Main Menu
Cyber Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Eurofiber France Breach Exposes Customer Data via Ticket System Exploit
Coinbase Under Fire for Alleged Delay in Disclosing Customer Data Breach
Princeton University Data Breach Exposes Sensitive Information in Cyberattack
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
News
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
Gabby Lee November 12, 2025
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via malicious WhatsApp messages, Maverick shares ...
Rhadamanthys Infostealer Operation Disrupted Customers Lose Server Access
Cybersecurity
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
Andrew Doyle November 12, 2025
Operations behind the Rhadamanthys infostealer have abruptly gone dark, locking out users from control panels and servers. The disruption—possibly a law enforcement takedown or exit ...
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Endpoint Security
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Mitchell Langley November 12, 2025
Synology patched a critical RCE flaw (CVE-2025-22082) in its BeeStation storage devices after researchers exploited it live at Pwn2Own 2025. The pre-authentication bug allowed full ...
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Cybersecurity
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Gabby Lee November 12, 2025
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Application Security
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Andrew Doyle November 12, 2025
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Application Security
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Mitchell Langley November 12, 2025
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
Cybersecurity
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
Gabby Lee November 12, 2025
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
Application Security
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
Andrew Doyle November 12, 2025
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Cybersecurity
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Mitchell Langley November 11, 2025
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
Cybersecurity
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
Gabby Lee November 11, 2025
The Thayer Hotel at West Point notified customers that unauthorized access compromised names, ID document numbers and, for a small number, Social Security numbers of 33,000+ individuals.
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
Application Security
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
Andrew Doyle November 11, 2025
APT37 leveraged phishing, credential theft, and Google Find Hub to execute destructive Android wipes from compromised Windows systems, demonstrating an advanced hybrid desktop-to-mobile attack chain.
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Gabby Lee November 11, 2025
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Data Security
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Mitchell Langley November 11, 2025
Sensitive credentials and configuration secrets tied to high-profile artificial intelligence (AI) companies were found exposed on public GitHub repositories, potentially ...
Critical Vulnerability in 'expr-eval' Library Enables Remote Code Execution
Application Security
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
Mitchell Langley November 11, 2025
A critical flaw in the popular JavaScript library expr-eval allows remote code execution through unsafe expression parsing. With over 800,000 weekly NPM downloads, the issue ...
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
News
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Gabby Lee November 11, 2025
Cybercriminals are increasingly using LinkedIn to launch phishing campaigns targeting executives through direct messages. By exploiting professional trust and bypassing email defenses, attackers deliver malicious ...
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Cybersecurity
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
Andrew Doyle November 11, 2025
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Application Security
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Mitchell Langley November 11, 2025
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
CVE Vulnerability Alerts
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
Gabby Lee November 11, 2025
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Application Security
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
Andrew Doyle November 11, 2025
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Cybersecurity
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
Mitchell Langley November 11, 2025
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Mitchell Langley November 21, 2025
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Mitchell Langley November 21, 2025
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
News
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Andrew Doyle November 21, 2025
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Cybersecurity
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Andrew Doyle November 18, 2025

TOP CYBERSECURITY HEADLINES

Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
Data Security
Italian Railway Data Breach Traced to Third-Party IT Compromise
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
News
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
News
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off

This Week’s Security Spotlight

Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Network Security
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Andrew Doyle November 18, 2025
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
News
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
Gabby Lee November 18, 2025
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Information Security
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Mitchell Langley November 18, 2025
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Application Security
Microsoft Confirms KB5068781 Update Errors Impacting Windows 10 Devices
Gabby Lee November 17, 2025
More In News
Trending
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Adobe Confirms Active Exploitation of SessionReaper Vulnerability in Commerce Platforms
October 24, 2025
Podcasts
AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces
October 24, 2025
Podcasts
Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft
October 23, 2025

Cyber Security News

Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
Network Security
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
November 18, 2025
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
Cybersecurity
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
November 18, 2025
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
Endpoint Security
ShadowRay 2.0 Botnet Campaign Exploits Ray Clusters for Cryptomining
November 18, 2025
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
Cybersecurity
Attackers Exploit Open Source AI Framework Ray to Build Self-Replicating Botnet
November 18, 2025
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
Cybersecurity
EVALUSION Threat Cluster Uses Fake ClickFix Tools to Push Dual Malware Payloads
November 18, 2025
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
Information Security
Pentagon Auditors Warn That Social Media Oversharing Poses Operational Security Risk
November 18, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
November 12, 2025
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
November 12, 2025
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
November 12, 2025
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
November 12, 2025
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
November 12, 2025
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
November 11, 2025
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
November 11, 2025
The Thayer Hotel at West Point notified customers that unauthorized access compromised names, ID document numbers and, for a small number, Social Security numbers of 33,000+ individuals.
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
November 11, 2025
APT37 leveraged phishing, credential theft, and Google Find Hub to execute destructive Android wipes from compromised Windows systems, demonstrating an advanced hybrid desktop-to-mobile attack chain.
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
November 11, 2025
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
November 11, 2025
Sensitive credentials and configuration secrets tied to high-profile artificial intelligence (AI) companies were found exposed on public GitHub repositories, potentially allowing attackers unauthorized access to ...
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
November 11, 2025
A critical flaw in the popular JavaScript library expr-eval allows remote code execution through unsafe expression parsing. With over 800,000 weekly NPM downloads, the issue ...
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
November 11, 2025
Cybercriminals are increasingly using LinkedIn to launch phishing campaigns targeting executives through direct messages. By exploiting professional trust and bypassing email defenses, attackers deliver malicious ...
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
November 11, 2025
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
November 11, 2025
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
November 11, 2025
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
November 11, 2025
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
November 11, 2025
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
Route Redirect Automates Large-Scale Microsoft 365 Phishing
November 11, 2025
Researchers uncovered Quantum Route Redirect, a phishing-as-a-service platform using over 1,000 fake Microsoft 365 domains to automate credential theft. With geo-fencing, redirect cloaking, and evasion ...
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
November 10, 2025
NAKIVO has released Backup & Replication v11.1, adding real-time replication, enhanced Proxmox VE integration, granular physical backups, and MSP Direct Connect. The update boosts disaster ...
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
November 10, 2025
Microsoft researchers revealed Whisper Leak, a side-channel flaw that allows attackers to infer AI chat content through encrypted HTTPS traffic analysis. By studying packet sizes ...
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Italian Railway Data Breach Traced to Third-Party IT Compromise
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion