Cyber Security
News
APT41 Exploits Google Calendar for Stealth Malware Control and Data Theft
Chinese APT41 hackers used Google Calendar to run malware operations and exfiltrate data, exploiting Calendar events for covert command-and-control and stealth communications.
News
RE/MAX Targeted by Medusa Ransomware in Alleged 150GB Data Breach
Medusa ransomware claims a 150GB data breach at RE/MAX and demands $200K ransom. Exposed files include agent details, commissions, and internal property documents.
News
German Cybersecurity Agency Flags Critical Windows Server 2025 Flaw Enabling Domain Takeover
BSI warns of an unpatched flaw in Windows Server 2025 Active Directory that allows domain takeover via dMSA. Microsoft rates it moderate; Germany rates it ...
News
1.6 Million Customer Emails Exposed in Etsy and TikTok Shop Data Leak
An exposed Azure storage bucket leaked 1.6 million customer emails from Etsy, TikTok Shop, and others, revealing names, addresses, and order data.
News
Everest Ransomware Targets Jordan Kuwait Bank in Alleged Data Breach
Everest ransomware group claims to have breached Jordan Kuwait Bank, stealing 11.7GB of internal data, including personal employee details, and demanding ransom by May 31. ...
News
Chaos Ransomware Claims Attack on Global Charity Giant Salvation Army
Chaos ransomware has claimed a cyberattack on the Salvation Army, threatening to leak sensitive charity data unless demands are met. Scope and content remain undisclosed. ...
News
Alleged AT&T Data Breach Exposes 31 Million Records
Hackers claim to have leaked 31 million AT&T user records, including tax IDs and IPs, though researchers cannot confirm the breach due to limited data ...
News
Russian Espionage Group ‘Laundry Bear’ Hacks Dutch Police and NATO-Aligned Targets
Dutch intelligence links a new Russian cyber espionage group, Laundry Bear, to attacks on NATO entities and the Dutch police targeting sensitive military and diplomatic ...
News
Firmware and Bootloaders Under Attack as Hackers Target Pre-OS Environments
Hackers are escalating attacks on BIOS and bootloaders, exploiting pre-OS vulnerabilities to maintain persistence, evade detection, and bypass Secure Boot protections.
News
Everest Ransomware Gang Targets $5.4B Global Hospital Group Mediclinic
Everest ransomware gang claims cyberattack on global hospital group Mediclinic, stealing employee data and 4GB of internal files. Ransom deadline set for five days.
News
Rhysida Ransomware Gang Claims Cyberattack on Brazilian Chevrolet Retailer
Rhysida ransomware gang claims to have breached Carrera, a leading Brazilian Chevrolet dealership, demanding $1 million and threatening to leak passports and contracts.
News
Coca-Cola Data Breach: Employee Details Leaked After Ignored Ransom Demand
Hackers leaked Coca-Cola employee data after the company ignored Everest ransomware’s ransom demand. The breach exposed passport scans, visa documents, and personal IDs online.
News
Coinbase Faces Investor Lawsuit After Data Breach Exposes 69,000+ Customers
Coinbase faces a class action lawsuit after a breach exposed data of over 69,000 users. Insider involvement and financial impact raise enterprise security concerns.
News
Global Data Breach Exposes 184 Million Credentials from Major Tech and Government Platforms
A global data breach exposed 184 million credentials from tech, government, and banking platforms, highlighting serious risks of credential stuffing, phishing, and ransomware attacks.
News
Healthcare Data Breaches Hit Providers in Four U.S. States, Impacting Over 60,000 Individuals
Healthcare data breaches in NJ, PA, IA, and LA compromise sensitive information of over 60,000 individuals, including Social Security numbers and health records.
News
U.S. and Allies Release Security Guidance to Protect AI Models from Tampering and Exploitation
The U.S. and allies urge stronger protections for AI systems, warning that data tampering and system vulnerabilities pose rising risks to critical infrastructure.
News
Adidas Confirms Third-Party Data Breach Exposing Global Customer Information
Adidas confirms a third-party data breach involving customer service data. No payment information was leaked, but global exposure is possible due to Adidas' vast reach. ...
News
Cetus Protocol Hit by $223 Million Cryptocurrency Heist, $5M Bounty Offered
Hackers stole $223 million from Cetus Protocol via a blockchain exploit. The platform offers a whitehat deal and $5 million bounty to recover stolen funds. ...
News
Qilin Ransomware Gang Targets Luxury Jet Firm Elit Avia, Leaks Staff Documents
Ransomware group Qilin posts alleged staff data from Elit Avia, including passport photos, raising security concerns for employees at the luxury private jet operator.
News
Operation Endgame Dismantles 300 Servers in Global Ransomware Infrastructure Crackdown
Operation Endgame dismantled 300 servers and 650 domains supporting ransomware campaigns, while U.S. authorities indicted 16 cybercriminals tied to DanaBot malware and botnet operations.
TOP CYBERSECURITY HEADLINES
SECURITYWEEK INDUSTRY EXPERTS
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Threat Actors
- Threat Detection Tools
- Uncategorized
Mirai Strikes Again: Spring4Shell, Wazuh, and TBK DVRs Exploited in Live Campaigns
In this episode, we dive into the latest wave of active Mirai botnet campaigns exploiting high-severity remote code execution (RCE) vulnerabilities in critical enterprise and ...
UNFI Breach: How One Cyberattack Shook the North American Food Supply
On June 5, 2025, United Natural Foods Inc. (UNFI)—North America’s largest publicly traded wholesale food distributor and primary supplier for Whole Foods—was struck by a ...
Ticketmaster Data from Snowflake Attack Appears Briefly on Arkana Security Extortion Site
Old Ticketmaster data stolen in the 2024 Snowflake attack was briefly relisted for sale by Arkana Security, sparking confusion over a possible new breach.
Ransomware Attack on Sensata Technologies Leads to Data Breach Impacting Employee Information
Sensata Technologies confirms employee data was stolen in a ransomware breach that impacted operations and exposed sensitive personal and financial details from current and former ...
United Natural Foods Cyberattack Disrupts Operations Across North America
United Natural Foods, a key supplier to Whole Foods, suffered a cyberattack that disrupted customer orders and forced systems offline as investigations and recovery efforts ...
Over 84,000 Roundcube Webmail Servers Exposed to Actively Exploited Remote Code Flaw
Over 84,000 Roundcube webmail servers remain exposed to a critical RCE flaw (CVE-2025-49113) despite a June 2025 patch fixing the vulnerability.
SentinelOne Targeted in Sophisticated China-Linked Supply Chain Attack Attempt
Chinese threat actors linked to APT15 and APT41 attempted to compromise SentinelOne through a third-party logistics provider using ShadowPad and GOREshell malware in a global ...
Scattered Spider: A Web of Social Engineering
Scattered Spider, also known as UNC3944, is a financially motivated cybercriminal group known for its sophisticated social engineering tactics and ability to navigate cloud environments.
Malware-as-Code: The Rise of DaaS on GitHub and the Collapse of Open-Source Trust
In this episode, we dissect one of the most sophisticated ongoing cybercrime trends—malware campaigns weaponizing GitHub repositories to compromise developers, gamers, and even rival hackers. ...
Hacker Claims Massive Claro, Movistar Data Breach — Companies Dispute Authenticity
A hacker claims to sell data from Claro and Movistar, affecting over 35 million users, but telecom companies dispute the breach or question its legitimacy. ...
The New Era of AI in Cybersecurity: How AI-Generated Malware is Shaping Threats
The integration of artificial intelligence (AI) into both cybercrime and cybersecurity has created a pivotal shift. This blog delves into the dangers of AI-generated malware, ...
ClickFix: How Fake Browser Errors Became the Internet’s Most Dangerous Trap
In this episode, we dive deep into ClickFix, also tracked as ClearFix or ClearFake—a highly effective and deceptive malware delivery tactic that emerged in early ...
Exposed and Extorted: The ViLE Hackers and the Legal Gaps Enabling Doxing
Cybercrime is rapidly evolving—and so are its tactics. In this episode, we dissect the findings of SoSafe’s Cybercrime Trends 2025 report and explore the six ...
APT40: Chinese State Sponsored APT
APT40, also known as ATK29, BRONZE MOHAWK, G0065, GADOLINIUM, Gingham Typhoon, ISLANDDREAMS, ITG09, KRYPTONITE PANDA, Leviathan, MUDCARP, Red Ladon, TA423, TEMP.Jumper, and TEMP.Periscope, is an ...
The North Face Confirms Credential Stuffing Attack, Customer Accounts Exposed
The North Face warns customers of a credential stuffing attack in April that compromised account information but left payment card data untouched, thanks to tokenized ...
Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records
Hackers claim to have breached Cyprus Airways, stealing 41GB of passenger and staff data and maintaining real-time access to flight systems and travel information.
Gunra Ransomware Group Claims Massive Breach at American Hospital Dubai
Gunra ransomware claims to have stolen 450 million records from American Hospital Dubai, threatening to leak the data if ransom demands are not met by ...
Cartier Cyberattack Exposes Customer Data as Retail Sector Faces Ongoing Threats
Cartier confirms a cyberattack exposed customer data as cyber threats rise across the retail sector, affecting brands like Marks & Spencer, Victoria’s Secret, and Harrods. ...
Chrome Under Fire: Three Zero-Days, One Month, and Nation-State Exploits
In this episode, we dive deep into three actively exploited zero-day vulnerabilities discovered in Google Chrome in 2025, each of which was patched in rapid ...
Medical Data Breach Affected Dental Service Infrastructure
An exposed MongoDB database revealed 2.7 million patient records and 8.8 million appointments, likely linked to Gargle, a dental marketing provider, prompting HIPAA scrutiny.