Main Menu
Cyber Security
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
News
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
Mitchell Langley January 28, 2026
A sophisticated phishing operation has emerged in Russia, deploying ransomware and Amnesia RAT through business-themed documents. Attackers ingeniously disguise malware as routine files, posing a ...
North Korean Hacker Group Deploys AI-Powered Malware Targeting Blockchain Developers
News
North Korean Hacker Group Deploys AI-Powered Malware Targeting Blockchain Developers
Gabby Lee January 28, 2026
The North Korean APT group known as Konni has refined its strategies by employing AI-driven malware to specifically target developers in the blockchain industry. This ...
Major Cyber Assault by Sandworm Against Poland's Grid Averted
Cybersecurity
Major Cyber Assault by Sandworm Against Poland’s Grid Averted
Gabby Lee January 28, 2026
In a significant report, Poland's energy minister disclosed an attempted cyber attack by Sandworm on the nation's power infrastructure. The offensive, deemed the most extensive ...
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
Microsoft has confirmed a coding error in the Outlook mobile app that may cause it to crash on iPad devices. The bug significantly impacts users ...
Emerging Threats Cloudflare WAF Bypass and Snap Store Malware
Cybersecurity
Emerging Threats: Cloudflare WAF Bypass and Snap Store Malware
Andrew Doyle January 28, 2026
Recent developments in cybersecurity reveal a Cloudflare WAF bypass, Cannonical's Snap Store malware, and the termination of Curl's bug bounty program. Explore how these issues ...
Fortinet's FortiCloud SSO Exploitation Raises Concerns Despite Patches
Cybersecurity
Fortinet’s FortiCloud SSO Exploitation Raises Concerns Despite Patches
Andrew Doyle January 28, 2026
Concerns have arisen following the recent identification of exploitation attempts targeting Fortinet's FortiCloud single sign-on (SSO) capabilities. Even though patches were released, attackers have leveraged ...
Automation in Cyberattacks A New Era for CISOs to Prepare For
Cybersecurity
Automation in Cyberattacks: A New Era for CISOs to Prepare For
Mitchell Langley January 28, 2026
Cybercriminals are on the brink of automating their attack workflows end-to-end. CISOs need to anticipate and prepare for these changes to effectively defend against increasingly ...
Malicious VSCode Extensions Infiltrate Marketplace
Application Security
Malicious VSCode Extensions Infiltrate Marketplace
Gabby Lee January 28, 2026
Two rogue extensions in Microsoft's Visual Studio Code (VSCode) Marketplace have been identified, accumulating 1.5 million installations. These extensions are designed to exfiltrate sensitive developer ...
New CISA Alert Active Exploitation of Critical Vulnerabilities in Enterprise Tools
Cybersecurity
New CISA Alert: Active Exploitation of Critical Vulnerabilities in Enterprise Tools
Gabby Lee January 28, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about the active exploitation of vulnerabilities in software from Versa, Zimbra, the Vite frontend ...
Venezuelan Nationals Convicted in ATM Jackpotting Scheme to Face Deportation
Cybersecurity
Venezuelan Nationals Convicted in ATM Jackpotting Scheme to Face Deportation
Andrew Doyle January 28, 2026
Two Venezuelan nationals convicted for an ATM jackpotting scheme will be deported after serving prison sentences. The scheme involved sophisticated cyber tactics to exploit ATM ...
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
Cybersecurity
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
Mitchell Langley January 28, 2026
ShinyHunters has taken credit for a phishing operation targeting Okta's platform, reportedly compromising Crunchbase and Betterment systems. This breach has potentially far-reaching consequences for security ...
Popular Curl Project Discontinues Bug Bounty Program due to Poor Quality Reports
Cybersecurity
Popular Curl Project Discontinues Bug Bounty Program due to Poor Quality Reports
Andrew Doyle January 28, 2026
Curl is terminating its bug bounty on HackerOne due to the burden of AI-generated reports. The increase in low-quality submissions has made managing the program ...
Click-Fraud Trojan Uses Machine Learning to Evade Detection
Cybersecurity
Click-Fraud Trojan Uses Machine Learning to Evade Detection
Mitchell Langley January 28, 2026
Researchers at Dr.Web have identified a new Android click-fraud trojan using TensorFlow.js for more advanced ad interactions, bypassing conventional script tactics.
FortiGate Firewalls Fall Victim to Security Breaches Despite Patches
Application Security
FortiGate Firewalls Fall Victim to Security Breaches Despite Patches
Gabby Lee January 28, 2026
Attackers are intruding into FortiGate firewalls by manipulating configurations and bypassing single sign-on protections. Administrators report persistent security issues, even after applying the latest security ...
SmarterMail Vulnerability Exploited to Reset Admin Passwords
Application Security
SmarterMail Vulnerability Exploited to Reset Admin Passwords
Andrew Doyle January 28, 2026
Attackers exploit a serious vulnerability (CVE-2026-23760) in SmarterMail, allowing malicious actors to bypass authentication and reset admin passwords.
Cybercriminals Exploit Microsoft SharePoint to Target Energy Sector
Application Security
Cybercriminals Exploit Microsoft SharePoint to Target Energy Sector
Andrew Doyle January 28, 2026
Microsoft SharePoint services are being manipulated by attackers targeting energy-sector companies. Harvesting credentials paves the way for control of corporate emails, after which phishing emails ...
Microsoft Enhances Teams With Fraud Protection Calling Safeguards in Focus
Application Security
Microsoft Enhances Teams With Fraud Protection: Calling Safeguards in Focus
Mitchell Langley January 28, 2026
Microsoft is rolling out new fraud protection features for Teams to combat external caller impersonation risks. Aimed at preventing social engineering attacks, these features will ...
New Advances in Page Cache Exploitation by Austrian Researchers
Cybersecurity
New Advances in Page Cache Exploitation by Austrian Researchers
Gabby Lee January 28, 2026
Researchers at Austria's Graz University have enhanced Linux page cache attack methods, significantly increasing execution speed. This revives concerns about the vulnerability, impacting Linux-based systems ...
NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat
Threat Actors
NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat
Andrew Doyle January 22, 2026
Decentralized pro-Russian hacktivist cells execute targeted DDoS campaigns across Europe, leveraging volunteer botnets and pre-announced attacks to disrupt governments, banks, and public services, aligning with ...
CVE Vulnerability Alert! CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
CVE Vulnerability Alerts
CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
Mitchell Langley January 22, 2026
CVE-2025-64671 enables remote code execution in GitHub Copilot for JetBrains through cross prompt injection, allowing attackers to manipulate AI-generated instructions within developer environments.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Mitchell Langley June 17, 2026
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
Gabby Lee June 17, 2026
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Mitchell Langley June 17, 2026
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle June 17, 2026

TOP CYBERSECURITY HEADLINES

Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps

This Week’s Security Spotlight

Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Mitchell Langley June 17, 2026
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
More In News
Trending
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Colt Cyberattack: Multi-Day Outages After WarLock Ransomware Exploited SharePoint Zero-Day
August 18, 2025
Podcasts
Workday Breach Tied to Third-Party CRM Hack in ShinyHunters Campaign
August 18, 2025
Podcasts
DOJ Brings Down Zeppelin Ransomware Operator, Seizes Millions in Crypto
August 18, 2025

Cyber Security News

Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
May 21, 2026
Application Security
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
May 21, 2026
Application Security
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
May 21, 2026
Cybersecurity
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
May 21, 2026
CVE Vulnerability Alerts
CVE-2026-46333: Linux Kernel Flaw Grants Root via ssh-keysign
May 21, 2026
CVE Vulnerability Alerts
CISA Adds Two Exploited Microsoft Defender Zero-Days to KEV
May 21, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
January 28, 2026
Microsoft has confirmed a coding error in the Outlook mobile app that may cause it to crash on iPad devices. The bug significantly impacts users ...
Emerging Threats: Cloudflare WAF Bypass and Snap Store Malware
January 28, 2026
Recent developments in cybersecurity reveal a Cloudflare WAF bypass, Cannonical's Snap Store malware, and the termination of Curl's bug bounty program. Explore how these issues ...
Fortinet’s FortiCloud SSO Exploitation Raises Concerns Despite Patches
January 28, 2026
Concerns have arisen following the recent identification of exploitation attempts targeting Fortinet's FortiCloud single sign-on (SSO) capabilities. Even though patches were released, attackers have leveraged ...
Automation in Cyberattacks: A New Era for CISOs to Prepare For
January 28, 2026
Cybercriminals are on the brink of automating their attack workflows end-to-end. CISOs need to anticipate and prepare for these changes to effectively defend against increasingly ...
Malicious VSCode Extensions Infiltrate Marketplace
January 28, 2026
Two rogue extensions in Microsoft's Visual Studio Code (VSCode) Marketplace have been identified, accumulating 1.5 million installations. These extensions are designed to exfiltrate sensitive developer ...
New CISA Alert: Active Exploitation of Critical Vulnerabilities in Enterprise Tools
January 28, 2026
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about the active exploitation of vulnerabilities in software from Versa, Zimbra, the Vite frontend ...
Venezuelan Nationals Convicted in ATM Jackpotting Scheme to Face Deportation
January 28, 2026
Two Venezuelan nationals convicted for an ATM jackpotting scheme will be deported after serving prison sentences. The scheme involved sophisticated cyber tactics to exploit ATM ...
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
January 28, 2026
ShinyHunters has taken credit for a phishing operation targeting Okta's platform, reportedly compromising Crunchbase and Betterment systems. This breach has potentially far-reaching consequences for security ...
Popular Curl Project Discontinues Bug Bounty Program due to Poor Quality Reports
January 28, 2026
Curl is terminating its bug bounty on HackerOne due to the burden of AI-generated reports. The increase in low-quality submissions has made managing the program ...
Click-Fraud Trojan Uses Machine Learning to Evade Detection
January 28, 2026
Researchers at Dr.Web have identified a new Android click-fraud trojan using TensorFlow.js for more advanced ad interactions, bypassing conventional script tactics.
FortiGate Firewalls Fall Victim to Security Breaches Despite Patches
January 28, 2026
Attackers are intruding into FortiGate firewalls by manipulating configurations and bypassing single sign-on protections. Administrators report persistent security issues, even after applying the latest security ...
SmarterMail Vulnerability Exploited to Reset Admin Passwords
January 28, 2026
Attackers exploit a serious vulnerability (CVE-2026-23760) in SmarterMail, allowing malicious actors to bypass authentication and reset admin passwords.
Cybercriminals Exploit Microsoft SharePoint to Target Energy Sector
January 28, 2026
Microsoft SharePoint services are being manipulated by attackers targeting energy-sector companies. Harvesting credentials paves the way for control of corporate emails, after which phishing emails ...
Microsoft Enhances Teams With Fraud Protection: Calling Safeguards in Focus
January 28, 2026
Microsoft is rolling out new fraud protection features for Teams to combat external caller impersonation risks. Aimed at preventing social engineering attacks, these features will ...
New Advances in Page Cache Exploitation by Austrian Researchers
January 28, 2026
Researchers at Austria's Graz University have enhanced Linux page cache attack methods, significantly increasing execution speed. This revives concerns about the vulnerability, impacting Linux-based systems ...
NoName057(16) Splinter Cells: Europe’s Volunteer DDoS Threat
January 22, 2026
Decentralized pro-Russian hacktivist cells execute targeted DDoS campaigns across Europe, leveraging volunteer botnets and pre-announced attacks to disrupt governments, banks, and public services, aligning with ...
CVE-2025-14765 & CVE-2025-14766 – Microsoft Edge Remote Code Execution
January 22, 2026
CVE-2025-64671 enables remote code execution in GitHub Copilot for JetBrains through cross prompt injection, allowing attackers to manipulate AI-generated instructions within developer environments.
VMware Carbon Black Review: Advanced Endpoint Detection and Response
January 22, 2026
VMware Carbon Black is an enterprise-class security platform designed to deliver continuous visibility, behavioral analytics, and real-time detection and response across large fleets of endpoints. ...
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
January 22, 2026
Misconfigured security training apps are increasingly targeted by threat actors, leading to cloud breaches in major organizations. As training apps are widely used, this new ...
aiFWall Launches to Elevate AI Protection in Cyber Security
January 22, 2026
aiFWall, a company that has recently come out of stealth mode, has introduced a groundbreaking AI-powered firewall technology. Designed specifically to enhance the protection of ...
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach