Main Menu
Cyber Security
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
What is Cloud Detection and Response (CDR) and How Does it Work
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
France’s Tchap Messaging App Breached, 643K Messages Exposed
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
FortiGate Firewalls Fall Victim to Security Breaches Despite Patches
Application Security
FortiGate Firewalls Fall Victim to Security Breaches Despite Patches
Gabby Lee January 28, 2026
Attackers are intruding into FortiGate firewalls by manipulating configurations and bypassing single sign-on protections. Administrators report persistent security issues, even after applying the latest security ...
SmarterMail Vulnerability Exploited to Reset Admin Passwords
Application Security
SmarterMail Vulnerability Exploited to Reset Admin Passwords
Andrew Doyle January 28, 2026
Attackers exploit a serious vulnerability (CVE-2026-23760) in SmarterMail, allowing malicious actors to bypass authentication and reset admin passwords.
Cybercriminals Exploit Microsoft SharePoint to Target Energy Sector
Application Security
Cybercriminals Exploit Microsoft SharePoint to Target Energy Sector
Andrew Doyle January 28, 2026
Microsoft SharePoint services are being manipulated by attackers targeting energy-sector companies. Harvesting credentials paves the way for control of corporate emails, after which phishing emails ...
Microsoft Enhances Teams With Fraud Protection Calling Safeguards in Focus
Application Security
Microsoft Enhances Teams With Fraud Protection: Calling Safeguards in Focus
Mitchell Langley January 28, 2026
Microsoft is rolling out new fraud protection features for Teams to combat external caller impersonation risks. Aimed at preventing social engineering attacks, these features will ...
New Advances in Page Cache Exploitation by Austrian Researchers
Cybersecurity
New Advances in Page Cache Exploitation by Austrian Researchers
Gabby Lee January 28, 2026
Researchers at Austria's Graz University have enhanced Linux page cache attack methods, significantly increasing execution speed. This revives concerns about the vulnerability, impacting Linux-based systems ...
NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat
Threat Actors
NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat
Andrew Doyle January 22, 2026
Decentralized pro-Russian hacktivist cells execute targeted DDoS campaigns across Europe, leveraging volunteer botnets and pre-announced attacks to disrupt governments, banks, and public services, aligning with ...
CVE Vulnerability Alert! CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
CVE Vulnerability Alerts
CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
Mitchell Langley January 22, 2026
CVE-2025-64671 enables remote code execution in GitHub Copilot for JetBrains through cross prompt injection, allowing attackers to manipulate AI-generated instructions within developer environments.
VMware Carbon Black Review Advanced Endpoint Detection and Response
Product Reviews
VMware Carbon Black Review: Advanced Endpoint Detection and Response
Gabby Lee January 22, 2026
VMware Carbon Black is an enterprise-class security platform designed to deliver continuous visibility, behavioral analytics, and real-time detection and response ...
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Cybersecurity
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Mitchell Langley January 22, 2026
Misconfigured security training apps are increasingly targeted by threat actors, leading to cloud breaches in major organizations. As training apps are widely used, this new ...
aiFWall Launches to Elevate AI Protection in Cyber Security
Application Security
aiFWall Launches to Elevate AI Protection in Cyber Security
Andrew Doyle January 22, 2026
aiFWall, a company that has recently come out of stealth mode, has introduced a groundbreaking AI-powered firewall technology. Designed specifically to enhance the protection of ...
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Application Security
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Gabby Lee January 22, 2026
After the recent Windows security updates, Outlook users have reported system freezes. Microsoft has now offered a workaround to mitigate this impact, allowing users to ...
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
Cybersecurity
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
Andrew Doyle January 22, 2026
Cloudflare patched a vulnerability in its ACME validation mechanism. The issue involved handling requests to the "/.well-known/acme-challenge/" directory, posing security risks.
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Cybersecurity
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Mitchell Langley January 22, 2026
CyberNut has secured $5 million in growth capital, building upon the initial $800k pre-seed funding. This investment is aimed at advancing its cybersecurity platform's capabilities, ...
Contagious Interview Campaign Targets Multiple Sectors Worldwide
News
Contagious Interview Campaign Targets Multiple Sectors Worldwide
Mitchell Langley January 22, 2026
The Contagious Interview cyber campaign targets multiple sectors worldwide, impacting IP addresses and organizations in AI, finance, and other industries.
Zoom's Critical Security Update Resolves Severe Vulnerability
CVE Vulnerability Alerts
Zoom’s Critical Security Update Resolves Severe Vulnerability
Mitchell Langley January 22, 2026
Zoom released a critical security update addressing CVE-2026-22844, a severe vulnerability that could facilitate remote code execution. With a CVSS score of 9.9, this flaw ...
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Application Security
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Andrew Doyle January 22, 2026
Zoom has fixed a critical flaw in its Node Multimedia Routers, while GitLab tackles multiple vulnerabilities, some allowing remote code execution. Security updates are essential ...
Under Armour Account Breach 72.7 Million Accounts Impacted
Data Security
Under Armour Account Breach: 72.7 Million Accounts Impacted
Gabby Lee January 22, 2026
Under Armour experiences a major security incident, with personal information of 72.7 million accounts potentially exposed due to an alleged ransomware attack.
PcComponentes Faces Credential Stuffing Attack Denies Data Breach Claims
Cybersecurity
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
Gabby Lee January 22, 2026
PcComponentes, a leading technology retailer in Spain, has experienced a credential stuffing attack, refuting claims of a 16 million-user data breach. The attack highlights vulnerabilities ...
LastPass Users Targeted by Deceptive Phishing Campaign
News
LastPass Users Targeted by Deceptive Phishing Campaign
Mitchell Langley January 22, 2026
LastPass issues an alert about a phishing scheme cloaked as a maintenance notice, coercing users into a counterfeit data vault backup. Threat actors exploit trust, ...
Cybercriminals Exploit Social Media Messages for Malicious Payloads
News
Cybercriminals Exploit Social Media Messages for Malicious Payloads
Gabby Lee January 22, 2026
A novel phishing campaign leverages private messages on social media platforms to deliver payloads, aided by Dynamic Link Library sideloading.
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Gabby Lee June 12, 2026
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
Mitchell Langley June 12, 2026
Blog
Triple Extortion Ransomware: How It Works and How to Stop It
Andrew Doyle June 12, 2026
Cybersecurity
Europol Dismantles AudiA6 Crypto Laundering Service
Gabby Lee June 12, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers

This Week’s Security Spotlight

Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Andrew Doyle June 10, 2026
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Gabby Lee June 10, 2026
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
More In News
Trending
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
SAP NetWeaver Under Siege: New Exploit Chains Threaten Global Enterprises
August 19, 2025
Podcasts
Ransomware Gangs Deploy Kernel-Level EDR Killers to Evade Detection
August 18, 2025
Podcasts
Chinese APTs Target Taiwan: UAT-7237’s SoundBill Loader and Gelsemium’s FireWood Backdoor
August 18, 2025

Cyber Security News

Application Security
NGINX CVE-2026-42945 Under Active Exploitation After F5 Patch Drop
May 19, 2026
CoinbaseCartel Steals Grafana Source Code via GitHub Token
Cybersecurity
CoinbaseCartel Steals Grafana Source Code via GitHub Token
May 19, 2026
Cybersecurity
MiniPlasma Windows Exploit Grants SYSTEM Access with No Patch
May 19, 2026
Application Security
Leaked Shai-Hulud Code Fuels npm Infostealer Wave Targeting Devs
May 19, 2026
INTERPOL Operation Ramz 201 Arrests in 13-Nation MENA Sweep
Cybersecurity
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
May 19, 2026
Pwn2Own Berlin 2026 Closes with $1.3M in Zero-Day Prizes
Application Security
Pwn2Own Berlin 2026 Closes with $1.3M in Zero-Day Prizes
May 19, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Microsoft Enhances Teams With Fraud Protection: Calling Safeguards in Focus
January 28, 2026
Microsoft is rolling out new fraud protection features for Teams to combat external caller impersonation risks. Aimed at preventing social engineering attacks, these features will ...
New Advances in Page Cache Exploitation by Austrian Researchers
January 28, 2026
Researchers at Austria's Graz University have enhanced Linux page cache attack methods, significantly increasing execution speed. This revives concerns about the vulnerability, impacting Linux-based systems ...
NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat
January 22, 2026
Decentralized pro-Russian hacktivist cells execute targeted DDoS campaigns across Europe, leveraging volunteer botnets and pre-announced attacks to disrupt governments, banks, and public services, aligning with ...
CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
January 22, 2026
CVE-2025-64671 enables remote code execution in GitHub Copilot for JetBrains through cross prompt injection, allowing attackers to manipulate AI-generated instructions within developer environments.
VMware Carbon Black Review: Advanced Endpoint Detection and Response
January 22, 2026
VMware Carbon Black is an enterprise-class security platform designed to deliver continuous visibility, behavioral analytics, and real-time detection and response across large fleets of endpoints. ...
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
January 22, 2026
Misconfigured security training apps are increasingly targeted by threat actors, leading to cloud breaches in major organizations. As training apps are widely used, this new ...
aiFWall Launches to Elevate AI Protection in Cyber Security
January 22, 2026
aiFWall, a company that has recently come out of stealth mode, has introduced a groundbreaking AI-powered firewall technology. Designed specifically to enhance the protection of ...
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
January 22, 2026
After the recent Windows security updates, Outlook users have reported system freezes. Microsoft has now offered a workaround to mitigate this impact, allowing users to ...
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
January 22, 2026
Cloudflare patched a vulnerability in its ACME validation mechanism. The issue involved handling requests to the "/.well-known/acme-challenge/" directory, posing security risks.
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
January 22, 2026
CyberNut has secured $5 million in growth capital, building upon the initial $800k pre-seed funding. This investment is aimed at advancing its cybersecurity platform's capabilities, ...
Contagious Interview Campaign Targets Multiple Sectors Worldwide
January 22, 2026
The Contagious Interview cyber campaign targets multiple sectors worldwide, impacting IP addresses and organizations in AI, finance, and other industries.
Zoom’s Critical Security Update Resolves Severe Vulnerability
January 22, 2026
Zoom released a critical security update addressing CVE-2026-22844, a severe vulnerability that could facilitate remote code execution. With a CVSS score of 9.9, this flaw ...
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
January 22, 2026
Zoom has fixed a critical flaw in its Node Multimedia Routers, while GitLab tackles multiple vulnerabilities, some allowing remote code execution. Security updates are essential ...
Under Armour Account Breach: 72.7 Million Accounts Impacted
January 22, 2026
Under Armour experiences a major security incident, with personal information of 72.7 million accounts potentially exposed due to an alleged ransomware attack.
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
January 22, 2026
PcComponentes, a leading technology retailer in Spain, has experienced a credential stuffing attack, refuting claims of a 16 million-user data breach. The attack highlights vulnerabilities ...
LastPass Users Targeted by Deceptive Phishing Campaign
January 22, 2026
LastPass issues an alert about a phishing scheme cloaked as a maintenance notice, coercing users into a counterfeit data vault backup. Threat actors exploit trust, ...
Cybercriminals Exploit Social Media Messages for Malicious Payloads
January 22, 2026
A novel phishing campaign leverages private messages on social media platforms to deliver payloads, aided by Dynamic Link Library sideloading.
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
January 22, 2026
Three significant vulnerabilities have emerged in mcp-server-git, enabling potential exploitation through prompt injection. Attackers could manipulate an AI assistant to access or delete files and ...
Serious Bugs in Chainlit Could Expose Sensitive Credentials
January 22, 2026
Security flaws in Chainlit software can risk unauthorized exposure of sensitive information. Experts signal that misuse can lead to leaked credentials and databases.
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
January 22, 2026
Researchers demonstrated how Google's AI, Gemini, could be tricked into revealing confidential Calendar data through prompt injection. This technique involves manipulating the AI into bypassing ...
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies