Main Menu
Cyber Security
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
What is Cloud Detection and Response (CDR) and How Does it Work
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
France’s Tchap Messaging App Breached, 643K Messages Exposed
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
Cybersecurity
OFAC Sanctions Nobitex, Iran’s Largest Crypto Exchange
Gabby Lee June 4, 2026
OFAC sanctioned Nobitex and three companion Iranian crypto exchanges for facilitating IRGC transactions and converting ransomware proceeds into usable funds.
Application Security
Burst Statistics CVE-2026-8181 Under Mass Exploitation
Andrew Doyle June 4, 2026
CVE-2026-8181 in Burst Statistics for WordPress is under mass exploitation, with Wordfence blocking 7,400 daily attempts against over 200,000 affected sites.
CVE Vulnerability Alerts
Acer Wave 7 Routers Carry Two Max-Severity Zero-Days
Mitchell Langley June 4, 2026
Gergo Pap disclosed CVE-2026-49200 and CVE-2026-49201 in Acer Wave 7 routers, enabling credential theft and backdoor access with no patch until end of month.
Application Security
Public PoC Released for Cisco Unified CM SSRF Bug
Andrew Doyle June 4, 2026
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
Cybersecurity
TheGentlemen and Genesis Ransomware Hit Two US Clinics
Andrew Doyle June 4, 2026
TheGentlemen ransomware claimed Michigan Surgical Center while Genesis targeted Family Medical Associates of Raleigh, exposing PHI to double-extortion pressure.
Cybersecurity
CISA Faces $700M More Cuts as Mullin Signals Restructure
Mitchell Langley June 4, 2026
DHS Secretary Mullin testified CISA will target 2,800 employees and face 700 million more in budget cuts, with a new Senate-confirmed director to be nominated.
Cybersecurity
DragonForce and Nitrogen Ransomware Hit Three Continents
Andrew Doyle June 4, 2026
DragonForce claimed Lebanon IT firm SETS Solutions and Mexican manufacturer Copamex, while Nitrogen posted U.S. real estate developer Pyramid in parallel.
Application Security
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
Gabby Lee June 4, 2026
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
Cybersecurity
CISA to Issue Binding AI Security Directive This Week
Andrew Doyle June 4, 2026
CISA will issue a binding directive from the AI executive order, mandating AI vulnerability management rules for all federal civilian executive branch agencies.
Application Security
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
Mitchell Langley June 4, 2026
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
Application Security
Fake Claude Code Installers on Google Sites Steal AI API Keys
Gabby Lee June 4, 2026
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
Application Security
Fake Chrome Web Store DMCA Notices Target Extension Developers
Gabby Lee June 4, 2026
Attackers send fake Chrome Web Store DMCA notices using real extension data to steal developer accounts and push malicious updates to millions of users.
Cybersecurity
Commission Proposes $11 Billion Dedicated US Cyber Force Branch
Gabby Lee June 3, 2026
A CSIS/FDD commission proposed a standalone US Cyber Force with 30,000 troops and an $11 billion startup cost, with Gillibrand's defense amendments pending.
Cybersecurity
KillSec Ransomware Hits Indian Teaching Hospital and Mexican Insurer
Mitchell Langley June 3, 2026
KillSec ransomware posted an Indian teaching hospital and a Mexican insurance firm as victims, exposing patient data under India's DPDPA and Mexico's CNBV.
Cybersecurity
Nova Ransomware Apologizes for CIS Rule Violation, Bans Affiliate
Mitchell Langley June 3, 2026
Nova ransomware publicly apologized and banned an affiliate for attacking Eriell Group, an Uzbekistan oilfield firm, violating the CIS safe harbor rule.
Cybersecurity
Trump Signs Executive Order for National Security Review of AI Models
Andrew Doyle June 3, 2026
Trump signed an executive order directing US national security agencies to assess top AI foundation models for offensive cyber and dual-use threat risks.
Application Security
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
Gabby Lee June 3, 2026
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft declined to patch.
Cybersecurity
Qilin Ransomware Claims Six Victims Across Five Countries in Two Days
Andrew Doyle June 3, 2026
Qilin ransomware posted six victims across five countries over two days, including Nova Medical Products and MEISA Sines at Portugal's Sines energy port.
Cybersecurity
APT73 Bashe Ransomware Claims Armenia’s Ministry of Internal Affairs
Mitchell Langley June 3, 2026
APT73 (Bashe), a LockBit-linked RaaS, posted Armenia's elections.mia.gov.am as a victim, threatening voter registration and electoral administration data.
Cybersecurity
Russia’s FSB Claims Foreign Spies Installed Phone Surveillance Malware
Andrew Doyle June 3, 2026
Russia's FSB claimed foreign spies installed surveillance malware on senior officials' smartphones, naming Cloudflare and Fastly as alleged C2 infrastructure.
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Gabby Lee June 12, 2026
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
Mitchell Langley June 12, 2026
Blog
Triple Extortion Ransomware: How It Works and How to Stop It
Andrew Doyle June 12, 2026
Cybersecurity
Europol Dismantles AudiA6 Crypto Laundering Service
Gabby Lee June 12, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers

This Week’s Security Spotlight

Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Andrew Doyle June 10, 2026
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Gabby Lee June 10, 2026
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
More In News
Trending
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Adobe Confirms Active Exploitation of SessionReaper Vulnerability in Commerce Platforms
October 24, 2025
Podcasts
AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces
October 24, 2025
Podcasts
Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft
October 23, 2025

Cyber Security News

CVE Vulnerability Alerts
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
June 11, 2026
Application Security
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
June 11, 2026
Cybersecurity
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
June 11, 2026
What Is Cloud Detection and Response (CDR) and How Does It Work
Blog
What is Cloud Detection and Response (CDR) and How Does it Work
June 10, 2026
Application Security
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
June 10, 2026
Application Security
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
June 10, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Public PoC Released for Cisco Unified CM SSRF Bug
June 4, 2026
Cisco confirmed public PoC code for CVE-2026-20230, a Unified CM SSRF enabling unauthenticated file writes and potential root access on enterprise systems.
TheGentlemen and Genesis Ransomware Hit Two US Clinics
June 4, 2026
TheGentlemen ransomware claimed Michigan Surgical Center while Genesis targeted Family Medical Associates of Raleigh, exposing PHI to double-extortion pressure.
CISA Faces $700M More Cuts as Mullin Signals Restructure
June 4, 2026
DHS Secretary Mullin testified CISA will target 2,800 employees and face 700 million more in budget cuts, with a new Senate-confirmed director to be nominated.
DragonForce and Nitrogen Ransomware Hit Three Continents
June 4, 2026
DragonForce claimed Lebanon IT firm SETS Solutions and Mexican manufacturer Copamex, while Nitrogen posted U.S. real estate developer Pyramid in parallel.
AI Tool Uncovers Two-Year-Old Redis RCE CVE-2026-23479
June 4, 2026
Team Xint Code used an AI tool to find CVE-2026-23479, a two-year-old Redis RCE posing high risk in cloud environments where Redis runs without authentication.
CISA to Issue Binding AI Security Directive This Week
June 4, 2026
CISA will issue a binding directive from the AI executive order, mandating AI vulnerability management rules for all federal civilian executive branch agencies.
AI Worm Exploits 73.8% of Test Enterprise Network with Free Model
June 4, 2026
University of Toronto researchers built an AI worm that exploited 73.8% of a test enterprise network using a free open-weight model and only known CVEs.
Fake Claude Code Installers on Google Sites Steal AI API Keys
June 4, 2026
An active campaign uses 32 Google Sites pages to distribute credential malware targeting AI API keys, browser logins, and password managers from developers.
Fake Chrome Web Store DMCA Notices Target Extension Developers
June 4, 2026
Attackers send fake Chrome Web Store DMCA notices using real extension data to steal developer accounts and push malicious updates to millions of users.
Commission Proposes $11 Billion Dedicated US Cyber Force Branch
June 3, 2026
A CSIS/FDD commission proposed a standalone US Cyber Force with 30,000 troops and an $11 billion startup cost, with Gillibrand's defense amendments pending.
KillSec Ransomware Hits Indian Teaching Hospital and Mexican Insurer
June 3, 2026
KillSec ransomware posted an Indian teaching hospital and a Mexican insurance firm as victims, exposing patient data under India's DPDPA and Mexico's CNBV.
Nova Ransomware Apologizes for CIS Rule Violation, Bans Affiliate
June 3, 2026
Nova ransomware publicly apologized and banned an affiliate for attacking Eriell Group, an Uzbekistan oilfield firm, violating the CIS safe harbor rule.
Trump Signs Executive Order for National Security Review of AI Models
June 3, 2026
Trump signed an executive order directing US national security agencies to assess top AI foundation models for offensive cyber and dual-use threat risks.
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
June 3, 2026
Huntress disclosed a Windows Search URI handler flaw that silently sends NTLMv2 hashes to attacker servers with one click. Microsoft declined to patch.
Qilin Ransomware Claims Six Victims Across Five Countries in Two Days
June 3, 2026
Qilin ransomware posted six victims across five countries over two days, including Nova Medical Products and MEISA Sines at Portugal's Sines energy port.
APT73 Bashe Ransomware Claims Armenia’s Ministry of Internal Affairs
June 3, 2026
APT73 (Bashe), a LockBit-linked RaaS, posted Armenia's elections.mia.gov.am as a victim, threatening voter registration and electoral administration data.
Russia’s FSB Claims Foreign Spies Installed Phone Surveillance Malware
June 3, 2026
Russia's FSB claimed foreign spies installed surveillance malware on senior officials' smartphones, naming Cloudflare and Fastly as alleged C2 infrastructure.
Europol Operation KRATOS 2 Dismantles 9 Illegal Streaming Crime Groups
June 3, 2026
Europol's seven-month Operation KRATOS 2 arrested 29 suspects, targeted 4,370 piracy domains, and removed 27,000 illegal streaming URLs across 13 countries.
CVE-2026-8206 Kirki Plugin Exploited; 500,000 WordPress Sites at Risk
June 3, 2026
CVE-2026-8206 in the Kirki WordPress plugin is under active attack, with Wordfence detecting 222 exploitation attempts targeting admin account takeover.
CVE-2026-0826 (CVSS 9.2): Unauthenticated RCE in HP Poly VoIP Phones
June 3, 2026
CVE-2026-0826 allows unauthenticated root-level RCE on HP Poly VVX and Trio VoIP phones via a crafted SIP INVITE request targeting the SDP/ICE parser.
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies