Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
PromptLock Ransomware Uses AI to Encrypt and Steal Data
Cybersecurity
PromptLock Ransomware Uses AI to Encrypt and Steal Data
Gabby Lee August 28, 2025
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights risks of weaponized AI in ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Application Security
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Andrew Doyle August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Cybersecurity
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
Gabby Lee August 28, 2025
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand of 1.5 BTC was reported.
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Cybersecurity
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Mitchell Langley August 28, 2025
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple AI platforms.
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Cybersecurity
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Andrew Doyle August 28, 2025
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not impacted, CNIL was notified.
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
Cybersecurity
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
Gabby Lee August 28, 2025
A critical SSRF in Docker Desktop (CVE-2025-9074) let containers reach the Docker Engine API and bind host storage; Docker issued Docker Desktop 4.44.3 to fix ...
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
CVE Vulnerability Alerts
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
Mitchell Langley August 28, 2025
CISA warns of actively exploited Git vulnerability CVE-2025-48384 that enables arbitrary code execution via crafted submodules; federal patch deadline set for September 15.
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
Application Security
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
Mitchell Langley August 28, 2025
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing credential-based attacks during US back-to-school ...
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
CVE Vulnerability Alerts
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
Gabby Lee August 28, 2025
Citrix patches critical NetScaler RCE CVE-2025-7775 exploited in zero-day attacks; admins must upgrade affected NetScaler ADC and Gateway builds immediately.
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
Application Security
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
Gabby Lee August 28, 2025
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18, with services disrupted for nearly ...
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
Cybersecurity
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
Andrew Doyle August 28, 2025
Forbes found over 370,000 Grok conversations indexed by search engines after users clicked "share," exposing personal data, attachments, passwords, and illicit instructions including assassination plans.
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
Cybersecurity
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
Gabby Lee August 28, 2025
Murky Panda hijacks trusted cloud relationships to reach downstream customers, abusing Entra ID and DAP paths, reading email, and escalating privileges after initial access via ...
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
Cybersecurity
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
Andrew Doyle August 28, 2025
Salesloft breach exposed Drift OAuth tokens used to access Salesforce instances; attackers extracted AWS keys, passwords, and Snowflake tokens to pivot and exfiltrate data.
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
Application Security
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
Mitchell Langley August 28, 2025
A newly advertised data-scraping service claims to index 1.8 billion Discord messages, 207 million voice sessions, and profiles from 35 million users. Researchers warn the ...
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
Application Security
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
Gabby Lee August 28, 2025
Silk Typhoon used captive-portal AitM redirects to deliver a signed dropper that decrypts and side-loads a PlugX-variant backdoor, GTIG reports and blocks domains.
Farmers Insurance Data Breach Impacts 1.1 Million Customers in Salesforce Attack
Cybersecurity
Farmers Insurance Data Breach Impacts 1.1 Million Customers in Salesforce Cyberattack
Andrew Doyle August 28, 2025
Farmers Insurance confirmed a third-party vendor database was breached on May 29, exposing PII for 1,111,386 customers in the wider Salesforce data theft campaign.
AI Summary Injection Turns Summaries Into Malware Delivery
Cybersecurity
AI Summary Injection Turns Summaries into Malware Delivery
Gabby Lee August 28, 2025
Researchers show attackers hide malicious payloads in HTML using CSS obfuscation and prompt overdose so AI summaries output malware instructions that lead to ransomware execution.
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Cybersecurity
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Mitchell Langley August 28, 2025
Nissan has confirmed a data breach at its Tokyo-based subsidiary, Creative Box Inc. (CBI), following unauthorized access on August 16, 2025. The Qilin ransomware group ...
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
Resources
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
Gabby Lee August 28, 2025
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims spanning healthcare, manufacturing, and IT, ...
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Blog
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Andrew Doyle August 28, 2025
Australia is facing a surge in AI-driven cyberattacks, from deepfake phishing and malware development to supply chain compromises. With over 70 major incidents in 2025 ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Meta Deletes 6.8 Million Scam Accounts as AI-Powered Fraud Rings Exploit WhatsApp
August 6, 2025
Podcasts
Meta Found Liable: Jury Rules Against Tech Giant in Flo Health Privacy Case
August 5, 2025
Podcasts
TSMC Insider Threat: Six Arrested in Taiwan Over 2nm Chip Trade Secrets
August 5, 2025

Cyber Security News

SoundCloud's VPN Restrictions Lead to Access Denials for Users
Cybersecurity
SoundCloud’s VPN Restrictions Lead to Access Denials for Users
December 16, 2025
Unsecured 16TB Database Exposes 4.3 Billion Professional Records
Information Security
Unsecured 16TB Database Exposes 4.3 Billion Professional Records
December 15, 2025
Notepad++ Fixes Updater Vulnerability Allowing Attackers to Hijack Update Traffic
Application Security
Notepad++ Fixes Updater Vulnerability Allowing Attackers to Hijack Update Traffic
December 15, 2025
Germany Accuses Russia of Cyberattacks on Air Traffic Control and Election Interference
Cybersecurity
Germany Accuses Russia of Cyberattacks on Air Traffic Control and Election Interference
December 15, 2025
Justice Department Alleges Misleading Compliance in Federal Audit Case
Cybersecurity
Justice Department Alleges Misleading Compliance in Federal Audit Case
December 15, 2025
GeoServer Vulnerability Exploitation Facilitates External Entity Attacks
Endpoint Security
GeoServer Vulnerability Exploitation Facilitates External Entity Attacks
December 15, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
SPLX Exposes AI Exploit: Prompt Injection Tricks ChatGPT Into Solving CAPTCHAs
September 22, 2025
A startling new report from AI security platform SPLX reveals how attackers can bypass the built-in guardrails of AI agents like ChatGPT through a sophisticated ...
Brussels, Berlin, London Hit Hard as Cyber Disruption Sparks Flight Chaos
September 22, 2025
A cyberattack on Collins Aerospace, a U.S.-based provider of passenger check-in and baggage handling software, plunged major European airports into chaos over the weekend. Beginning ...
Novakon Ignored Security Reports on ICS Weaknesses, Leaving 40,000+ Devices Exposed
September 19, 2025
A new security report has revealed serious, unpatched vulnerabilities in industrial control system (ICS) products manufactured by Novakon, a Taiwan-based subsidiary of iBASE Technology. Security ...
RevengeHotels Cybercrime Group Adopts AI and VenomRAT in Hotel Credit Card Theft Campaign
September 19, 2025
The cybercrime group known as RevengeHotels, also tracked as TA558, has launched a new wave of attacks against the hospitality sector, evolving its tactics with ...
ShadowLeak: Server-Side Data Theft Attack Discovered Against ChatGPT Deep Research
September 19, 2025
A groundbreaking new cyberattack dubbed ShadowLeak has been uncovered targeting ChatGPT’s Deep Research capability, marking a dangerous escalation in AI-related threats. Unlike prior exploits such ...
WatchGuard Firebox Vulnerability Could Let Hackers Take Over Networks
September 19, 2025
A new critical vulnerability, CVE-2025-9242, has been discovered in WatchGuard Firebox firewalls, putting thousands of networks worldwide at risk. The flaw stems from an out-of-bounds ...
How SystemBC’s 1,500 Infected VPS Servers Fuel Ransomware and Fraud
September 19, 2025
The SystemBC proxy botnet has quietly become one of the most persistent pillars of the cybercrime ecosystem. First detected in 2019, SystemBC is less about ...
Tiffany & Co. Data Breach Exposes Gift Card Details of 2,500+ Customers
September 18, 2025
Tiffany and Company, the iconic luxury jeweler under the LVMH umbrella, has confirmed a serious data breach impacting over 2,500 customers across the United States ...
Security Flaw in Yellow.ai Chatbot Allowed Cookie Theft and Account Hijacking
September 18, 2025
A critical flaw in Yellow.ai’s chatbot allowed malicious code injection and cookie theft, putting support agent accounts at risk. The vulnerability has been patched.
Russian Gang Claims Breach of U.S. Broadcaster; Executive Passport Exposed
September 18, 2025
Termite claims to have exfiltrated News-Press & Gazette data, posting screenshots that show a U.S. passport and employee contact records, heightening identity-theft concerns.
FBI Warns of UNC6040 and UNC6395 Threat Actors Targeting Salesforce
September 18, 2025
FBI warns that UNC6040 and UNC6395 are exploiting Salesforce through OAuth abuse and stolen tokens to steal corporate data, extort victims, and pivot into cloud ...
Retina Group of Florida and Hampton Regional Medical Center Report Patient Data Breaches
September 18, 2025
Retina Group of Florida and Hampton Regional Medical Center disclosed breaches exposing protected health information for approximately 153,000 patients; investigations, notifications, and monitoring are underway ...
Vietnam Credit Bureau Leak Claims Expose 160 Million Financial Records
September 18, 2025
ShinyHunters claims to sell 160 million CIC credit records from Vietnam. Researchers verified samples; authorities confirm a breach and opened an investigation.
Lakera’s Gandalf Network Joins Check Point in $300M AI Security Deal
September 17, 2025
In a major strategic move, Check Point Software Technologies has announced the acquisition of Lakera, a Zurich and San Francisco–based AI security firm founded by ...
Shai-Hulud Exposes Fragility of the Open-Source Software Supply Chain
September 17, 2025
A major supply chain attack is underway in the npm ecosystem. Dubbed Shai-Hulud, this worm-style campaign began with the compromise of the popular @ctrl/tinycolor package ...
ChatGPT Calendar Vulnerability Exposes User Emails in New AI Attack
September 17, 2025
A critical vulnerability has been uncovered in ChatGPT’s new calendar integration, exposing how attackers could exfiltrate sensitive user data—particularly emails—through a deceptively simple exploit. Security ...
CrowdStrike Acquires Pangea to Launch AI Detection and Response (AIDR)
September 17, 2025
At Fal.Con 2025, CrowdStrike announced one of its boldest moves yet: the acquisition of AI security startup Pangea. The deal signals CrowdStrike’s intent to redefine ...
RaccoonO365: $100K Phishing-as-a-Service Scheme Taken Down
September 17, 2025
Microsoft and Cloudflare have successfully dismantled RaccoonO365, a global phishing-as-a-service (PhaaS) operation that had been running for over a year. This criminal platform, marketed on ...
AI-Generated Phishing and Deepfakes Supercharge Social Engineering Attacks
September 16, 2025
Social engineering has reclaimed center stage as today’s most reliable intrusion vector—and it’s not just email anymore. Recent warnings from law enforcement and national cyber ...
Phoenix Attack Breaks DDR5 Rowhammer Defenses: Root in 109 Seconds
September 16, 2025
The infamous Rowhammer vulnerability, long thought to be contained by new DRAM protections, has resurfaced with devastating force. Academic researchers, working with Google, have unveiled ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited