Main Menu
Cyber Security
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Surf AI Raises $57 Million for Its Agentic Security Operations Platform
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Tech and Retail Giants Sign Global Pact to Combat Online Scams and Fraud
Tech Giants Invest $12.5 Million in Open Source Software Security
Ongoing Python Package Attack Uses Stolen GitHub Tokens
Stryker’s Internal Microsoft Environment Was Breached Last Week
DRILLAPP Backdoor Campaign Targets Ukrainian Organizations With Edge Debugging Abuse
New Malware Tactics Take Aim at Windows, iOS, and Linux Users
Companies House Restores WebFiling Service After Security Flaw Exposed Corporate Data
How AI Is Making Financial Fraud 4.5 Times More Profitable
Ongoing Exchange Online Outage Leaves Customers Without Mailbox Access
Signal Cyberattack in Germany Targets Politicians Through Impersonation
Silence from the Corporate Giants: Four Companies Yet to Comment on Oracle EBS Hack
FBI Seeks Gamer Help in Steam Malware Investigation
Shadow AI Is Quietly Spreading Across SaaS Environments
Microsoft Teams Is Adding Automatic Bot Tagging in Meeting Lobbies
Canadian Outsourcing Leader Telus Digital Faces a Severe Data Breach
VENON Banking Malware Targets Brazilian Users With Rust-Based Code
Apple Releases iOS and iPadOS Updates to Patch Coruna Exploits
Veeam Software Fixes Critical RCE Vulnerabilities in Backup & Replication Solution
England Hockey Investigates Possible Data Breach by AiLock Ransomware Group
International Operation Dismantles the Dangerous SocksEscort Proxy Service
Apple Patches Older iPhones and iPads Against Coruna Exploit Kit Attacks
Cybercriminals Target Airline Loyalty Programs: A New Threat to Travelers
Global Arrests Made in a Social Media Scam Targeting Thousands
SQL Injection Flaw in Ally WordPress Plugin Puts 400,000 Sites at Risk
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Gabby Lee November 6, 2025
Hyundai AutoEver America is now investigating a data breach that led to unauthorized access to sensitive personal information belonging to ...
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
Application Security
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
Gabby Lee November 6, 2025
SonicWall has attributed its 2023 security breach to a suspected state-sponsored APT group that accessed firewall configuration backups. While no personal data was exposed, the ...
CISA Warns of Ongoing Exploitation of Critical CentOS Web Panel Flaw
CVE Vulnerability Alerts
CISA Warns of Ongoing Exploitation of Critical CentOS Web Panel Flaw
Mitchell Langley November 6, 2025
CISA has warned of active exploitation of a critical flaw (CVE-2022-44877) in CentOS Web Panel, allowing unauthenticated remote code execution. Administrators are urged to patch ...
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
Information Security
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
Gabby Lee November 6, 2025
The U.K. is launching a nationwide crackdown on phone scams as major mobile carriers partner with GCHQ to deploy anti-spoofing technology that blocks fake U.K. ...
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
Cybersecurity
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
Gabby Lee November 6, 2025
ALT5 Sigma Corp has sued a former consultant for unauthorized data access, citing potential operational harm and reinforcing insider threat management as a key governance ...
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
Cybersecurity
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
Andrew Doyle November 6, 2025
Il Manifesto exposed millions of user logs and subscriber emails through an unsecured database, revealing politically sensitive reader data and analytics without password protection or ...
SquareX Named SINET16 Innovator for Browser Detection and Response
News
SquareX Named SINET16 Innovator for Browser Detection and Response
Gabby Lee November 5, 2025
PALO ALTO, Calif., November 5, SquareX, a pioneer in the Browser Detection and Response (BDR) space, announced it has been ...
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
News
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Gabby Lee November 5, 2025
Rhysida ransomware is spreading malware via malicious Bing ads targeting Microsoft Teams, Zoom, and PuTTY users while abusing code-signing certificates to evade detection and appear ...
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Cybersecurity
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Andrew Doyle November 5, 2025
Russian hackers used Hyper-V to deploy a hidden Linux VM hosting custom malware, bypassing typical endpoint detection and enabling stealthy long-term access in target networks.
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
Application Security
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
Gabby Lee November 5, 2025
A zero-day flaw in the Post SMTP WordPress plugin—installed on over 400,000 sites—is under active exploitation, allowing attackers to hijack admin accounts via a misconfigured ...
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
Zscaler has uncovered a massive Android malware campaign distributing malicious apps through Google Play, amassing over 40 million downloads. The apps, posing as legitimate tools, ...
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Application Security
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Andrew Doyle November 4, 2025
Google’s November 2025 Android security bulletin fixes a critical remote code execution flaw in the Android System component that could allow network-based compromise without user ...
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Data Security
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Mitchell Langley November 4, 2025
Sweden’s privacy watchdog has launched a GDPR investigation into Miljödata after a major breach exposed sensitive health and employment records of 1.5 million people. The ...
Europol Busts €600M Crypto Fraud and Laundering Network
News
Europol Busts €600M Crypto Fraud and Laundering Network
Andrew Doyle November 4, 2025
Europol has arrested nine suspects accused of running a €600 million cryptocurrency fraud and laundering network spanning multiple countries. The operation, coordinated across Spain and ...
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Application Security
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Gabby Lee November 4, 2025
Microsoft will retire Defender Application Guard for Office beginning February 2026, with full end-of-support by December 2027. The move marks a strategic shift toward cloud-based ...
Apache Disputes Akira Ransomware Claims Against OpenOffice Project
News
Apache Disputes Akira Ransomware Claims Against OpenOffice Project
Mitchell Langley November 4, 2025
The Apache Software Foundation has denied claims by the Akira ransomware gang that it breached the Apache OpenOffice project and stole 23GB of data. ASF’s ...
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
Information Security
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
Gabby Lee November 4, 2025
Japanese media giant Nikkei has disclosed a Slack data breach exposing personal information of over 17,000 employees and partners. The incident, discovered in October 2023 ...
Critical React Native NPM Vulnerability Enables Cross-Platform Command Execution
CVE Vulnerability Alerts
Critical React Native NPM Vulnerability Enables Cross-Platform Command Execution
Andrew Doyle November 4, 2025
A critical flaw in a popular React Native NPM package, CVE-2025-11953, enables arbitrary code execution on Windows, macOS, and Linux, threatening CI/CD pipelines.
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
Application Security
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
Gabby Lee November 4, 2025
A rushed out-of-band patch for a critical WSUS vulnerability has unintentionally broken hotpatching on Windows Server 2025, disabling one of its key uptime features. Administrators ...
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
News
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
Mitchell Langley November 4, 2025
Cybercriminals are hijacking freight shipments by deploying legitimate Remote Monitoring and Management (RMM) tools through phishing campaigns. Once inside logistics networks, attackers use remote access ...
Software Supply Chains Are the New Frontline for Cyber Risk
Cybersecurity
Software Supply Chains Are the New Frontline for Cyber Risk
Gabby Lee March 19, 2026
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
Cybersecurity
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
Andrew Doyle March 18, 2026
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
News
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
Andrew Doyle March 18, 2026
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Cybersecurity
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Mitchell Langley March 18, 2026

TOP CYBERSECURITY HEADLINES

New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
Cybersecurity
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Cybersecurity
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Cybersecurity
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Application Security
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages

This Week’s Security Spotlight

Canadian Outsourcing Leader Telus Digital Faces a Severe Data Breach
Cybersecurity
Canadian Outsourcing Leader Telus Digital Faces a Severe Data Breach
Andrew Doyle March 13, 2026
Senate Confirms Joshua Rudd to Lead the NSA and US Cyber Command
Cybersecurity
Senate Confirms Joshua Rudd to Lead the NSA and US Cyber Command
Andrew Doyle March 12, 2026
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
CVE Vulnerability Alerts
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
Mitchell Langley March 12, 2026
OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Cybersecurity
OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Andrew Doyle February 19, 2026
More In News
Trending
Targeted Phishing Attack Breaches Security Firm Executive
Russian Campaign Targets Ukraine with BadPaw and MeowMeow Malware
Underground Sale of Compromised cPanel Credentials Fuels Phishing Infrastructure
Phishing Warnings as LastPass Users Get Targeted by Fake Alerts

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
MadeYouReset: New HTTP/2 Flaw Could Unleash Massive DDoS Storms
August 15, 2025
Podcasts
Cybersecurity Budgets Hit Historic Slowdown as Global Tensions Mount
August 15, 2025
Podcasts
CVE-2025-53786: The Microsoft Exchange Hybrid Flaw That Could Take Down Your Domain
August 13, 2025

Cyber Security News

Microsoft Enhances Teams With Fraud Protection Calling Safeguards in Focus
Application Security
Microsoft Enhances Teams With Fraud Protection: Calling Safeguards in Focus
January 28, 2026
New Advances in Page Cache Exploitation by Austrian Researchers
Cybersecurity
New Advances in Page Cache Exploitation by Austrian Researchers
January 28, 2026
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Cybersecurity
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
January 22, 2026
aiFWall Launches to Elevate AI Protection in Cyber Security
Application Security
aiFWall Launches to Elevate AI Protection in Cyber Security
January 22, 2026
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Application Security
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
January 22, 2026
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
Cybersecurity
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
January 22, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
CISA Warns of Ongoing Exploitation of Critical CentOS Web Panel Flaw
November 6, 2025
CISA has warned of active exploitation of a critical flaw (CVE-2022-44877) in CentOS Web Panel, allowing unauthenticated remote code execution. Administrators are urged to patch ...
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
November 6, 2025
The U.K. is launching a nationwide crackdown on phone scams as major mobile carriers partner with GCHQ to deploy anti-spoofing technology that blocks fake U.K. ...
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
November 6, 2025
ALT5 Sigma Corp has sued a former consultant for unauthorized data access, citing potential operational harm and reinforcing insider threat management as a key governance ...
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
November 6, 2025
Il Manifesto exposed millions of user logs and subscriber emails through an unsecured database, revealing politically sensitive reader data and analytics without password protection or ...
SquareX Named SINET16 Innovator for Browser Detection and Response
November 5, 2025
PALO ALTO, Calif., November 5, SquareX, a pioneer in the Browser Detection and Response (BDR) space, announced it has been named a SINET16 Innovator for ...
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
November 5, 2025
Rhysida ransomware is spreading malware via malicious Bing ads targeting Microsoft Teams, Zoom, and PuTTY users while abusing code-signing certificates to evade detection and appear ...
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
November 5, 2025
Russian hackers used Hyper-V to deploy a hidden Linux VM hosting custom malware, bypassing typical endpoint detection and enabling stealthy long-term access in target networks.
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
November 5, 2025
A zero-day flaw in the Post SMTP WordPress plugin—installed on over 400,000 sites—is under active exploitation, allowing attackers to hijack admin accounts via a misconfigured ...
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
November 4, 2025
Zscaler has uncovered a massive Android malware campaign distributing malicious apps through Google Play, amassing over 40 million downloads. The apps, posing as legitimate tools, ...
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
November 4, 2025
Google’s November 2025 Android security bulletin fixes a critical remote code execution flaw in the Android System component that could allow network-based compromise without user ...
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
November 4, 2025
Sweden’s privacy watchdog has launched a GDPR investigation into Miljödata after a major breach exposed sensitive health and employment records of 1.5 million people. The ...
Europol Busts €600M Crypto Fraud and Laundering Network
November 4, 2025
Europol has arrested nine suspects accused of running a €600 million cryptocurrency fraud and laundering network spanning multiple countries. The operation, coordinated across Spain and ...
Microsoft Plans to Retire Defender Application Guard for Office by 2027
November 4, 2025
Microsoft will retire Defender Application Guard for Office beginning February 2026, with full end-of-support by December 2027. The move marks a strategic shift toward cloud-based ...
Apache Disputes Akira Ransomware Claims Against OpenOffice Project
November 4, 2025
The Apache Software Foundation has denied claims by the Akira ransomware gang that it breached the Apache OpenOffice project and stole 23GB of data. ASF’s ...
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
November 4, 2025
Japanese media giant Nikkei has disclosed a Slack data breach exposing personal information of over 17,000 employees and partners. The incident, discovered in October 2023 ...
Critical React Native NPM Vulnerability Enables Cross-Platform Command Execution
November 4, 2025
A critical flaw in a popular React Native NPM package, CVE-2025-11953, enables arbitrary code execution on Windows, macOS, and Linux, threatening CI/CD pipelines.
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
November 4, 2025
A rushed out-of-band patch for a critical WSUS vulnerability has unintentionally broken hotpatching on Windows Server 2025, disabling one of its key uptime features. Administrators ...
Cybercriminals Target Shipping Sector With RMM-Based Cargo Theft Attacks
November 4, 2025
Cybercriminals are hijacking freight shipments by deploying legitimate Remote Monitoring and Management (RMM) tools through phishing campaigns. Once inside logistics networks, attackers use remote access ...
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
November 4, 2025
A new remote access trojan dubbed SleepyDuck is disguising itself as a legitimate Visual Studio Code extension to infect developers’ systems. The malware uniquely uses ...
Former Cybersecurity Employees Charged in BlackCat Ransomware Attacks
November 4, 2025
Three former cybersecurity professionals have been indicted in the U.S. for allegedly aiding BlackCat ransomware attacks using insider expertise from their roles at major incident ...
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Surf AI Raises $57 Million for Its Agentic Security Operations Platform
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Tech and Retail Giants Sign Global Pact to Combat Online Scams and Fraud
Tech Giants Invest $12.5 Million in Open Source Software Security
Ongoing Python Package Attack Uses Stolen GitHub Tokens
Stryker’s Internal Microsoft Environment Was Breached Last Week
Payload Ransomware Group Claims Breach of Royal Bahrain Hospital
Phishing Attack Hits Intuitive’s Internal IT Business Systems
DRILLAPP Backdoor Campaign Targets Ukrainian Organizations With Edge Debugging Abuse
New Malware Tactics Take Aim at Windows, iOS, and Linux Users
Companies House Restores WebFiling Service After Security Flaw Exposed Corporate Data
How AI Is Making Financial Fraud 4.5 Times More Profitable
Ongoing Exchange Online Outage Leaves Customers Without Mailbox Access
Signal Cyberattack in Germany Targets Politicians Through Impersonation
Targeted Phishing Attack Breaches Security Firm Executive