Main Menu
Cyber Security
NSW Health Data Breach Exposes Personal and Professional Records Of Nearly 600 Doctors
Threat Actor Upgrades Docker API Attacks, Moves Toward Botnet Development
Dynatrace Confirms Customer Data Exposure in Salesforce Supply Chain Breach
Wealthsimple Data Breach Exposes Government IDs in Third-Party Attack
External Attack Surface Management: CISO’s Guide to Mitigating Risk Before It Strikes
Salesloft Data Breach Exposes 700 Companies Through OAuth Token Attack
U.S. Charges Ukrainian National for Administering Ransomware
Doctors Outraged After NSW Health Department Leaks Personal and Professional Data
Salt Typhoon Breach Exposes U.S. Telecom Wiretap Systems
China Is Blurring the Lines Between Civilian AI and Military Power
Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack
Lovesac Confirms Data Breach Following Ransomware Attack
GhostAction Supply Chain Attack on GitHub Exposes 3,325 Secrets
Qantas Airways Reduces CEO’s Bonus Following July Data Breach
This Week In Cybersecurity: September 1–5, 2025
Czech Cybersecurity Agency Warns Against Chinese Technology in Critical Infrastructure
Social Engineering Breach Opens Door to Google Salesforce Data Leak
Cybersecurity Leadership: An Expert Talks Executive Risk
Hack on In-Flight Connectivity Provider Anuvu Exposes Starlink User Data
Wealthsimple Data Breach Leaked Client Information Online
Jaguar Land Rover Cyberattack Severely Disrupts Production, Systems Taken Offline
GPS Jamming Attack Forces Ursula Von Der Leyen’s Plane to Land Without Navigation
Santa Fe County Website “Hack” Likely Based on Old Source Code
Salesforce Supply Chain Breach Hits Palo Alto Networks Customers
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Exploring Ransomware EDR-Killer Tools: How New Tactics Undermine Endpoint Security
Agentic AI Steals Spotlight at Black Hat 2025 with Real-Time Threat Response
DHS Cuts $27M Cybersecurity Support: Impact on 19,000 Local Governments
TamperedChef Infostealer Delivered Through Fraudulent PDF Editor Ads
FraudGPT, WormGPT, and Dark AI Models Fuel Surge in Cybercrime
Blog
FraudGPT, WormGPT, and Dark AI Models Fuel Surge in Cybercrime
Gabby Lee August 26, 2025
Malicious AI models like FraudGPT, WormGPT, and PoisonGPT are reshaping cybercrime, enabling scalable phishing, malware generation, and disinformation. Unlike mainstream LLMs, these blackhat tools strip ...
The Imperative for a New Cyber Defense Playbook
Blog
The Imperative for a New Cyber Defense Playbook
Mitchell Langley August 26, 2025
Traditional cybersecurity models are failing against AI-driven threats, workforce fatigue, and complex tool sprawl. From adaptive malware and deepfake phishing to poorly governed machine identities, ...
Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads
News
UpCrypter Phishing Campaign Exploits Fake Emails to Deliver RAT Payloads
Gabby Lee August 26, 2025
A new phishing campaign is distributing the UpCrypter malware loader through fake voicemail and purchase order emails. Targeting industries worldwide, UpCrypter delivers multiple remote access ...
Senator Wyden Demands Independent Review After Federal Court Cyber Breaches
Cybersecurity
Senator Wyden Demands Independent Review After Federal Court Cyber Breaches
Mitchell Langley August 26, 2025
Senator Ron Wyden is urging an independent review of federal court cybersecurity after breaches exposed sealed case files. Citing outdated systems and weak defenses, he ...
Nevada State Offices Shut Down Amid Major Network Security Incident
Cybersecurity
Nevada State Offices Shut Down Amid Major Network Security Incident
Gabby Lee August 26, 2025
Nevada’s state government was forced to suspend in-person services and shut down major websites after a large-scale network security incident on August 25, 2025. Early ...
Android Malware Masquerades as FSB Antivirus To Spy on Russian Business Executives
Application Security
Android Malware Masquerades as FSB Antivirus To Spy on Russian Business Executives
Andrew Doyle August 25, 2025
A fake FSB antivirus hides Android malware spying on Russian executives, logging keystrokes, streaming cameras, exfiltrating messenger data, and rotating providers for command and control.
Orange Suffers Data Breach Affecting 850k Customers
Cybersecurity
Orange Suffers Data Breach Affecting 850k Customers
Mitchell Langley August 25, 2025
Orange Belgium reports a cyberattack exposing SIM details, PUK codes, names, phone numbers, and tariff plans for 850,000 customers; no financial data or passwords were ...
Michigan Health System Hack Exposes Patients’ Lab Results in Healthcare Data Breach
Cybersecurity
Michigan Health System Hack Exposes Patients’ Lab Results in Healthcare Data Breach
Andrew Doyle August 25, 2025
Aspire Rural Health Systems suffered a major healthcare data breach, exposing nearly 140,000 patients’ records — including lab results, financial data, and personal identifiers.
Gmail Breach Exposes 2.5 Billion Accounts in Social Engineering Attack
Cybersecurity
Gmail Breach Exposes 2.5 Billion Accounts in Social Engineering Attack
Andrew Doyle August 25, 2025
Google confirmed a massive breach exposing 2.5 billion Gmail accounts, with hacker group ShinyHunters exploiting Salesforce access through social engineering and launching large-scale phishing and ...
Ethical and Regulatory Challenges in AI-Driven Cybersecurity
Blog
Ethical and Regulatory Challenges in AI-Driven Cybersecurity
Gabby Lee August 25, 2025
As AI becomes central to cybersecurity, it is also weaponized for deepfakes, adaptive malware, and phishing. Organizations now face ethical dilemmas, regulatory fragmentation, and governance ...
AI-Powered DDoS Attacks Prompt Advanced Defense Mechanisms
Blog
AI-Powered DDoS Attacks Prompt Advanced Defense Mechanisms
Mitchell Langley August 25, 2025
AI-powered DDoS attacks are reshaping the cybersecurity landscape, replacing brute-force floods with adaptive, machine-led precision. By mimicking legitimate traffic and shifting tactics in real time, ...
Palo Alto Networks Forecasts 10.5B in 2026 Revenue on AI Cybersecurity Growth
Cybersecurity
Palo Alto Networks Forecasts $10.5B in 2026 Revenue on AI Cybersecurity Growth
Gabby Lee August 25, 2025
Palo Alto Networks projects up to $10.53B in fiscal 2026 revenue, fueled by demand for AI cybersecurity tools and strategic acquisitions like CyberArk. With stronger ...
WinRAR Zero-Day Vulnerability Exploited by Multiple Threat Actors
Application Security
WinRAR Zero-Day Vulnerability Exploited by Multiple Threat Actors
Andrew Doyle August 25, 2025
A newly discovered zero-day in WinRAR, CVE-2025-8088, is being exploited by RomCom hackers to plant executables in Windows Startup folders via path traversal. The flaw ...
FortiOS Auth Bypass Vulnerability Allows Attackers to Gain Full Control
Cybersecurity
FortiOS Auth Bypass Vulnerability Allows Attackers to Gain Full Control
Mitchell Langley August 22, 2025
Fortinet has disclosed CVE-2024-26009, a high-severity authentication bypass in the FGFM protocol. The flaw lets attackers impersonate managed FortiGate devices via FortiManager, enabling full administrative ...
Decline in Cybersecurity Prevention Effectiveness Raises Concerns for CISOs
Blog
Decline in Cybersecurity Prevention Effectiveness Raises Concerns for CISOs
Gabby Lee August 22, 2025
New research from Horizon3.ai, WEF, Trend Micro, and others shows a widening gap between cybersecurity strategies and real-world results. CISOs face declining prevention effectiveness, rising ...
Norway Attributes Dam Cyberattack to Russian Hackers
Cybersecurity
Norway Attributes Dam Cyberattack to Russian Hackers
Andrew Doyle August 22, 2025
Norway confirmed that Russian state-sponsored hackers breached the Bremanger dam’s control systems in April 2025, releasing 1.9 million gallons of water. While no damage occurred, ...
Chrome Extension FreeVPN One Secretly Captures Screens
Cybersecurity
Chrome Extension FreeVPN One Secretly Captures Screens
Mitchell Langley August 22, 2025
Security researchers found that FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge, secretly captured user screenshots, URLs, and device data. Updates ...
Critical PostgreSQL Flaws Allow Code Injection During Database Restoration
CVE Vulnerability Alerts
Critical PostgreSQL Flaws Allow Code Injection During Database Restoration
Mitchell Langley August 22, 2025
The PostgreSQL team has disclosed three critical vulnerabilities—CVE-2025-8714, CVE-2025-8715, and CVE-2025-1094—impacting backup and restore utilities. These flaws enable malicious code injection and SQL exploitation, posing ...
Internet Archive Abused to Host Stealthy Malware JScript Loaders
Cybersecurity
Internet Archive Abused to Host Stealthy Malware JScript Loaders
Gabby Lee August 22, 2025
Attackers are abusing the Internet Archive to host obfuscated malware loaders, launching multi-stage infection chains that deliver the Remcos RAT. By exploiting trusted infrastructure, threat ...
Business Council of New York State Data Breach: Personal Health Data of 47,000 People Exposed
Cybersecurity
Business Council of New York State Data Breach: Personal Health Data of 47,000 People Exposed
Gabby Lee August 21, 2025
BCNYS reports a two-day February intrusion discovered in August exposed personal, financial, and health data for 47,329 people, prompting rolling notifications and credit monitoring for ...
National Cyber Director Pushes for Aggressive Cyber Strategy to Shift Risk to Adversaries
Cybersecurity
National Cyber Director Pushes for Aggressive Cyber Strategy to Shift Risk to Adversaries
Gabby Lee September 11, 2025
Evertec Confirms 130M Fraud Attempt in Sinqia Pix Cyberattack
Cybersecurity
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
Gabby Lee September 4, 2025
Maryland’s Paratransit Ransomware Strike Cyberattack Disrupts Disabled Transit Services
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
Mitchell Langley September 2, 2025
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
News
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
Gabby Lee August 19, 2025

TOP CYBERSECURITY HEADLINES

NSW Health Data Breach Exposes Personal and Professional Records Of Nearly 600 Doctors
Cybersecurity
NSW Health Data Breach Exposes Personal and Professional Records Of Nearly 600 Doctors
Threat Actor Upgrades Docker API Attacks, Moves Toward Botnet Development
Cybersecurity
Threat Actor Upgrades Docker API Attacks, Moves Toward Botnet Development
Dynatrace Confirms Customer Data Exposure in Salesforce Supply Chain Breach
Cybersecurity
Dynatrace Confirms Customer Data Exposure in Salesforce Supply Chain Breach
Wealthsimple Data Breach Exposes Government IDs in Third-Party Attack
Cybersecurity
Wealthsimple Data Breach Exposes Government IDs in Third-Party Attack

This Week’s Security Spotlight

This Week In Cybersecurity: September 1–5, 2025
Cybersecurity
This Week In Cybersecurity: September 1–5, 2025
Andrew Doyle September 8, 2025
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Cybersecurity
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Andrew Doyle September 4, 2025
Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees
Cybersecurity
Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees
Mitchell Langley September 3, 2025
SK Telecom Fined 96.9M After Data Breach Hits 23M Users
Cybersecurity
SK Telecom Hit with Record US$96.9 Million Fine After Data Breach Exposes 23 Million Users
Gabby Lee September 3, 2025
More In News
Trending
ClickFix Phishing Campaign Targets Booking.com Using Infostealers and RATs
Darcula PhaaS 3.0 Auto-Generates Phishing Kits for Any Brand
Sophisticated Gmail Attacks Target Users: FBI Issues “Do Not Click” Alert
This Facebook Phishing Attack Could Steal EVERYTHING!

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Chained Zero-Days: WhatsApp and Apple Exploits Used in Sophisticated Spyware Attacks
September 2, 2025
Podcasts
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike
August 28, 2025
Podcasts
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime
August 28, 2025

Cyber Security News

GPS Jamming Attack Forces Ursula Von Der Leyen’s Plane to Land Without Navigation
Cybersecurity
GPS Jamming Attack Forces Ursula Von Der Leyen’s Plane to Land Without Navigation
September 5, 2025
Santa Fe County Website “Hack” Likely Based on Old Source Code
Cybersecurity
Santa Fe County Website “Hack” Likely Based on Old Source Code
September 4, 2025
Salesforce Supply Chain Breach Hits Palo Alto Networks Customers
Application Security
Salesforce Supply Chain Breach Hits Palo Alto Networks Customers
September 4, 2025
Evertec Confirms 130M Fraud Attempt in Sinqia Pix Cyberattack
Cybersecurity
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
September 4, 2025
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Cybersecurity
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
September 4, 2025
Exploring Ransomware EDR-Killer Tools How New Tactics Undermine Endpoint Security
Blog
Exploring Ransomware EDR-Killer Tools: How New Tactics Undermine Endpoint Security
September 4, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Detection Tools
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
August 28, 2025
Salesloft breach exposed Drift OAuth tokens used to access Salesforce instances; attackers extracted AWS keys, passwords, and Snowflake tokens to pivot and exfiltrate data.
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
August 28, 2025
A newly advertised data-scraping service claims to index 1.8 billion Discord messages, 207 million voice sessions, and profiles from 35 million users. Researchers warn the ...
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
August 28, 2025
Silk Typhoon used captive-portal AitM redirects to deliver a signed dropper that decrypts and side-loads a PlugX-variant backdoor, GTIG reports and blocks domains.
Farmers Insurance Data Breach Impacts 1.1 Million Customers in Salesforce Cyberattack
August 28, 2025
Farmers Insurance confirmed a third-party vendor database was breached on May 29, exposing PII for 1,111,386 customers in the wider Salesforce data theft campaign.
AI Summary Injection Turns Summaries into Malware Delivery
August 28, 2025
Researchers show attackers hide malicious payloads in HTML using CSS obfuscation and prompt overdose so AI summaries output malware instructions that lead to ransomware execution.
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
August 28, 2025
Nissan has confirmed a data breach at its Tokyo-based subsidiary, Creative Box Inc. (CBI), following unauthorized access on August 16, 2025. The Qilin ransomware group ...
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
August 28, 2025
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims spanning healthcare, manufacturing, and IT, ...
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
August 28, 2025
Australia is facing a surge in AI-driven cyberattacks, from deepfake phishing and malware development to supply chain compromises. With over 70 major incidents in 2025 ...
CISA Expands Known Exploited Vulnerabilities Catalog: 47 New Threats Identified
August 28, 2025
CISA has added 47 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, including flaws in SharePoint, Google Chromium, and Cisco devices. The ...
Arizona Seeks $10M to Bolster Election Cybersecurity: Post-Attack Response Plan
August 28, 2025
A cyberattack on Arizona’s election portal, linked to Iranian-affiliated actors, has spurred calls for $10 million in cybersecurity funding and $3.5 million annually. Secretary of ...
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
August 28, 2025
Microsoft has patched CVE-2025-53783, a heap-based buffer overflow in Teams that enables remote code execution across desktop, mobile, and hardware devices. Though exploitation requires social ...
Apple Patches Zero-Day Exploit: Immediate Fix for CVE-2025-43300 Threat
August 28, 2025
Apple has released emergency patches for CVE-2025-43300, a zero-day flaw in the Image I/O framework enabling remote code execution via malicious images. Actively exploited in ...
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
August 28, 2025
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised as PDFs, these droppers fetch ...
Silk Typhoon’s Fake Adobe Update: How China-Backed Hackers Target Diplomats
August 27, 2025
A new and highly sophisticated cyber espionage campaign attributed to Silk Typhoon—also known as Mustang Panda, TEMP.Hex, or UNC6384—has been uncovered, targeting diplomats and government ...
FTC Warns Tech Giants: Don’t Weaken Encryption for Foreign Governments
August 27, 2025
The fight over encryption has entered a new phase. The Federal Trade Commission (FTC), led by Chairman Andrew Ferguson, has issued a strong warning to ...
Invisible Prompts: How Image Scaling Attacks Break AI Security
August 27, 2025
Researchers have uncovered a new form of indirect prompt injection that leverages a simple but powerful trick: image scaling. This novel attack involves hiding malicious ...
Google to Verify Android Developers: A New Era in App Security Emerges
August 27, 2025
Google is rolling out its Developer Verification program, requiring all Android developers—inside and outside the Play Store—to verify their identity by 2027. The policy aims ...
Healthcare Services Group Breach Exposes 624,000 Individuals’ Sensitive Data
August 27, 2025
The healthcare sector has been rocked yet again by a massive cybersecurity incident. Healthcare Services Group (HCSG), a provider of dining and laundry services to ...
Okta Raises Annual Forecasts Amid Surging Demand for Cybersecurity Tools
August 27, 2025
Okta has lifted its fiscal 2026 revenue forecast after reporting strong Q2 results, driven by soaring demand for identity verification tools. As AI-powered impersonation attacks ...
Auchan Data Breach: Hundreds of Thousands of Loyalty Accounts Compromised
August 27, 2025
French retail giant Auchan has confirmed a massive data breach that compromised the personal details of hundreds of thousands of customers. The stolen data includes ...
Threat Actor Upgrades Docker API Attacks, Moves Toward Botnet Development
NSW Health Data Breach Exposes Personal and Professional Records Of Nearly 600 Doctors
Wealthsimple Data Breach Exposes Government IDs in Third-Party Attack
Dynatrace Confirms Customer Data Exposure in Salesforce Supply Chain Breach
External Attack Surface Management: CISO’s Guide to Mitigating Risk Before It Strikes
Salesloft Data Breach Exposes 700 Companies Through OAuth Token Attack
U.S. Charges Ukrainian National for Administering Ransomware
Doctors Outraged After NSW Health Department Leaks Personal and Professional Data
Salt Typhoon Breach Exposes U.S. Telecom Wiretap Systems
China Is Blurring the Lines Between Civilian AI and Military Power
Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack
Lovesac Confirms Data Breach Following Ransomware Attack
GhostAction Supply Chain Attack on GitHub Exposes 3,325 Secrets
Qantas Airways Reduces CEO’s Bonus Following July Data Breach
The “s1ngularity” Attack: How Hackers Hijacked Nx and Leaked Thousands of Repositories
Canadian Investment Giant Wealthsimple Hit by Vendor Compromise
FireCompass Raises $20M to Scale AI-Powered Offensive Security
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto
Social Engineering Breach Opens Door to Google Salesforce Data Leak