Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
CISA Says Hackers Breached Federal Agency Using GeoServer Exploit
Cybersecurity
CISA Says Hackers Breached Federal Agency Using GeoServer Exploit
Mitchell Langley September 24, 2025
CISA confirmed hackers exploited a critical GeoServer vulnerability to breach a federal agency, steal data, and move laterally. Agencies are urged to patch and monitor ...
Scattered Spider Alleged Ransom Scheme Netted More Than $115 Million
Cybersecurity
Scattered Spider Alleged Ransom Scheme Netted More Than $115 Million
Mitchell Langley September 24, 2025
DOJ complaint alleges Scattered Spider actor Thalha Jubair helped extort over $115 million via 120 intrusions, prompting cross-border arrests, asset seizures and broad enforcement.
ENISA Confirms Ransomware Behind Airport Check-In Chaos
Cybersecurity
ENISA Confirms Ransomware Behind Airport Check-In Chaos
Andrew Doyle September 24, 2025
ENISA confirms ransomware disrupted Collins Aerospace’s MUSE check-in systems across multiple European airports, forcing manual processing and raising regulatory, fraud and supply-chain risk.
Stellantis Joins Salesforce Data Breach; 18 Million Customer Records Claimed
Cybersecurity
Stellantis Joins Salesforce Data Breach; 18 Million Customer Records Claimed
Andrew Doyle September 24, 2025
Stellantis confirms a Salesforce-linked breach exposing contact records; although no financial data was taken, the leak elevates phishing and supply-chain risk for millions of customers.
Pennsylvania Attorney General’s Office Grapples With Ransomware Attack
Cybersecurity
Pennsylvania Attorney General’s Office Grapples With Ransomware Attack
Mitchell Langley September 23, 2025
Pennsylvania’s Attorney General’s Office is recovering from a ransomware attack that disrupted 1,200 staff and court cases, though the scope of potential data compromise remains ...
Police Shut Down Streameast, the Largest Illegal Sports Streaming Network
Cybersecurity
Police Shut Down Streameast, the Largest Illegal Sports Streaming Network
Andrew Doyle September 23, 2025
Authorities dismantled Streameast, the world’s largest illegal sports streaming network, seizing 80 domains, arresting two operators, and uncovering millions laundered through shell companies and cryptocurrency.
AAPB Fixes Vulnerability Allowing Unauthorized Media Access
Cybersecurity
AAPB Fixes Vulnerability Allowing Unauthorized Media Access
Gabby Lee September 23, 2025
A flaw in AAPB’s website exposed private media for years, exploited by data hoarders until a recent fix secured the archive and halted unauthorized access.
Great Firewall Leak Exposes China’s Global Surveillance Exports
Cybersecurity
Great Firewall Leak Exposes China’s Global Surveillance Exports
Andrew Doyle September 23, 2025
A 500GB leak from Geedge Networks exposes Great Firewall source code, internal logs and export contracts showing surveillance systems shipped to Myanmar, Pakistan, Ethiopia and ...
AAPB Fixes Vulnerability Allowing Unauthorized Media Access
Cybersecurity
European Airports Struggle to Fix Check-In Glitch After Cyberattack
Mitchell Langley September 23, 2025
A cyberattack on Collins Aerospace’s MUSE check-in system disrupted Heathrow, Berlin, and Brussels, forcing manual operations, flight cancellations, and prompting regulators to investigate airport cybersecurity ...
Attackers Abuse AI-Native Platforms to Host Fake CAPTCHA Pages
Cybersecurity
Attackers Abuse AI-Native Platforms to Host Fake CAPTCHA Pages
Mitchell Langley September 23, 2025
Phishers exploit AI-native platforms to publish fake CAPTCHA pages that fool users and evade scanners, redirecting victims to credential-harvesting sites and enabling large-scale phishing.
Stellantis Confirms Data Breach Following Salesforce-Linked Attack
Cybersecurity
Stellantis Confirms Data Breach Following Salesforce-Linked Attack
Mitchell Langley September 23, 2025
Stellantis confirms a data breach impacting North American customers after a Salesforce-linked attack, with ShinyHunters claiming 18 million records stolen and FBI warning of ongoing ...
FBI Warns Bad Actors Are Spoofing the IC3 Cybercrime Reporting Website
Cybersecurity
FBI Warns Bad Actors are Spoofing the IC3 Cybercrime Reporting Website
Gabby Lee September 23, 2025
FBI warns criminals are cloning the IC3 complaint site; victims risk exposing PII. Type .gov directly, avoid sponsored links, and never pay to recover funds.
Tiffany & Co. Data Breach Exposes Thousands of Gift Card Holders
Cybersecurity
Tiffany & Co. Data Breach Exposes Thousands of Gift Card Holders
Andrew Doyle September 23, 2025
Tiffany & Co. confirms May 2025 data breach exposing 2,500+ customers’ gift card numbers, personal data, and sales records, raising fraud and phishing risks for ...
AAPB Fixes Vulnerability Allowing Unauthorized Media Access
Cybersecurity
Attackers Claim 150K Records via Data Breach of American Income Life (AIL)
Andrew Doyle September 23, 2025
Attackers claim 150,000 AIL customer records were leaked on a forum, exposing personal and insurance data, raising risks of identity theft, phishing scams, and financial ...
Fairmont Federal Credit Union Confirms Two-Year-Old Data Breach Exposing PINs and Medical Data
Cybersecurity
Fairmont Federal Credit Union Confirms Two-Year-Old Data Breach Exposing PINs and Medical Data
Gabby Lee September 23, 2025
Fairmont Federal Credit Union revealed a 2023 breach impacting 187,000 individuals, exposing PINs, financial and medical data, with threat intelligence suggesting BlackBasta ransomware involvement in ...
Akira Ransomware Exploits Unpatched SonicWall SSLVPN Vulnerability
Cybersecurity
Akira Ransomware Exploits Unpatched SonicWall SSLVPN Vulnerability
Mitchell Langley September 23, 2025
Akira ransomware is exploiting CVE-2024-40766 in SonicWall SSLVPN devices again, targeting unpatched endpoints. ACSC and Rapid7 warn enterprises to patch, rotate passwords, and enforce MFA ...
VMScape Attack Bypasses Hypervisor Isolation on AMD and Intel CPUs
Cybersecurity
VMScape Attack Bypasses Hypervisor Isolation on AMD and Intel CPUs
Mitchell Langley September 23, 2025
ETH Zurich researchers reveal VMScape, a Spectre-like attack leaking secrets from QEMU hypervisors on AMD and Intel CPUs, bypassing mitigations and threatening multi-tenant cloud security.
Popular AI Chatbots Leak Sensitive User Data From Unsecured Server
Cybersecurity
Popular AI Chatbots Leak Sensitive User Data from Unsecured Server
Mitchell Langley September 23, 2025
An unsecured Elasticsearch instance leaked 116 GB of live logs from ImagineArt, Chatly, and Chatbotx, exposing prompts, bearer tokens, and user agents for millions of ...
Farmer Bros. Reveals Data Breach Affecting Over 14,000 Individuals
Cybersecurity
Farmer Bros. Reveals Data Breach Affecting Over 14,000 Individuals
Gabby Lee September 23, 2025
Farmer Bros. confirmed a breach affecting over 14,000 people; filings show unauthorized access in late 2023 and identity monitoring offered amid a ransomware claim.
Hello Gym Phone Service Exposes 1.6 Million Audio Recordings Containing Member Data
Cybersecurity
Hello Gym Phone Service Exposes 1.6 Million Audio Recordings Containing Member Data
Mitchell Langley September 23, 2025
A public storage repository exposed 1,605,345 gym call recordings managed by Hello Gym, revealing PII and billing details and creating risks for targeted fraud and ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Allianz Life Breach: 2.8 Million Records Leaked in Salesforce Hack
August 13, 2025
Podcasts
Charon Ransomware Targets Middle East Government and Aviation Sectors
August 13, 2025
Podcasts
August 2025 Patch Tuesday: Microsoft and Adobe Fix Over 170 Security Flaws
August 13, 2025

Cyber Security News

ByBit Hack Amplifies North Korean Crypto Theft Surge
Cybersecurity
ByBit Hack Amplifies North Korean Crypto Theft Surge
December 22, 2025
Law Enforcement Shuts Down E-Note Exchange for Money Laundering
Cybersecurity
Law Enforcement Shuts Down E-Note Exchange for Money Laundering
December 22, 2025
LongNosedGoblin A New Threat from China Targets Southeast Asia and Japan
Cybersecurity
LongNosedGoblin: A New Threat from China Targets Southeast Asia and Japan
December 22, 2025
Sophisticated Cybercrime Campaign Targets VPN Vulnerabilities
Application Security
Sophisticated Cybercrime Campaign Targets VPN Vulnerabilities
December 22, 2025
Study Finds Built-in Browsers Across Gadgets Often Ship Years Out of Date
Application Security
Study Finds Built-in Browsers Across Gadgets Often Ship Years Out of Date
December 22, 2025
Data Breach at University of Sydney Reveals Sensitive Information
Data Security
Data Breach at University of Sydney Reveals Sensitive Information
December 22, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
October 5, 2025
Red Hat confirmed unauthorized access to a consulting GitLab instance; an extortion group claims to have exfiltrated 570.2 GB from 28,000 repositories, including ~800 CERs.
DrayTek Vigor RCE Vulnerability Prompts Urgent Firmware Updates
October 5, 2025
DrayTek patched CVE-2025-10547, an uninitialized-variable flaw in Vigor routers that can lead to memory corruption and potential remote code execution; administrators must update firmware and ...
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
October 2, 2025
WestJet confirmed a June cyberattack exposed passports, IDs, and travel records of 1.2 million customers. The airline is notifying victims and offering two years of ...
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
October 2, 2025
The FTC referred a complaint alleging Sendit collected children’s personal data without parental consent and used deceptive subscription practices, prompting a DoJ referral and potential ...
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
October 2, 2025
China’s Cyberspace Administration will require operators to report major cyber incidents within 60 minutes, or 30 minutes for severe events, with penalties for concealment or ...
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
October 2, 2025
Klopatra, disguised as an IPTV/VPN app, uses Accessibility abuse and a black-screen VNC to capture credentials and remotely drain over 3,000 Android devices across Europe.
Allianz Life Confirms July Breach Exposed SSNs for Nearly 1.5 Million People
October 2, 2025
Allianz Life confirmed a July CRM compromise exposed names, addresses, dates of birth and Social Security numbers for 1,497,036 people and offered two years of ...
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps
October 1, 2025
The Federal Trade Commission (FTC) has filed a high-profile lawsuit against Sendit, a social media companion app popular among teenagers, and its CEO. The case ...
Broadcom Patches VMware Zero-Day: CVE-2025-41244 Exploited by China-Linked UNC5174
October 1, 2025
Broadcom has released a critical security update addressing six vulnerabilities across VMware products, including four rated high-severity. At the center of the update is CVE-2025-41244, ...
Seven Years, £5.5 Billion, 128,000 Victims – The Case of Yadi Zhang
October 1, 2025
In a historic case that has captured global attention, UK authorities have secured a conviction against Zhimin Qian (also known as Yadi Zhang), the Chinese ...
Axonius Identities Review 2025: Unified IAM, Governance & Security
October 1, 2025
Axonius Identities delivers unified identity governance, lifecycle automation, and identity security posture for both human and non-human identities across complex enterprise environments, with actionable policy ...
11 Types of Social Engineering Attacks and How to Prevent Them
October 1, 2025
This detailed guide explores eleven prevalent social engineering attack types, explaining their mechanisms and offering practical preventative measures for individuals and organizations. Understand the psychology ...
Cisco ASA/FTD Flaws Under Siege: 50,000 Devices at Risk from Active Exploits
October 1, 2025
Two newly disclosed critical vulnerabilities—CVE-2025-20333 and CVE-2025-20362—are wreaking havoc across the global cybersecurity landscape, with nearly 50,000 Cisco ASA and FTD appliances actively under threat. ...
Cain and Abel: The Classic Cybersecurity Tool for Password Recovery and Network Testing
October 1, 2025
Cain and Abel is a powerful password recovery and penetration testing tool. Learn its features, uses, risks, and best practices for ethical cybersecurity operations.
MatrixPDF: The New Phishing Toolkit That Turns Safe PDFs into Cyber Weapons
October 1, 2025
A new cybercrime toolkit called MatrixPDF is changing the phishing landscape by weaponizing one of the most trusted file formats: PDFs. Marketed on cybercrime forums ...
UK Government Backs Jaguar Land Rover With £1.5 Billion Loan Guarantee After Cyberattack
October 1, 2025
The UK guaranteed £1.5bn to stabilise JLR after a major cyberattack; phased restart underway as forensic work, supplier relief and insurance clarity continue.
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
September 30, 2025
A third-party compromise exposed 430,000 Harrods customer records; names, contacts and marketing tags were leaked—customers should expect increased phishing risk and follow protective guidance.
Friends of NRA Posts Mailing List Online, Exposing Nearly 10,000 Supporter Records
September 30, 2025
A 2018 Friends of NRA mailing list containing nearly 10,000 names and addresses was indexed publicly; removal, compliance assessment, and data-handling reforms are now urgent ...
Asahi Brewery Cyberattack Halts Domestic Operations Across Japan
September 30, 2025
Asahi Group Holdings, Ltd.—the brewer behind some of the world’s most iconic beers, including Peroni and Grolsch—has been hit by a crippling cyberattack that froze ...
Akira Ransomware Exploits SonicWall Flaw with Record-Breaking Speed
September 30, 2025
The Akira ransomware group has once again raised the stakes in cybercrime by exploiting a critical SonicWall vulnerability—CVE-2024-40766—to infiltrate corporate networks through SSL VPN accounts, ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited