factor authentication, a tactic known as device code phishing. Researchers warn that while ...
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
Cybersecurity
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
Gabby Lee November 3, 2025
A sophisticated exploit has drained over $128 million from Balancer Protocol’s v2 liquidity pools, marking one of DeFi’s largest breaches this year. Attackers used flash ...
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
Microsoft has uncovered a new backdoor malware strain using OpenAI’s Assistants API as a covert command-and-control channel. The discovery marks one of the first cases ...
Indian Government Issues High-Severity Warning for Google Chrome Users
Application Security
Indian Government Issues High-Severity Warning for Google Chrome Users
Andrew Doyle November 3, 2025
CERT-In warns Chrome users in India to update immediately after multiple high-severity vulnerabilities were discovered that allow remote attackers to hijack systems via malicious webpages.
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Cybersecurity
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Mitchell Langley November 3, 2025
South Korea’s telecom giants SK Telecom, KT, and LG Uplus are facing severe cyberattacks, financial losses, and leadership shakeups, exposing systemic weaknesses in national telecom ...
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
Data Security
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
Gabby Lee November 3, 2025
Proton’s Data Breach Observatory uncovered 300 million stolen credentials circulating on the dark web, exposing corporations and individuals worldwide to identity theft and financial fraud ...
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
News
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
Andrew Doyle November 2, 2025
Ukrainian national Oleksii Lytvynenko has been extradited to the U.S. to face charges for aiding the Conti ransomware group, marking a major milestone in cross-border ...
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Data Security
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Andrew Doyle November 2, 2025
A data breach at the University of Pennsylvania has reportedly exposed the personal information of 1.2 million donors after a hacker—who began by emailing “we ...
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
Application Security
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
Mitchell Langley November 2, 2025
A credential leak in the Open VSX registry allowed attackers to publish malicious VS Code extensions, exposing a major supply chain risk. Swift token revocation ...
Australia Issues Urgent Warning as Cisco IOS XE Exploit Sees Ongoing Attacks
CVE Vulnerability Alerts
Australia Issues Urgent Warning as Cisco IOS XE Exploit Sees Ongoing Attacks
Gabby Lee November 2, 2025
Australian authorities have issued an urgent warning over active exploitation of CVE-2023-20198, a critical Cisco IOS XE flaw used to deploy the persistent “BadCandy” webshell. ...
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
Application Security
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
Mitchell Langley November 2, 2025
China-linked APT group Bronze Butler exploited a zero-day flaw in Motex Lanscope Endpoint Manager to deploy an upgraded Gokcpdoor malware variant in targeted Japanese organizations. ...
Google’s AI-Powered Search Signals the Return of Ads What it Means for Security and Strategy
Application Security
Google’s AI-Powered Search Signals the Return of Ads: What it Means for Security and Strategy
Gabby Lee November 2, 2025
Google is integrating advertising into its AI-powered Search Generative Experience (SGE), embedding sponsored results directly within AI summaries and answer boxes. The move redefines ad ...
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
News
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
Andrew Doyle November 2, 2025
China-linked APT group UNC6384 has launched a cyberespionage campaign exploiting a Windows zero-day flaw to infiltrate European diplomatic networks. Researchers say the operation, uncovered by ...
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
Cybersecurity
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
Andrew Doyle October 31, 2025
A misconfigured server at Reputation.com exposed 120 million internal logs containing session cookies and backend data, potentially allowing attackers to hijack customer social media accounts.
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Cybersecurity
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Mitchell Langley November 11, 2025
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Mitchell Langley November 11, 2025
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Gabby Lee November 9, 2025
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Mitchell Langley November 6, 2025

TOP CYBERSECURITY HEADLINES

Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in 'expr-eval' Library Enables Remote Code Execution
Application Security
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
News
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

This Week’s Security Spotlight

Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Gabby Lee November 11, 2025
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Gabby Lee November 6, 2025
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
More In News
Trending
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
How Device Code Phishing Abuses OAuth Flows on Google and Azure
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak
October 24, 2025
Podcasts
Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution
October 24, 2025
Podcasts
BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws
October 24, 2025

Cyber Security News

Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Application Security
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
November 9, 2025
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
Application Security
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
November 9, 2025
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
CVE Vulnerability Alerts
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
November 9, 2025
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Application Security
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
November 7, 2025
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
November 6, 2025
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Cybersecurity
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
November 6, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
November 4, 2025
A new remote access trojan dubbed SleepyDuck is disguising itself as a legitimate Visual Studio Code extension to infect developers’ systems. The malware uniquely uses ...
Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
November 4, 2025
Three former cybersecurity professionals have been indicted in the U.S. for allegedly aiding BlackCat ransomware attacks using insider expertise from their roles at major incident ...
Former Jabber Zeus Developer Extradited to U.S. to Face Cybercrime Charges
November 3, 2025
Ukrainian national Yuriy “MrICQ” Rybtsov has been extradited to the U.S. for his alleged role in developing the infamous Jabber Zeus banking malware. The decade-old ...
How Device Code Phishing Abuses OAuth Flows on Google and Azure
November 3, 2025
Cybercriminals are increasingly exploiting the OAuth 2.0 device code flow to bypass multi-factor authentication, a tactic known as device code phishing. Researchers warn that while ...
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
November 3, 2025
A sophisticated exploit has drained over $128 million from Balancer Protocol’s v2 liquidity pools, marking one of DeFi’s largest breaches this year. Attackers used flash ...
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
November 3, 2025
Microsoft has uncovered a new backdoor malware strain using OpenAI’s Assistants API as a covert command-and-control channel. The discovery marks one of the first cases ...
Indian Government Issues High-Severity Warning for Google Chrome Users
November 3, 2025
CERT-In warns Chrome users in India to update immediately after multiple high-severity vulnerabilities were discovered that allow remote attackers to hijack systems via malicious webpages.
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
November 3, 2025
South Korea’s telecom giants SK Telecom, KT, and LG Uplus are facing severe cyberattacks, financial losses, and leadership shakeups, exposing systemic weaknesses in national telecom ...
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
November 3, 2025
Proton’s Data Breach Observatory uncovered 300 million stolen credentials circulating on the dark web, exposing corporations and individuals worldwide to identity theft and financial fraud ...
Conti Ransomware Associate Oleksii Lytvynenko Charged After U.S. Extradition
November 2, 2025
Ukrainian national Oleksii Lytvynenko has been extradited to the U.S. to face charges for aiding the Conti ransomware group, marking a major milestone in cross-border ...
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
November 2, 2025
A data breach at the University of Pennsylvania has reportedly exposed the personal information of 1.2 million donors after a hacker—who began by emailing “we ...
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
November 2, 2025
A credential leak in the Open VSX registry allowed attackers to publish malicious VS Code extensions, exposing a major supply chain risk. Swift token revocation ...
Australia Issues Urgent Warning as Cisco IOS XE Exploit Sees Ongoing Attacks
November 2, 2025
Australian authorities have issued an urgent warning over active exploitation of CVE-2023-20198, a critical Cisco IOS XE flaw used to deploy the persistent “BadCandy” webshell. ...
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
November 2, 2025
China-linked APT group Bronze Butler exploited a zero-day flaw in Motex Lanscope Endpoint Manager to deploy an upgraded Gokcpdoor malware variant in targeted Japanese organizations. ...
Google’s AI-Powered Search Signals the Return of Ads: What it Means for Security and Strategy
November 2, 2025
Google is integrating advertising into its AI-powered Search Generative Experience (SGE), embedding sponsored results directly within AI summaries and answer boxes. The move redefines ad ...
China-Linked UNC6384 Exploits Windows Zero-Day to Target EU Diplomats
November 2, 2025
China-linked APT group UNC6384 has launched a cyberespionage campaign exploiting a Windows zero-day flaw to infiltrate European diplomatic networks. Researchers say the operation, uncovered by ...
Reputation.com Data Leak Exposes 120 Million Internal Logs Containing Customer Session Data
October 31, 2025
A misconfigured server at Reputation.com exposed 120 million internal logs containing session cookies and backend data, potentially allowing attackers to hijack customer social media accounts.
Hackers Claim Breach of Viz Media Executive Account, Exfiltrating 250GB of Corporate Data
October 31, 2025
Hackers claim to have breached Viz Media’s vice president’s Google Drive, stealing 250GB of corporate data, credentials, and licensing documents now being sold on dark ...
Russian Police Arrest Teenagers Behind Meduza Infostealer Operation
October 31, 2025
Russian police arrested three teenagers behind the Meduza Infostealer operation, exposing a teenage-run malware service that stole credentials and state data across multiple systems.
Trend Vision One Identity Security Review: Unified Identity-Centric Threat Detection and Risk Management for the Enterprise
October 31, 2025
Trend Vision One Identity Security delivers unified visibility into human and non-human identities, posture assessment and threat detection across cloud, hybrid and on-premises infrastructure for ...
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Route Redirect Automates Large-Scale Microsoft 365 Phishing
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Sensitive Data at OB/GYN Associates Exposed in Data Breach
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach