Main Menu
Cyber Security
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
Russia Seeks Extremist Label for Cyber Partisans and Silent Crow
Play Ransomware Hits Law Firm, Food Tech, Church, and Factory
Akira Threatens to Publish 53 GB from US Parts Maker and Ohio MLS
Qilin Ransomware Hits Avcon Jet, Slovenian Food Group, and Trican
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
WorldLeaks Targets Thai Infrastructure Giant CH Karnchang
Supreme Court Upholds $200M FCC Fines on AT&T and Verizon
FTC Seeks Public Comment on X Corp Bid to Void Twitter Settlement
CISA Orders Patch for Linux Container Escape CVE-2022-0492
Netflix Documentary Could Explore Crypto Crime Part 2 Potential
Cybersecurity
Netflix Documentary Could Explore Crypto Crime: Part 2 Potential
Gabby Lee January 5, 2026
Ilya Lichtenstein, linked to the 2016 Bitfinex bitcoin heist, has recently been released from prison after serving 14 months. Rumors suggest a Netflix documentary might ...
Covenant Health Ransomware Breach Impacts 478,000 Individuals Across Multiple States
News
Covenant Health Ransomware Breach Impacts 478,000 Individuals Across Multiple States
Andrew Doyle January 5, 2026
In May 2025, a ransomware attack by the Qilin group on Covenant Health compromised sensitive data of over 478,000 individuals at the healthcare organization located ...
OFAC Lifts Sanctions on Individuals Linked to Predator Spyware Consortium
Cybersecurity
OFAC Lifts Sanctions on Individuals Linked to Predator Spyware Consortium
Gabby Lee January 5, 2026
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) recently took a significant action by removing Merom Harpaz, Andrea Nicola Constantino Hermes ...
Disney Agrees to $10 Million Settlement for COPPA Violations
Data Security
Disney Agrees to $10 Million Settlement for COPPA Violations
Mitchell Langley January 5, 2026
Disney has settled COPPA violation allegations with a $10 million penalty, addressing claims about mislabeling videos and improper data use in targeted advertising. The case ...
DarkSpectre's Third Wave A New Browser Extension Threat
News
DarkSpectre’s Third Wave: A New Browser Extension Threat
Gabby Lee January 5, 2026
A new attack campaign codenamed DarkSpectre, attributed to a Chinese threat actor, has affected 2.2 million users across major web browsers. Leveraging two prior campaigns, ...
RondoDox Botnet Utilizes React2Shell Vulnerability to Infiltrate Servers
CVE Vulnerability Alerts
RondoDox Botnet Utilizes React2Shell Vulnerability to Infiltrate Servers
Andrew Doyle January 5, 2026
RondoDox is exploiting the React2Shell flaw in Next.js to gain remote code execution, deploy malware, and install cryptominers. The campaign highlights how unpatched web frameworks ...
New Variant of Shai Hulud Malware Found in npm Registry
Cybersecurity
New Variant of Shai Hulud Malware Found in npm Registry
Mitchell Langley January 5, 2026
Cybersecurity experts uncover a new Shai Hulud malware strain in the npm registry, stressing the importance of vigilant security practices within open-source ecosystems.
Unleash Protocol Experiences a $3.9 Million Cryptocurrency Loss
Cybersecurity
Unleash Protocol Experiences a $3.9 Million Cryptocurrency Loss
Gabby Lee January 5, 2026
Unleash Protocol has incurred a $3.9 million loss in cryptocurrency following an unauthorized contract upgrade that enabled asset withdrawals, exposing vulnerabilities within decentralized systems.
IBM Discloses Critical Security Vulnerability in API Connect
CVE Vulnerability Alerts
IBM Discloses Critical Security Vulnerability in API Connect
Andrew Doyle January 5, 2026
IBM has identified a critical vulnerability in its API Connect software, CVE-2025-13915, which allows attackers to bypass authentication and gain remote access. With a CVSS ...
European Space Agency Confirms Breach Impacting Servers with Unclassified Engineering Data
Endpoint Security
European Space Agency Confirms Breach Impacting Servers with Unclassified Engineering Data
Gabby Lee December 31, 2025
The European Space Agency disclosed a breach affecting external servers. These systems held unclassified engineering project data, raising concerns about data security in isolated networks.
BlackCat Ransomware Campaign Culminates in Guilty Pleas from Ex-Employees
News
BlackCat Ransomware Campaign Culminates in Guilty Pleas from Ex-Employees
Mitchell Langley December 31, 2025
Ex-Sygnia and DigitalMint employees confessed to deploying BlackCat ransomware against U.S. companies in 2023, using their insider knowledge for malicious aims.
'Zoom Stealer' Puts Millions at Risk via Web Extensions on Major Browsers
Application Security
‘Zoom Stealer’ Puts Millions at Risk via Web Extensions on Major Browsers
Andrew Doyle December 31, 2025
Over 2.2 million Chrome, Firefox, and Edge users are compromised by 'Zoom Stealer', a campaign targeting online meeting data via malicious extensions.
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
Application Security
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
Andrew Doyle December 31, 2025
The Cyber Security Agency of Singapore warns of a dangerous remote code execution vulnerability in SmarterTools SmarterMail, CVE-2025-52691, with a CVSS score of 10.0.
CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed
Application Security
CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed
Mitchell Langley December 31, 2025
A vulnerability in MongoDB, known as MongoBleed, is actively exploited, prompting CISA to direct U.S. federal agencies to patch this critical flaw. This vulnerability could ...
Silver Fox Exploits Tax Lures in India to Spread ValleyRAT
News
Silver Fox Exploits Tax Lures in India to Spread ValleyRAT
Gabby Lee December 31, 2025
Silver Fox targets India, using tax-themed phishing to spread ValleyRAT, including DLL hijacking in attacks.
A Record Year Cybersecurity Acquisitions in 2025 Surpass $84 Billion
Cybersecurity
A Record Year: Cybersecurity Acquisitions in 2025 Surpass $84 Billion
Andrew Doyle December 31, 2025
A remarkable year in cybersecurity M&A, 2025 saw total disclosed deals exceeding $84 billion. Eight significant acquisitions surpassed the $1 billion mark, representing a notable ...
How Artificial Intelligence is Being Integrated into Security Operations
Cybersecurity
How Artificial Intelligence is Being Integrated into Security Operations
Mitchell Langley December 31, 2025
As AI becomes a fixture in Security Operations Centers (SOCs), aligning its role with operational processes remains a challenge, affecting its effective deployment and value ...
Mustang Panda’s Novel Kernel-Mode Rootkit Used in Mid-2025 Cyber Attack Analysis
Application Security
Mustang Panda’s Novel Kernel-Mode Rootkit Used in Mid-2025 Cyber Attack Analysis
Gabby Lee December 31, 2025
Mustang Panda leverages a kernel-mode rootkit and a new TONESHELL backdoor variant in a mid-2025 cyber attack on an Asian entity, as reported by Kaspersky.
Coupang to Distribute $1.17 Billion in Vouchers Following Data Breach
Cybersecurity
Coupang to Distribute $1.17 Billion in Vouchers Following Data Breach
Gabby Lee December 29, 2025
Coupang addresses a data breach affecting 33.7 million users by issuing $1.17 billion in vouchers, aiming to restore trust and mitigate the breach impacts.
Renewed Exploitation of FortiOS Two-Factor Authentication Bypass
CVE Vulnerability Alerts
Renewed Exploitation of FortiOS Two-Factor Authentication Bypass
Mitchell Langley December 29, 2025
Fortinet has flagged a resurgence in the exploitation of CVE-2020-12812, a vulnerability in FortiOS that allows attackers to bypass two-factor authentication. This poses significant risks ...
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026

TOP CYBERSECURITY HEADLINES

TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Application Security
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Cybersecurity
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
Cybersecurity
TVING Data Breach Triggers South Korean Government Probe

This Week’s Security Spotlight

Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
Andrew Doyle June 8, 2026
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Gabby Lee June 5, 2026
Cybersecurity
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
Gabby Lee June 5, 2026
More In News
Trending
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
RansomHub Hits Michigan’s Manpower — Data Breach Exposes 140,000 Individuals
August 13, 2025
Podcasts
Germany’s Top Court Limits Police Spyware to Serious Crimes Only
August 11, 2025
Podcasts
Security Firms Warn GPT-5 Is Wide Open to Jailbreaks and Prompt Attacks
August 11, 2025

Cyber Security News

MetInfo CVE-2026-29014 Exploited -- Unauthenticated PHP Code Injection
Application Security
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
May 6, 2026
FTC Bans Data Broker Kochava from Selling Americans Location Data
Cybersecurity
FTC Bans Data Broker Kochava from Selling Americans Location Data
May 6, 2026
Apache CVE-2026-23918 Enables DoS and RCE in HTTP2 -- Patch to 2.4.67
Application Security
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
May 6, 2026
China-Linked UAT-8302 Targets Governments in South America and Europe
Cybersecurity
China-Linked UAT-8302 Targets Governments in South America and Europe
May 6, 2026
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Cybersecurity
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
May 6, 2026
Microsoft AiTM Phishing Hit 35,000 Users in 26 Countries
Cybersecurity
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
May 6, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Disney Agrees to $10 Million Settlement for COPPA Violations
January 5, 2026
Disney has settled COPPA violation allegations with a $10 million penalty, addressing claims about mislabeling videos and improper data use in targeted advertising. The case ...
DarkSpectre’s Third Wave: A New Browser Extension Threat
January 5, 2026
A new attack campaign codenamed DarkSpectre, attributed to a Chinese threat actor, has affected 2.2 million users across major web browsers. Leveraging two prior campaigns, ...
RondoDox Botnet Utilizes React2Shell Vulnerability to Infiltrate Servers
January 5, 2026
RondoDox is exploiting the React2Shell flaw in Next.js to gain remote code execution, deploy malware, and install cryptominers. The campaign highlights how unpatched web frameworks ...
New Variant of Shai Hulud Malware Found in npm Registry
January 5, 2026
Cybersecurity experts uncover a new Shai Hulud malware strain in the npm registry, stressing the importance of vigilant security practices within open-source ecosystems.
Unleash Protocol Experiences a $3.9 Million Cryptocurrency Loss
January 5, 2026
Unleash Protocol has incurred a $3.9 million loss in cryptocurrency following an unauthorized contract upgrade that enabled asset withdrawals, exposing vulnerabilities within decentralized systems.
IBM Discloses Critical Security Vulnerability in API Connect
January 5, 2026
IBM has identified a critical vulnerability in its API Connect software, CVE-2025-13915, which allows attackers to bypass authentication and gain remote access. With a CVSS ...
European Space Agency Confirms Breach Impacting Servers with Unclassified Engineering Data
December 31, 2025
The European Space Agency disclosed a breach affecting external servers. These systems held unclassified engineering project data, raising concerns about data security in isolated networks.
BlackCat Ransomware Campaign Culminates in Guilty Pleas from Ex-Employees
December 31, 2025
Ex-Sygnia and DigitalMint employees confessed to deploying BlackCat ransomware against U.S. companies in 2023, using their insider knowledge for malicious aims.
‘Zoom Stealer’ Puts Millions at Risk via Web Extensions on Major Browsers
December 31, 2025
Over 2.2 million Chrome, Firefox, and Edge users are compromised by 'Zoom Stealer', a campaign targeting online meeting data via malicious extensions.
Critical Vulnerability in SmarterTools SmarterMail Poses Severe Cybersecurity Risk
December 31, 2025
The Cyber Security Agency of Singapore warns of a dangerous remote code execution vulnerability in SmarterTools SmarterMail, CVE-2025-52691, with a CVSS score of 10.0.
CISA Orders Federal Agencies to Patch Critical MongoDB Vulnerability Called MongoBleed
December 31, 2025
A vulnerability in MongoDB, known as MongoBleed, is actively exploited, prompting CISA to direct U.S. federal agencies to patch this critical flaw. This vulnerability could ...
Silver Fox Exploits Tax Lures in India to Spread ValleyRAT
December 31, 2025
Silver Fox targets India, using tax-themed phishing to spread ValleyRAT, including DLL hijacking in attacks.
A Record Year: Cybersecurity Acquisitions in 2025 Surpass $84 Billion
December 31, 2025
A remarkable year in cybersecurity M&A, 2025 saw total disclosed deals exceeding $84 billion. Eight significant acquisitions surpassed the $1 billion mark, representing a notable ...
How Artificial Intelligence is Being Integrated into Security Operations
December 31, 2025
As AI becomes a fixture in Security Operations Centers (SOCs), aligning its role with operational processes remains a challenge, affecting its effective deployment and value ...
Mustang Panda’s Novel Kernel-Mode Rootkit Used in Mid-2025 Cyber Attack Analysis
December 31, 2025
Mustang Panda leverages a kernel-mode rootkit and a new TONESHELL backdoor variant in a mid-2025 cyber attack on an Asian entity, as reported by Kaspersky.
Coupang to Distribute $1.17 Billion in Vouchers Following Data Breach
December 29, 2025
Coupang addresses a data breach affecting 33.7 million users by issuing $1.17 billion in vouchers, aiming to restore trust and mitigate the breach impacts.
Renewed Exploitation of FortiOS Two-Factor Authentication Bypass
December 29, 2025
Fortinet has flagged a resurgence in the exploitation of CVE-2020-12812, a vulnerability in FortiOS that allows attackers to bypass two-factor authentication. This poses significant risks ...
Lovely Extortion Group Claims Massive Data Breach at Conde Nast
December 29, 2025
The extortion threat to Conde Nast by the criminal group, Lovely, emphasizes the vulnerability of major publishers to cyberattacks. Lovely claims to have unauthorized access ...
Ransomware Attack Disrupts Operations at Romania’s Oltenia Energy Complex During Christmas
December 29, 2025
Oltenia Energy Complex, Romania's primary coal-based energy producer, faced a ransomware attack on the second day of Christmas, severely impacting its IT infrastructure and highlighting ...
OWASP’s Agentic AI Top 10 Highlights Emerging Security Threats
December 29, 2025
OWASP introduces vulnerabilities impacting AI systems, emphasizing agent tool attacks. Koi Security's assessments illustrate real incidents linked to this list.
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack