Main Menu
Cyber Security
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
U.K. Authorities Alerted to Russian-aligned Hacktivist DDoS Threats
Cybersecurity
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats
Mitchell Langley January 20, 2026
U.K. authorities caution against Russian-aligned hacktivists launching disruptive DDoS attacks. The focus is on critical infrastructure and local government services. This has raised significant cybersecurity ...
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
A critical security flaw in TP-Link’s VIGI cameras has been patched, following discovery by a researcher of over 2,500 vulnerable, internet-exposed devices. The flaw allowed ...
Google Chrome Introduces Option to Delete Local AI Models
Cybersecurity
Google Chrome Introduces Option to Delete Local AI Models
Andrew Doyle January 19, 2026
Google's Chrome browser introduces a new feature enabling users to delete local AI models linked to its Enhanced Protection feature. This change offers users greater ...
Tennessee Hacker Admits Guilt in Supreme Court Filing System Breach
Cybersecurity
Tennessee Hacker Admits Guilt in Supreme Court Filing System Breach
Mitchell Langley January 19, 2026
Nicholas Moore, a Tennessee man, confessed to hacking the U.S. Supreme Court’s filing system. His illegal activities also impacted other federal agencies, including AmeriCorps and ...
Monnai Secures $12 Million to Bolster Identity and Risk Data Services
Identity and Access Management
Monnai Secures $12 Million to Bolster Identity and Risk Data Services
Mitchell Langley January 19, 2026
The recent funding will enable Monnai to enhance its identity verification and risk management services, targeting financial institutions and digital firms.
New Chrome Extensions Disguised as HR Tools Pose Security Threat
Cybersecurity
New Chrome Extensions Disguised as HR Tools Pose Security Threat
Mitchell Langley January 19, 2026
Researchers have identified five Chrome extensions disguising themselves as HR and ERP tools. These malicious extensions aim to steal authentication tokens, obstruct incident response, and ...
GootLoader Employs Malformed ZIP Files to Evade Detection
News
GootLoader Employs Malformed ZIP Files to Evade Detection
Gabby Lee January 19, 2026
Cybersecurity analysts have discovered that GootLoader is using malformed ZIP archives in a bid to circumvent detection. By concatenating 500 to 1,000 archives, it employs ...
Verizon Offers Compensation after Nationwide Wireless Service Outage
Network Security
Verizon Offers Compensation after Nationwide Wireless Service Outage
Andrew Doyle January 19, 2026
Verizon Wireless addresses last week's widespread outage by informing affected customers about a $20 account credit. Customers are receiving text messages with precise steps on ...
Microsoft Patch Tuesday Update Sparks Unrest in PCs
Cybersecurity
Microsoft Patch Tuesday Update Sparks Unrest in PCs
Mitchell Langley January 19, 2026
Microsoft’s recent Patch Tuesday update introduced a peculiar bug affecting some PCs, preventing them from shutting down or entering hibernation. The issue, tied to Secure ...
Law Enforcement Identifies Black Basta Ransomware Leader
News
Law Enforcement Identifies Black Basta Ransomware Leader
Gabby Lee January 19, 2026
Ukraine and Germany confirm the identity of the Black Basta ransomware leader, now on the Europol and Interpol wanted lists. Law enforcement's collaboration highlights global ...
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
Application Security
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
Andrew Doyle January 18, 2026
Over 40,000 cyberattacks in four hours exploited a critical HPE OneView vulnerability. The attacks primarily targeted government agencies, utilizing the RondoDox botnet to execute mass, ...
Project Eleven Secures Significant Funding to Propel Post-Quantum Security
Cybersecurity
Project Eleven Secures $20 Million Funding to Propel Post-Quantum Security
Mitchell Langley January 18, 2026
Project Eleven has successfully raised $20 million in funding to develop infrastructure and tools essential for organizations transitioning to post-quantum computing. With this substantial investment, ...
UAT-8837 Threat Actor Linked to China Targeting North American Infrastructure
News
UAT-8837 Threat Actor Linked to China Targeting North American Infrastructure
Andrew Doyle January 18, 2026
The cyber threat actor UAT-8837, associated with China, targets North American critical infrastructure through the exploitation of known and zero-day vulnerabilities. This sophisticated adversary demonstrates ...
Canada's Investment Watchdog Suffers Massive Data Breach 750,000 Impacted by CIRO Security Incident
Data Security
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
Mitchell Langley January 18, 2026
The Canadian Investment Regulatory Organization (CIRO), responsible for regulating investment dealers, reported a significant data breach. Threat actors stole personal information from 750,000 people, highlighting ...
XSS Vulnerability in StealC Malware's Control Panel Uncovered
Application Security
XSS Vulnerability in StealC Malware’s Control Panel Uncovered
Gabby Lee January 18, 2026
Security researchers exploiting an XSS flaw in StealC malware's control panel gained visibility into attackers' activities and hardware details. This access offers critical insights into ...
Fleeing Ransomware Leader Now Among Germany's Most Wanted
News
Fleeing Ransomware Leader Now Among Germany’s Most Wanted
Andrew Doyle January 18, 2026
Russian national Oleg Evgenievich Nefekov, involved in major ransomware activities, has evaded capture, reportedly returning to his homeland. German authorities have now placed him on ...
Analyzing AI in Security Testing SQL Injection Strong yet Fails in Controls
Cybersecurity
Analyzing AI in Security Testing: SQL Injection Strong yet Fails in Controls
Mitchell Langley January 18, 2026
A recent test assessed AI's ability to tackle SQL injection (SQLi) vulnerabilities and security controls, revealing mixed outcomes. The AI agents adeptly handled SQLi but ...
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
Cybersecurity
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
Gabby Lee January 18, 2026
Google's Fast Pair protocol is facing scrutiny due to a significant vulnerability that permits unauthorized Bluetooth device hijacking, tracking, and eavesdropping.
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
Cybersecurity
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
Andrew Doyle January 18, 2026
Cybersecurity experts have unveiled a novel attack strategy, Reprompt, that facilitates unauthorized data extraction from AI chatbots like Microsoft Copilot. Exploiting this vulnerability involves a ...
Critical Security Vulnerabilities Redis Found at Risk of Unauthenticated RCE
Application Security
Critical Security Vulnerabilities: Redis Found at Risk of Unauthenticated RCE
Mitchell Langley January 18, 2026
Recent discovery of a security flaw in Redis has left the system vulnerable to unauthenticated remote code execution (RCE). This unsettling development can have dire ...
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Mitchell Langley June 17, 2026
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
Gabby Lee June 17, 2026
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Mitchell Langley June 17, 2026
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle June 17, 2026

TOP CYBERSECURITY HEADLINES

Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps

This Week’s Security Spotlight

Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Mitchell Langley June 17, 2026
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
More In News
Trending
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
MadeYouReset: New HTTP/2 Flaw Could Unleash Massive DDoS Storms
August 15, 2025
Podcasts
Cybersecurity Budgets Hit Historic Slowdown as Global Tensions Mount
August 15, 2025
Podcasts
CVE-2025-53786: The Microsoft Exchange Hybrid Flaw That Could Take Down Your Domain
August 13, 2025

Cyber Security News

Cybersecurity
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
May 20, 2026
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
Cybersecurity
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
May 20, 2026
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
Application Security
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
May 20, 2026
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
Cybersecurity
Storm-2949 Abuses Azure Password Reset to Seize Cloud Accounts
May 20, 2026
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
Application Security
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
May 20, 2026
SEPPMail Gateway Hit with 7 CVEs, Including CVSS 10.0 RCE Flaw
CVE Vulnerability Alerts
SEPPMail Gateway Hit with 7 CVEs, Including CVSS 10.0 RCE Flaw
May 20, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Tennessee Hacker Admits Guilt in Supreme Court Filing System Breach
January 19, 2026
Nicholas Moore, a Tennessee man, confessed to hacking the U.S. Supreme Court’s filing system. His illegal activities also impacted other federal agencies, including AmeriCorps and ...
Monnai Secures $12 Million to Bolster Identity and Risk Data Services
January 19, 2026
The recent funding will enable Monnai to enhance its identity verification and risk management services, targeting financial institutions and digital firms.
New Chrome Extensions Disguised as HR Tools Pose Security Threat
January 19, 2026
Researchers have identified five Chrome extensions disguising themselves as HR and ERP tools. These malicious extensions aim to steal authentication tokens, obstruct incident response, and ...
GootLoader Employs Malformed ZIP Files to Evade Detection
January 19, 2026
Cybersecurity analysts have discovered that GootLoader is using malformed ZIP archives in a bid to circumvent detection. By concatenating 500 to 1,000 archives, it employs ...
Verizon Offers Compensation after Nationwide Wireless Service Outage
January 19, 2026
Verizon Wireless addresses last week's widespread outage by informing affected customers about a $20 account credit. Customers are receiving text messages with precise steps on ...
Microsoft Patch Tuesday Update Sparks Unrest in PCs
January 19, 2026
Microsoft’s recent Patch Tuesday update introduced a peculiar bug affecting some PCs, preventing them from shutting down or entering hibernation. The issue, tied to Secure ...
Law Enforcement Identifies Black Basta Ransomware Leader
January 19, 2026
Ukraine and Germany confirm the identity of the Black Basta ransomware leader, now on the Europol and Interpol wanted lists. Law enforcement's collaboration highlights global ...
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
January 18, 2026
Over 40,000 cyberattacks in four hours exploited a critical HPE OneView vulnerability. The attacks primarily targeted government agencies, utilizing the RondoDox botnet to execute mass, ...
Project Eleven Secures $20 Million Funding to Propel Post-Quantum Security
January 18, 2026
Project Eleven has successfully raised $20 million in funding to develop infrastructure and tools essential for organizations transitioning to post-quantum computing. With this substantial investment, ...
UAT-8837 Threat Actor Linked to China Targeting North American Infrastructure
January 18, 2026
The cyber threat actor UAT-8837, associated with China, targets North American critical infrastructure through the exploitation of known and zero-day vulnerabilities. This sophisticated adversary demonstrates ...
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
January 18, 2026
The Canadian Investment Regulatory Organization (CIRO), responsible for regulating investment dealers, reported a significant data breach. Threat actors stole personal information from 750,000 people, highlighting ...
XSS Vulnerability in StealC Malware’s Control Panel Uncovered
January 18, 2026
Security researchers exploiting an XSS flaw in StealC malware's control panel gained visibility into attackers' activities and hardware details. This access offers critical insights into ...
Fleeing Ransomware Leader Now Among Germany’s Most Wanted
January 18, 2026
Russian national Oleg Evgenievich Nefekov, involved in major ransomware activities, has evaded capture, reportedly returning to his homeland. German authorities have now placed him on ...
Analyzing AI in Security Testing: SQL Injection Strong yet Fails in Controls
January 18, 2026
A recent test assessed AI's ability to tackle SQL injection (SQLi) vulnerabilities and security controls, revealing mixed outcomes. The AI agents adeptly handled SQLi but ...
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
January 18, 2026
Google's Fast Pair protocol is facing scrutiny due to a significant vulnerability that permits unauthorized Bluetooth device hijacking, tracking, and eavesdropping.
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
January 18, 2026
Cybersecurity experts have unveiled a novel attack strategy, Reprompt, that facilitates unauthorized data extraction from AI chatbots like Microsoft Copilot. Exploiting this vulnerability involves a ...
Critical Security Vulnerabilities: Redis Found at Risk of Unauthenticated RCE
January 18, 2026
Recent discovery of a security flaw in Redis has left the system vulnerable to unauthenticated remote code execution (RCE). This unsettling development can have dire ...
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
January 18, 2026
Researchers spotlight the ‘StackWarp’ attack, a novel methodology targeting AMD processors. This vulnerability enables remote code execution in confidential virtual machines (VMs), challenging security paradigms ...
Visual Studio Code’s Copilot Studio Extension Now Widely Available
January 18, 2026
Microsoft's Copilot Studio extension for Visual Studio Code, designed to bolster application security, is now accessible to all users. This extension aims to enhance development ...
AWS CodeBuild Critical Security Flaw Exposed GitHub Repositories
January 18, 2026
A significant flaw in AWS CodeBuild could have exposed the cloud provider's GitHub repositories to unauthorized access, posing risks to multiple AWS environments. Addressed by ...
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach