Cyber Security
Cisco Talos Exposes UAT-7810 LONGLEASH Backdoor on Ruckus Routers
UK NCSC Publishes Cyber Shield Blueprint for AI Defense
BonkDAO Loses $20M After Attacker Buys Quorum with ~$4M
Eight Predatorgate Victims Sue Intellexa for €8 Million
CVE-2026-53359 Januscape: 16-Year KVM Flaw Enables VM Escape
Operation DragonReturn: DcRAT Targets India Tax Professionals
UK Cyber Resilience Pledge Draws 60 Signatories, Including Capita
CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data
GitLost Prompt Injection Leaks Private GitHub Repos via Public Issues
WriteOut Flaw Let Attackers Hijack Any Writer AI Enterprise Account
Japan Arrests Teen Who Used ChatGPT to Cancel 46,812 Bandai Accounts
BeyondTrust CVE-2026-40138 Auth Bypass Left Self-Hosted Users Exposed
CERT/CC Finds Hidden Admin Backdoor CVE-2026-11405 in Tenda Firmware
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Unit 42 Exposes EtherRAT: Teams Calls Deliver Blockchain-Backed RAT
UNK_MassTraction Exploits Roundcube XSS to Hit US Physics Departments
Fake Job Interview Phishing Hits Marketing Pros Across 30 Brand Lures
North Korea PolinRider Poisons 108 Packages via Compromised Accounts
CVE-2026-33697: Attested TLS Relay Flaw Hits WhatsApp, Cocos AI
QuimaRAT MaaS Sells Cross-Platform Java RAT for Windows, Linux, macOS
Opera GX Flaw Let Malicious Sites Silently Install Mods on 25M Users
TrojPix Leaks Data from Air-Gapped PCs via Video Cable Emissions
SkillCloak Lets Malicious AI Agent Skills Evade 90% of Static Scanners
Zscaler: Two Active Campaigns Hijack AI Agents for Crypto Theft
Google and FBI Seize NetNut Proxy Network Used by 316 Threat Actors
PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords
CVE-2026-8451 Exploited Within 24 Hours of Citrix NetScaler Patch
ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently
Apple Hide My Email Still Leaks Real Addresses After Claimed Fix
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Cybersecurity
macOS ClickFix Variant Silently Mounts DMG to Deploy AMOS Stealer
Unit 42 found a macOS ClickFix variant using hdiutil to silently mount DMG files and deploy AMOS stealer, targeting crypto wallets and iCloud Keychain.
Dify DifyTap Flaws Expose Cross-Tenant AI App Data
Application Security
Dify DifyTap Flaws Expose Cross-Tenant AI App Data
Four critical Dify vulnerabilities named DifyTap allow cross-tenant access to private AI chats, uploaded files, and internal APIs. Patched in version 1.14.2.
Application Security
Fake AI Agent Skill Reaches 26,000 Agents in Supply Chain Test
Security firm AIR planted a fake AI agent skill that bypassed all scanners and reached 26,000 agents, exposing a supply chain flaw in AI skill ...
Cybersecurity
Canada’s CSIS Uses Court Warrant to Dismantle Foreign Botnet
CSIS used a court-authorized warrant to remove foreign botnet malware from Canadian servers and IoT devices in a first use of its threat reduction powers.
Cybersecurity
Elastic Exposes OXLOADER and CastleStealer in Russian Malvertising
Elastic Security Labs exposed OXLOADER and CastleStealer — two new Russian-linked malware families spread via fake Google Ads targeting software downloaders.
Blog
Understanding Cloud Detection and Response (CDR) and Its Security Role
Learn what cloud detection and response (CDR) is, how it works, and practical steps to secure cloud workloads with real‑time threat visibility.
Application Security
FFmpeg PixelSmash Heap Overflow Enables RCE in Media Apps
JFrog disclosed CVE-2026-8461, a critical heap overflow in FFmpeg's video decoder enabling remote code execution when processing malicious video files.
Application Security
Microsoft AutoGen AI Framework Vulnerable to Localhost RCE
Microsoft disclosed AutoJack, a three-part vulnerability chain in AutoGen Studio that lets attackers hijack AI agents and execute arbitrary system commands.
Cybersecurity
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
Kaspersky found a WhatsApp phishing campaign using VBScript to install ManageEngine RMM software across multiple countries, granting attackers remote access.
Application Security
TeamPCP Open-Source Supply Chain Investigation Reveals Years of Access
Researchers investigated the TeamPCP threat group that exploited open-source speed culture for years of supply chain access across thousands of organizations.
Cybersecurity
Multiple Groups Exploit Critical FortiSandbox Flaws Across 200 Countries
Multiple sources confirm active exploitation of CVE-2026-25089 and CVE-2026-39813 against FortiSandbox, with credentials compiled for tens of thousands of appliances.
Cybersecurity
Kodak Confirms Data Breach After ShinyHunters Sets Leak Deadline
Kodak confirms a data breach after the ShinyHunters hackgroup claimed 2.2 million records exfiltrated, with the company asserting no threat to current operations.
F5 Emergency Patch: Critical NGINX Unauthenticated RCE Hits 40 Percent of Web Servers
Cybersecurity
F5 Emergency Patch: Critical NGINX Unauthenticated RCE Hits 40 Percent of Web Servers
F5 released emergency patches for NGINX enabling unauthenticated RCE across 40 percent of web servers worldwide today in an accelerated disclosure window.
Atlassian and Splunk Patch Critical Flaws Splunk AI Toolkit RCE, Atlassian Dependencies
Cybersecurity
Atlassian and Splunk Patch Critical Flaws: Splunk AI Toolkit RCE, Atlassian Dependencies
Atlassian and Splunk emergency patches include an OS command injection in Splunk AI Toolkit plus dozens of Atlassian Server dependency flaws
Cybersecurity
Critical Command Execution Vulnerability Patched in Cisco ISE
Cisco patched a critical command execution vulnerability in its Identity Services Engine where insufficient input validation enabled root-level system access.
Cybersecurity
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps
The Rokarolla Android banking trojan evolved beyond credential theft with a 137-command C2 framework targeting 217 banking and cryptocurrency applications.
Cybersecurity
Phantom Stealer Fileless Malware Targets Browser Credentials in Memory
Researchers identified Phantom Stealer as a new fileless credential stealer targeting all browsers via in-memory execution and anti-analysis techniques.
Cybersecurity
INC Ransomware Targets Healthcare, Education, and Local Government
Investigation reveals INC ransomware achieves consistent revenue by targeting healthcare, education, and local government with rapid encryption and data exfiltration.
Cybersecurity
ClickFix Campaign Linked to Vice Society Uses Compromised WordPress Sites
A malware campaign using Lorem Ipsum lures pivots to ClickFix delivery through compromised WordPress sites, with research suggesting possible links to Vice Society.
Cybersecurity
FortiBleed Compromises 74K Fortinet Firewall Credentials Worldwide
FortiBleed exposes verified Fortinet FortiGate VPN credentials for 74K devices across 194 countries, covering major corporations and a Turkish NATO contractor.
Application Security
CISA Adds ColdFusion, Langflow, Two Joomla CVEs to KEV
Cybersecurity
CSE Admits Hacking Ransomware Gangs and Deleting Stolen Victim Data
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Cybersecurity
Cisco Talos Exposes UAT-7810 LONGLEASH Backdoor on Ruckus Routers
Application Security
Adobe ColdFusion CVE-2026-48282 Exploited Within Hours of PoC Release
Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Canada’s CSIS Uses Court Warrant to Dismantle Foreign Botnet
CSIS used a court-authorized warrant to remove foreign botnet malware from Canadian servers and IoT devices in a first use of its threat reduction powers.
Elastic Exposes OXLOADER and CastleStealer in Russian Malvertising
Elastic Security Labs exposed OXLOADER and CastleStealer — two new Russian-linked malware families spread via fake Google Ads targeting software downloaders.
Understanding Cloud Detection and Response (CDR) and Its Security Role
Learn what cloud detection and response (CDR) is, how it works, and practical steps to secure cloud workloads with real‑time threat visibility.
FFmpeg PixelSmash Heap Overflow Enables RCE in Media Apps
JFrog disclosed CVE-2026-8461, a critical heap overflow in FFmpeg's video decoder enabling remote code execution when processing malicious video files.
Microsoft AutoGen AI Framework Vulnerable to Localhost RCE
Microsoft disclosed AutoJack, a three-part vulnerability chain in AutoGen Studio that lets attackers hijack AI agents and execute arbitrary system commands.
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
Kaspersky found a WhatsApp phishing campaign using VBScript to install ManageEngine RMM software across multiple countries, granting attackers remote access.
TeamPCP Open-Source Supply Chain Investigation Reveals Years of Access
Researchers investigated the TeamPCP threat group that exploited open-source speed culture for years of supply chain access across thousands of organizations.
Multiple Groups Exploit Critical FortiSandbox Flaws Across 200 Countries
Multiple sources confirm active exploitation of CVE-2026-25089 and CVE-2026-39813 against FortiSandbox, with credentials compiled for tens of thousands of appliances.
Kodak Confirms Data Breach After ShinyHunters Sets Leak Deadline
Kodak confirms a data breach after the ShinyHunters hackgroup claimed 2.2 million records exfiltrated, with the company asserting no threat to current operations.
F5 Emergency Patch: Critical NGINX Unauthenticated RCE Hits 40 Percent of Web Servers
F5 released emergency patches for NGINX enabling unauthenticated RCE across 40 percent of web servers worldwide today in an accelerated disclosure window.
Atlassian and Splunk Patch Critical Flaws: Splunk AI Toolkit RCE, Atlassian Dependencies
Atlassian and Splunk emergency patches include an OS command injection in Splunk AI Toolkit plus dozens of Atlassian Server dependency flaws
Critical Command Execution Vulnerability Patched in Cisco ISE
Cisco patched a critical command execution vulnerability in its Identity Services Engine where insufficient input validation enabled root-level system access.
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps
The Rokarolla Android banking trojan evolved beyond credential theft with a 137-command C2 framework targeting 217 banking and cryptocurrency applications.
Phantom Stealer Fileless Malware Targets Browser Credentials in Memory
Researchers identified Phantom Stealer as a new fileless credential stealer targeting all browsers via in-memory execution and anti-analysis techniques.
INC Ransomware Targets Healthcare, Education, and Local Government
Investigation reveals INC ransomware achieves consistent revenue by targeting healthcare, education, and local government with rapid encryption and data exfiltration.
ClickFix Campaign Linked to Vice Society Uses Compromised WordPress Sites
A malware campaign using Lorem Ipsum lures pivots to ClickFix delivery through compromised WordPress sites, with research suggesting possible links to Vice Society.
FortiBleed Compromises 74K Fortinet Firewall Credentials Worldwide
FortiBleed exposes verified Fortinet FortiGate VPN credentials for 74K devices across 194 countries, covering major corporations and a Turkish NATO contractor.
Gentlemen RaaS Group Maintains Purpose-Built EDR Killers
Gentlemen ransomware-as-a-service operation develops and maintains purpose-built endpoint detection kill tools to disable security protections before ransomware deployment.
Nintendo Confirms Employee Survey Data Stolen via TinyPulse
Nintendo confirms employee survey data stolen from TinyPulse, the WebMD subsidiary, through a third-party vendor breach affecting corporate HR integration.
Klue OAuth Breach Impacts Huntress, Recorded Future and Others
Klue's OAuth breach enabled the Icarus threat group to extract Salesforce CRM data from cybersecurity companies including Huntress and Recorded Future.