Main Menu
Cyber Security
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Surf AI Raises $57 Million for Its Agentic Security Operations Platform
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Tech and Retail Giants Sign Global Pact to Combat Online Scams and Fraud
Tech Giants Invest $12.5 Million in Open Source Software Security
Ongoing Python Package Attack Uses Stolen GitHub Tokens
Stryker’s Internal Microsoft Environment Was Breached Last Week
DRILLAPP Backdoor Campaign Targets Ukrainian Organizations With Edge Debugging Abuse
New Malware Tactics Take Aim at Windows, iOS, and Linux Users
Companies House Restores WebFiling Service After Security Flaw Exposed Corporate Data
How AI Is Making Financial Fraud 4.5 Times More Profitable
Ongoing Exchange Online Outage Leaves Customers Without Mailbox Access
Signal Cyberattack in Germany Targets Politicians Through Impersonation
Silence from the Corporate Giants: Four Companies Yet to Comment on Oracle EBS Hack
FBI Seeks Gamer Help in Steam Malware Investigation
Shadow AI Is Quietly Spreading Across SaaS Environments
Microsoft Teams Is Adding Automatic Bot Tagging in Meeting Lobbies
Canadian Outsourcing Leader Telus Digital Faces a Severe Data Breach
VENON Banking Malware Targets Brazilian Users With Rust-Based Code
Apple Releases iOS and iPadOS Updates to Patch Coruna Exploits
Veeam Software Fixes Critical RCE Vulnerabilities in Backup & Replication Solution
England Hockey Investigates Possible Data Breach by AiLock Ransomware Group
International Operation Dismantles the Dangerous SocksEscort Proxy Service
Apple Patches Older iPhones and iPads Against Coruna Exploit Kit Attacks
Cybercriminals Target Airline Loyalty Programs: A New Threat to Travelers
Global Arrests Made in a Social Media Scam Targeting Thousands
SQL Injection Flaw in Ally WordPress Plugin Puts 400,000 Sites at Risk
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Gabby Lee November 11, 2025
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Mitchell Langley November 11, 2025
Sensitive credentials and configuration secrets tied to high-profile artificial intelligence (AI) companies were found exposed on public GitHub repositories, potentially ...
Critical Vulnerability in 'expr-eval' Library Enables Remote Code Execution
Application Security
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
Mitchell Langley November 11, 2025
A critical flaw in the popular JavaScript library expr-eval allows remote code execution through unsafe expression parsing. With over 800,000 weekly NPM downloads, the issue ...
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
News
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Gabby Lee November 11, 2025
Cybercriminals are increasingly using LinkedIn to launch phishing campaigns targeting executives through direct messages. By exploiting professional trust and bypassing email defenses, attackers deliver malicious ...
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Cybersecurity
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Andrew Doyle November 11, 2025
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Application Security
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Mitchell Langley November 11, 2025
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CVE Vulnerability Alerts
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
Gabby Lee November 11, 2025
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Application Security
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Andrew Doyle November 11, 2025
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Cybersecurity
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Mitchell Langley November 11, 2025
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
Route Redirect Automates Large-Scale Microsoft 365 Phishing
News
Route Redirect Automates Large-Scale Microsoft 365 Phishing
Gabby Lee November 11, 2025
Researchers uncovered Quantum Route Redirect, a phishing-as-a-service platform using over 1,000 fake Microsoft 365 domains to automate credential theft. With geo-fencing, redirect cloaking, and evasion ...
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Application Security
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
Andrew Doyle November 10, 2025
NAKIVO has released Backup & Replication v11.1, adding real-time replication, enhanced Proxmox VE integration, granular physical backups, and MSP Direct Connect. The update boosts disaster ...
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Cybersecurity
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Andrew Doyle November 10, 2025
Microsoft researchers revealed Whisper Leak, a side-channel flaw that allows attackers to infer AI chat content through encrypted HTTPS traffic analysis. By studying packet sizes ...
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Application Security
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Gabby Lee November 10, 2025
Security researchers disclosed three severe runC vulnerabilities (CVE-2024-21626, -23651, -23652) enabling container escapes in Docker and Kubernetes. The flaws allow host-level command injection and privilege ...
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
News
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
Gabby Lee November 10, 2025
The Swiss NCSC warns of a phishing campaign impersonating Apple’s lost device alerts to steal Apple ID credentials. Attackers exploit users’ fear of losing iPhones ...
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
News
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
Mitchell Langley November 10, 2025
Israeli-made Graphite spyware has been used to target Italian political adviser Francesco Nicodemo, marking Italy’s fifth confirmed infection. The case intensifies concerns over state-backed surveillance, ...
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
Cybersecurity
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
Andrew Doyle November 10, 2025
QNAP released urgent patches for seven zero-day flaws exposed during Pwn2Own 2025, impacting QTS, QuTS hero, and other key NAS tools. The vulnerabilities posed serious ...
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Application Security
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Gabby Lee November 10, 2025
Security researchers report the return of GlassWorm, a malware campaign exploiting VSCode extension marketplaces. Three malicious extensions, downloaded over 10,000 times, embedded obfuscated JavaScript for ...
Sensitive Data at OBGYN Associates Exposed in Data Breach
Cybersecurity
Sensitive Data at OB/GYN Associates Exposed in Data Breach
Andrew Doyle November 10, 2025
A data breach at OB/GYN Associates exposed personal and health-insurance information of some patients, prompting containment efforts, credit-monitoring offers and heightened guidance for affected individuals.
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Cybersecurity
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
Mitchell Langley November 10, 2025
State-sponsored threat actors breached SonicWall’s cloud backup service, accessing firewall configuration files for all users and prompting urgent customer resets and governance reforms.
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Gabby Lee November 9, 2025
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation in Europe’s high-profile media-sector cyberattacks.
Software Supply Chains Are the New Frontline for Cyber Risk
Cybersecurity
Software Supply Chains Are the New Frontline for Cyber Risk
Gabby Lee March 19, 2026
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
Cybersecurity
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
Andrew Doyle March 18, 2026
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
News
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
Andrew Doyle March 18, 2026
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Cybersecurity
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Mitchell Langley March 18, 2026

TOP CYBERSECURITY HEADLINES

New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
Cybersecurity
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Cybersecurity
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Cybersecurity
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Application Security
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages

This Week’s Security Spotlight

Canadian Outsourcing Leader Telus Digital Faces a Severe Data Breach
Cybersecurity
Canadian Outsourcing Leader Telus Digital Faces a Severe Data Breach
Andrew Doyle March 13, 2026
Senate Confirms Joshua Rudd to Lead the NSA and US Cyber Command
Cybersecurity
Senate Confirms Joshua Rudd to Lead the NSA and US Cyber Command
Andrew Doyle March 12, 2026
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
CVE Vulnerability Alerts
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
Mitchell Langley March 12, 2026
OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Cybersecurity
OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Andrew Doyle February 19, 2026
More In News
Trending
Targeted Phishing Attack Breaches Security Firm Executive
Russian Campaign Targets Ukraine with BadPaw and MeowMeow Malware
Underground Sale of Compromised cPanel Credentials Fuels Phishing Infrastructure
Phishing Warnings as LastPass Users Get Targeted by Fake Alerts

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Colt Cyberattack: Multi-Day Outages After WarLock Ransomware Exploited SharePoint Zero-Day
August 18, 2025
Podcasts
Workday Breach Tied to Third-Party CRM Hack in ShinyHunters Campaign
August 18, 2025
Podcasts
DOJ Brings Down Zeppelin Ransomware Operator, Seizes Millions in Crypto
August 18, 2025

Cyber Security News

Emerging Threats Cloudflare WAF Bypass and Snap Store Malware
Cybersecurity
Emerging Threats: Cloudflare WAF Bypass and Snap Store Malware
January 28, 2026
Fortinet's FortiCloud SSO Exploitation Raises Concerns Despite Patches
Cybersecurity
Fortinet’s FortiCloud SSO Exploitation Raises Concerns Despite Patches
January 28, 2026
Automation in Cyberattacks A New Era for CISOs to Prepare For
Cybersecurity
Automation in Cyberattacks: A New Era for CISOs to Prepare For
January 28, 2026
Malicious VSCode Extensions Infiltrate Marketplace
Application Security
Malicious VSCode Extensions Infiltrate Marketplace
January 28, 2026
New CISA Alert Active Exploitation of Critical Vulnerabilities in Enterprise Tools
Cybersecurity
New CISA Alert: Active Exploitation of Critical Vulnerabilities in Enterprise Tools
January 28, 2026
Venezuelan Nationals Convicted in ATM Jackpotting Scheme to Face Deportation
Cybersecurity
Venezuelan Nationals Convicted in ATM Jackpotting Scheme to Face Deportation
January 28, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
November 11, 2025
A critical flaw in the popular JavaScript library expr-eval allows remote code execution through unsafe expression parsing. With over 800,000 weekly NPM downloads, the issue ...
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
November 11, 2025
Cybercriminals are increasingly using LinkedIn to launch phishing campaigns targeting executives through direct messages. By exploiting professional trust and bypassing email defenses, attackers deliver malicious ...
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
November 11, 2025
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
November 11, 2025
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
November 11, 2025
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
November 11, 2025
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
November 11, 2025
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
Route Redirect Automates Large-Scale Microsoft 365 Phishing
November 11, 2025
Researchers uncovered Quantum Route Redirect, a phishing-as-a-service platform using over 1,000 fake Microsoft 365 domains to automate credential theft. With geo-fencing, redirect cloaking, and evasion ...
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
November 10, 2025
NAKIVO has released Backup & Replication v11.1, adding real-time replication, enhanced Proxmox VE integration, granular physical backups, and MSP Direct Connect. The update boosts disaster ...
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
November 10, 2025
Microsoft researchers revealed Whisper Leak, a side-channel flaw that allows attackers to infer AI chat content through encrypted HTTPS traffic analysis. By studying packet sizes ...
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
November 10, 2025
Security researchers disclosed three severe runC vulnerabilities (CVE-2024-21626, -23651, -23652) enabling container escapes in Docker and Kubernetes. The flaws allow host-level command injection and privilege ...
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
November 10, 2025
The Swiss NCSC warns of a phishing campaign impersonating Apple’s lost device alerts to steal Apple ID credentials. Attackers exploit users’ fear of losing iPhones ...
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
November 10, 2025
Israeli-made Graphite spyware has been used to target Italian political adviser Francesco Nicodemo, marking Italy’s fifth confirmed infection. The case intensifies concerns over state-backed surveillance, ...
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
November 10, 2025
QNAP released urgent patches for seven zero-day flaws exposed during Pwn2Own 2025, impacting QTS, QuTS hero, and other key NAS tools. The vulnerabilities posed serious ...
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
November 10, 2025
Security researchers report the return of GlassWorm, a malware campaign exploiting VSCode extension marketplaces. Three malicious extensions, downloaded over 10,000 times, embedded obfuscated JavaScript for ...
Sensitive Data at OB/GYN Associates Exposed in Data Breach
November 10, 2025
A data breach at OB/GYN Associates exposed personal and health-insurance information of some patients, prompting containment efforts, credit-monitoring offers and heightened guidance for affected individuals.
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
November 10, 2025
State-sponsored threat actors breached SonicWall’s cloud backup service, accessing firewall configuration files for all users and prompting urgent customer resets and governance reforms.
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
November 9, 2025
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation in Europe’s high-profile media-sector cyberattacks.
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
November 9, 2025
Microsoft’s latest Windows Insider build introduces major upgrades to Quick Machine Recovery and Smart App Control, enhancing system restoration speed and flexibility. The updates simplify ...
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
November 9, 2025
Security researchers uncovered malicious NuGet packages embedded with time-delayed payloads set to activate in 2027–2028, targeting enterprise software and industrial systems. The stealthy implants exploit ...
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Surf AI Raises $57 Million for Its Agentic Security Operations Platform
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Tech and Retail Giants Sign Global Pact to Combat Online Scams and Fraud
Tech Giants Invest $12.5 Million in Open Source Software Security
Ongoing Python Package Attack Uses Stolen GitHub Tokens
Stryker’s Internal Microsoft Environment Was Breached Last Week
Payload Ransomware Group Claims Breach of Royal Bahrain Hospital
Phishing Attack Hits Intuitive’s Internal IT Business Systems
DRILLAPP Backdoor Campaign Targets Ukrainian Organizations With Edge Debugging Abuse
New Malware Tactics Take Aim at Windows, iOS, and Linux Users
Companies House Restores WebFiling Service After Security Flaw Exposed Corporate Data
How AI Is Making Financial Fraud 4.5 Times More Profitable
Ongoing Exchange Online Outage Leaves Customers Without Mailbox Access
Signal Cyberattack in Germany Targets Politicians Through Impersonation
Targeted Phishing Attack Breaches Security Firm Executive