Main Menu
Cyber Security
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
Ripple Effects of the 2022 LastPass Data Breach Cryptocurrency at Stake
Cybersecurity
Ripple Effects of the 2022 LastPass Data Breach: Cryptocurrency at Stake
Gabby Lee December 28, 2025
Weak master passwords from 2022's LastPass breach are being exploited to compromise cryptocurrency assets, implicating Russian cybercriminal involvement, according to TRM Labs.
CISA Issues Urgent Advisory on Digiever NVRs Due to Known Exploited Vulnerability
CVE Vulnerability Alerts
CISA Issues Urgent Advisory on Digiever NVRs Due to Known Exploited Vulnerability
Andrew Doyle December 28, 2025
CISA has highlighted CVE-2023-52163, a vulnerability in Digiever NVRs, for active exploitation, advising immediate update and security precautions.
U.S. Government Seizes Web3 Ads Panel Domain Linked To Cybercrime
Cybersecurity
U.S. Government Seizes Web3 Ads Panel Domain Linked to Cybercrime
Mitchell Langley December 28, 2025
Federal authorities confiscated the 'web3adspanels.org' domain, a crucial tool for cybercriminals in hosting and distributing stolen banking login credentials. This move represents a significant intervention ...
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
Cybersecurity
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
Gabby Lee December 28, 2025
The fraudulent Nomani scheme has increased 62%, spreading from Facebook to YouTube. ESET's data indicates a block of 64,000 URLs in 2023.
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
Application Security
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
Andrew Doyle December 28, 2025
Microsoft's integration of Rust aims to improve security and performance in software. With AI assistance, this significant codebase migration targets safety vulnerabilities in existing programming ...
U.S. SEC Accuses Firms of Orchestrating Cryptocurrency Fraud Worth Over $14 Million
Cybersecurity
U.S. SEC Accuses Firms of Orchestrating Cryptocurrency Fraud Worth Over $14 Million
Mitchell Langley December 28, 2025
The SEC has filed charges against Morocoin Tech Corp. and others, accusing them of a $14 million cryptocurrency scam. The companies allegedly misled investors with ...
AI Vulnerabilities Identified by Researchers in Eurostar's Chatbot
Cybersecurity
AI Vulnerabilities Identified by Researchers in Eurostar’s Chatbot
Gabby Lee December 28, 2025
Researchers revealed security weaknesses in Eurostar’s AI chatbot, uncovering four flaws, including HTML injections. Eurostar's reaction raised eyebrows within cybersecurity circles.
Critical Patch Alert MongoDB Urges Immediate Update to Prevent RCE Attack
Application Security
Critical Patch Alert: MongoDB Urges Immediate Update to Prevent RCE Attacks
Andrew Doyle December 28, 2025
MongoDB has issued an urgent advisory for IT admins to rapidly patch a high-severity vulnerability allowing potential remote code execution (RCE) attacks on susceptible servers. ...
Italy's AGCM Fines Apple €98.6 Million Over Alleged App Tracking Transparency Misuse
Cybersecurity
Italy’s AGCM Fines Apple €98.6 Million Over Alleged App Tracking Transparency Misuse
Gabby Lee December 24, 2025
Italy's competition authority, AGCM, has fined Apple €98.6 million for allegedly abusing its dominant market position with the App Tracking Transparency framework.
Passwd Offers Secure Credential Management for Google Workspace Users
Application Security
Passwd Offers Secure Credential Management for Google Workspace Users
Andrew Doyle December 24, 2025
Passwd provides a secure credential management platform designed exclusively for businesses using Google Workspace, emphasizing integration, controlled sharing, and practicality.
Operation Sentinel INTERPOL's Comprehensive Cybercrime Crackdown Across Africa
Cybersecurity
Operation Sentinel: INTERPOL’s Comprehensive Cybercrime Crackdown Across Africa
Mitchell Langley December 24, 2025
INTERPOL's Operation Sentinel culminated in the arrest of 574 suspects and the recovery of $3 million. The operation involved collaboration with 19 countries to target ...
Feds Seize Database Targeting $28 Million Bank Account Theft
News
Feds Seize Database Targeting $28 Million Bank Account Theft
Mitchell Langley December 24, 2025
Authorities took significant action by seizing a password database used in a phishing attack that attempted a $28 million bank heist. This article delves into ...
ServiceNow Acquires Armis for $7.75 Billion, Boosting Cybersecurity Capabilities
Cybersecurity
ServiceNow Acquires Armis for $7.75 Billion, Boosting Cybersecurity Capabilities
Gabby Lee December 24, 2025
Following rumors, ServiceNow confirms its acquisition of Armis for $7.75 billion, expanding its capabilities in securing IoT and connected device environments, a crucial move post ...
WebRAT Malware Utilizing GitHub for Malicious Distribution
Cybersecurity
WebRAT Malware Utilizing GitHub for Malicious Distribution
Andrew Doyle December 24, 2025
WebRAT malware spreads through GitHub, claiming to offer proof-of-concept exploits for recent vulnerabilities, revealing challenging implications for cybersecurity experts.
n8n Automation Platform Faces Severe Security Issue
Application Security
n8n Automation Platform Faces Severe Security Issue
Mitchell Langley December 24, 2025
CVE-2025-68613 vulnerability in n8n's automation platform potentially allows unauthorized code execution, demanding immediate attention from users.
Dangerous Chrome Extensions Phantom Shuttle Targets Sensitive Data
Application Security
Dangerous Chrome Extensions: Phantom Shuttle Targets Sensitive Data
Gabby Lee December 24, 2025
'Phantom Shuttle' Chrome extensions mimic legitimate plugins but hijack user traffic to exfiltrate sensitive data. These malicious tools in the Web Store pose a significant ...
French National Postal Service Disruption Affects Millions of Users
Cybersecurity
French National Postal Service Disruption Affects Millions of Users
Mitchell Langley December 24, 2025
La Poste, France’s national postal service, saw its online services disrupted by a major network incident, leading to outages affecting millions of users.
Nissan Cyberattack Hackers Compromise Red Hat GitLab Instances
Data Security
Nissan Cyberattack: Hackers Compromise Red Hat GitLab Instances
Gabby Lee December 24, 2025
An attack on Red Hat's GitLab system has uncovered sensitive data of 21,000 customers linked to Nissan, creating significant security challenges and necessitating immediate remedial ...
Microsoft Focuses on Security with Its Timely Out-of-Band Update
Cybersecurity
Microsoft Focuses on Security with Its Timely Out-of-Band Update
Andrew Doyle December 24, 2025
Microsoft promptly issued an out-of-band update addressing a Message Queuing flaw from its December 2025 update, ensuring continued system security and reliability during a critical ...
Anna’s Archive Takes a Stand on Music Preservation
Data Security
Anna’s Archive Takes a Stand on Music Preservation
Andrew Doyle December 23, 2025
A hacktivist group has scraped 300 terabytes of music from Spotify to create an open-source digital music archive. This undertaking raises questions about the security ...
Cybersecurity
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Gabby Lee May 22, 2026
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Cybersecurity
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Gabby Lee May 22, 2026
Cybersecurity
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Gabby Lee May 22, 2026
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Andrew Doyle May 20, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Cybersecurity
Deleted Google API Keys Stay Active for Up to 23 Minutes
Application Security
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Cybersecurity
Texas AG Sues Meta Over WhatsApp Encryption Claims

This Week’s Security Spotlight

CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Gabby Lee May 21, 2026
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Andrew Doyle May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
SAP NetWeaver Under Siege: New Exploit Chains Threaten Global Enterprises
August 19, 2025
Podcasts
Ransomware Gangs Deploy Kernel-Level EDR Killers to Evade Detection
August 18, 2025
Podcasts
Chinese APTs Target Taiwan: UAT-7237’s SoundBill Loader and Gelsemium’s FireWood Backdoor
August 18, 2025

Cyber Security News

Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Application Security
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
April 7, 2026
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Cybersecurity
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
April 7, 2026
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
Application Security
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
April 7, 2026
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
Application Security
Strapi CMS Plugins Face Exploitation by Malicious npm Packages
April 7, 2026
Analysis Reveals .cmd Malware Escalating Privileges and Bypassing Antivirus
Cybersecurity
Analysis Reveals .cmd Malware Escalating Privileges and Bypassing Antivirus
April 7, 2026
Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users
CVE Vulnerability Alerts
Fortinet Acts Quickly on Zero-Day Vulnerability Impacting FortiClient EMS Users
April 7, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Fraudulent Investment Scheme Nomani Expands Beyond Facebook
December 28, 2025
The fraudulent Nomani scheme has increased 62%, spreading from Facebook to YouTube. ESET's data indicates a block of 64,000 URLs in 2023.
Microsoft Enhances Codebase Security by Transitioning to Rust with AI Assistance
December 28, 2025
Microsoft's integration of Rust aims to improve security and performance in software. With AI assistance, this significant codebase migration targets safety vulnerabilities in existing programming ...
U.S. SEC Accuses Firms of Orchestrating Cryptocurrency Fraud Worth Over $14 Million
December 28, 2025
The SEC has filed charges against Morocoin Tech Corp. and others, accusing them of a $14 million cryptocurrency scam. The companies allegedly misled investors with ...
AI Vulnerabilities Identified by Researchers in Eurostar’s Chatbot
December 28, 2025
Researchers revealed security weaknesses in Eurostar’s AI chatbot, uncovering four flaws, including HTML injections. Eurostar's reaction raised eyebrows within cybersecurity circles.
Critical Patch Alert: MongoDB Urges Immediate Update to Prevent RCE Attacks
December 28, 2025
MongoDB has issued an urgent advisory for IT admins to rapidly patch a high-severity vulnerability allowing potential remote code execution (RCE) attacks on susceptible servers. ...
Italy’s AGCM Fines Apple €98.6 Million Over Alleged App Tracking Transparency Misuse
December 24, 2025
Italy's competition authority, AGCM, has fined Apple €98.6 million for allegedly abusing its dominant market position with the App Tracking Transparency framework.
Passwd Offers Secure Credential Management for Google Workspace Users
December 24, 2025
Passwd provides a secure credential management platform designed exclusively for businesses using Google Workspace, emphasizing integration, controlled sharing, and practicality.
Operation Sentinel: INTERPOL’s Comprehensive Cybercrime Crackdown Across Africa
December 24, 2025
INTERPOL's Operation Sentinel culminated in the arrest of 574 suspects and the recovery of $3 million. The operation involved collaboration with 19 countries to target ...
Feds Seize Database Targeting $28 Million Bank Account Theft
December 24, 2025
Authorities took significant action by seizing a password database used in a phishing attack that attempted a $28 million bank heist. This article delves into ...
ServiceNow Acquires Armis for $7.75 Billion, Boosting Cybersecurity Capabilities
December 24, 2025
Following rumors, ServiceNow confirms its acquisition of Armis for $7.75 billion, expanding its capabilities in securing IoT and connected device environments, a crucial move post ...
WebRAT Malware Utilizing GitHub for Malicious Distribution
December 24, 2025
WebRAT malware spreads through GitHub, claiming to offer proof-of-concept exploits for recent vulnerabilities, revealing challenging implications for cybersecurity experts.
n8n Automation Platform Faces Severe Security Issue
December 24, 2025
CVE-2025-68613 vulnerability in n8n's automation platform potentially allows unauthorized code execution, demanding immediate attention from users.
Dangerous Chrome Extensions: Phantom Shuttle Targets Sensitive Data
December 24, 2025
'Phantom Shuttle' Chrome extensions mimic legitimate plugins but hijack user traffic to exfiltrate sensitive data. These malicious tools in the Web Store pose a significant ...
French National Postal Service Disruption Affects Millions of Users
December 24, 2025
La Poste, France’s national postal service, saw its online services disrupted by a major network incident, leading to outages affecting millions of users.
Nissan Cyberattack: Hackers Compromise Red Hat GitLab Instances
December 24, 2025
An attack on Red Hat's GitLab system has uncovered sensitive data of 21,000 customers linked to Nissan, creating significant security challenges and necessitating immediate remedial ...
Microsoft Focuses on Security with Its Timely Out-of-Band Update
December 24, 2025
Microsoft promptly issued an out-of-band update addressing a Message Queuing flaw from its December 2025 update, ensuring continued system security and reliability during a critical ...
Anna’s Archive Takes a Stand on Music Preservation
December 23, 2025
A hacktivist group has scraped 300 terabytes of music from Spotify to create an open-source digital music archive. This undertaking raises questions about the security ...
Long Development Timelines Highlight Challenges in Zero-Day Vulnerabilities
December 23, 2025
Insights from Zafran Security CEO Sanaz Yashar reveal the meticulous and time-consuming nature of zero-day vulnerability creation in the past.
Operation Sentinel Leads to Arrest of 574 Individuals in Global Cybercrime Crackdown
December 23, 2025
Operation Sentinel, a global initiative led by Interpol, resulted in the arrest of 574 individuals and the recovery of $3 million. The initiative targeted cybercrimes ...
Former Fugitive and Convicted Fraudster Expected Never to Return to the UK
December 23, 2025
A UK judge rules that convicted fraudster Mark Acklom, previously a most-wanted fugitive, will likely not return to the UK.
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints