Cyber Security
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley
June 16, 2026
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
Application Security
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
Mitchell Langley
June 16, 2026
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
Cybersecurity
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
Gabby Lee
June 16, 2026
ShinyHunters claims 61 million records stolen from Sysco's Salesforce CRM, including pricing schedules and contact data, with a June 18 publication deadline.
Blog
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Mitchell Langley
June 15, 2026
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Application Security
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Andrew Doyle
June 15, 2026
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot source code.
Cybersecurity
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Andrew Doyle
June 15, 2026
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police Department in Texas.
Cybersecurity
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Andrew Doyle
June 15, 2026
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Application Security
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
Mitchell Langley
June 15, 2026
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
Application Security
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Gabby Lee
June 15, 2026
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Cybersecurity
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
Andrew Doyle
June 15, 2026
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.
Application Security
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
Andrew Doyle
June 15, 2026
MalExt Sentry found 23 Chrome extensions routing 758,000 users' search queries through attacker relay servers to generate unauthorized advertising revenue.
Cybersecurity
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
Gabby Lee
June 15, 2026
TheGentlemen ransomware posted 20 new victims across 14 countries, including Croatia's Health Ministry and Denmark's National Museum, using double extortion.
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley
June 15, 2026
Two Chrome ad blocker extensions captured conversations from 90,000 users across ChatGPT, Claude, Gemini, and five other AI platforms, researchers found.
Blog
Triple Extortion Ransomware: How It Works and How to Stop It
Andrew Doyle
June 12, 2026
Triple extortion ransomware attacks combine encryption, data theft, and DDoS pressure to coerce payment from multiple angles. This guide explains the full attack lifecycle, real-world ...
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Gabby Lee
June 12, 2026
Google's Chrome 149 security update patches 28 vulnerabilities, roughly 12 use-after-free bugs, a memory corruption class tied to drive-by code execution.
Application Security
OpenClaw AI Agent Hijacked via Malicious vCard Injection
Mitchell Langley
June 12, 2026
Researchers showed OpenClaw AI agents can be hijacked through vCards with embedded instructions, enabling attacker code execution and sensitive data leakage.
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
Mitchell Langley
June 12, 2026
Kyushu Electric Power lost a physical storage device containing personal records on 10.9 million customers, exceeding its active customer base of 8 million.
Cybersecurity
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Mitchell Langley
June 12, 2026
Anthropic disputed a researcher jailbreak claim against Claude Fable 5, arguing the technique does not constitute a bypass of the model's safety classifiers.
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Mitchell Langley
June 12, 2026
Six Proto6 vulnerabilities in protobuf.js enable remote code execution and denial-of-service against Node.js apps via malicious schemas or crafted payloads.
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Gabby Lee
June 12, 2026
npm v12 will disable install scripts by default, requiring an explicit allowlist and closing the primary vector used by Miasma and Shai-Hulud attackers.
Application Security
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Andrew Doyle
June 30, 2026
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Gabby Lee
June 30, 2026
CVE Vulnerability Alerts
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
Andrew Doyle
June 30, 2026
Cybersecurity
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps
Gabby Lee
June 23, 2026
TOP CYBERSECURITY HEADLINES
Application Security
BioShocking Attack Turns AI Browsers Into Credential Thieves
CVE Vulnerability Alerts
Working Exploit Published for LoadMaster CVE-2026-8037 RCE
CVE Vulnerability Alerts
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
CVE Vulnerability Alerts
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
This Week’s Security Spotlight
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Gabby Lee
June 30, 2026
Application Security
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
Mitchell Langley
June 30, 2026
CVE Vulnerability Alerts
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
Mitchell Langley
June 30, 2026
Cybersecurity
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
Mitchell Langley
June 24, 2026
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
What Is Scareware? How Fake Security Warnings Lead to Real Malware
June 15, 2026
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
June 15, 2026
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot source code.
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
June 15, 2026
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police Department in Texas.
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
June 15, 2026
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
June 15, 2026
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
June 15, 2026
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
June 15, 2026
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
June 15, 2026
MalExt Sentry found 23 Chrome extensions routing 758,000 users' search queries through attacker relay servers to generate unauthorized advertising revenue.
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
June 15, 2026
TheGentlemen ransomware posted 20 new victims across 14 countries, including Croatia's Health Ministry and Denmark's National Museum, using double extortion.
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
June 15, 2026
Two Chrome ad blocker extensions captured conversations from 90,000 users across ChatGPT, Claude, Gemini, and five other AI platforms, researchers found.
Triple Extortion Ransomware: How It Works and How to Stop It
June 12, 2026
Triple extortion ransomware attacks combine encryption, data theft, and DDoS pressure to coerce payment from multiple angles. This guide explains the full attack lifecycle, real-world ...
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
June 12, 2026
Google's Chrome 149 security update patches 28 vulnerabilities, roughly 12 use-after-free bugs, a memory corruption class tied to drive-by code execution.
OpenClaw AI Agent Hijacked via Malicious vCard Injection
June 12, 2026
Researchers showed OpenClaw AI agents can be hijacked through vCards with embedded instructions, enabling attacker code execution and sensitive data leakage.
Kyushu Electric Loses Drive With Data on 10.9M Customers
June 12, 2026
Kyushu Electric Power lost a physical storage device containing personal records on 10.9 million customers, exceeding its active customer base of 8 million.
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
June 12, 2026
Anthropic disputed a researcher jailbreak claim against Claude Fable 5, arguing the technique does not constitute a bypass of the model's safety classifiers.
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
June 12, 2026
Six Proto6 vulnerabilities in protobuf.js enable remote code execution and denial-of-service against Node.js apps via malicious schemas or crafted payloads.
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
June 12, 2026
npm v12 will disable install scripts by default, requiring an explicit allowlist and closing the primary vector used by Miasma and Shai-Hulud attackers.
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
June 12, 2026
Anthropic released Claude Mythos 5 with safety guardrails intentionally removed to vetted security researchers alongside the public Claude Fable 5 launch.
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
June 12, 2026
Novo Nordisk disclosed a breach of clinical trials patient data, triggering GDPR, GCP, and clinical research regulatory obligations across global operations.
Europol Dismantles AudiA6 Crypto Laundering Service
June 12, 2026
Europol dismantled AudiA6, a cryptocurrency laundering service that processed over $380 million in ransomware extortion proceeds for criminal networks.



































