Cyber Security
Cybersecurity
Latest Charges Amplify Indictments Against Alleged Tren de Aragua Members
A Venezuelan gang, labeled a ruthless terrorist organization by U.S. officials, faces charges for deploying malware on ATMs. This cyber attack strategy allowed the gang ...
Cybersecurity
Vulnerabilities in SonicWall Remote-Access Appliance Threaten Security
SonicWall urges users to patch a critical zero-day vulnerability in its SMA 1000 remote-access appliance. This flaw allows attackers to escalate privileges and potentially seize ...
Endpoint Security
UEFI Vulnerability Exposes Major Motherboards to Early-Boot Attacks
A critical Unified Extensible Firmware Interface (UEFI) vulnerability has been identified in major motherboard brands like ASRock, Asus, Gigabyte, and MSI. This flaw potentially opens ...
Identity and Access Management
NIS2 Directive Enhances Identity and Access Control Standards
The NIS2 Directive places heightened emphasis on identity and access controls, turning weak passwords and inadequate authentication into compliance risks. Specops Software advises on aligning ...
News
Phishing Attacks by Operation ForumTroll in Russia: A Closer Look at October 2025 Campaign
In October 2025, new phishing attacks by Operation ForumTroll targeted individuals within Russia, shifting focus from organizations previously attacked in spring.
Cybersecurity
NATO’s Digital Backbone Efforts: Winning the Information War
NATO focuses on developing sovereign cloud-based technologies to secure its operations. The alliance is in a race to build a robust digital infrastructure that can ...
Application Security
Microsoft Folder Permission Changes Lead to Queue Failures and Erroneous Error Messages
Microsoft’s recent update to folder permissions in older Windows versions has led to unexpected queue failures caused by the misleading error messages produced. Despite organizations ...
![Russian Hackers Target UKR[.]net in Credential-Stealing Campaign](https://dailysecurityreview.com/wp-content/uploads/2025/12/Russian-Hackers-Target-UKR.net-in-Credential-Stealing-Campaign.png)
Cybersecurity
Russian Hackers Target UKR[.]net in Credential-Stealing Campaign
APT28, a Russian state-sponsored threat actor, has launched a persistent credential-harvesting operation against users of UK's UKR[.]net service. The activity was tracked by Recorded Future's ...
Cybersecurity
ByBit Hack Amplifies North Korean Crypto Theft Surge
North Korean hackers have escalated their cryptocurrency thefts, accumulating over $2 billion in 2025 alone. Recent attacks target platforms like ByBit, showcasing sophisticated techniques and ...
Cybersecurity
Law Enforcement Shuts Down E-Note Exchange for Money Laundering
Law enforcement successfully seized E-Note cryptocurrency exchange servers and domains, suspected of laundering over $70 million for cybercriminals. Authorities believe E-Note was a key tool ...
Cybersecurity
LongNosedGoblin: A New Threat from China Targets Southeast Asia and Japan
ESET reports the emergence of LongNosedGoblin, an uncharted threat targeting governmental bodies in Southeast Asia and Japan since September 2023. The group's focus is cyber ...
Application Security
Sophisticated Cybercrime Campaign Targets VPN Vulnerabilities
Cybercriminals are exploiting vulnerabilities in VPN platforms such as Palo Alto Networks GlobalProtect and Cisco SSL VPN using automated campaigns. These attacks focus on credential-based ...
Application Security
Study Finds Built-in Browsers Across Gadgets Often Ship Years Out of Date
Devices like game consoles and cars often come with embedded browsers that do not receive frequent updates. This negligence can open doors to significant security ...
Data Security
Data Breach at University of Sydney Reveals Sensitive Information
Hackers infiltrated the University of Sydney's online repository, compromising the personal information of staff and students. The breach underscores prevalent cybersecurity challenges in educational institutions, ...
Application Security
Cryptocurrency Thieves Exploit AWS: Mining Operations in Just Ten Minutes
Cryptocurrency thieves are exploiting stolen Amazon Web Services (AWS) account credentials to mine coins, using victims' Elastic Container Service (ECS) and Elastic Compute Cloud (EC2) ...
Cybersecurity
Surge in Illicit Activities: Criminal Use of DIG AI on Tor Network Increases in Q4 2025
Resecurity reports reveal a Q4 2025 surge in the use of DIG AI among cybercriminals on the Tor network. This development poses significant challenges to ...
Application Security
GhostPairing Campaign Hijacks WhatsApp Accounts via Device-Linking Feature
Cybercriminals are exploiting WhatsApp's device-linking feature to hijack accounts, a campaign known as GhostPairing. This method involves abusing pairing codes to gain control over unsuspecting ...
Cybersecurity
FTC Demands Accountability in Illusory Systems Cybersecurity Breach Case
The FTC has proposed a settlement agreement requiring Illusory Systems to repay users for funds lost in a 2022 cyberattack. This regulatory action highlights increased ...
News
Clop Ransomware Gang Targets Gladinet CentreStack in Data Extortion Attack
The Clop ransomware group is targeting Gladinet CentreStack file servers, focusing on systems vulnerable due to internet exposure. This campaign jeopardizes data security, emphasizing the ...
Cybersecurity
French Prosecutors Investigate Cyberattack on GNV Ferry “Fantastic”
French prosecutors are probing a potential cyberattack on the GNV ferry Fantastic, which raises the alarm for remote hijacking threats. The ferry, which operates between ...
Cybersecurity
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
TOP CYBERSECURITY HEADLINES
Cybersecurity
Deleted Google API Keys Stay Active for Up to 23 Minutes
Application Security
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Cybersecurity
Texas AG Sues Meta Over WhatsApp Encryption Claims
This Week’s Security Spotlight
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
NIS2 Directive Enhances Identity and Access Control Standards
The NIS2 Directive places heightened emphasis on identity and access controls, turning weak passwords and inadequate authentication into compliance risks. Specops Software advises on aligning ...
Phishing Attacks by Operation ForumTroll in Russia: A Closer Look at October 2025 Campaign
In October 2025, new phishing attacks by Operation ForumTroll targeted individuals within Russia, shifting focus from organizations previously attacked in spring.
NATO’s Digital Backbone Efforts: Winning the Information War
NATO focuses on developing sovereign cloud-based technologies to secure its operations. The alliance is in a race to build a robust digital infrastructure that can ...
Microsoft Folder Permission Changes Lead to Queue Failures and Erroneous Error Messages
Microsoft’s recent update to folder permissions in older Windows versions has led to unexpected queue failures caused by the misleading error messages produced. Despite organizations ...
Russian Hackers Target UKR[.]net in Credential-Stealing Campaign
APT28, a Russian state-sponsored threat actor, has launched a persistent credential-harvesting operation against users of UK's UKR[.]net service. The activity was tracked by Recorded Future's ...
ByBit Hack Amplifies North Korean Crypto Theft Surge
North Korean hackers have escalated their cryptocurrency thefts, accumulating over $2 billion in 2025 alone. Recent attacks target platforms like ByBit, showcasing sophisticated techniques and ...
Law Enforcement Shuts Down E-Note Exchange for Money Laundering
Law enforcement successfully seized E-Note cryptocurrency exchange servers and domains, suspected of laundering over $70 million for cybercriminals. Authorities believe E-Note was a key tool ...
LongNosedGoblin: A New Threat from China Targets Southeast Asia and Japan
ESET reports the emergence of LongNosedGoblin, an uncharted threat targeting governmental bodies in Southeast Asia and Japan since September 2023. The group's focus is cyber ...
Sophisticated Cybercrime Campaign Targets VPN Vulnerabilities
Cybercriminals are exploiting vulnerabilities in VPN platforms such as Palo Alto Networks GlobalProtect and Cisco SSL VPN using automated campaigns. These attacks focus on credential-based ...
Study Finds Built-in Browsers Across Gadgets Often Ship Years Out of Date
Devices like game consoles and cars often come with embedded browsers that do not receive frequent updates. This negligence can open doors to significant security ...
Data Breach at University of Sydney Reveals Sensitive Information
Hackers infiltrated the University of Sydney's online repository, compromising the personal information of staff and students. The breach underscores prevalent cybersecurity challenges in educational institutions, ...
Cryptocurrency Thieves Exploit AWS: Mining Operations in Just Ten Minutes
Cryptocurrency thieves are exploiting stolen Amazon Web Services (AWS) account credentials to mine coins, using victims' Elastic Container Service (ECS) and Elastic Compute Cloud (EC2) ...
Surge in Illicit Activities: Criminal Use of DIG AI on Tor Network Increases in Q4 2025
Resecurity reports reveal a Q4 2025 surge in the use of DIG AI among cybercriminals on the Tor network. This development poses significant challenges to ...
GhostPairing Campaign Hijacks WhatsApp Accounts via Device-Linking Feature
Cybercriminals are exploiting WhatsApp's device-linking feature to hijack accounts, a campaign known as GhostPairing. This method involves abusing pairing codes to gain control over unsuspecting ...
FTC Demands Accountability in Illusory Systems Cybersecurity Breach Case
The FTC has proposed a settlement agreement requiring Illusory Systems to repay users for funds lost in a 2022 cyberattack. This regulatory action highlights increased ...
Clop Ransomware Gang Targets Gladinet CentreStack in Data Extortion Attack
The Clop ransomware group is targeting Gladinet CentreStack file servers, focusing on systems vulnerable due to internet exposure. This campaign jeopardizes data security, emphasizing the ...
French Prosecutors Investigate Cyberattack on GNV Ferry “Fantastic”
French prosecutors are probing a potential cyberattack on the GNV ferry Fantastic, which raises the alarm for remote hijacking threats. The ferry, which operates between ...
Cisco Identifies Exploited Zero-Day Vulnerability in Email Gateway Systems
Cisco issued a warning regarding an unpatched zero-day vulnerability, identified as CVE-2023-20198, in its AsyncOS system, impacting Secure Email Gateway (SEG) and Secure Email and ...
Windows 11 Security Updates Interrupt Enterprise VPN Connectivity
Businesses using Windows Subsystem for Linux (WSL) on Windows 11 face VPN issues after Microsoft’s latest security updates. Learn about potential workarounds.
Echo Secures $35 Million Series A Funding to Advance Cybersecurity Tools
In a strategic move to enhance its cybersecurity platform, Echo has successfully raised $35 million in Series A funding. This milestone comes shortly after its ...