Main Menu
Cyber Security
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
Underminr Flaw Lets Attackers Hide C2 Traffic on 88M Domains
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
Application Security
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
Gabby Lee November 24, 2025
Nvidia has acknowledged that its recent security updates have triggered performance issues for gamers using Windows 11 24H2 and 25H2 systems. This acknowledgment highlights the ...
ShinyHunters Claims Responsibility for Gainsight Data Breach
News
ShinyHunters Claims Responsibility for Gainsight Data Breach
Gabby Lee November 24, 2025
ShinyHunters admits to exploiting Gainsight security vulnerabilities, affecting numerous Salesforce users. This breach heightens concerns over data security and ransomware in the tech industry.
Grafana Vulnerability Addressing Critical Security Flaw in SCIM Component
CVE Vulnerability Alerts
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
Andrew Doyle November 24, 2025
Grafana has disclosed a critical vulnerability in its SCIM component, rated CVSS 10.0, potentially allowing privilege escalation. Addressing this is crucial for organizations to secure ...
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Cybersecurity
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
Andrew Doyle November 24, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies about the need to patch a vulnerability in Oracle Identity Manager identified as ...
Inside Job CrowdStrike Hacked by Insider Leaking Screenshots
Cybersecurity
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
Mitchell Langley November 23, 2025
CrowdStrike has confirmed an insider leaked internal screenshots to hackers. The incident, involving Scattered Lapsus$ Hunters, underscores the persistent insider threat in cybersecurity. As a ...
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
CVE Vulnerability Alerts
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
Gabby Lee November 23, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Application Security
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
Mitchell Langley November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Cybersecurity
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
Gabby Lee November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Application Security
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
Andrew Doyle November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Data Security
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
Mitchell Langley November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
Data Security
Italian Railway Data Breach Traced to Third-Party IT Compromise
Andrew Doyle November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
News
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
Mitchell Langley November 21, 2025
APT24, a China-linked threat group, used a custom malware called BadAudio in a three-year surveillance operation, now evolving with advanced techniques.
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
News
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
Gabby Lee November 21, 2025
Thai authorities, helped by a tip from the FBI, have arrested a Russian hacking suspect in Phuket, linking the individual to major cyber breaches.
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
Application Security
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
Mitchell Langley November 21, 2025
The new Android malware dubbed Sturnus bypasses strong encryption in secure messaging apps by recording on-screen content and enabling full device control.
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Application Security
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
Andrew Doyle November 21, 2025
A vulnerability in WhatsApp's contact discovery protocol exposed the risk of mass account enumeration, allowing attackers to confirm up to 3.5 billion accounts.
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Cybersecurity
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
Gabby Lee November 21, 2025
The U.S. Securities and Exchange Commission has ended its litigation against SolarWinds and its CISO, closing a controversial chapter stemming from the 2020 SUNBURST attack.
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Cybersecurity
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
Andrew Doyle November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat Palo Alto Networks CEO Predicts Security Overhaul by 2029
Cybersecurity
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
Mitchell Langley November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
News
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
Andrew Doyle November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Cybersecurity
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
Mitchell Langley November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Gabby Lee May 26, 2026
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Gabby Lee May 26, 2026
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Gabby Lee May 26, 2026
Cybersecurity
DragonForce Lists Indiana Greenhouse Firm Heartland Growers
Andrew Doyle May 26, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
Cybersecurity
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
IoT Security Crisis: Dahua Smart Camera Vulnerabilities Expose Surveillance Systems
July 31, 2025
Podcasts
Dropzone AI Secures $37M to Tackle Alert Fatigue with Autonomous SOC Analysts
July 30, 2025
Podcasts
Axonius Buys Cynerio for $100M+: Closing Healthcare’s Biggest Cybersecurity Blind Spot
July 30, 2025

Cyber Security News

Sam Altman's Eyeball-Scanning Orb Takes on a New Role in AI Integration
Cybersecurity
Sam Altman’s Eyeball-Scanning Orb Takes on a New Role in AI Integration
March 18, 2026
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
Cybersecurity
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
March 18, 2026
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
Cybersecurity
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
March 18, 2026
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Cybersecurity
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
March 18, 2026
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Cybersecurity
Identity-Based Access Control for AI Agents Is Now a Security Necessity
March 18, 2026
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Application Security
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
March 18, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Grafana Vulnerability: Addressing Critical Security Flaw in SCIM Component
November 24, 2025
Grafana has disclosed a critical vulnerability in its SCIM component, rated CVSS 10.0, potentially allowing privilege escalation. Addressing this is crucial for organizations to secure ...
CISA Urges Agencies to Patch Oracle Identity Manager Flaw Amid Exploits
November 24, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies about the need to patch a vulnerability in Oracle Identity Manager identified as ...
Inside Job: CrowdStrike Hacked by Insider Leaking Screenshots
November 23, 2025
CrowdStrike has confirmed an insider leaked internal screenshots to hackers. The incident, involving Scattered Lapsus$ Hunters, underscores the persistent insider threat in cybersecurity. As a ...
CISA Recognizes Oracle Fusion Middleware Flaw in Exploited Vulnerabilities Catalog
November 23, 2025
The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Oracle Fusion Middleware to its KEV catalog. Known as CVE-2025-61757, this vulnerability ...
Tsundere Botnet Expands Stealthily to Target Windows Users With JavaScript Malware
November 21, 2025
The Tsundere botnet, active since mid-2025, uses malicious JavaScript payloads on infected Windows devices. Kaspersky links its expansion to stealthy C2-driven execution.
Fired IT Contractor Used PowerShell Script to Lock Thousands of Workers Out of Accounts
November 21, 2025
A terminated IT contractor in Ohio used a PowerShell script to lock thousands of workers out of their accounts, pleading guilty to nearly $1 million ...
Salesforce Investigates Targeted Data Theft Attacks Linked to Gainsight Apps
November 21, 2025
Salesforce has revoked refresh tokens associated with Gainsight applications while probing targeted data theft attacks on customers linked to the applications.
Salesforce Discloses New Third-Party Breach Potentially Tied to ShinyHunters
November 21, 2025
Salesforce has disclosed yet another third-party breach, impacting hundreds of customers and possibly linked once again to the cybercriminal gang ShinyHunters.
Italian Railway Data Breach Traced to Third-Party IT Compromise
November 21, 2025
FS Italiane, Italy’s national railway operator, suffered a data exposure after a threat actor compromised Almaviva, the company’s IT service provider.
APT24 Deploys New BadAudio Malware in Ongoing Surveillance Campaign
November 21, 2025
APT24, a China-linked threat group, used a custom malware called BadAudio in a three-year surveillance operation, now evolving with advanced techniques.
Russian Hacking Suspect Arrested in Phuket After FBI Tip-Off
November 21, 2025
Thai authorities, helped by a tip from the FBI, have arrested a Russian hacking suspect in Phuket, linking the individual to major cyber breaches.
Android Trojan Sturnus Defeats Encrypted Messaging Apps with On-Screen Capture
November 21, 2025
The new Android malware dubbed Sturnus bypasses strong encryption in secure messaging apps by recording on-screen content and enabling full device control.
WhatsApp Enumeration Flaw Could Have Exposed 3.5 Billion Accounts
November 21, 2025
A vulnerability in WhatsApp's contact discovery protocol exposed the risk of mass account enumeration, allowing attackers to confirm up to 3.5 billion accounts.
SEC Drops SolarWinds Lawsuit Over 2020 SUNBURST Breach
November 21, 2025
The U.S. Securities and Exchange Commission has ended its litigation against SolarWinds and its CISO, closing a controversial chapter stemming from the 2020 SUNBURST attack.
Hackers Claim SAS Institute Breach, But Evidence Suggests Public, Outdated Files
November 21, 2025
Hackers claim to have breached SAS Institute and leaked source code, but the company and researchers confirm the data is outdated and publicly accessible
Preparing for the Quantum Threat: Palo Alto Networks CEO Predicts Security Overhaul by 2029
November 21, 2025
Palo Alto Networks CEO Nikesh Arora warns that nation-states may have quantum computing capabilities by 2029, requiring enterprises to replace security systems.
Sneaky2FA Phishing Kit Adds Browser-in-the-Browser Tool for Stealthier MFA Attacks
November 21, 2025
The Sneaky2FA phishing-as-a-service kit now includes Browser-in-the-Browser (BitB) support, enabling more deceptive and effective MFA phishing campaigns.
Palo Alto Networks to Acquire Chronosphere in $3.35 Billion Cloud Observability Deal
November 21, 2025
In a major strategic move, Palo Alto Networks is set to acquire cloud-native observability vendor Chronosphere for $3.35 billion, bolstering security and AIOps.
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
November 21, 2025
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
November 21, 2025
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Qilin Ransomware Batch-Lists 7 Victims Across Five Countries
Nightspire Ransomware Hits US Healthcare in Nine-Victim Batch
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
Underminr Flaw Lets Attackers Hide C2 Traffic on 88M Domains
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug