Main Menu
Cyber Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
CISA Issues Alert on Actively Exploited ScreenConnect, ASUS Router, and Craft CMS Vulnerabilities
News
CISA Issues Alert on Actively Exploited ScreenConnect, ASUS Router, and Craft CMS Vulnerabilities
Mitchell Langley June 4, 2025
CISA has warned U.S. agencies of active attacks exploiting a ScreenConnect vulnerability and critical flaws in ASUS routers and Craft CMS. Patches and mitigations are ...
The North Face Discloses April Credential Stuffing Attack Impacting Customer Accounts
News
The North Face Discloses April Credential Stuffing Attack Impacting Customer Accounts
Mitchell Langley June 3, 2025
The North Face has confirmed a credential stuffing attack in April, exposing customer data including names, addresses, and emails. Payment information remains unaffected.
Nokota Packers Targeted in Ransomware Attack by Emerging J Group Gang
News
Nokota Packers Targeted in Ransomware Attack by Emerging J Group Gang
Andrew Doyle June 3, 2025
North Dakota-based Nokota Packers has reportedly suffered a ransomware attack by the J Group gang, with hackers claiming to have stolen 50GB of sensitive data. ...
Stormous Ransomware Gang Claims Volkswagen Hack Without Proof
News
Stormous Ransomware Gang Claims Volkswagen Hack Without Proof
Mitchell Langley June 3, 2025
Stormous ransomware gang claims a breach at Volkswagen, but provides no sample data. Researchers find no evidence yet of compromised systems or stolen information.
Cartier Confirms Customer Data Exposure Following Cybersecurity Breach
News
Cartier Confirms Customer Data Exposure Following Cybersecurity Breach
Andrew Doyle June 3, 2025
Cartier has confirmed a cyberattack that exposed limited customer data, including names and email addresses. Sensitive financial and login information was not compromised.
Russian Market Becomes Leading Hub for Stolen Credentials from Info-Stealer Malware
News
Russian Market Becomes Leading Hub for Stolen Credentials from Info-Stealer Malware
Mitchell Langley June 3, 2025
The Russian Market has surged in popularity as a major cybercrime marketplace, offering stolen credentials harvested by info-stealer malware like Lumma and Acreed.
Remote Code Execution Flaw in vBulletin Forum Software Under Active Exploitation
News
Remote Code Execution Flaw in vBulletin Forum Software Under Active Exploitation
Mitchell Langley June 1, 2025
Two critical vBulletin vulnerabilities, actively exploited in the wild, allow attackers to execute code remotely by abusing template logic and PHP’s Reflection API.
Cisco IOS XE Wireless LAN Controller Vulnerability Exposes Enterprises to Remote Code Execution Risks
News
Cisco IOS XE Wireless LAN Controller Vulnerability Exposes Enterprises to Remote Code Execution Risks
Andrew Doyle June 1, 2025
Exploit details for a critical Cisco IOS XE Wireless LAN Controller vulnerability (CVE-2025-20188) are now public, raising urgent concerns about remote code execution risks.
Germany Identifies TrickBot and Conti Ransomware Ringleader as Vitaly Kovalev
News
Germany Identifies TrickBot and Conti Ransomware Ringleader as Vitaly Kovalev
Mitchell Langley June 1, 2025
Germany has named Vitaly Kovalev, aka "Stern," as the leader of the Conti ransomware and TrickBot gangs in a major breakthrough tied to Operation Endgame. ...
Latrodectus Malware Infected Over 44,000 IPs Before Operation Endgame Takedown
News
Latrodectus Malware Infected Over 44,000 IPs Before Operation Endgame Takedown
Andrew Doyle June 1, 2025
Latrodectus malware infected over 44,000 IP addresses before Operation Endgame's global takedown, with Shadowserver warning of critical ongoing threats across infected systems.
Kaiser Permanente Recovers from Widespread Network Outage That Disrupted Patient Services Nationwide
News
Kaiser Permanente Recovers from Widespread Network Outage That Disrupted Patient Services Nationwide
Mitchell Langley June 1, 2025
Kaiser Permanente suffered a major network outage that disrupted electronic health records and patient services across the U.S. System functionality was restored the following day. ...
184 Million Login Credentials Exposed in Major Unprotected Database Leak
News
184 Million Login Credentials Exposed in Major Unprotected Database Leak
Andrew Doyle June 1, 2025
Over 184 million login credentials were exposed online in plain text, revealing widespread negligence in data protection and the growing threat of credential-based cyberattacks.
This Week In Cybersecurity: 26th to 30th May, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 26th to 30th May, 2025
Andrew Doyle May 30, 2025
"Cybersecurity threats escalate as ransomware attacks target major organizations, exposing sensitive data and highlighting vulnerabilities in systems across various industries. Stay informed."
Victoria’s Secret Takes Website Offline Following Security Incident
News
Victoria’s Secret Takes Website Offline Following Security Incident
Mitchell Langley May 30, 2025
Victoria’s Secret temporarily disabled its website and limited in-store services to address a cybersecurity incident. Third-party experts have been engaged; stores remain open.
Unimed Data Leak Exposes 14 Million Sensitive Patient-Doctor Messages
News
Unimed Data Leak Exposes 14 Million Sensitive Patient-Doctor Messages
Mitchell Langley May 30, 2025
An exposed Unimed server leaked over 14 million private patient-doctor messages, including medical data, documents, and IDs—posing major cybersecurity and privacy risks.
Russian Nuclear Facility Blueprints Exposed in Massive Security Breach
News
Russian Nuclear Facility Blueprints Exposed in Massive Security Breach
Andrew Doyle May 30, 2025
Russian nuclear facility blueprints were exposed in a public procurement database, revealing sensitive layouts of missile silos and bunkers tied to Moscow’s nuclear modernization.
APT41 Exploits Google Calendar for Stealth Malware Control and Data Theft
News
APT41 Exploits Google Calendar for Stealth Malware Control and Data Theft
Mitchell Langley May 30, 2025
Chinese APT41 hackers used Google Calendar to run malware operations and exfiltrate data, exploiting Calendar events for covert command-and-control and stealth communications.
RE/MAX Targeted by Medusa Ransomware in Alleged 150GB Data Breach
News
RE/MAX Targeted by Medusa Ransomware in Alleged 150GB Data Breach
Mitchell Langley May 29, 2025
Medusa ransomware claims a 150GB data breach at RE/MAX and demands $200K ransom. Exposed files include agent details, commissions, and internal property documents.
German Cybersecurity Agency Flags Critical Windows Server 2025 Flaw Enabling Domain Takeover
News
German Cybersecurity Agency Flags Critical Windows Server 2025 Flaw Enabling Domain Takeover
Mitchell Langley May 29, 2025
BSI warns of an unpatched flaw in Windows Server 2025 Active Directory that allows domain takeover via dMSA. Microsoft rates it moderate; Germany rates it ...
1.6 Million Customer Emails Exposed in Etsy and TikTok Shop Data Leak
News
1.6 Million Customer Emails Exposed in Etsy and TikTok Shop Data Leak
Andrew Doyle May 29, 2025
An exposed Azure storage bucket leaked 1.6 million customer emails from Etsy, TikTok Shop, and others, revealing names, addresses, and order data.
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Mitchell Langley November 21, 2025
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Mitchell Langley November 21, 2025
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
News
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Andrew Doyle November 21, 2025
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Cybersecurity
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Andrew Doyle November 18, 2025

TOP CYBERSECURITY HEADLINES

Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
Data Security
Italian Railway Data Breach Traced to Third-Party IT Compromise
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
News
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
News
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off

This Week’s Security Spotlight

Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Network Security
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Andrew Doyle November 18, 2025
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
News
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
Gabby Lee November 18, 2025
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Information Security
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Mitchell Langley November 18, 2025
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Application Security
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Gabby Lee November 17, 2025
More In News
Trending
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Colt Cyberattack: Multi-Day Outages After WarLock Ransomware Exploited SharePoint Zero-Day
August 18, 2025
Podcasts
Workday Breach Tied to Third-Party CRM Hack in ShinyHunters Campaign
August 18, 2025
Podcasts
DOJ Brings Down Zeppelin Ransomware Operator, Seizes Millions in Crypto
August 18, 2025

Cyber Security News

Unisys Selected by EU Commission to Provide Cybersecurity Services to EU Public Entities
Cybersecurity
Unisys Selected by EU Commission to Provide Cybersecurity Services to EU Public Entities
October 10, 2025
TwoNet Hacktivists Breach Decoy Water Treatment Plant, Alter PLC Setpoints and Disable Alarms Within 26 Hours
Cybersecurity
TwoNet Hacktivists Breach Decoy Water Treatment Plant, Alter PLC Setpoints and Disable Alarms Within 26 Hours
October 10, 2025
AI Companion Apps Expose Millions of Intimate Messages after Unprotected Kafka Instances
Cybersecurity
AI Companion Apps Expose Millions of Intimate Messages after Unprotected Kafka Instances
October 10, 2025
Salesforce Refuses to Pay Ransom After Widespread CRM Data-Theft Campaigns
Cybersecurity
Salesforce Refuses to Pay Ransom After Widespread CRM Data-Theft Campaigns
October 8, 2025
Avnet Confirms EMEA Data Breach, Says Stolen Information Is Mostly Unreadable Without Internal Tools
Cybersecurity
Avnet Confirms EMEA Data Breach, Says Stolen Information Is Mostly Unreadable Without Internal Tools
October 8, 2025
Doctors Imaging Group Data Breach Exposes 171,000 Patients’ Medical and Financial Records
Cybersecurity
Doctors Imaging Group Data Breach Exposes 171,000 Patients’ Medical and Financial Records
October 8, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
ToolShell: SharePoint Zero-Day Chain Gives Hackers Full Remote Access
July 22, 2025
A new wave of zero-day attacks—collectively known as ToolShell—is actively targeting Microsoft SharePoint servers, with two vulnerabilities (CVE-2025-53770 and CVE-2025-53771) allowing unauthenticated remote code execution ...
Ransomware Attack Destroys 158-Year-Old Firm After Weak Password Breach
July 22, 2025
A weak employee password allowed ransomware hackers to cripple 158-year-old logistics firm KNP, causing 700 job losses and highlighting the growing threat of ransomware attacks. ...
Veeam Recovery Orchestrator Locks Out Users After MFA Rollout in Faulty Update
July 22, 2025
Veeam Recovery Orchestrator's latest update causes user lockouts after enabling MFA. A fix is available, but affected users must contact support for remediation.
CVE-2025-54309: CrushFTP Zero-Day Exploited in Global Admin Access Attacks
July 22, 2025
A critical zero-day vulnerability in CrushFTP (CVE-2025-54309) is being actively exploited, giving attackers administrative access to over a thousand unpatched servers globally. This severe security ...
Dell Breach by World Leaks: Extortion Attempt Hits Demo Platform
July 22, 2025
Dell Technologies is the latest target in a growing trend of data extortion attacks as threat actors pivot away from traditional ransomware. The cybercrime group ...
Termite Ransomware: The Silent Invader
July 22, 2025
Termite ransomware, active since at least late 2024, targets high-profile organizations. Recent victims include Blue Yonder and Zschimmer & Schwarz, highlighting its broad reach and ...
Ransomware-as-a-Service (RaaS): The Industrialization of Cybercrime and What Enterprises Must Do
July 22, 2025
Ransomware-as-a-Service (RaaS) enables cybercriminals to launch attacks at scale. Learn how it works, why it’s dangerous, and how enterprises can defend and recover effectively.
Critical VPN Vulnerability: ExpressVPN Exposed IPs via RDP Misrouting
July 22, 2025
A critical vulnerability in ExpressVPN’s Windows client has put a spotlight on the often-overlooked dangers of debug code making its way into production software. This ...
California Engineer Admits to Stealing U.S. Missile Detection Secrets for China
July 22, 2025
A California engineer admitted to stealing top-secret U.S. missile tracking technology and funneling it to China, exposing a deep insider espionage operation.
Dior Confirms U.S. Customer Data Compromised in Global Cybersecurity Breach
July 22, 2025
Dior is alerting U.S. customers about a data breach that exposed personal data. The cyberattack, linked to ShinyHunters, targeted LVMH brands via a third-party vendor. ...
ExpressVPN Flaw Exposed Real IPs During Remote Desktop Sessions on Windows
July 22, 2025
A bug in ExpressVPN's Windows client leaked real IP addresses during RDP sessions. The issue, now fixed, affected traffic over port 3389 outside the VPN ...
Ring Users Alarmed by Suspicious Device Logins: Amazon Blames Backend Bug, Not Breach
July 22, 2025
A backend glitch at Ring caused customers to see unknown devices logged into their accounts, but Amazon insists there’s been no security breach or unauthorized ...
Dior Data Breach Exposes U.S. Customer Info in LVMH Vendor Attack
July 21, 2025
In this episode, we unpack the January 2025 data breach at Dior, the iconic luxury fashion house, which exposed sensitive personal information of U.S. customers—including ...
StrongestLayer Raises $5.2M to Fight AI-Powered Phishing with TRACE
July 21, 2025
In an era where generative AI is being used not just for productivity but for precision cybercrime, a San Francisco-based startup, StrongestLayer, is taking a ...
750,000 Records Exposed: Inside the TADTS Data Breach by BianLian
July 21, 2025
In July 2024, The Alcohol & Drug Testing Service (TADTS), a Texas-based company handling sensitive employment-related data, suffered a catastrophic data breach. Nearly 750,000 individuals ...
SS7 Is Still Broken: How Surveillance Firms Are Bypassing Telco Defenses
July 21, 2025
A new attack technique is exposing just how vulnerable global mobile networks remain in 2025. Cybersecurity firm Enea has discovered a surveillance operation that bypasses ...
Arch Linux Removes Malicious AUR Packages That Deployed Chaos RAT Malware
July 21, 2025
Arch Linux pulled three AUR packages after discovering they delivered Chaos RAT malware through a malicious GitHub script, compromising Linux systems via community-sourced PKGBUILD files. ...
New CrushFTP Zero-Day Exploit Enables Admin Access on Unpatched Servers
July 21, 2025
CrushFTP warns of an actively exploited zero-day vulnerability (CVE-2025-54309) allowing full admin access via web interface on unpatched servers running outdated builds.
Widespread Cyberattack Exploits Microsoft SharePoint Zero-Day, Hits U.S. Agencies and Global Targets
July 21, 2025
Hackers exploited a zero-day in Microsoft SharePoint, breaching U.S. agencies, global businesses, and universities before patches were issued. Some breaches include loss of critical data. ...
Weekly Cybersecurity Newsletter: 14th to 18th August
July 19, 2025
Explore our latest cybersecurity podcast episodes featuring ransomware attacks, phishing campaigns, corporate breaches, legal showdowns, and deep dives into evolving threats and digital defenses.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion