Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
WatchGuard Fireware OS Vulnerability CVE-2025-9242 Enables Remote Code Execution
Application Security
WatchGuard Fireware OS Vulnerability: CVE-2025-9242 Enables Remote Code Execution
Andrew Doyle October 17, 2025
A critical flaw in WatchGuard Fireware OS (CVE-2025-9242) allows remote, unauthenticated code execution through vulnerable VPN configurations and is already being actively exploited. Even devices ...
SonicWall VPN Breach Over 100 Accounts Compromised in Security Incident
Application Security
SonicWall VPN Breach: Over 100 Accounts Compromised in Security Incident
Gabby Lee October 17, 2025
Attackers have compromised over 100 SonicWall VPN accounts by exploiting stolen credentials, unpatched vulnerabilities, and OTP seed theft to bypass MFA. Threat groups like UNC6148 ...
Stealit Malware Exploits Node.js Sneaky Infection via Game and VPN Installers
Application Security
Stealit Malware Exploits Node.js: Sneaky Infection via Game and VPN Installers
Mitchell Langley October 17, 2025
Cybersecurity researchers have uncovered a stealthy malware campaign abusing Node.js’s Single Executable Application feature to package Stealit malware as fake game and VPN installers. Distributed ...
Linux Rootkit Conceals Itself with eBPF & Magic Packets Exploiting CVE-2024-23897
Application Security
Linux Rootkit Conceals Itself with eBPF & Magic Packets: Exploiting CVE-2024-23897
Andrew Doyle October 17, 2025
A sophisticated Linux rootkit dubbed LinkPro uses eBPF modules and magic TCP packets to stay hidden and activate on demand. Discovered after attackers exploited a ...
GPT-4-Powered MalTerminal Malware Automates Ransomware Creation Reverse Shells at Scale
Data Security
GPT-4-Powered MalTerminal Malware Automates Ransomware Creation: Reverse Shells at Scale
Mitchell Langley October 17, 2025
MalTerminal, a next-generation malware, embeds GPT-4 to autonomously generate ransomware or reverse shells at runtime, producing unique payloads that bypass signature-based defenses. Researchers say it ...
Wondershare RepairIt Vulnerabilities Exposed CVE-2025-10643 & 10644 Threaten Data & AI Models
Application Security
Wondershare RepairIt Vulnerabilities Exposed: CVE-2025-10643 & 10644 Threaten Data & AI Models
Gabby Lee October 17, 2025
Two critical vulnerabilities in Wondershare RepairIt (CVE-2025-10643 and CVE-2025-10644) allow unauthenticated remote code execution through misconfigured storage tokens. With CVSS scores up to 9.4 and ...
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Cybersecurity
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
Andrew Doyle October 16, 2025
MANGO says a marketing vendor compromise exposed customer first names, countries, postal codes, email and phone data. Core accounts, financials, and credentials were not impacted.
NPM Supply Chain Attack 175 Malicious Packages Target Industrial Firms
Application Security
NPM Supply Chain Attack: 175 Malicious Packages Target Industrial Firms
Gabby Lee October 16, 2025
A wave of coordinated supply chain attacks is targeting the NPM ecosystem, with over 400 malicious packages used to deploy malware, steal credentials, and compromise ...
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
Cybersecurity
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
Mitchell Langley October 16, 2025
F5 disclosed a breach in which threat actors exfiltrated portions of BIG-IP source code and undisclosed vulnerability information. CISA ordered federal agencies to patch and ...
Sotheby’s Confirms Data Breach Exposing Financial Information
Cybersecurity
Sotheby’s Confirms Data Breach Exposing Financial Information
Andrew Doyle October 16, 2025
Sotheby’s confirmed a cyber intrusion in July 2025 that exposed names, Social Security numbers and financial account details. It is offering identity monitoring and investigating.
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Cybersecurity
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Gabby Lee October 16, 2025
Phishing emails impersonating LastPass and Bitwarden lure users to install malicious binaries. The payload deploys Syncro and ScreenConnect for remote PC control, code execution and ...
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
News
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
Gabby Lee October 16, 2025
A 20-year-old college student has been sentenced to four years in prison for hacking PowerSchool and stealing data from more than 70 million students and ...
ICTBroadcast Servers Under Threat Cookie Vulnerability Enables Remote Code Execution
Application Security
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
Andrew Doyle October 16, 2025
A critical vulnerability in ICTBroadcast (CVE-2025-2611) enables unauthenticated remote code execution through malicious session cookies. With public exploits and Metasploit modules available, attackers are actively ...
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Application Security
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
Mitchell Langley October 16, 2025
A critical CVSS 10.0 vulnerability in SAP NetWeaver AS Java (CVE-2025-42944) allows unauthenticated attackers to remotely execute OS commands through insecure deserialization in the RMI-P4 ...
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Network Security
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
Gabby Lee October 16, 2025
A critical use-after-free vulnerability in Redis (CVE-2025-49844) enables remote code execution via Lua scripting. Affecting all versions up to 8.2.1, the flaw is already being ...
Industrial Control at Risk Red Lion RTU Vulnerabilities Score 10.0 CVSS
Application Security
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Andrew Doyle October 16, 2025
Researchers uncovered two critical Red Lion Sixnet RTU vulnerabilities that allow attackers to bypass authentication and execute root-level commands remotely. Widely used in energy, water, ...
Salesforce Hacks Extortion Group Leaks Millions of Sensitive Records
Information Security
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
Mitchell Langley October 16, 2025
A unified extortion group known as Scattered Lapsus$ Hunters exploited OAuth token leaks from Salesloft integrations to infiltrate Salesforce-connected systems. At least 44 major companies ...
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Data Security
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Gabby Lee October 16, 2025
Capita has been fined £14 million by the UK ICO for failing to prevent a 2023 cyberattack that exposed data from over 6.6 million people. ...
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Cybersecurity
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
Andrew Doyle October 15, 2025
U.S. authorities seized $15 billion in bitcoin linked to a major “pig butchering” scam run by Chen Zhi and Prince Holding Group, combining fraud and ...
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Cybersecurity
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Gabby Lee October 15, 2025
Pixnapping is a new Android attack that steals 2FA codes and on-screen data by reading pixel rendering side-channels—no permissions needed, and effective in under 30 ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Cloud Computing Heist: $3.5 Million Fraud Leads to Prison for Fake Crypto Influencer
August 19, 2025
Podcasts
Embassy Espionage: Kimsuky and Suspected Chinese Partners Deploy XenoRAT in Seoul
August 19, 2025
Podcasts
GSMA Confirms Flaws: Researchers Unveil Dangerous 5G Sniffing and Injection Attack
August 19, 2025

Cyber Security News

ServiceNow Acquires Armis for $7.75 Billion, Boosting Cybersecurity Capabilities
Cybersecurity
ServiceNow Acquires Armis for $7.75 Billion, Boosting Cybersecurity Capabilities
December 24, 2025
WebRAT Malware Utilizing GitHub for Malicious Distribution
Cybersecurity
WebRAT Malware Utilizing GitHub for Malicious Distribution
December 24, 2025
n8n Automation Platform Faces Severe Security Issue
Application Security
n8n Automation Platform Faces Severe Security Issue
December 24, 2025
Dangerous Chrome Extensions Phantom Shuttle Targets Sensitive Data
Application Security
Dangerous Chrome Extensions: Phantom Shuttle Targets Sensitive Data
December 24, 2025
French National Postal Service Disruption Affects Millions of Users
Cybersecurity
French National Postal Service Disruption Affects Millions of Users
December 24, 2025
Nissan Cyberattack Hackers Compromise Red Hat GitLab Instances
Data Security
Nissan Cyberattack: Hackers Compromise Red Hat GitLab Instances
December 24, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Myanmar Military Dismantles Cybercrime Hub, Over 2,000 Arrested
October 22, 2025
Myanmar’s military has dismantled the notorious KK Park scam compound near the Thai border, detaining over 2,000 people in one of Southeast Asia’s largest cybercrime ...
Odido Fined €1.5 Million for Inadequate Security in Wiretapping System
October 22, 2025
The Dutch RDI fined Odido €1.5 million after finding external suppliers had access to its wiretapping system, risking exposure of state secrets and criminal data.
Verisure Data Breach Compromises 35,000 Swedish Alert Alarm Users
October 22, 2025
A data breach at Verisure’s third-party billing partner exposed personal details of 35,000 Alert Alarm users, prompting forensic analysis but leaving Verisure’s core systems unaffected.
Getir Probes Alleged Data Leak After Hackers Claim Breach of Company Intranet
October 22, 2025
Hackers claim to have breached Getir’s intranet, leaking internal metadata. Researchers suggest the data originated from a third-party provider, posing social engineering and system exposure ...
CISA Alert: Actively Exploited Adobe AEM Forms Vulnerability
October 22, 2025
A critical flaw in Adobe Experience Manager Forms (CVE-2025-54253) is being actively exploited, allowing unauthenticated remote code execution via a misconfigured Struts debug mode. CISA ...
ReliaQuest GreyMatter Review — Agentic AI Security Operations for Enterprise Protection
October 21, 2025
ReliaQuest GreyMatter delivers an agentic AI security operations platform that enables CISOs to detect threats at the source, reduce alert noise, and respond within minutes.
North Korean Hackers Enhance Malware with Merged BeaverTail and OtterCookie Tools
October 21, 2025
North Korean hackers have merged the BeaverTail and OtterCookie malware into a new espionage tool, OtterCookie v5, targeting developers and cryptocurrency firms. The modular malware ...
Experian Fined €2.7 Million by Dutch Regulator for Mass Collection of Personal Data
October 21, 2025
Experian Netherlands was fined €2.7 million for using aggregated public and private data to build large consumer profiles without informing individuals or obtaining appropriate consent ...
Envoy Air Data Breach: Oracle EBS Exploit Exposes Sensitive Data
October 21, 2025
Envoy Air confirmed a cybersecurity breach tied to Oracle’s E-Business Suite zero-day (CVE-2025-61882), exploited by the Clop ransomware group. While no sensitive customer data was ...
Everest Ransomware Group Claims Collins Aerospace Attack Linked to Europe’s Airport Disruptions
October 21, 2025
The Everest ransomware group claimed responsibility for Collins Aerospace’s cyberattack, linking it to last month’s European airport chaos that disrupted check-in systems across multiple major ...
TikTok Videos Instructing Users To Run PowerShell Commands
October 21, 2025
Researchers warn of a TikTok campaign where short “activation” videos urge users to paste PowerShell commands that secretly download malware. The scripts install credential stealers, ...
Microsoft Ties Storm-1175 to Medusa Ransomware via GoAnywhere Flaw (CVSS 10.0)
October 21, 2025
Microsoft has linked the exploitation of a critical GoAnywhere MFT vulnerability (CVE-2025-10035) to the Storm-1175 threat group, operators of the Medusa ransomware. The flaw, rated ...
Pwn2Own Automotive 2026 Offers $3M+ in Prizes for Security Vulnerabilities
October 21, 2025
Trend Micro’s Zero Day Initiative will host Pwn2Own Automotive 2026 in Tokyo, offering over $3 million for exploits targeting Tesla systems, EV chargers, and automotive ...
Muji Suspends Online Sales in Japan After Askul Ransomware Attack
October 21, 2025
Muji has halted its Japanese online sales following a ransomware attack on its logistics partner, Askul Corporation, disrupting orders, shipments, and digital retail services.
Violet Typhoon: China-Nexus Espionage Actor
October 21, 2025
Violet Typhoon, a China-linked cyber-espionage actor active since 2015, targets governments, NGOs, and academic institutions using SharePoint zero-day exploits. Its “ToolShell” campaign installs web shells, ...
Pwn2Own Automotive 2026: $3 Million Bounty Targets Tesla and EV Infrastructure Flaws
October 20, 2025
The upcoming Pwn2Own Automotive 2026 hacking contest, hosted by Trend Micro’s Zero Day Initiative (ZDI), is set to redefine the economics of automotive cybersecurity. With ...
China Claims NSA Breached National Time Network, Threatening Finance and Defense Stability
October 20, 2025
China’s Ministry of State Security (MSS) has publicly accused the U.S. National Security Agency (NSA) of conducting a multi-year cyber espionage campaign targeting its National ...
Cl0p Ransomware Targets Oracle E-Business Suite in Global Data Extortion Spree
October 20, 2025
A new wave of Cl0p ransomware attacks has struck organizations worldwide by exploiting vulnerabilities in Oracle’s E-Business Suite (EBS) — a mission-critical enterprise management platform ...
ConnectWise Automate Patches Critical Flaws Allowing AitM and Malicious Updates
October 20, 2025
Critical flaws in ConnectWise Automate allow agents to communicate over unencrypted HTTP and accept unsigned updates, opening the door to adversary-in-the-middle attacks and malicious code ...
Netcore Cloud Data Leak: 13TB Breach Exposes 40 Billion Records
October 20, 2025
A massive data breach at Netcore Cloud exposed more than 40 billion records in a 13.4TB unsecured database, leaking email logs, healthcare messages, partial banking ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited