Main Menu
Cyber Security
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Triple Extortion Ransomware: How It Works and How to Stop It
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
OpenClaw AI Agent Hijacked via Malicious vCard Injection
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
Cybersecurity
Play Ransomware Hits Law Firm, Food Tech, Church, and Factory
Gabby Lee June 5, 2026
Play ransomware posted four US victims in a single day: a food processing manufacturer, a law firm, a religious organization, and a manufacturing company.
Cybersecurity
Akira Threatens to Publish 53 GB from US Parts Maker and Ohio MLS
Gabby Lee June 5, 2026
Akira ransomware posted National Standard Parts Associates and Northern Ohio Regional MLS, threatening 53 GB of employee records, contracts, and financial data.
Cybersecurity
Qilin Ransomware Hits Avcon Jet, Slovenian Food Group, and Trican
Gabby Lee June 5, 2026
Qilin ransomware posted Avcon Jet, SKUPINA Don Don, and Trican in a three-country sweep targeting private aviation, food retail, and Canadian oilfield services.
Cybersecurity
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
Gabby Lee June 5, 2026
TheGentlemen ransomware struck Saudi Arabia, India, Thailand, and Portugal in one day, including a first GCC target, as the group exceeds 330 victims in 2026.
Cybersecurity
WorldLeaks Targets Thai Infrastructure Giant CH Karnchang
Gabby Lee June 5, 2026
WorldLeaks claimed CH Karnchang, Thailand's major infrastructure builder, and United Auto Supply in a pure data extortion operation with no file encryption.
Cybersecurity
Supreme Court Upholds $200M FCC Fines on AT&T and Verizon
Gabby Lee June 5, 2026
The Supreme Court ruled 8-1 to uphold FCC authority to fine AT&T and Verizon for selling subscriber GPS location data to third parties without consent.
Cybersecurity
FTC Seeks Public Comment on X Corp Bid to Void Twitter Settlement
Andrew Doyle June 5, 2026
The FTC opened a public comment period on X Corp's petition to set aside the $150 million Twitter privacy consent decree, with public comments due ...
CVE Vulnerability Alerts
CISA Orders Patch for Linux Container Escape CVE-2022-0492
Gabby Lee June 4, 2026
CISA added the Linux kernel CVE-2022-0492 container escape flaw to the KEV catalog, confirming active exploitation with a three-day federal patch deadline.
Application Security
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
Gabby Lee June 4, 2026
CISA added CVE-2026-45247 to its KEV catalog, confirming active exploitation of a CVSS 9.8 Magento RCE flaw that threatens 150,000 e-commerce stores worldwide.
Cybersecurity
CISA, FBI, NSA, DOE Warn of Active Attacks on Fuel Tank Monitors
Mitchell Langley June 4, 2026
CISA, FBI, NSA, and DOE warned of active attacks on internet-exposed fuel tank monitoring systems via authentication bypass and command injection techniques.
Cybersecurity
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
Gabby Lee June 4, 2026
OFAC sanctioned Nobitex and three companion Iranian crypto exchanges for facilitating IRGC transactions and converting ransomware proceeds into usable funds.
Application Security
Burst Statistics CVE-2026-8181 Under Mass Exploitation
Andrew Doyle June 4, 2026
CVE-2026-8181 in Burst Statistics for WordPress is under mass exploitation, with Wordfence blocking 7,400 daily attempts against over 200,000 affected sites.
CVE Vulnerability Alerts
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Mitchell Langley June 4, 2026
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch until end of month.
Application Security
Public PoC Released for Cisco Unified CM SSRF Bug
Andrew Doyle June 4, 2026
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
Cybersecurity
TheGentlemen and Genesis Ransomware Hit Two US Clinics
Andrew Doyle June 4, 2026
TheGentlemen ransomware claimed Michigan Surgical Center while Genesis targeted Family Medical Associates of Raleigh, exposing PHI to double-extortion pressure.
Cybersecurity
CISA Faces $700M More Cuts as Mullin Signals Restructure
Mitchell Langley June 4, 2026
DHS Secretary Mullin testified CISA will target 2,800 employees and face 700 million more in budget cuts, with a new Senate-confirmed director to be nominated.
Cybersecurity
DragonForce and Nitrogen Ransomware Hit Three Continents
Andrew Doyle June 4, 2026
DragonForce claimed Lebanon IT firm SETS Solutions and Mexican manufacturer Copamex, while Nitrogen posted U.S. real estate developer Pyramid in parallel.
Application Security
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
Gabby Lee June 4, 2026
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
Cybersecurity
CISA to Issue Binding AI Security Directive This Week
Andrew Doyle June 4, 2026
CISA will issue a binding directive from the AI executive order, mandating AI vulnerability management rules for all federal civilian executive branch agencies.
Application Security
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
Mitchell Langley June 4, 2026
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
Application Security
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Andrew Doyle June 15, 2026
Application Security
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Andrew Doyle June 15, 2026
Cybersecurity
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Andrew Doyle June 15, 2026
Cybersecurity
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Andrew Doyle June 15, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
Application Security
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Cybersecurity
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
Application Security
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches

This Week’s Security Spotlight

Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Andrew Doyle June 10, 2026
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Gabby Lee June 10, 2026
More In News
Trending
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Adobe Confirms Active Exploitation of SessionReaper Vulnerability in Commerce Platforms
October 24, 2025
Podcasts
AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces
October 24, 2025
Podcasts
Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft
October 23, 2025

Cyber Security News

Application Security
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
June 12, 2026
Cybersecurity
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
June 12, 2026
Cybersecurity
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
June 12, 2026
Application Security
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
June 12, 2026
Application Security
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
June 11, 2026
Cybersecurity
Nottingham University Breach Exposes Data on 454,600 Students
June 11, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
June 5, 2026
TheGentlemen ransomware struck Saudi Arabia, India, Thailand, and Portugal in one day, including a first GCC target, as the group exceeds 330 victims in 2026.
WorldLeaks Targets Thai Infrastructure Giant CH Karnchang
June 5, 2026
WorldLeaks claimed CH Karnchang, Thailand's major infrastructure builder, and United Auto Supply in a pure data extortion operation with no file encryption.
Supreme Court Upholds $200M FCC Fines on AT&T and Verizon
June 5, 2026
The Supreme Court ruled 8-1 to uphold FCC authority to fine AT&T and Verizon for selling subscriber GPS location data to third parties without consent.
FTC Seeks Public Comment on X Corp Bid to Void Twitter Settlement
June 5, 2026
The FTC opened a public comment period on X Corp's petition to set aside the $150 million Twitter privacy consent decree, with public comments due ...
CISA Orders Patch for Linux Container Escape CVE-2022-0492
June 4, 2026
CISA added the Linux kernel CVE-2022-0492 container escape flaw to the KEV catalog, confirming active exploitation with a three-day federal patch deadline.
CISA Flags Magento RCE CVE-2026-45247; 150K Stores Exposed
June 4, 2026
CISA added CVE-2026-45247 to its KEV catalog, confirming active exploitation of a CVSS 9.8 Magento RCE flaw that threatens 150,000 e-commerce stores worldwide.
CISA, FBI, NSA, DOE Warn of Active Attacks on Fuel Tank Monitors
June 4, 2026
CISA, FBI, NSA, and DOE warned of active attacks on internet-exposed fuel tank monitoring systems via authentication bypass and command injection techniques.
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
June 4, 2026
OFAC sanctioned Nobitex and three companion Iranian crypto exchanges for facilitating IRGC transactions and converting ransomware proceeds into usable funds.
Burst Statistics CVE-2026-8181 Under Mass Exploitation
June 4, 2026
CVE-2026-8181 in Burst Statistics for WordPress is under mass exploitation, with Wordfence blocking 7,400 daily attempts against over 200,000 affected sites.
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
June 4, 2026
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch until end of month.
Public PoC Released for Cisco Unified CM SSRF Bug
June 4, 2026
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
TheGentlemen and Genesis Ransomware Hit Two US Clinics
June 4, 2026
TheGentlemen ransomware claimed Michigan Surgical Center while Genesis targeted Family Medical Associates of Raleigh, exposing PHI to double-extortion pressure.
CISA Faces $700M More Cuts as Mullin Signals Restructure
June 4, 2026
DHS Secretary Mullin testified CISA will target 2,800 employees and face 700 million more in budget cuts, with a new Senate-confirmed director to be nominated.
DragonForce and Nitrogen Ransomware Hit Three Continents
June 4, 2026
DragonForce claimed Lebanon IT firm SETS Solutions and Mexican manufacturer Copamex, while Nitrogen posted U.S. real estate developer Pyramid in parallel.
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
June 4, 2026
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
CISA to Issue Binding AI Security Directive This Week
June 4, 2026
CISA will issue a binding directive from the AI executive order, mandating AI vulnerability management rules for all federal civilian executive branch agencies.
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
June 4, 2026
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
Fake Claude Code Installers on Google Sites Steal AI API Keys
June 4, 2026
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
Fake Chrome Web Store DMCA Notices Target Extension Developers
June 4, 2026
Attackers send fake Chrome Web Store DMCA notices using real extension data to steal developer accounts and push malicious updates to millions of users.
Commission Proposes $11 Billion Dedicated US Cyber Force Branch
June 3, 2026
A CSIS/FDD commission proposed a standalone US Cyber Force with 30,000 troops and an $11 billion startup cost, with Gillibrand's defense amendments pending.
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Triple Extortion Ransomware: How It Works and How to Stop It
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
OpenClaw AI Agent Hijacked via Malicious vCard Injection
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices