Cyber Security
RVTools Supply Chain Attack Delivered Bumblebee Malware via Trojanized Installer
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
The Truth About Identity Attacks: How to Protect Your Business and Data
CISA Warns of Ongoing Cyber Threats to U.S. Oil and Gas Infrastructure
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
The Rising Tide of Supply Chain Cybersecurity Risks in 2025
Fighting AI with AI: Using Artificial Intelligence to Strengthen Enterprise Cybersecurity
27 Million Records Allegedly Leaked from French Retailer Boulanger
13 Cybersecurity Assumptions That Are Getting You Hacked (And What to Do Instead)
Navigating the Complex Intersection of AI and Data Privacy
Cookie-Bite Attack Uses Chrome Extension to Steal Microsoft Session Tokens and Bypass MFA
Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests
FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud
Remote Desktop Protocol (RDP): A Double-Edged Sword for IT Teams
Google Faces £5 Billion UK Antitrust Lawsuit Over Search Advertising Practices
Skyward Specialty Insurance Data Breach Exposes Sensitive Information
Hacker Forum ‘Cracked’ Resurfaces Online After FBI Seizure in Global Cybercrime Operation
Wolters Kluwer Data Breach Claim Raises Alarms Across Fortune 500 Network
Fall River Public Schools Responds to Cybersecurity Breach
COBIT 2019 vs. COBIT 5: What’s New and Why It Matters
The Soaring Cost of Data Breaches for Enterprise Businesses in 2024
ChatGPT is Down Worldwide Impacting Millions
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years
10 Key Benefits of Cyber Tabletop Exercises
Network Security in a Digital World: Understanding and Mitigating Risks
WhatsApp Patches Zero-Day Flaw Exploited by Paragon Spyware
The Mirai Botnet: The Infamous DDoS Weapon
Compliance Isn’t Security: Why a Checklist Alone Won’t Stop Cyberattacks
Outsourcing Cybersecurity Could Save Your Company Millions – Here’s How
Dior Confirms Data Breach Exposing Chinese Customer Information
News
Dior Confirms Data Breach Exposing Chinese Customer Information
Christian Dior confirms a customer data breach affecting Chinese users. Names, contacts, and shopping data were leaked; no financial details were compromised. Investigation ongoing.
Nucor Shuts Down Production Lines Following Cybersecurity Incident
News
Nucor Shuts Down Production Lines Following Cybersecurity Incident
Nucor Corporation has shut down select production operations following a cybersecurity incident that compromised internal systems. The company is investigating and restoring operations.
Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach
News
Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach
Hackers are selling 89 million Steam user records in an apparent supply chain breach involving vendor access. Valve denies a direct Steam breach but continues ...
HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage
News
HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage
HireClick leaked over 5.7 million resume files after leaving an AWS bucket unsecured. The data exposure poses significant risks of fraud, phishing, and identity theft. ...
Valve Denies Steam Data Breach, Dismisses Leaked Data as Useless Expired Codes
News
Valve Denies Steam Data Breach, Dismisses Leaked Data as Useless Expired Codes
Valve denies claims of a Steam data breach, stating leaked data consists of expired SMS codes with no account credentials, passwords, or personal information.
Memphis-Shelby County Schools Joins Growing Lawsuit Against PowerSchool After Data Breach
News
Memphis-Shelby County Schools Joins Growing Lawsuit Against PowerSchool After Data Breach
Tennessee’s largest school district has filed a federal lawsuit against PowerSchool, citing breach of contract and security failures linked to a December 2023 data breach. ...
DragonForce Hackers Disrupt UK Retail Giant Co-op in Geopolitically Charged Cyberattack
News
DragonForce Hackers Disrupt UK Retail Giant Co-op in Geopolitically Charged Cyberattack
Russian-aligned ransomware group DragonForce hit UK retailer Co-op, exposing customer data and disrupting operations, in a hybrid cyberattack blending financial and geopolitical motives.
EU Launches European Vulnerability Database (EUVD) Amid CVE Funding Crisis
News
EU Launches European Vulnerability Database (EUVD) Amid CVE Funding Crisis
The EU launches its own vulnerability database (EUVD) to strengthen cybersecurity, reduce reliance on CVE, and ensure greater digital sovereignty across European infrastructure.
Twilio Denies Breach After Leak Claims to Expose Steam 2FA Codes
News
Twilio Denies Breach After Leak Claims to Expose Steam 2FA Codes
Twilio denies breach after leaked Steam 2FA codes appear online. Experts suspect a third-party SMS provider may be the source of the data exposure.
M&S Confirms Customer Data Breach Following Cyberattack
News
M&S Confirms Customer Data Breach Following Cyberattack
M&S confirms a customer data breach exposing contact details and order history after a cyberattack, but reassures no payment data or passwords were compromised.
VMware Tools Vulnerability Lets Attackers Tamper with Virtual Machines
News
VMware Tools Vulnerability Lets Attackers Tamper with Virtual Machines
Broadcom patches a critical VMware Tools vulnerability that allows attackers with limited VM access to tamper with files. Affects Windows, Linux, and open-vm-tools versions.
Thousands of Node Developers Compromised by Malware in Popular npm Packages
News
Thousands of Node Developers Compromised by Malware in Popular npm Packages
A sophisticated supply chain attack on npm injected malware into widely used packages, exposing thousands of developers to remote access trojans, data theft, and backdoors. ...
Türkiye-Backed Group Exploits Output Messenger Zero-Day in Cyberespionage Attack on Kurdish Targets
News
Türkiye-Backed Group Exploits Output Messenger Zero-Day in Cyberespionage Attack on Kurdish Targets
A Türkiye-linked cyberespionage group exploited a zero-day in Output Messenger, enabling access to sensitive data and communications in targeted attacks on Kurdish-aligned users.
Moldovan Authorities Arrest Suspect Tied to DoppelPaymer Ransomware Attacks
News
Moldovan Authorities Arrest Suspect Tied to DoppelPaymer Ransomware Attacks
A Moldovan suspect has been arrested for a 2021 DoppelPaymer ransomware attack that crippled Dutch research systems and caused €4.5 million in damages.
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
Cybersecurity
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
Chinese threat group Chaya_004 exploited a zero-day flaw in SAP NetWeaver servers, compromising hundreds of systems using remote code execution and web shell deployments.
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
Cybersecurity
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
The iClicker website was hacked between April 12–16, 2025, using a fake CAPTCHA to deploy malware via a ClickFix attack targeting students and faculty.
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
News
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
LockBit's dark web affiliate panels were hacked, exposing thousands of victim negotiation messages, affiliate details, and bitcoin addresses in a leaked MySQL database.
Ascension Data Breach Exposes Personal and Health Information of Over 430,000 Patients
News
Ascension Data Breach Exposes Personal and Health Information of Over 430,000 Patients
Ascension confirms a third-party data breach affecting 437,329 patients, exposing sensitive personal and medical data, including Social Security numbers and health insurance details.
PowerSchool Hacker Now Extorting Individual School Districts Using Stolen Data
News
PowerSchool Hacker Now Extorting Individual School Districts Using Stolen Data
The PowerSchool hacker is now targeting individual school districts, threatening to leak sensitive student and staff data stolen in the December 2024 breach.
NSO Group Fined $167 Million for Pegasus Spyware Attack on WhatsApp Users
News
NSO Group Fined $167 Million for Pegasus Spyware Attack on WhatsApp Users
A U.S. jury has ordered NSO Group to pay over $167 million in damages for a 2019 Pegasus spyware attack that targeted 1,400 WhatsApp users. ...

TOP CYBERSECURITY HEADLINES

SECURITYWEEK INDUSTRY EXPERTS

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Threat Actors
  • Threat Detection Tools
  • Uncategorized
Global Crackdown Dismantles Lumma Infostealer Malware Network, Seizes 2,300 Domains
Authorities and private sector partners have dismantled the infrastructure of the Lumma Infostealer malware, a dominant player in the malware-as-a-service (MaaS) ecosystem.
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools
EU Sanctions Stark Industries and Leadership for Supporting Russian Cyber Operations
The EU has sanctioned Stark Industries and its leadership for enabling Russian cyber operations, disinformation, and infrastructure support used in attacks against European interests.
119,000 ICS Devices Exposed: The Internet’s Hidden Infrastructure Risk
In this episode, we dive into a growing cybersecurity crisis: the exposure of Industrial Control Systems (ICS) on the public internet. These systems power our ...
Serviceaide Data Leak Exposes Health Records of Over 480,000 Catholic Health Patients
Serviceaide exposed over 480,000 Catholic Health patients' records due to a misconfigured Elasticsearch database, putting sensitive personal and medical data at risk.
Coinbase Data Breach Exposes Personal Information of 69,461 Customers in Contractor-Driven Incident
Coinbase confirms a data breach involving overseas contractors that exposed personal and financial information of 69,461 users, prompting fears of social engineering and financial fraud. ...
Over 100 Malicious Chrome Extensions Found Masquerading as AI Tools, VPNs, and Crypto Utilities
A massive and ongoing campaign involving over 100 malicious Chrome extensions has been uncovered, with threat actors deploying browser add-ons disguised as free AI tools, ...
RVTools Supply Chain Attack Delivered Bumblebee Malware via Trojanized Installer
A supply chain attack on RVTools delivered Bumblebee malware through a trojanized installer, compromising virtualization admins and enabling follow-on ransomware or data exfiltration attacks.
Tesco, Aldi Supplier Peter Green Chilled Hit by Ransomware, Disrupting UK Retail Supply Chains
UK logistics firm Peter Green Chilled suffered a ransomware attack, disrupting deliveries for Tesco, Aldi, and Sainsbury’s amid a rising wave of supply chain cyberattacks. ...
SK Telecom Malware Breach Lasted 3 Years, Exposed 27 Million Phone Numbers
SK Telecom’s malware breach exposed 27 million phone numbers over three years via a supply chain attack targeting its security affiliate SK Shieldus.
PowerSchool Hacker Pleads Guilty to Student Data Extortion Scheme
A 19-year-old hacker has pleaded guilty to breaching PowerSchool and extorting millions by threatening to leak sensitive data on over 71 million students and teachers. ...
Mobile Carrier Cellcom Breached, Company Confirms Cyberattack Behind Extended Outages
Cellcom confirms a cyberattack caused week-long service outages across Wisconsin and Michigan, impacting calls and SMS; personal data reportedly not compromised.
VanHelsing Ransomware Builder Leaked by Former Developer on Hacking Forum
VanHelsing ransomware's builder and affiliate panel source code leaked after a former developer tried to sell it, prompting the gang to release it themselves.
Arla Foods Upahl Site Hit by Cyberattack—What It Means for Food Supply Chains
In May 2025, a cyberattack disrupted operations at Arla Foods’ major dairy facility in Upahl, Germany—halting skyr production, impacting local IT systems, and forcing product ...
Bypassing Antivirus: What Defendnot Reveals About the Weak Spots in Windows Security
In this episode, we dissect one of the most advanced Windows security evasion tools released in recent memory: Defendnot. Designed to exploit undocumented Windows Security ...
BreachRx Raises $15M to Automate the Chaos of Incident Response
In this episode, we dive into BreachRx’s $15 million Series A raise — and what it means for the future of enterprise cybersecurity incident response. ...
Scattered Spider Breached M&S via Third-Party TCS Credentials, Sources Confirm
Scattered Spider used third-party TCS employee credentials to breach M&S systems, exposing customer data and costing over £1 billion in market value and lost profits. ...
Trojanized KeePass Installer Leads to Ransomware on VMware ESXi Servers
Fake KeePass installers promoted via Bing ads delivered Cobalt Strike and stole credentials, ultimately leading to ESXi ransomware attacks linked to Black Basta affiliates.
TeleMessage Breach Exposes U.S. Government Messaging Data, 410GB Archive Published by DDoSecrets
Hackers exploited a flaw in TeleMessage’s TM SGNL app, exposing U.S. official communications. DDoSecrets published 410GB of chat logs and metadata from the breach.
Arla Foods Cyberattack Disrupts German Production Site, Causes Delivery Delays
Arla Foods confirmed a cyberattack at its Upahl production site in Germany, disrupting operations and causing delivery delays. No data theft has been confirmed.
GhostSec: From Hacktivist Roots to RaaS Powerhouse
Malicious RubyGems Impersonate Fastlane Plugins to Steal Telegram Bot Data
Victoria’s Secret Postpones Q1 Earnings Amid System Restoration After Security Incident
The Exploding Threat of Cybercrime-as-a-Service (CaaS): How it’s Reshaping the Cybercrime Landscape
Volkswagen Probes Hacker Claims Amid Ongoing Ransomware Threats
CISA Issues Alert on Actively Exploited ScreenConnect, ASUS Router, and Craft CMS Vulnerabilities
The North Face Discloses April Credential Stuffing Attack Impacting Customer Accounts
Nokota Packers Targeted in Ransomware Attack by Emerging J Group Gang
Stormous Ransomware Gang Claims Volkswagen Hack Without Proof
Google Chrome vs. Failing CAs: The Policy Behind the Distrust
CVE-2025-48827 & 48828: How vBulletin’s API and Template Engine Got Weaponized
JINX-0132: How Cryptojackers Hijacked DevOps Infrastructure via Nomad and Docker
Cartier Confirms Customer Data Exposure Following Cybersecurity Breach
Russian Market Becomes Leading Hub for Stolen Credentials from Info-Stealer Malware
Multi-Stage Phishing Attacks Now Use Google Infrastructure—Here’s How
Password Hashes Leaked via Linux Crash Handlers: The Truth Behind CVE-2025-5054 & 4598
Inside the AVCheck Takedown: How Law Enforcement Disrupted a Key Cybercrime Tool
Kaiser Permanente Recovers from Widespread Network Outage That Disrupted Patient Services Nationwide
Latrodectus Malware Infected Over 44,000 IPs Before Operation Endgame Takedown
Germany Identifies TrickBot and Conti Ransomware Ringleader as Vitaly Kovalev