Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
WinRAR Zero-Day Vulnerability Exploited by Multiple Threat Actors
Application Security
WinRAR Zero-Day Vulnerability Exploited by Multiple Threat Actors
Andrew Doyle August 25, 2025
A newly discovered zero-day in WinRAR, CVE-2025-8088, is being exploited by RomCom hackers to plant executables in Windows Startup folders via path traversal. The flaw ...
FortiOS Auth Bypass Vulnerability Allows Attackers to Gain Full Control
Cybersecurity
FortiOS Auth Bypass Vulnerability Allows Attackers to Gain Full Control
Mitchell Langley August 22, 2025
Fortinet has disclosed CVE-2024-26009, a high-severity authentication bypass in the FGFM protocol. The flaw lets attackers impersonate managed FortiGate devices via FortiManager, enabling full administrative ...
Decline in Cybersecurity Prevention Effectiveness Raises Concerns for CISOs
Blog
Decline in Cybersecurity Prevention Effectiveness Raises Concerns for CISOs
Gabby Lee August 22, 2025
New research from Horizon3.ai, WEF, Trend Micro, and others shows a widening gap between cybersecurity strategies and real-world results. CISOs face declining prevention effectiveness, rising ...
Norway Attributes Dam Cyberattack to Russian Hackers
Cybersecurity
Norway Attributes Dam Cyberattack to Russian Hackers
Andrew Doyle August 22, 2025
Norway confirmed that Russian state-sponsored hackers breached the Bremanger dam’s control systems in April 2025, releasing 1.9 million gallons of water. While no damage occurred, ...
Chrome Extension FreeVPN One Secretly Captures Screens
Cybersecurity
Chrome Extension FreeVPN One Secretly Captures Screens
Mitchell Langley August 22, 2025
Security researchers found that FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge, secretly captured user screenshots, URLs, and device data. Updates ...
Critical PostgreSQL Flaws Allow Code Injection During Database Restoration
CVE Vulnerability Alerts
Critical PostgreSQL Flaws Allow Code Injection During Database Restoration
Mitchell Langley August 22, 2025
The PostgreSQL team has disclosed three critical vulnerabilities—CVE-2025-8714, CVE-2025-8715, and CVE-2025-1094—impacting backup and restore utilities. These flaws enable malicious code injection and SQL exploitation, posing ...
Internet Archive Abused to Host Stealthy Malware JScript Loaders
Cybersecurity
Internet Archive Abused to Host Stealthy Malware JScript Loaders
Gabby Lee August 22, 2025
Attackers are abusing the Internet Archive to host obfuscated malware loaders, launching multi-stage infection chains that deliver the Remcos RAT. By exploiting trusted infrastructure, threat ...
Business Council of New York State Data Breach: Personal Health Data of 47,000 People Exposed
Cybersecurity
Business Council of New York State Data Breach: Personal Health Data of 47,000 People Exposed
Gabby Lee August 21, 2025
BCNYS reports a two-day February intrusion discovered in August exposed personal, financial, and health data for 47,329 people, prompting rolling notifications and credit monitoring for ...
Cybersecurity
Clickjacking Vulnerability Exposes Autofill Data Across Major Extensions
Mitchell Langley August 21, 2025
Attackers use ADFS redirect phishing through legitimate office.com links, bypassing URL filters and MFA, to steal Microsoft 365 logins via malvertising and conditional access tricks.
Financial App Data Leak in Turkey Puts Millions at Risk
Cybersecurity
Financial App Data Leak in Turkey Puts Millions at Risk
Gabby Lee August 21, 2025
An unprotected MongoDB tied to FinansCepte and FinansWebde exposed over four million records, putting Turkish users at risk of phishing, credential stuffing, and manipulated financial ...
GenAI Powers Harder-to-Detect Phishing Threats
News
GenAI Powers Harder-to-Detect Phishing Threats
Andrew Doyle August 21, 2025
New research from Unit 42 shows adversaries are combining AI website builders, writing assistants, deepfakes, and chatbots to automate large-scale campaigns that closely mimic trusted ...
LG Hai Phong Earns CSMS Level 3 Certification at Its Largest Vehicle Component Base
Cybersecurity
LG Hai Phong Earns CSMS Level 3 Certification at Its Largest Vehicle Component Base
Gabby Lee August 20, 2025
LG’s Hai Phong plant earned CSMS Level 3 Certification from TÜV Rheinland, the first facility to hold both Level 2 and Level 3 simultaneously, validating ...
XenoRAT Malware Campaign Targets Embassies in South Korea
Cybersecurity
XenoRAT Malware Campaign Targets Embassies in South Korea
Andrew Doyle August 20, 2025
A multi-stage espionage campaign using XenoRAT malware has targeted foreign embassies in South Korea, with evidence linking the activity to both North Korean and Chinese ...
SentinelOne Expands Partnership With Mimecast to Advance People-Focused Cybersecurity
Cybersecurity
SentinelOne Expands Partnership With Mimecast to Advance People-Focused Cybersecurity
Andrew Doyle August 20, 2025
SentinelOne and Mimecast deepen integration, pairing Singularity endpoint telemetry with Human Risk Management to prioritize people-focused cybersecurity and reduce human-caused breaches.
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
News
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
Gabby Lee August 19, 2025
Inotiv confirms a ransomware attack encrypted systems and data, disrupting operations. SEC filing cites Qilin claims of 176GB theft as investigators restore and assess impact.
Researcher Harvests 270k Employee Records Exploiting Intel Flaw
Cybersecurity
Researcher Harvests 270k Employee Records Exploiting Intel Flaw
Mitchell Langley August 19, 2025
Researcher Eaton Zveare found four flaws that exposed 270,000 Intel employee records via unauthenticated APIs and hardcoded credentials, then received only an automated “Thank You ...
Lexington-Richland 5 Data Breach Exposes Students’ Names, Addresses and SSNs
Cybersecurity
Lexington-Richland 5 Data Breach Exposes Students’ Names, Addresses and SSNs
Mitchell Langley August 19, 2025
Lexington-Richland 5 says former students’ names, addresses and Social Security numbers were posted on a threat-actor forum after a June breach; notifications and monitoring offered.
Panera Agrees to $2.5M Settlement After 2024 Data Breach
News
Panera Agrees to $2.5M Settlement After 2024 Data Breach
Andrew Doyle August 19, 2025
Panera agrees to a $2.5 million settlement after a February 2024 cyber incident; about 147,321 eligible claimants can seek documented or tiered payments.
IBM Finds “AI Oversight Gap” in Organizations That Suffered AI-Related Breaches
News
IBM Finds “AI Oversight Gap” in Organizations That Suffered AI-Related Breaches
Mitchell Langley August 19, 2025
IBM reports 97% of organisations in AI-related breaches lacked AI access controls; shadow AI added $670,000 to average breach costs while defensive AI sped containment.
PayPal Denies Breach Amid 16M Login Leak on Dark Web
News
PayPal Denies Breach Amid 16M Login Leak on Dark Web
Mitchell Langley August 19, 2025
A forum post claims 15.8 million PayPal credentials were leaked; PayPal says the data ties to a 2022 incident. Researchers could not verify the full ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
CISA & FEMA Release $100M in Cybersecurity Grants to Strengthen State, Local, and Tribal Defenses
August 4, 2025
Podcasts
350,000 Patient Records Exposed: Inside the Northwest Radiologists Data Breach
August 4, 2025
Podcasts
AI Jailbreaks on the Rise: How Hackers Are Extracting Training Data from LLMs
August 4, 2025

Cyber Security News

Gladinet CentreStack Flaw A Widespread Threat to Organizations
Cybersecurity
Gladinet CentreStack Flaw: A Widespread Threat to Organizations
December 15, 2025
PyStoreRAT New JavaScript-Based RAT Distributed via GitHub
Cybersecurity
PyStoreRAT: New JavaScript-Based RAT Distributed via GitHub
December 15, 2025
Pentagon Pushes for Post-Quantum Cryptography Amid Rising Tech Tensions
Cybersecurity
Pentagon Pushes for Post-Quantum Cryptography Amid Rising Tech Tensions
December 15, 2025
New Cyber Threats Movie Downloads and Software Updates Under Siege
Cybersecurity
New Cyber Threats: Movie Downloads and Software Updates Under Siege
December 15, 2025
Zero-day Vulnerability in Gogs Leads to Hundreds of Compromised Servers
Cybersecurity
Zero-day Vulnerability in Gogs Leads to Hundreds of Compromised Servers
December 15, 2025
Former Employee Faces Charges Over Alleged Cybersecurity Fraud DoD Compliance in Question
Cybersecurity
Former Employee Faces Charges Over Alleged Cybersecurity Fraud: DoD Compliance in Question
December 15, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack
September 9, 2025
Rose Acre Farms, America’s second-largest egg producer, was allegedly hit by Lynx ransomware, with attackers claiming encrypted data in a breach that threatens food supply ...
Lovesac Confirms Data Breach Following Ransomware Attack
September 9, 2025
Lovesac confirmed a ransomware-linked data breach impacting personal information. Attackers accessed systems in February 2025, with stolen data linked to the RansomHub ransomware group’s extortion ...
GhostAction Supply Chain Attack on GitHub Exposes 3,325 Secrets
September 9, 2025
The GhostAction supply chain attack on GitHub compromised 3,325 secrets, including npm, PyPI, AWS, and GitHub tokens, after attackers injected malicious workflows into 817 repositories.
Qantas Airways Reduces CEO’s Bonus Following July Data Breach
September 9, 2025
Qantas Airways reduced CEO Vanessa Hudson’s pay by $250,000 following a July cyber attack that exposed 4.5 million customer records, reflecting leadership accountability and strengthened ...
The “s1ngularity” Attack: How Hackers Hijacked Nx and Leaked Thousands of Repositories
September 8, 2025
In late August 2025, the open-source software ecosystem was rocked by a sophisticated two-phase supply chain attack, now known as “s1ngularity.” The incident began when ...
Canadian Investment Giant Wealthsimple Hit by Vendor Compromise
September 8, 2025
Wealthsimple, one of Canada’s largest online investment platforms, has confirmed a data breach that exposed the sensitive information of fewer than 1% of its three ...
FireCompass Raises $20M to Scale AI-Powered Offensive Security
September 8, 2025
In a year when cybercrime is projected to cost the world over $10.5 trillion, FireCompass has emerged as one of the most closely watched AI-driven ...
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems
September 8, 2025
A newly uncovered critical vulnerability, tracked as CVE-2025-42957, is sending shockwaves through the enterprise technology world. Affecting all SAP S/4HANA deployments, both on-premise and in ...
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto
September 8, 2025
North Korean cybercriminals have escalated their social engineering operations, deploying a wave of sophisticated campaigns designed to infiltrate cryptocurrency and decentralized finance (DeFi) organizations. At ...
North Korean Hackers Pose as Recruiters To Launch Global Cyberattacks
September 8, 2025
North Korean hackers posed as recruiters to target blockchain and finance professionals, exploiting Slack and cyber intelligence platforms to steal cryptocurrency in a global campaign ...
Social Engineering Breach Opens Door to Google Salesforce Data Leak
September 8, 2025
A phishing attack on a Google employee led to a Salesforce breach, exposing business contact data. Gmail remained secure, but the incident underscores the power ...
Czech Cybersecurity Agency Warns Against Chinese Technology in Critical Infrastructure
September 8, 2025
The Czech Republic’s cybersecurity agency warns critical infrastructure operators against Chinese technology, elevates threat level to “High,” and cites confirmed malicious activity, data access risks, ...
This Week In Cybersecurity: September 1–5, 2025
September 8, 2025
News Stories Jaguar Land Rover Cyberattack Severely Disrupts Production Systems Taken Offline Jaguar Land Rover halted operations after a cyberattack disabled its production systems, forcing ...
Cybersecurity Leadership: An Expert Talks Executive Risk
September 8, 2025
Leah Santos, CISO and Cyber Resilience Advisor Talks Executive Risk
Wealthsimple Data Breach Leaked Client Information Online
September 8, 2025
Wealthsimple confirmed a September 2025 data breach affecting under one percent of clients. Personal details were exposed, but passwords and funds remained fully secure throughout ...
Hack on In-Flight Connectivity Provider Anuvu Exposes Starlink User Data
September 8, 2025
Hackers breached inflight connectivity provider Anuvu, exposing sensitive data including Starlink service records, user credentials, and corporate details linked to major airline and maritime customers ...
Chess.com Confirms Data Breach Through Third-Party File Transfer Application
September 7, 2025
Chess.com disclosed a June 2025 data breach after attackers exploited a third-party file transfer application, exposing personal data of about 4,500 users while leaving main ...
Bridgestone Confirms Cyberattack Disrupts Manufacturing Operations in North America
September 7, 2025
Bridgestone confirmed a cyberattack disrupting manufacturing at North American plants. The company quickly contained the incident, assured no customer data was compromised, and continues forensic ...
Hackers Turn to HexStrike-AI to Accelerate Exploitation of N-Day Flaws
September 7, 2025
Hackers are adopting HexStrike-AI, an AI-powered red teaming tool, to exploit Citrix flaws. The automation shrinks patching windows from days to minutes, raising enterprise security ...
Jaguar Land Rover Cyberattack Severely Disrupts Production, Systems Taken Offline
September 5, 2025
Jaguar Land Rover confirmed a cyberattack that forced factories offline and disrupted production. Systems remain down, though the automaker says no customer data has been ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited