Main Menu
Cyber Security
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
Underminr Flaw Lets Attackers Hide C2 Traffic on 88M Domains
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Cybersecurity
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Andrew Doyle November 26, 2025
Vijil has announced securing $17 million to advance its AI-based cybersecurity platform. This funding aims to bolster the resilience and accelerate the deployment of its ...
Tor Introduces Counter Galois Onion Encryption for Improved Security
Cybersecurity
Tor Introduces Counter Galois Onion Encryption for Improved Security
Mitchell Langley November 26, 2025
Tor has replaced its existing Tor1 relay encryption algorithm with the new Counter Galois Onion encryption design, offering enhanced security for circuit traffic. The update ...
Microsoft Exchange Online Outage Customer Access Disrupted
Cybersecurity
Microsoft Exchange Online Outage: Customer Access Disrupted
Gabby Lee November 26, 2025
Customers using Outlook desktop client face access issues as Microsoft investigates Exchange Online service outage. The disruption affects user experience, specifically for those relying on ...
Delta Dental of Virginia Incident Exposes Personal and Health Information
Data Security
Delta Dental of Virginia Incident Exposes Personal and Health Information
Gabby Lee November 25, 2025
Delta Dental of Virginia experienced a major data breach impacting 146,000 customers. Personal and health data, including Social Security numbers and ID numbers, were compromised ...
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
Cybersecurity
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
Mitchell Langley November 25, 2025
A series of vulnerabilities in Fluent Bit, a widely used open-source log collection tool, has raised significant security concerns. The vulnerabilities have left open doors ...
SitusAMC Admits to Data Breach Impacting Client Information
Data Security
SitusAMC Admits to Data Breach Impacting Client Information
Andrew Doyle November 25, 2025
SitusAMC revealed a data breach incident affecting customer data. The company provides services to top banks and lenders, making the event noteworthy for the financial ...
Amazon Web Services Confronts Service Failures What Went Wrong and Lessons Learned
Cybersecurity
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
Mitchell Langley November 25, 2025
Amazon Web Services (AWS) recently made a groundbreaking move by admitting their mistakes and discontinuing services that failed to meet expectations. Delving into this decision ...
Defensive Strategies Against New ClickFix Ransomware Tactics
Data Security
Defensive Strategies Against New ClickFix Ransomware Tactics
Gabby Lee November 25, 2025
ClickFix ransomware now employs deceptive Windows Update animations to mislead users. This article explores the ClickFix attack evolution, detection innovations, and proactive user protection strategies ...
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Cybersecurity
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Mitchell Langley November 25, 2025
A novel ClickFix attack method leverages fake Windows update prompts and malformed PNG files to deploy infostealer malware. This campaign seeks to exploit user trust ...
Harvard Experiences Data Breach via Vishing Attack
Data Security
Harvard Experiences Data Breach via Vishing Attack
Gabby Lee November 25, 2025
Harvard's Alumni Affairs systems fell victim to a sophisticated vishing attack, compromising sensitive data such as emails, phone numbers, and biographical details. This breach highlights ...
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
Data Security
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
Andrew Doyle November 25, 2025
Russian cyber perpetrators craftily embed StealC V2 malware within Blender files. These files, hosted on popular 3D model marketplaces, pose a sophisticated threat to digital ...
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
CVE Vulnerability Alerts
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
Andrew Doyle November 24, 2025
SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and Gen8 firewalls, impacting cybersecurity.
Security Alert Remote Code Execution Vulnerability in Glob Pattern Matching Library
Cybersecurity
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
Mitchell Langley November 24, 2025
A remote code execution vulnerability has been identified in the glob file pattern matching library. Researchers urge swift updates to installations.
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cybersecurity
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Gabby Lee November 24, 2025
Iberia Airlines has disclosed a data breach affecting its customers, traced back to a compromised supplier. This announcement follows claims by threat actors on hacker ...
Deconstructing a Qilin Ransomware Attack How Analysts Overcame Limited Visibility
News
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
Andrew Doyle November 24, 2025
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts, and the ransomware path. Learn ...
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Data Security
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Andrew Doyle November 24, 2025
Cox Enterprises has informed affected individuals about a data breach resulting from a zero-day vulnerability in Oracle E-Business Suite, allowing hackers to access sensitive personal ...
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
News
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
Mitchell Langley November 24, 2025
Cybercriminals have turned to browser notifications as a novel phishing vector using the Matrix Push C2 platform. This sophisticated approach leverages non-traditional browser features to ...
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Cybersecurity
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Gabby Lee November 24, 2025
Avast unveils Scam Guardian, a new AI-based security tool. Using Gen Threat Labs data, it offers continuous online fraud detection and guidance.
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Application Security
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Andrew Doyle November 24, 2025
SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Cybersecurity
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Gabby Lee November 24, 2025
Facing accusations of breaching Transport for London's (TfL) systems, two teenagers appeared in court. This breach, which occurred in August 2024, reportedly resulted in millions ...
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Gabby Lee May 26, 2026
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Gabby Lee May 26, 2026
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Gabby Lee May 26, 2026
Cybersecurity
DragonForce Lists Indiana Greenhouse Firm Heartland Growers
Andrew Doyle May 26, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
Cybersecurity
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Critical Honeywell Experion PKS Vulnerabilities Threaten Global Industrial Control Systems
July 31, 2025
Podcasts
Auto-Color Linux Malware Exploits SAP Zero-Day CVE-2025-31324
July 31, 2025
Podcasts
Inside the July 2025 PyPI Phishing Scam: How Hackers Stole Developer Credentials
July 31, 2025

Cyber Security News

Open Source Projects Face a Rising Tide of Malware Infections
Cybersecurity
Open Source Projects Face a Rising Tide of Malware Infections
March 25, 2026
Major Announcements from RSAC 2026 What Day 1 Revealed
Cybersecurity
Major Announcements from RSAC 2026: What Day 1 Revealed
March 25, 2026
QualDerm Partners Data Breach Hits Over 3.1 Million People
Cybersecurity
QualDerm Partners Data Breach Hits Over 3.1 Million People
March 25, 2026
Microsoft Fixes Gmail and Yahoo Synchronization Issues for Classic Outlook Users
Cybersecurity
Microsoft Fixes Gmail and Yahoo Synchronization Issues for Classic Outlook Users
March 25, 2026
Gartner Publishes Its First Market Guide for Guardian Agents
Cybersecurity
Gartner Publishes Its First Market Guide for Guardian Agents
March 25, 2026
Software Supply Chains Are the New Frontline for Cyber Risk
Cybersecurity
Software Supply Chains Are the New Frontline for Cyber Risk
March 19, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Microsoft Exchange Online Outage: Customer Access Disrupted
November 26, 2025
Customers using Outlook desktop client face access issues as Microsoft investigates Exchange Online service outage. The disruption affects user experience, specifically for those relying on ...
Delta Dental of Virginia Incident Exposes Personal and Health Information
November 25, 2025
Delta Dental of Virginia experienced a major data breach impacting 146,000 customers. Personal and health data, including Social Security numbers and ID numbers, were compromised ...
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
November 25, 2025
A series of vulnerabilities in Fluent Bit, a widely used open-source log collection tool, has raised significant security concerns. The vulnerabilities have left open doors ...
SitusAMC Admits to Data Breach Impacting Client Information
November 25, 2025
SitusAMC revealed a data breach incident affecting customer data. The company provides services to top banks and lenders, making the event noteworthy for the financial ...
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
November 25, 2025
Amazon Web Services (AWS) recently made a groundbreaking move by admitting their mistakes and discontinuing services that failed to meet expectations. Delving into this decision ...
Defensive Strategies Against New ClickFix Ransomware Tactics
November 25, 2025
ClickFix ransomware now employs deceptive Windows Update animations to mislead users. This article explores the ClickFix attack evolution, detection innovations, and proactive user protection strategies ...
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
November 25, 2025
A novel ClickFix attack method leverages fake Windows update prompts and malformed PNG files to deploy infostealer malware. This campaign seeks to exploit user trust ...
Harvard Experiences Data Breach via Vishing Attack
November 25, 2025
Harvard's Alumni Affairs systems fell victim to a sophisticated vishing attack, compromising sensitive data such as emails, phone numbers, and biographical details. This breach highlights ...
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
November 25, 2025
Russian cyber perpetrators craftily embed StealC V2 malware within Blender files. These files, hosted on popular 3D model marketplaces, pose a sophisticated threat to digital ...
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
November 24, 2025
SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and Gen8 firewalls, impacting cybersecurity.
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
November 24, 2025
A remote code execution vulnerability has been identified in the glob file pattern matching library. Researchers urge swift updates to installations.
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
November 24, 2025
Iberia Airlines has disclosed a data breach affecting its customers, traced back to a compromised supplier. This announcement follows claims by threat actors on hacker ...
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
November 24, 2025
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts, and the ransomware path. Learn ...
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
November 24, 2025
Cox Enterprises has informed affected individuals about a data breach resulting from a zero-day vulnerability in Oracle E-Business Suite, allowing hackers to access sensitive personal ...
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
November 24, 2025
Cybercriminals have turned to browser notifications as a novel phishing vector using the Matrix Push C2 platform. This sophisticated approach leverages non-traditional browser features to ...
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
November 24, 2025
Avast unveils Scam Guardian, a new AI-based security tool. Using Gen Threat Labs data, it offers continuous online fraud detection and guidance.
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
November 24, 2025
SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...
British Teenagers in Court for TfL Cybersecurity Breach Allegations
November 24, 2025
Facing accusations of breaching Transport for London's (TfL) systems, two teenagers appeared in court. This breach, which occurred in August 2024, reportedly resulted in millions ...
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
November 24, 2025
Nvidia has acknowledged that its recent security updates have triggered performance issues for gamers using Windows 11 24H2 and 25H2 systems. This acknowledgment highlights the ...
ShinyHunters Claims Responsibility for Gainsight Data Breach
November 24, 2025
ShinyHunters admits to exploiting Gainsight security vulnerabilities, affecting numerous Salesforce users. This breach heightens concerns over data security and ransomware in the tech industry.
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
Underminr Flaw Lets Attackers Hide C2 Traffic on 88M Domains
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug