Cyber Security
Opera GX Flaw Let Malicious Sites Silently Install Mods on 25M Users
TrojPix Leaks Data from Air-Gapped PCs via Video Cable Emissions
SkillCloak Lets Malicious AI Agent Skills Evade 90% of Static Scanners
Zscaler: Two Active Campaigns Hijack AI Agents for Crypto Theft
Google and FBI Seize NetNut Proxy Network Used by 316 Threat Actors
PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords
CVE-2026-8451 Exploited Within 24 Hours of Citrix NetScaler Patch
ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently
Apple Hide My Email Still Leaks Real Addresses After Claimed Fix
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Unit 42 Confirms 13,000 Malicious Phantom Squatting Sites
Trump Administration Lifts Claude Fable 5 Access Restrictions
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
DeepSeek Built Browser Ransomware Using Chrome File System API
Scattered Spider Suspect Peter Stokes Extradited From Finland
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
BioShocking Attack Turns AI Browsers Into Credential Thieves
Cybersecurity
Gentlemen RaaS Group Maintains Purpose-Built EDR Killers
Gentlemen ransomware-as-a-service operation develops and maintains purpose-built endpoint detection kill tools to disable security protections before ransomware deployment.
Cybersecurity
Nintendo Confirms Employee Survey Data Stolen via TinyPulse
Nintendo confirms employee survey data stolen from TinyPulse, the WebMD subsidiary, through a third-party vendor breach affecting corporate HR integration.
Application Security
Klue OAuth Breach Impacts Huntress, Recorded Future and Others
Klue's OAuth breach enabled the Icarus threat group to extract Salesforce CRM data from cybersecurity companies including Huntress and Recorded Future.
Cybersecurity
Operation Endgame Dismantles SocGholish Botnet, Cleans 15K Sites
International law enforcement destroys 15K SocGholish-infected WordPress sites and 106 C2 servers in coordinated takedown of Evil Corp-linked cybercrime network.
ShapedPlugin Update System Compromised, Malicious WordPress Plugins Pushed to Customers
Cybersecurity
ShapedPlugin Update System Compromised, Malicious WordPress Plugins Pushed to Customers
Attackers hijacked ShapedPlugin update distribution system to inject malicious code into legitimate plugin releases delivered directly to paying WordPress customers through official update channels.
Cybersecurity
F5 Patches Critical NGINX RCE in QUIC Module, CVSS 9.2 Use-After-Free Fixed
F5 emergency patches address CVE-2026-42530, a critical CVSS 9.2 unauthenticated RCE in NGINX QUIC HTTP3 module that can be exploited remotely without credentials on NGINX ...
Cybersecurity
Microsoft Details Windows Clipper USB LNK Worm with Tor Command-and-Control
Microsoft disclosed a Windows Clipper malware campaign active since February using clipboard interception, USB LNK self-spreading, and Tor command-and-control infrastructure to steal cryptocurrency addresses.
Cybersecurity
Check Point Documents Crypto Clipper Using Fake Reviews and AI Narrators
Check Point Research uncovered a crypto clipper distribution campaign using fake reviews on GitHub and SourceForge, AI-narrated YouTube videos, and fabricated VirusTotal comments to build ...
Cybersecurity
Microsoft Confirms RoguePlanet Defender Zero-Day EoP, Patch in Development
Microsoft confirmed CVE-2026-50656, a CVSS 7.8 elevation of privilege zero-day in Microsoft Defender Malware Protection Engine actively exploited by the Nightmare-Eclipse threat group.
Blog
What Is Data Security Posture Management? A Complete DSPM Guide
Data security posture management (DSPM) continuously discovers and classifies sensitive data to reduce breach risk in multi-cloud environments.
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Attackers hijacked a dormant npm contributor account and backdoored 144 Mastra AI packages, exposing 1.1 million weekly downloads to a RAT dropper payload.
Application Security
15 JetBrains Plugins Steal AI API Keys in Eight-Month Campaign
Fifteen malicious JetBrains Marketplace plugins stole OpenAI, DeepSeek, and SiliconFlow API keys from 70,000 IDE users across an eight-month campaign.
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
ShinyHunters claimed 2.2 million stolen Kodak records and set a publication deadline; Kodak confirmed a breach and engaged external cybersecurity experts.
Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
CISA added CVE-2026-48907 to its KEV catalog as automated exploit campaigns target the unauthenticated file upload flaw in the Joomla Content Editor plugin.
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Symantec found that DragonForce ransomware deployed Backdoor.Turn, a Go implant that hides C2 traffic inside Microsoft Teams TURN relay infrastructure.
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they then exfiltrated.
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Application Security
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed them.
Cybersecurity
GhostTree NTFS Junctions Paralyze Windows Defender Scans
Varonis disclosed GhostTree, an NTFS junction technique that uses recursive loops to block Windows Defender scans, requiring only standard user permissions.
Application Security
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Operation Endgame Dismantles SocGholish Botnet, Cleans 15K Sites
International law enforcement destroys 15K SocGholish-infected WordPress sites and 106 C2 servers in coordinated takedown of Evil Corp-linked cybercrime network.
ShapedPlugin Update System Compromised, Malicious WordPress Plugins Pushed to Customers
Attackers hijacked ShapedPlugin update distribution system to inject malicious code into legitimate plugin releases delivered directly to paying WordPress customers through official update channels.
F5 Patches Critical NGINX RCE in QUIC Module, CVSS 9.2 Use-After-Free Fixed
F5 emergency patches address CVE-2026-42530, a critical CVSS 9.2 unauthenticated RCE in NGINX QUIC HTTP3 module that can be exploited remotely without credentials on NGINX ...
Microsoft Details Windows Clipper USB LNK Worm with Tor Command-and-Control
Microsoft disclosed a Windows Clipper malware campaign active since February using clipboard interception, USB LNK self-spreading, and Tor command-and-control infrastructure to steal cryptocurrency addresses.
Check Point Documents Crypto Clipper Using Fake Reviews and AI Narrators
Check Point Research uncovered a crypto clipper distribution campaign using fake reviews on GitHub and SourceForge, AI-narrated YouTube videos, and fabricated VirusTotal comments to build ...
Microsoft Confirms RoguePlanet Defender Zero-Day EoP, Patch in Development
Microsoft confirmed CVE-2026-50656, a CVSS 7.8 elevation of privilege zero-day in Microsoft Defender Malware Protection Engine actively exploited by the Nightmare-Eclipse threat group.
What Is Data Security Posture Management? A Complete DSPM Guide
Data security posture management (DSPM) continuously discovers and classifies sensitive data to reduce breach risk in multi-cloud environments.
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Attackers hijacked a dormant npm contributor account and backdoored 144 Mastra AI packages, exposing 1.1 million weekly downloads to a RAT dropper payload.
15 JetBrains Plugins Steal AI API Keys in Eight-Month Campaign
Fifteen malicious JetBrains Marketplace plugins stole OpenAI, DeepSeek, and SiliconFlow API keys from 70,000 IDE users across an eight-month campaign.
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
ShinyHunters claimed 2.2 million stolen Kodak records and set a publication deadline; Kodak confirmed a breach and engaged external cybersecurity experts.
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
CISA added CVE-2026-48907 to its KEV catalog as automated exploit campaigns target the unauthenticated file upload flaw in the Joomla Content Editor plugin.
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Symantec found that DragonForce ransomware deployed Backdoor.Turn, a Go implant that hides C2 traffic inside Microsoft Teams TURN relay infrastructure.
iRhythm Confirms PHI Exfiltration via Social Engineering
iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they then exfiltrated.
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Zimperium disclosed Rokarolla, an Android trojan with a 137-command C2 framework that targets 217 banking and cryptocurrency apps via dynamic overlay attacks.
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
Kaspersky found malicious Wallpaper Engine packages on Steam Workshop delivering DarkKomet, Lumma, Vidar, and ransomware loaders to gamers who installed them.
GhostTree NTFS Junctions Paralyze Windows Defender Scans
Varonis disclosed GhostTree, an NTFS junction technique that uses recursive loops to block Windows Defender scans, requiring only standard user permissions.
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Unit 42 found CVE-2026-2473 in the Vertex AI SDK lets attackers execute code in a victim's GCP tenant by squatting predictable bucket names and using ...
Endpoint Security Solutions: How to Protect Every Enterprise Device
Discover what endpoint security solutions are, how EDR and EPP work, and how to implement enterprise endpoint protection.
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Google's GTIG disclosed UNC6508, a China-nexus group that maintained silent email forwarding inside US medical and military research networks for more than two years using ...
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...