Main Menu
Cyber Security
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
VMware Carbon Black Review Advanced Endpoint Detection and Response
Product Reviews
VMware Carbon Black Review: Advanced Endpoint Detection and Response
Gabby Lee January 22, 2026
VMware Carbon Black is an enterprise-class security platform designed to deliver continuous visibility, behavioral analytics, and real-time detection and response ...
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Cybersecurity
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Mitchell Langley January 22, 2026
Misconfigured security training apps are increasingly targeted by threat actors, leading to cloud breaches in major organizations. As training apps are widely used, this new ...
aiFWall Launches to Elevate AI Protection in Cyber Security
Application Security
aiFWall Launches to Elevate AI Protection in Cyber Security
Andrew Doyle January 22, 2026
aiFWall, a company that has recently come out of stealth mode, has introduced a groundbreaking AI-powered firewall technology. Designed specifically to enhance the protection of ...
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Application Security
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Gabby Lee January 22, 2026
After the recent Windows security updates, Outlook users have reported system freezes. Microsoft has now offered a workaround to mitigate this impact, allowing users to ...
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
Cybersecurity
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
Andrew Doyle January 22, 2026
Cloudflare patched a vulnerability in its ACME validation mechanism. The issue involved handling requests to the "/.well-known/acme-challenge/" directory, posing security risks.
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Cybersecurity
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Mitchell Langley January 22, 2026
CyberNut has secured $5 million in growth capital, building upon the initial $800k pre-seed funding. This investment is aimed at advancing its cybersecurity platform's capabilities, ...
Contagious Interview Campaign Targets Multiple Sectors Worldwide
News
Contagious Interview Campaign Targets Multiple Sectors Worldwide
Mitchell Langley January 22, 2026
The Contagious Interview cyber campaign targets multiple sectors worldwide, impacting IP addresses and organizations in AI, finance, and other industries.
Zoom's Critical Security Update Resolves Severe Vulnerability
CVE Vulnerability Alerts
Zoom’s Critical Security Update Resolves Severe Vulnerability
Mitchell Langley January 22, 2026
Zoom released a critical security update addressing CVE-2026-22844, a severe vulnerability that could facilitate remote code execution. With a CVSS score of 9.9, this flaw ...
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Application Security
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Andrew Doyle January 22, 2026
Zoom has fixed a critical flaw in its Node Multimedia Routers, while GitLab tackles multiple vulnerabilities, some allowing remote code execution. Security updates are essential ...
Under Armour Account Breach 72.7 Million Accounts Impacted
Data Security
Under Armour Account Breach: 72.7 Million Accounts Impacted
Gabby Lee January 22, 2026
Under Armour experiences a major security incident, with personal information of 72.7 million accounts potentially exposed due to an alleged ransomware attack.
PcComponentes Faces Credential Stuffing Attack Denies Data Breach Claims
Cybersecurity
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
Gabby Lee January 22, 2026
PcComponentes, a leading technology retailer in Spain, has experienced a credential stuffing attack, refuting claims of a 16 million-user data breach. The attack highlights vulnerabilities ...
LastPass Users Targeted by Deceptive Phishing Campaign
News
LastPass Users Targeted by Deceptive Phishing Campaign
Mitchell Langley January 22, 2026
LastPass issues an alert about a phishing scheme cloaked as a maintenance notice, coercing users into a counterfeit data vault backup. Threat actors exploit trust, ...
Cybercriminals Exploit Social Media Messages for Malicious Payloads
News
Cybercriminals Exploit Social Media Messages for Malicious Payloads
Gabby Lee January 22, 2026
A novel phishing campaign leverages private messages on social media platforms to deliver payloads, aided by Dynamic Link Library sideloading.
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
Application Security
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
Andrew Doyle January 22, 2026
Three significant vulnerabilities have emerged in mcp-server-git, enabling potential exploitation through prompt injection. Attackers could manipulate an AI assistant to access or delete files and ...
Serious Bugs in Chainlit Could Expose Sensitive Credentials
Cybersecurity
Serious Bugs in Chainlit Could Expose Sensitive Credentials
Mitchell Langley January 22, 2026
Security flaws in Chainlit software can risk unauthorized exposure of sensitive information. Experts signal that misuse can lead to leaked credentials and databases.
Google Gemini's Vulnerability to Prompt Injection Accessing Sensitive Calendar Information
Cybersecurity
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
Gabby Lee January 22, 2026
Researchers demonstrated how Google's AI, Gemini, could be tricked into revealing confidential Calendar data through prompt injection. This technique involves manipulating the AI into bypassing ...
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
Cybersecurity
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
Mitchell Langley January 20, 2026
Learn about the SolyxImmortal information stealer, which exploits legitimate APIs to siphon data to Discord. This novel threat is targeting secure communications, leveraging trusted channels ...
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Application Security
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Gabby Lee January 20, 2026
Cybersecurity experts have identified a flaw in Google Gemini that exploits indirect prompt injection to manipulate Google Calendar for unauthorized data access.
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
Cybersecurity
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
Andrew Doyle January 20, 2026
The defendant in a US court admitted selling unauthorized access to compromised enterprise networks. This operation involved an undercover agent, revealing how access brokers monetize ...
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
News
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
Andrew Doyle January 20, 2026
In a ransomware attack, Ingram Micro revealed a significant data breach impacting approximately 42,000 individuals. Compromised information includes names, birth dates, Social Security Numbers, and ...
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Mitchell Langley June 17, 2026
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
Gabby Lee June 17, 2026
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Mitchell Langley June 17, 2026
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle June 17, 2026

TOP CYBERSECURITY HEADLINES

Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps

This Week’s Security Spotlight

Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Mitchell Langley June 17, 2026
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
More In News
Trending
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
U.S. Sanctions Grinex, the Russian Crypto Exchange Born from Garantex’s Ashes
August 15, 2025
Podcasts
Canadian House of Commons Breach Tied to Microsoft SharePoint Zero-Day
August 15, 2025
Podcasts
Norwegian Authorities Blame Pro-Russian Hackers for Critical Infrastructure Breach
August 15, 2025

Cyber Security News

Cybersecurity
Ukraine IDs 18-Year-Old Who Stole 28,000 Accounts, $721K
May 21, 2026
CVE Vulnerability Alerts
SonicWall Gen6 MFA Bypass CVE-2024-12802 Left Open by Incomplete Patch
May 21, 2026
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
Cybersecurity
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
May 20, 2026
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
CVE Vulnerability Alerts
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
May 20, 2026
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
Application Security
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
May 20, 2026
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
May 20, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
January 22, 2026
After the recent Windows security updates, Outlook users have reported system freezes. Microsoft has now offered a workaround to mitigate this impact, allowing users to ...
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
January 22, 2026
Cloudflare patched a vulnerability in its ACME validation mechanism. The issue involved handling requests to the "/.well-known/acme-challenge/" directory, posing security risks.
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
January 22, 2026
CyberNut has secured $5 million in growth capital, building upon the initial $800k pre-seed funding. This investment is aimed at advancing its cybersecurity platform's capabilities, ...
Contagious Interview Campaign Targets Multiple Sectors Worldwide
January 22, 2026
The Contagious Interview cyber campaign targets multiple sectors worldwide, impacting IP addresses and organizations in AI, finance, and other industries.
Zoom’s Critical Security Update Resolves Severe Vulnerability
January 22, 2026
Zoom released a critical security update addressing CVE-2026-22844, a severe vulnerability that could facilitate remote code execution. With a CVSS score of 9.9, this flaw ...
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
January 22, 2026
Zoom has fixed a critical flaw in its Node Multimedia Routers, while GitLab tackles multiple vulnerabilities, some allowing remote code execution. Security updates are essential ...
Under Armour Account Breach: 72.7 Million Accounts Impacted
January 22, 2026
Under Armour experiences a major security incident, with personal information of 72.7 million accounts potentially exposed due to an alleged ransomware attack.
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
January 22, 2026
PcComponentes, a leading technology retailer in Spain, has experienced a credential stuffing attack, refuting claims of a 16 million-user data breach. The attack highlights vulnerabilities ...
LastPass Users Targeted by Deceptive Phishing Campaign
January 22, 2026
LastPass issues an alert about a phishing scheme cloaked as a maintenance notice, coercing users into a counterfeit data vault backup. Threat actors exploit trust, ...
Cybercriminals Exploit Social Media Messages for Malicious Payloads
January 22, 2026
A novel phishing campaign leverages private messages on social media platforms to deliver payloads, aided by Dynamic Link Library sideloading.
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
January 22, 2026
Three significant vulnerabilities have emerged in mcp-server-git, enabling potential exploitation through prompt injection. Attackers could manipulate an AI assistant to access or delete files and ...
Serious Bugs in Chainlit Could Expose Sensitive Credentials
January 22, 2026
Security flaws in Chainlit software can risk unauthorized exposure of sensitive information. Experts signal that misuse can lead to leaked credentials and databases.
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
January 22, 2026
Researchers demonstrated how Google's AI, Gemini, could be tricked into revealing confidential Calendar data through prompt injection. This technique involves manipulating the AI into bypassing ...
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
January 20, 2026
Learn about the SolyxImmortal information stealer, which exploits legitimate APIs to siphon data to Discord. This novel threat is targeting secure communications, leveraging trusted channels ...
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
January 20, 2026
Cybersecurity experts have identified a flaw in Google Gemini that exploits indirect prompt injection to manipulate Google Calendar for unauthorized data access.
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
January 20, 2026
The defendant in a US court admitted selling unauthorized access to compromised enterprise networks. This operation involved an undercover agent, revealing how access brokers monetize ...
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
January 20, 2026
In a ransomware attack, Ingram Micro revealed a significant data breach impacting approximately 42,000 individuals. Compromised information includes names, birth dates, Social Security Numbers, and ...
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats
January 20, 2026
U.K. authorities caution against Russian-aligned hacktivists launching disruptive DDoS attacks. The focus is on critical infrastructure and local government services. This has raised significant cybersecurity ...
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
January 20, 2026
A critical security flaw in TP-Link’s VIGI cameras has been patched, following discovery by a researcher of over 2,500 vulnerable, internet-exposed devices. The flaw allowed ...
Google Chrome Introduces Option to Delete Local AI Models
January 19, 2026
Google's Chrome browser introduces a new feature enabling users to delete local AI models linked to its Enhanced Protection feature. This change offers users greater ...
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach