Cyber Security
News
Dior Confirms Data Breach Exposing Chinese Customer Information
Mitchell Langley
May 15, 2025
Christian Dior confirms a customer data breach affecting Chinese users. Names, contacts, and shopping data were leaked; no financial details were compromised. Investigation ongoing.
News
Nucor Shuts Down Production Lines Following Cybersecurity Incident
Mitchell Langley
May 15, 2025
Nucor Corporation has shut down select production operations following a cybersecurity incident that compromised internal systems. The company is investigating and restoring operations.
News
Alleged Leak of 89 Million Steam User Records Tied to Supply Chain Breach
Mitchell Langley
May 15, 2025
Hackers are selling 89 million Steam user records in an apparent supply chain breach involving vendor access. Valve denies a direct Steam breach but continues ...
News
HireClick Exposes 5.7 Million Resume Files Due to Misconfigured Cloud Storage
Andrew Doyle
May 15, 2025
HireClick leaked over 5.7 million resume files after leaving an AWS bucket unsecured. The data exposure poses significant risks of fraud, phishing, and identity theft. ...
News
Valve Denies Steam Data Breach, Dismisses Leaked Data as Useless Expired Codes
Andrew Doyle
May 15, 2025
Valve denies claims of a Steam data breach, stating leaked data consists of expired SMS codes with no account credentials, passwords, or personal information.
News
Memphis-Shelby County Schools Joins Growing Lawsuit Against PowerSchool After Data Breach
Andrew Doyle
May 15, 2025
Tennessee’s largest school district has filed a federal lawsuit against PowerSchool, citing breach of contract and security failures linked to a December 2023 data breach. ...
News
DragonForce Hackers Disrupt UK Retail Giant Co-op in Geopolitically Charged Cyberattack
Andrew Doyle
May 14, 2025
Russian-aligned ransomware group DragonForce hit UK retailer Co-op, exposing customer data and disrupting operations, in a hybrid cyberattack blending financial and geopolitical motives.
News
EU Launches European Vulnerability Database (EUVD) Amid CVE Funding Crisis
Andrew Doyle
May 14, 2025
The EU launches its own vulnerability database (EUVD) to strengthen cybersecurity, reduce reliance on CVE, and ensure greater digital sovereignty across European infrastructure.
News
Twilio Denies Breach After Leak Claims to Expose Steam 2FA Codes
Mitchell Langley
May 14, 2025
Twilio denies breach after leaked Steam 2FA codes appear online. Experts suspect a third-party SMS provider may be the source of the data exposure.
News
M&S Confirms Customer Data Breach Following Cyberattack
Mitchell Langley
May 13, 2025
M&S confirms a customer data breach exposing contact details and order history after a cyberattack, but reassures no payment data or passwords were compromised.
News
VMware Tools Vulnerability Lets Attackers Tamper with Virtual Machines
Mitchell Langley
May 13, 2025
Broadcom patches a critical VMware Tools vulnerability that allows attackers with limited VM access to tamper with files. Affects Windows, Linux, and open-vm-tools versions.
News
Thousands of Node Developers Compromised by Malware in Popular npm Packages
Andrew Doyle
May 13, 2025
A sophisticated supply chain attack on npm injected malware into widely used packages, exposing thousands of developers to remote access trojans, data theft, and backdoors. ...
News
Türkiye-Backed Group Exploits Output Messenger Zero-Day in Cyberespionage Attack on Kurdish Targets
Mitchell Langley
May 13, 2025
A Türkiye-linked cyberespionage group exploited a zero-day in Output Messenger, enabling access to sensitive data and communications in targeted attacks on Kurdish-aligned users.
News
Moldovan Authorities Arrest Suspect Tied to DoppelPaymer Ransomware Attacks
Andrew Doyle
May 13, 2025
A Moldovan suspect has been arrested for a 2021 DoppelPaymer ransomware attack that crippled Dutch research systems and caused €4.5 million in damages.
Cybersecurity
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
Mitchell Langley
May 12, 2025
Chinese threat group Chaya_004 exploited a zero-day flaw in SAP NetWeaver servers, compromising hundreds of systems using remote code execution and web shell deployments.
Cybersecurity
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
Andrew Doyle
May 12, 2025
The iClicker website was hacked between April 12–16, 2025, using a fake CAPTCHA to deploy malware via a ClickFix attack targeting students and faculty.
News
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
Andrew Doyle
May 12, 2025
LockBit's dark web affiliate panels were hacked, exposing thousands of victim negotiation messages, affiliate details, and bitcoin addresses in a leaked MySQL database.
News
Ascension Data Breach Exposes Personal and Health Information of Over 430,000 Patients
Mitchell Langley
May 12, 2025
Ascension confirms a third-party data breach affecting 437,329 patients, exposing sensitive personal and medical data, including Social Security numbers and health insurance details.
News
PowerSchool Hacker Now Extorting Individual School Districts Using Stolen Data
Mitchell Langley
May 8, 2025
The PowerSchool hacker is now targeting individual school districts, threatening to leak sensitive student and staff data stolen in the December 2024 breach.
News
NSO Group Fined $167 Million for Pegasus Spyware Attack on WhatsApp Users
Mitchell Langley
May 8, 2025
A U.S. jury has ordered NSO Group to pay over $167 million in damages for a 2019 Pegasus spyware attack that targeted 1,400 WhatsApp users. ...
News
LockBit Ransomware Gang Breached, Internal Negotiation Data and Affiliate Info Leaked
Andrew Doyle
May 12, 2025
Cybersecurity
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
Syed Arslan
May 8, 2025
News
Interlock Ransomware Gang Deploys ClickFix Attacks Using Fake IT Tools to Compromise Networks
Andrew Doyle
April 21, 2025
TOP CYBERSECURITY HEADLINES
SECURITYWEEK INDUSTRY EXPERTS
News
Malicious RubyGems Impersonate Fastlane Plugins to Steal Telegram Bot Data
Andrew Doyle
June 4, 2025
News
Victoria’s Secret Postpones Q1 Earnings Amid System Restoration After Security Incident
Mitchell Langley
June 4, 2025
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Threat Actors
- Threat Detection Tools
- Uncategorized
Global Crackdown Dismantles Lumma Infostealer Malware Network, Seizes 2,300 Domains
May 22, 2025
Authorities and private sector partners have dismantled the infrastructure of the Lumma Infostealer malware, a dominant player in the malware-as-a-service (MaaS) ecosystem.
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools
May 22, 2025
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools
EU Sanctions Stark Industries and Leadership for Supporting Russian Cyber Operations
May 22, 2025
The EU has sanctioned Stark Industries and its leadership for enabling Russian cyber operations, disinformation, and infrastructure support used in attacks against European interests.
119,000 ICS Devices Exposed: The Internet’s Hidden Infrastructure Risk
May 22, 2025
In this episode, we dive into a growing cybersecurity crisis: the exposure of Industrial Control Systems (ICS) on the public internet. These systems power our ...
Serviceaide Data Leak Exposes Health Records of Over 480,000 Catholic Health Patients
May 21, 2025
Serviceaide exposed over 480,000 Catholic Health patients' records due to a misconfigured Elasticsearch database, putting sensitive personal and medical data at risk.
Coinbase Data Breach Exposes Personal Information of 69,461 Customers in Contractor-Driven Incident
May 21, 2025
Coinbase confirms a data breach involving overseas contractors that exposed personal and financial information of 69,461 users, prompting fears of social engineering and financial fraud. ...
Over 100 Malicious Chrome Extensions Found Masquerading as AI Tools, VPNs, and Crypto Utilities
May 21, 2025
A massive and ongoing campaign involving over 100 malicious Chrome extensions has been uncovered, with threat actors deploying browser add-ons disguised as free AI tools, ...
RVTools Supply Chain Attack Delivered Bumblebee Malware via Trojanized Installer
May 21, 2025
A supply chain attack on RVTools delivered Bumblebee malware through a trojanized installer, compromising virtualization admins and enabling follow-on ransomware or data exfiltration attacks.
Tesco, Aldi Supplier Peter Green Chilled Hit by Ransomware, Disrupting UK Retail Supply Chains
May 21, 2025
UK logistics firm Peter Green Chilled suffered a ransomware attack, disrupting deliveries for Tesco, Aldi, and Sainsbury’s amid a rising wave of supply chain cyberattacks. ...
SK Telecom Malware Breach Lasted 3 Years, Exposed 27 Million Phone Numbers
May 21, 2025
SK Telecom’s malware breach exposed 27 million phone numbers over three years via a supply chain attack targeting its security affiliate SK Shieldus.
PowerSchool Hacker Pleads Guilty to Student Data Extortion Scheme
May 21, 2025
A 19-year-old hacker has pleaded guilty to breaching PowerSchool and extorting millions by threatening to leak sensitive data on over 71 million students and teachers. ...
Mobile Carrier Cellcom Breached, Company Confirms Cyberattack Behind Extended Outages
May 21, 2025
Cellcom confirms a cyberattack caused week-long service outages across Wisconsin and Michigan, impacting calls and SMS; personal data reportedly not compromised.
VanHelsing Ransomware Builder Leaked by Former Developer on Hacking Forum
May 21, 2025
VanHelsing ransomware's builder and affiliate panel source code leaked after a former developer tried to sell it, prompting the gang to release it themselves.
Arla Foods Upahl Site Hit by Cyberattack—What It Means for Food Supply Chains
May 20, 2025
In May 2025, a cyberattack disrupted operations at Arla Foods’ major dairy facility in Upahl, Germany—halting skyr production, impacting local IT systems, and forcing product ...
Bypassing Antivirus: What Defendnot Reveals About the Weak Spots in Windows Security
May 20, 2025
In this episode, we dissect one of the most advanced Windows security evasion tools released in recent memory: Defendnot. Designed to exploit undocumented Windows Security ...
BreachRx Raises $15M to Automate the Chaos of Incident Response
May 20, 2025
In this episode, we dive into BreachRx’s $15 million Series A raise — and what it means for the future of enterprise cybersecurity incident response. ...
Scattered Spider Breached M&S via Third-Party TCS Credentials, Sources Confirm
May 20, 2025
Scattered Spider used third-party TCS employee credentials to breach M&S systems, exposing customer data and costing over £1 billion in market value and lost profits. ...
Trojanized KeePass Installer Leads to Ransomware on VMware ESXi Servers
May 20, 2025
Fake KeePass installers promoted via Bing ads delivered Cobalt Strike and stole credentials, ultimately leading to ESXi ransomware attacks linked to Black Basta affiliates.
TeleMessage Breach Exposes U.S. Government Messaging Data, 410GB Archive Published by DDoSecrets
May 20, 2025
Hackers exploited a flaw in TeleMessage’s TM SGNL app, exposing U.S. official communications. DDoSecrets published 410GB of chat logs and metadata from the breach.
Arla Foods Cyberattack Disrupts German Production Site, Causes Delivery Delays
May 20, 2025
Arla Foods confirmed a cyberattack at its Upahl production site in Germany, disrupting operations and causing delivery delays. No data theft has been confirmed.