Cyber Security
Cybersecurity
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
Attackers are exploiting CVE-2025-33073 in Windows SMB to gain SYSTEM privileges, prompting CISA to mandate urgent patching and SMB signing enforcement before November 10.
Resources
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact, and practical strategies to prevent ...
Application Security
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
CISA confirmed active exploitation of Oracle E-Business Suite CVE-2025-61884 SSRF, urging immediate patching and network hardening after leaked exploits enabled data-theft and extortion campaigns.
CVE Vulnerability Alerts
CISA Updates KEV Catalog: 5 Exploited Vulnerabilities Confirmed
CISA has added 15 actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog for October 2025, covering flaws in Microsoft, Oracle, Apple, Juniper, and ...
Application Security
Supply Chain Attack: ‘GlassWorm’ Malware Infects VS Code Extensions
A newly discovered malware dubbed GlassWorm has infected over 35,800 Visual Studio Code extensions, marking one of the most advanced supply chain attacks to date. ...
Data Security
Prosper Data Breach: 17.6 Million Accounts Compromised
Prosper has confirmed a major data breach affecting 17.6 million individuals after attackers accessed its customer databases. Exposed data includes names, SSNs, and employment details, ...
Cybersecurity
Myanmar Military Dismantles Cybercrime Hub, Over 2,000 Arrested
Myanmar’s military has dismantled the notorious KK Park scam compound near the Thai border, detaining over 2,000 people in one of Southeast Asia’s largest cybercrime ...
Cybersecurity
Odido Fined €1.5 Million for Inadequate Security in Wiretapping System
The Dutch RDI fined Odido €1.5 million after finding external suppliers had access to its wiretapping system, risking exposure of state secrets and criminal data.
Cybersecurity
Verisure Data Breach Compromises 35,000 Swedish Alert Alarm Users
A data breach at Verisure’s third-party billing partner exposed personal details of 35,000 Alert Alarm users, prompting forensic analysis but leaving Verisure’s core systems unaffected.
Cybersecurity
Getir Probes Alleged Data Leak After Hackers Claim Breach of Company Intranet
Hackers claim to have breached Getir’s intranet, leaking internal metadata. Researchers suggest the data originated from a third-party provider, posing social engineering and system exposure ...
Application Security
CISA Alert: Actively Exploited Adobe AEM Forms Vulnerability
A critical flaw in Adobe Experience Manager Forms (CVE-2025-54253) is being actively exploited, allowing unauthenticated remote code execution via a misconfigured Struts debug mode. CISA ...
Application Security
ReliaQuest GreyMatter Review — Agentic AI Security Operations for Enterprise Protection
ReliaQuest GreyMatter delivers an agentic AI security operations platform that enables CISOs to detect threats at the source, reduce alert noise, and respond within minutes.
Application Security
North Korean Hackers Enhance Malware with Merged BeaverTail and OtterCookie Tools
North Korean hackers have merged the BeaverTail and OtterCookie malware into a new espionage tool, OtterCookie v5, targeting developers and cryptocurrency firms. The modular malware ...
Cybersecurity
Experian Fined €2.7 Million by Dutch Regulator for Mass Collection of Personal Data
Experian Netherlands was fined €2.7 million for using aggregated public and private data to build large consumer profiles without informing individuals or obtaining appropriate consent ...
Application Security
Envoy Air Data Breach: Oracle EBS Exploit Exposes Sensitive Data
Envoy Air confirmed a cybersecurity breach tied to Oracle’s E-Business Suite zero-day (CVE-2025-61882), exploited by the Clop ransomware group. While no sensitive customer data was ...
Cybersecurity
Everest Ransomware Group Claims Collins Aerospace Attack Linked to Europe’s Airport Disruptions
The Everest ransomware group claimed responsibility for Collins Aerospace’s cyberattack, linking it to last month’s European airport chaos that disrupted check-in systems across multiple major ...
Cybersecurity
TikTok Videos Instructing Users To Run PowerShell Commands
Researchers warn of a TikTok campaign where short “activation” videos urge users to paste PowerShell commands that secretly download malware. The scripts install credential stealers, ...
News
Microsoft Ties Storm-1175 to Medusa Ransomware via GoAnywhere Flaw (CVSS 10.0)
Microsoft has linked the exploitation of a critical GoAnywhere MFT vulnerability (CVE-2025-10035) to the Storm-1175 threat group, operators of the Medusa ransomware. The flaw, rated ...
Cybersecurity
Pwn2Own Automotive 2026 Offers $3M+ in Prizes for Security Vulnerabilities
Trend Micro’s Zero Day Initiative will host Pwn2Own Automotive 2026 in Tokyo, offering over $3 million for exploits targeting Tesla systems, EV chargers, and automotive ...
News
Muji Suspends Online Sales in Japan After Askul Ransomware Attack
Muji has halted its Japanese online sales following a ransomware attack on its logistics partner, Askul Corporation, disrupting orders, shipments, and digital retail services.
Application Security
Perplexity’s Comet Browser Had a Flaw That Left Users Vulnerable to Local File Theft
TOP CYBERSECURITY HEADLINES
Application Security
WordPress Plugin Vulnerability Puts Over 60,000 Sites at Risk
CVE Vulnerability Alerts
Cisco Catalyst SD-WAN Manager Faces Active Exploitation of New Vulnerabilities
This Week’s Security Spotlight
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Toys “R” Us Canada Data Breach: Customer Records Exposed to Cyber Threats
Toys “R” Us Canada confirmed a cyber incident exposing customer names, addresses, emails, and phone numbers. While no financial data was leaked, experts warn the ...
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
PhantomCaptcha spear-phishing campaign targeted over a dozen Ukraine relief organisations using fake CAPTCHA and WebSocket RAT chains to infiltrate humanitarian networks and steal intelligence.
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
Lithuanian police dismantled a massive bot farm in Vilnius, seizing 75,000 SIM cards and hundreds of SIM boxes used for large-scale cyber fraud and fake ...
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
FinWise’s insider breach exposed nearly 700,000 customer records and revealed weak encryption controls, underscoring that data encryption—and key governance—must stand as the final line of ...
Perplexity Comet AI Browser Launch Exploited in Coordinated Impersonation Scam
The launch of Perplexity’s Comet AI browser — a major step forward in AI-assisted browsing — was almost immediately hijacked by cybercriminals. Within weeks of ...
Lazarus Group Targets European UAV Firms in North Korea’s Drone Espionage Push
A new wave of cyber-espionage attacks reveals North Korea’s deepening effort to steal critical defense technologies from Europe. In a sophisticated campaign dubbed Operation Dream ...
Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak
Toys “R” Us Canada has confirmed a customer data breach after records from its database appeared on the dark web on July 30, 2025, prompting ...
Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution
A dangerous zero-day vulnerability in Kyocera Communications subsidiary Motex’s Lanscope Endpoint Manager has triggered a global cybersecurity alert after being actively exploited in real-world attacks. ...
BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws
The Internet Systems Consortium (ISC) has released a series of critical BIND 9 updates to fix multiple high-severity vulnerabilities affecting DNS resolver systems worldwide. The ...
Adobe Confirms Active Exploitation of SessionReaper Vulnerability in Commerce Platforms
A critical new vulnerability is wreaking havoc across the global e-commerce ecosystem. Tracked as CVE-2025-54236 and dubbed SessionReaper, this flaw affects Adobe Commerce and Magento ...
AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces
Cybersecurity firm SquareX has unveiled a new and alarming threat to users of AI-enabled browsers — a technique called AI Sidebar Spoofing. This sophisticated attack ...
Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft
Oregon-based Jewett-Cameron Company, a manufacturer of fencing, kennels, and specialty wood products, has confirmed that it was the victim of a double-extortion ransomware attack on ...
Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot
The Russian state-sponsored hacking group Star Blizzard — also tracked as ColdRiver, Seaborgium, and UNC4057 — has undergone a major transformation in its operations following ...
Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents
San Francisco-based Keycard has officially emerged from stealth mode, announcing $38 million in funding across seed and Series A rounds to build what may become ...
Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover
Security researchers are urging immediate action after TP-Link disclosed multiple critical vulnerabilities in its Omada gateway line, affecting a wide range of ER, G, and ...
TARmageddon: The Rust Library Flaw Exposing Supply Chains to Remote Code Execution
A critical new vulnerability known as TARmageddon (CVE-2025-62518) has sent shockwaves through the Rust developer community and the broader cybersecurity world. This high-severity desynchronization flaw, ...
Vidar 2.0: The C-Rewritten Stealer Poised to Dominate the Cybercrime Market
A new evolution in information-stealing malware has arrived — and it’s already drawing serious attention from researchers and defenders alike. The release of Vidar 2.0 ...
Dataminr Acquires ThreatConnect for $290M to Create the Next Generation of Tailored Threat Intelligence
Dataminr, the AI powerhouse known for its real-time risk and event detection platform, has announced plans to acquire ThreatConnect, a cybersecurity firm specializing in threat ...
Veeam Acquires Securiti AI for $1.725 Billion to Unite Data Resilience, Security, and AI
In one of the largest cybersecurity acquisitions of 2025, Veeam Software has announced plans to acquire Securiti AI for $1.725 billion in cash and stock, ...
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Hackers exposed data of nearly 1,000 DHS, DOJ, and FBI staff, escalating threats against federal officers amid politically charged cyberattacks and cartel-linked bounty schemes.