Main Menu
Cyber Security
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
FleetWave Users Left Without Service After Chevin Takes Platform Offline
Authorities Crack a $45 Million Global Cryptocurrency Scam and Recover $12 Million
EngageLab SDK Vulnerability Threatens Millions of Android Cryptocurrency Wallets
Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs
Smart Slider 3 Pro Plugin Update System Was Hijacked to Push Backdoored Versions
Covert PDF Exploitation: Hackers Use Adobe Acrobat Reader for Targeted Payload Delivery
Stolen Credentials Are Turning Authentication Systems Into Attack Surfaces
Microsoft’s Communication Breakdown Leaves Developers Locked Out Without Warning
Google Enhances Chrome Security with Device Bound Session Credentials
New Bypass Technique Bypasses Apple’s AI Safeguards
ChipSoft’s Website Goes Offline After Ransomware Attack While Email Stays Operational
Telehealth Company Hims & Hers Health Discloses Data Breach Involving Support Tickets
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat
Docker Engine Vulnerability CVE-2026-34040 Allows Attackers to Bypass Authorization
Iranian Hackers Target U.S. Critical Infrastructure via Rockwell PLCs
Russia-linked APT28 Exploits Routers in Wide-ranging Espionage Campaign
Anthropic’s Claude Mythos Could Protect Critical Software — or Power the Next Wave of Cyberattacks
Trent AI Emerges From Stealth With $13 Million in Funding
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Automated Pentesting Tools Fall Short Past the “PoC Cliff”
Critical Flowise Vulnerability Puts Systems at Risk of Code Execution
Exchange Online Mailbox Access Issues Impact Outlook Users
Shadow AI and Zero-Click Exploits Are Reshaping Mobile Security Threats
Third-Party Vendors Are the New Breach Vector Organizations Should Fear
Critical ShareFile Flaws Open the Door to Unauthenticated RCE
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Application Security
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Andrew Doyle November 21, 2025
A vulnerability in WhatsApp's contact discovery protocol exposed the risk of mass account enumeration, allowing attackers to confirm up to 3.5 billion accounts.
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Cybersecurity
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Gabby Lee November 21, 2025
The U.S. Securities and Exchange Commission has ended its litigation against SolarWinds and its CISO, closing a controversial chapter stemming from the 2020 SUNBURST attack.
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Cybersecurity
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Andrew Doyle November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat Palo Alto Networks CEO Predicts Security Overhaul by 2029
Cybersecurity
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Mitchell Langley November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
News
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
Andrew Doyle November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Cybersecurity
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Mitchell Langley November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
News
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
Gabby Lee November 21, 2025
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
News
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
Andrew Doyle November 21, 2025
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Application Security
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Mitchell Langley November 21, 2025
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
News
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Andrew Doyle November 21, 2025
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Cybersecurity
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Gabby Lee November 21, 2025
Cybersecurity startup Mate has emerged from stealth with a $15.5M seed round to accelerate its enterprise-focused cloud security platform. The company plans to expand engineering, ...
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Cybersecurity
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Mitchell Langley November 21, 2025
Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
News
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
Andrew Doyle November 21, 2025
Amazon’s threat intelligence team has linked Iranian state-backed hackers to cyber intrusions that directly supported physical military operations. The findings show Tehran merging digital espionage ...
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Cybersecurity
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Gabby Lee November 21, 2025
The U.S., U.K., and Australia have jointly sanctioned Russian nationals Aleksandr Ermakov and Aleksandr Rakitin, along with several bulletproof hosting providers, for enabling ransomware groups ...
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
Endpoint Security
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
Andrew Doyle November 21, 2025
Operation WrtHug is hijacking tens of thousands of outdated ASUS routers worldwide by exploiting old firmware flaws and default credentials. The botnet is growing rapidly, ...
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
Application Security
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
Mitchell Langley November 21, 2025
A new campaign in Brazil hijacks WhatsApp accounts to spread the Eternidade Stealer banking trojan. Attackers use trusted contacts to deliver malicious files, enabling credential ...
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
Application Security
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
Mitchell Langley November 21, 2025
A critical flaw in the W3 Total Cache plugin allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious payloads into WordPress comments. With ...
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
CVE Vulnerability Alerts
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
Andrew Doyle November 21, 2025
A newly disclosed 7-Zip vulnerability, CVE-2025-11001, is being actively exploited, allowing remote code execution through malicious archive files. NHS England warns organizations to urgently update ...
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Cybersecurity
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Gabby Lee November 21, 2025
Provincial investigations found Canadian school boards unprepared for a 2024 PowerSchool cyberattack, affecting 5.2 million people and revealing inadequate breach response and oversight protocols.
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Application Security
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Mitchell Langley November 19, 2025
Microsoft is adding a false-positive reporting feature to Teams, allowing users to flag messages incorrectly quarantined by Defender for Office 365. The feedback will help ...
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Cybersecurity
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Mitchell Langley April 10, 2026
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Cybersecurity
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Gabby Lee April 10, 2026
Chaos Malware Expands Its Reach to Cloud Deployments
Cybersecurity
Chaos Malware Expands Its Reach to Cloud Deployments
Gabby Lee April 10, 2026
Qilin Ransomware Group Targets German Political Party Die Linke
News
Qilin Ransomware Group Targets German Political Party Die Linke
Mitchell Langley April 7, 2026

TOP CYBERSECURITY HEADLINES

Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
Cybersecurity
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Application Security
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
Cybersecurity
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Cybersecurity
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking

This Week’s Security Spotlight

New Bypass Technique Bypasses Apple's AI Safeguards
Application Security
New Bypass Technique Bypasses Apple’s AI Safeguards
Gabby Lee April 10, 2026
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Cybersecurity
Android Security Update Patches Severe StrongBox and Framework Vulnerabilities
Mitchell Langley April 8, 2026
Bogus Traffic Violation Text Scam Targeting Americans
News
Bogus Traffic Violation Text Scam Targeting Americans
Andrew Doyle April 7, 2026
Apple Rolls Out DarkSword Exploit Protection to More Devices
Cybersecurity
Apple Rolls Out DarkSword Exploit Protection to More Devices
Mitchell Langley April 3, 2026
More In News
Trending
Bogus Traffic Violation Text Scam Targeting Americans
EvilTokens Kit Uses Device Code Phishing to Target Microsoft Accounts
Ukrainian CERT Impersonated in Phishing Campaign Distributing AGEWHEEZE
New Phishing Techniques Threaten TikTok Business Account Security

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
U.S. Sanctions Grinex, the Russian Crypto Exchange Born from Garantex’s Ashes
August 15, 2025
Podcasts
Canadian House of Commons Breach Tied to Microsoft SharePoint Zero-Day
August 15, 2025
Podcasts
Norwegian Authorities Blame Pro-Russian Hackers for Critical Infrastructure Breach
August 15, 2025

Cyber Security News

Cybercriminals Leverage Identity Abuse and SaaS Compromise in Supply Chain Attacks
Cybersecurity
Cybercriminals Leverage Identity Abuse and SaaS Compromise in Supply Chain Attacks
February 17, 2026
Apple Addresses Critical Zero-Day Exploit in Latest iOS Patch
Cybersecurity
Apple Addresses Critical Zero-Day Exploit in Latest iOS Patch
February 17, 2026
Infostealer Malware Targets macOS Users Through Deceptive ClickFix Campaigns
Cybersecurity
Infostealer Malware Targets macOS Users Through Deceptive ClickFix Campaigns
February 17, 2026
CISA Mandates Immediate Patch for Critical Vulnerability in Microsoft Configuration Manager
Cybersecurity
CISA Mandates Immediate Patch for Critical Vulnerability in Microsoft Configuration Manager
February 17, 2026
Microsoft Configuration Manager SQL Injection Alert
Application Security
Microsoft Configuration Manager SQL Injection Alert
February 17, 2026
Major Breach at Dutch Mobile Network Operator Exposes Sensitive Customer Data
Cybersecurity
Major Breach at Dutch Mobile Network Operator Exposes Sensitive Customer Data
February 17, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
November 21, 2025
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
November 21, 2025
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
November 21, 2025
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
November 21, 2025
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
November 21, 2025
Cybersecurity startup Mate has emerged from stealth with a $15.5M seed round to accelerate its enterprise-focused cloud security platform. The company plans to expand engineering, ...
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
November 21, 2025
Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
November 21, 2025
Amazon’s threat intelligence team has linked Iranian state-backed hackers to cyber intrusions that directly supported physical military operations. The findings show Tehran merging digital espionage ...
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
November 21, 2025
The U.S., U.K., and Australia have jointly sanctioned Russian nationals Aleksandr Ermakov and Aleksandr Rakitin, along with several bulletproof hosting providers, for enabling ransomware groups ...
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
November 21, 2025
Operation WrtHug is hijacking tens of thousands of outdated ASUS routers worldwide by exploiting old firmware flaws and default credentials. The botnet is growing rapidly, ...
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
November 21, 2025
A new campaign in Brazil hijacks WhatsApp accounts to spread the Eternidade Stealer banking trojan. Attackers use trusted contacts to deliver malicious files, enabling credential ...
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
November 21, 2025
A critical flaw in the W3 Total Cache plugin allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious payloads into WordPress comments. With ...
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
November 21, 2025
A newly disclosed 7-Zip vulnerability, CVE-2025-11001, is being actively exploited, allowing remote code execution through malicious archive files. NHS England warns organizations to urgently update ...
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
November 21, 2025
Provincial investigations found Canadian school boards unprepared for a 2024 PowerSchool cyberattack, affecting 5.2 million people and revealing inadequate breach response and oversight protocols.
Microsoft Adds False-Positive Reporting to Teams Security Alerts
November 19, 2025
Microsoft is adding a false-positive reporting feature to Teams, allowing users to flag messages incorrectly quarantined by Defender for Office 365. The feedback will help ...
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
November 19, 2025
Microsoft is bringing one of its most widely-used threat detection tools, Sysmon (System Monitor), into the Windows operating system itself—removing the need for administrators to ...
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
November 19, 2025
The U.S. is preparing to expand offensive cyber operations in response to escalating nation-state attacks, according to National Cyber Director Sean Cairncross. While timelines remain ...
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
FleetWave Users Left Without Service After Chevin Takes Platform Offline
Authorities Crack a $45 Million Global Cryptocurrency Scam and Recover $12 Million
EngageLab SDK Vulnerability Threatens Millions of Android Cryptocurrency Wallets
Newly Discovered UAT-10362 Threat Cluster Aims at Taiwanese NGOs
New Extortion Crew Uses Phishing to Breach High-Value Corporations
Smart Slider 3 Pro Plugin Update System Was Hijacked to Push Backdoored Versions
Covert PDF Exploitation: Hackers Use Adobe Acrobat Reader for Targeted Payload Delivery
Stolen Credentials Are Turning Authentication Systems Into Attack Surfaces
Microsoft’s Communication Breakdown Leaves Developers Locked Out Without Warning
Google Enhances Chrome Security with Device Bound Session Credentials
New Bypass Technique Bypasses Apple’s AI Safeguards
ChipSoft’s Website Goes Offline After Ransomware Attack While Email Stays Operational
Telehealth Company Hims & Hers Health Discloses Data Breach Involving Support Tickets
Data Theft Incidents Escalate as SaaS Integration Provider Suffers Major Breach
CrystalX RAT Emerges as a Sophisticated Malware-as-a-Service Threat