Main Menu
Cyber Security
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
Aisuru Botnet New DDoS Attack Record Set at 29.7 Tbps
News
Aisuru Botnet: New DDoS Attack Record Set at 29.7 Tbps
Mitchell Langley December 5, 2025
Over the past three months, the formidable Aisuru botnet has executed more than 1,300 DDoS attacks, one of which reached a staggering peak of 29.7 ...
Water Saci Threat Actor Evolves Tactics with Sophisticated Infection Chain
News
Water Saci Threat Actor Evolves Tactics with Sophisticated Infection Chain
Gabby Lee December 5, 2025
The Water Saci threat actor has evolved its tactics, utilizing an advanced infection chain with HTML Application files and PDFs. These methods are used to ...
Russian Internet Authority Blocks Roblox Over Content Concerns
Cybersecurity
Russian Internet Authority Blocks Roblox Over Content Concerns
Mitchell Langley December 5, 2025
Russia's Roskomnadzor has blocked the online gaming platform Roblox citing concerns over the distribution of LGBT content and extremist materials. The move underscores the regulatory ...
Leroy Merlin France Security Breach Exposes Customer Data
Data Security
Leroy Merlin France Security Breach Exposes Customer Data
Gabby Lee December 5, 2025
Leroy Merlin faces a significant security breach impacting customer data in France. Personal information, including names, addresses, and emails, was accessed by unauthorized entities.
Google Expands Support for Android's In-Call Scam Protection to More Financial Institutions
Cybersecurity
Google Expands Support for Android’s In-Call Scam Protection to More Financial Institutions
Andrew Doyle December 5, 2025
In a significant move to bolster in-call scam protection, Google is expanding its Android feature to include multiple financial institutions in the United States. This ...
Critical Elementor Addons Flaw CVE-2025-8489 Actively Exploited on WordPress Sites
CVE Vulnerability Alerts
Critical Elementor Addons Flaw CVE-2025-8489 Actively Exploited on WordPress Sites
Mitchell Langley December 5, 2025
A severe flaw in the WordPress plugin, King Addons for Elementor, is being actively exploited. This CVE-2025-8489 vulnerability allows privilege escalation, giving attackers administrative access. ...
Microsoft Silently Patches Long-Exploited Windows Vulnerability
Application Security
Microsoft Silently Patches Long-Exploited Windows Vulnerability
Gabby Lee December 5, 2025
Microsoft discretely resolves CVE-2025-9491, a critical Windows Shortcut vulnerability exploited by hackers for years. November 2025 Patch Tuesday delivers the fix.
React Server Components' Security Flaw Risks Unauthenticated Remote Code Execution
CVE Vulnerability Alerts
React Server Components’ Security Flaw Risks Unauthenticated Remote Code Execution
Andrew Doyle December 5, 2025
React Server Components are impacted by a critical vulnerability, CVE-2025-55182, offering a CVSS score of 10.0 for unauthenticated remote code execution.
Major Universities Affected in Oracle E-Business Suite Hacking Campaign
Cybersecurity
Major Universities Affected in Oracle E-Business Suite Hacking Campaign
Mitchell Langley December 5, 2025
The University of Pennsylvania and the University of Phoenix recently disclosed that they were attacked in a broader cyber campaign. This campaign targets organizations utilizing ...
Freedom Mobile Data Breach Protecting Consumer Information in the Telecom Sector
Data Security
Freedom Mobile Data Breach: Protecting Consumer Information in the Telecom Sector
Gabby Lee December 5, 2025
Freedom Mobile, Canada's fourth-largest wireless carrier, announced a significant data breach involving its customer account management platform, exposing consumer information. This development puts a spotlight ...
North Korea's Covert IT Workforce Exposed Unmasking the Chollima Scheme
Cybersecurity
North Korea’s Covert IT Workforce Exposed: Unmasking the Chollima Scheme
Mitchell Langley December 3, 2025
A joint investigation by BCA LTD, NorthScan, and ANY.RUN reveals North Korea's persistent infiltration scheme. The study exposes remote IT workers linked to the Lazarus ...
FTC Targets EdTech Giant Illuminate After Data Breach Exposes 10 Million Students
Cybersecurity
FTC Targets EdTech Giant Illuminate After Data Breach Exposes 10 Million Students
Andrew Doyle December 3, 2025
The Federal Trade Commission proposed significant actions against Illuminate Education following a 2021 incident that compromised data of 10 million students. The firm's measures raise ...
Cybersecurity Incident at Three-Council Data Breach Adds Complexity
Cybersecurity
Cybersecurity Incident at Three-Council: Data Breach Adds Complexity
Mitchell Langley December 3, 2025
Kensington and Chelsea Council acknowledges a data breach as their IT system experiences disruption during a cyber incident. Historical data was accessed and copied, escalating ...
GlassWorm Supply Chain Attack Compromises Developer Tools
Cybersecurity
GlassWorm Supply Chain Attack Compromises Developer Tools
Gabby Lee December 3, 2025
The GlassWorm supply chain attack returns, infiltrating Microsoft Visual Studio Marketplace and Open VSX with 24 extensions that impersonate popular developer frameworks such as Flutter, ...
Shai-Hulud Strikes Again Massive Data Exposure from NPM Attack
Cybersecurity
Shai-Hulud Strikes Again: Massive Data Exposure from NPM Attack
Andrew Doyle December 3, 2025
Shai-Hulud's second attack compromised NPM packages, exposing 400,000 secrets. The breach affected thousands of GitHub repositories and underlines vulnerabilities inherent in open-source software supply chains.
Application Security
Microsoft Investigates Defender XDR Portal Access Disruptions
Mitchell Langley December 3, 2025
Microsoft faces a challenge as users report limited access to the Defender XDR portal. For over 10 hours, customers have experienced obstacles accessing key features, ...
University of Pennsylvania Data Breach Clop's Zero-Day Exploit Targets Oracle's E-Business Suite
Cybersecurity
University of Pennsylvania Data Breach: Clop’s Zero-Day Exploit Targets Oracle’s E-Business Suite
Gabby Lee December 3, 2025
The University of Pennsylvania recently disclosed a data breach affecting over 1,400 individuals. Attackers exploited a zero-day vulnerability in Oracle’s E-Business Suite, linked to the ...
Zafran Security Accelerates Global Expansion with $60 Million Series C Funding
Cybersecurity
Zafran Security Accelerates Global Expansion with $60 Million Series C Funding
Andrew Doyle December 3, 2025
Zafran Security, a cybersecurity startup, has raised $60 million in Series C funding to enhance product innovation and global reach. This development marks a significant ...
Albiriox Banking Trojan Poses New Threat to Android Devices
Cybersecurity
Albiriox Banking Trojan Poses New Threat to Android Devices
Andrew Doyle December 2, 2025
Cybersecurity experts are on high alert with the emergence of Albiriox, an Android banking trojan sold for $720 monthly. This new threat from Russian cybercriminals ...
Hackers Exploit Hiring Processes With Deepfakes and Fake Resumes
Cybersecurity
Hackers Exploit Hiring Processes With Deepfakes and Fake Resumes
Andrew Doyle December 2, 2025
Cybercriminals are increasingly using sophisticated techniques such as deepfakes, fake resumes, and stolen identities to penetrate corporate hiring processes. Strengthening vetting and access controls can ...
Cybersecurity
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Gabby Lee May 22, 2026
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Cybersecurity
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Gabby Lee May 22, 2026
Cybersecurity
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Gabby Lee May 22, 2026
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Andrew Doyle May 20, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Cybersecurity
Deleted Google API Keys Stay Active for Up to 23 Minutes
Application Security
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Cybersecurity
Texas AG Sues Meta Over WhatsApp Encryption Claims

This Week’s Security Spotlight

CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Gabby Lee May 21, 2026
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Andrew Doyle May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
From Google to LVMH: ShinyHunters’ Salesforce Breaches Spark Global Ransom Crisis
August 6, 2025
Podcasts
Cisco Hit by Vishing Attack: CRM Breach Exposes Millions of User Profiles
August 6, 2025
Podcasts
Ox Security Unveils Agent Ox: AI Tool That Writes Tailored Fixes for Software Vulnerabilities
August 6, 2025

Cyber Security News

Apple Blocks Dangerous Terminal Commands in macOS Tahoe 26.4
Application Security
Apple Blocks Dangerous Terminal Commands in macOS Tahoe 26.4
March 31, 2026
Zero-Click Flaw in Telegram Raises Security Alarms Despite Company Denial
Cybersecurity
Zero-Click Flaw in Telegram Raises Security Alarms Despite Company Denial
March 31, 2026
Firefox 149 Launches with a Built-In VPN for Better Privacy
Application Security
Firefox 149 Launches with a Built-In VPN for Better Privacy
March 25, 2026
FCC Adds Consumer Routers to Covered List Amid Security Concerns
Cybersecurity
FCC Adds Consumer Routers to Covered List Amid Security Concerns
March 25, 2026
DOE Rolls Out Project Armor to Fortify Critical Energy Infrastructure
Cybersecurity
DOE Rolls Out Project Armor to Fortify Critical Energy Infrastructure
March 25, 2026
Cybercriminals Exploit Google Ads in a Deceptive Tax Document Malvertising Campaign
Cybersecurity
Cybercriminals Exploit Google Ads in a Deceptive Tax Document Malvertising Campaign
March 25, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Russian Internet Authority Blocks Roblox Over Content Concerns
December 5, 2025
Russia's Roskomnadzor has blocked the online gaming platform Roblox citing concerns over the distribution of LGBT content and extremist materials. The move underscores the regulatory ...
Leroy Merlin France Security Breach Exposes Customer Data
December 5, 2025
Leroy Merlin faces a significant security breach impacting customer data in France. Personal information, including names, addresses, and emails, was accessed by unauthorized entities.
Google Expands Support for Android’s In-Call Scam Protection to More Financial Institutions
December 5, 2025
In a significant move to bolster in-call scam protection, Google is expanding its Android feature to include multiple financial institutions in the United States. This ...
Critical Elementor Addons Flaw CVE-2025-8489 Actively Exploited on WordPress Sites
December 5, 2025
A severe flaw in the WordPress plugin, King Addons for Elementor, is being actively exploited. This CVE-2025-8489 vulnerability allows privilege escalation, giving attackers administrative access. ...
Microsoft Silently Patches Long-Exploited Windows Vulnerability
December 5, 2025
Microsoft discretely resolves CVE-2025-9491, a critical Windows Shortcut vulnerability exploited by hackers for years. November 2025 Patch Tuesday delivers the fix.
React Server Components’ Security Flaw Risks Unauthenticated Remote Code Execution
December 5, 2025
React Server Components are impacted by a critical vulnerability, CVE-2025-55182, offering a CVSS score of 10.0 for unauthenticated remote code execution.
Major Universities Affected in Oracle E-Business Suite Hacking Campaign
December 5, 2025
The University of Pennsylvania and the University of Phoenix recently disclosed that they were attacked in a broader cyber campaign. This campaign targets organizations utilizing ...
Freedom Mobile Data Breach: Protecting Consumer Information in the Telecom Sector
December 5, 2025
Freedom Mobile, Canada's fourth-largest wireless carrier, announced a significant data breach involving its customer account management platform, exposing consumer information. This development puts a spotlight ...
North Korea’s Covert IT Workforce Exposed: Unmasking the Chollima Scheme
December 3, 2025
A joint investigation by BCA LTD, NorthScan, and ANY.RUN reveals North Korea's persistent infiltration scheme. The study exposes remote IT workers linked to the Lazarus ...
FTC Targets EdTech Giant Illuminate After Data Breach Exposes 10 Million Students
December 3, 2025
The Federal Trade Commission proposed significant actions against Illuminate Education following a 2021 incident that compromised data of 10 million students. The firm's measures raise ...
Cybersecurity Incident at Three-Council: Data Breach Adds Complexity
December 3, 2025
Kensington and Chelsea Council acknowledges a data breach as their IT system experiences disruption during a cyber incident. Historical data was accessed and copied, escalating ...
GlassWorm Supply Chain Attack Compromises Developer Tools
December 3, 2025
The GlassWorm supply chain attack returns, infiltrating Microsoft Visual Studio Marketplace and Open VSX with 24 extensions that impersonate popular developer frameworks such as Flutter, ...
Shai-Hulud Strikes Again: Massive Data Exposure from NPM Attack
December 3, 2025
Shai-Hulud's second attack compromised NPM packages, exposing 400,000 secrets. The breach affected thousands of GitHub repositories and underlines vulnerabilities inherent in open-source software supply chains.
Microsoft Investigates Defender XDR Portal Access Disruptions
December 3, 2025
Microsoft faces a challenge as users report limited access to the Defender XDR portal. For over 10 hours, customers have experienced obstacles accessing key features, ...
University of Pennsylvania Data Breach: Clop’s Zero-Day Exploit Targets Oracle’s E-Business Suite
December 3, 2025
The University of Pennsylvania recently disclosed a data breach affecting over 1,400 individuals. Attackers exploited a zero-day vulnerability in Oracle’s E-Business Suite, linked to the ...
Zafran Security Accelerates Global Expansion with $60 Million Series C Funding
December 3, 2025
Zafran Security, a cybersecurity startup, has raised $60 million in Series C funding to enhance product innovation and global reach. This development marks a significant ...
Albiriox Banking Trojan Poses New Threat to Android Devices
December 2, 2025
Cybersecurity experts are on high alert with the emergence of Albiriox, an Android banking trojan sold for $720 monthly. This new threat from Russian cybercriminals ...
Hackers Exploit Hiring Processes With Deepfakes and Fake Resumes
December 2, 2025
Cybercriminals are increasingly using sophisticated techniques such as deepfakes, fake resumes, and stolen identities to penetrate corporate hiring processes. Strengthening vetting and access controls can ...
Young Cybercriminals: Rebels Without a Cause in the Digital World
December 2, 2025
Emerging data reveals most young cybercriminals outgrow illicit activities by age 20. This shift signals their maturation process beyond digital crime, although a few remain ...
$29 Million in Bitcoin Seized from Cryptomixer: Implications for Cybercrime
December 2, 2025
In a sweeping international effort, authorities targeted cryptomixer services for aiding in cybercriminal activities. Operation Olympia led to a significant Bitcoin haul.
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints