Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
Deepfake Vishing Incidents Surge by 170 in Q2 2025
News
Deepfake Vishing Incidents Surge by 170% in Q2 2025
Mitchell Langley August 13, 2025
Deepfake-enabled vishing attacks are skyrocketing, with criminals using AI-cloned voices to impersonate executives, officials, and loved ones. These scams bypass defenses, exploit trust, and are ...
August Infosec Releases Elastic EASE & Black Kite ASI Streamline Threat Response
News
August Infosec Spotlight: Elastic EASE & Black Kite ASI Advance AI Threat Detection
Gabby Lee August 13, 2025
Two new AI-driven tools—Elastic’s AI SOC Engine and Black Kite’s Adversary Susceptibility Index—are setting a new standard in cybersecurity by automating detection, enhancing context, and ...
Cybersecurity Complexity Due to Tool Sprawl and Multi-Vendor Ecosystems
Blog
Cybersecurity Complexity Due to Tool Sprawl and Multi-Vendor Ecosystems
Andrew Doyle August 13, 2025
Cybersecurity teams are drowning in complexity, not threats. Multi-vendor tool sprawl inflates costs, weakens visibility, and burns out staff—proving that smarter integration, not more tools, ...
Bitdefender Launches Cybersecurity Advisory Services to Address Security Gaps
Cybersecurity
Bitdefender Launches Cybersecurity Advisory Services to Address Security Gaps
Andrew Doyle August 12, 2025
Bitdefender has launched its Cybersecurity Advisory Services to help enterprises close skills gaps, strengthen compliance, and boost resilience. The program offers tailored strategy, risk management, ...
Palo Alto Networks Acquires CyberArk in 25 Billion Deal
Cybersecurity
Palo Alto Networks Acquires CyberArk in $25 Billion Deal
Gabby Lee August 12, 2025
Palo Alto Networks is acquiring CyberArk for $25B, marking one of cybersecurity’s largest deals. The move signals a strategic pivot to identity security, addressing human ...
UK Now Third Most Targeted Nation for Malware Attacks in 2025
Cybersecurity
UK Now Third Most Targeted Nation for Malware Attacks in 2025
Gabby Lee August 12, 2025
The UK is now the third most targeted country for malware, recording over 100 million attacks in three months. Rising ransomware, phishing, and identity fraud ...
US Becomes Ransomware Capital with 146 Increase in Attacks
Cybersecurity
US Becomes Ransomware Capital with 146% Increase in Attacks
Mitchell Langley August 12, 2025
The U.S. now accounts for 50% of global ransomware incidents, with attacks surging 146% year-over-year. Critical sectors like manufacturing, healthcare, and energy face escalating threats ...
Ransomware-as-a-Service (RaaS) Fuels Record Cyberattack Surge in 2025
Cybersecurity
Ransomware-as-a-Service (RaaS) Fuels Record Cyberattack Surge in 2025
Gabby Lee August 12, 2025
Ransomware-as-a-Service is driving a surge in cyberattacks, making sophisticated ransomware accessible to low-skilled criminals. With incidents up 149% in early 2025, experts warn that RaaS ...
Pacific HealthWorks Hit By Everest Ransomware; Patient Data From 50+ Practices Published
News
Pacific HealthWorks Hit By Everest Ransomware; Patient Data From 50+ Practices Published
Gabby Lee August 12, 2025
Everest ransomware posted hundreds of Pacific HealthWorks files, exposing patient and billing records from 50+ medical groups; leaked samples show SSNs, claims and medical IDs. ...
Kimsuky Data Leak Exposes 8.9GB of Alleged North Korean APT Tooling and Stolen Records
News
Kimsuky Data Leak Exposes 8.9GB of Alleged North Korean APT Tooling and Stolen Records
Gabby Lee August 12, 2025
Two hackers leaked an 8.9GB dump they say came from North Korea’s Kimsuky APT, exposing phishing logs, toolkits, source code and possible campaign data today. ...
U.S. Judiciary Confirms Breach Of Federal Court Electronic Records System
News
U.S. Judiciary Confirms Breach Of Federal Court Electronic Records System
Mitchell Langley August 12, 2025
The U.S. Federal Judiciary confirmed a cyberattack on its case management systems, prompting heightened security for sealed court filings amid escalating, sophisticated cyber threats targeting ...
MuddyWater’s DarkBit Ransomware Cracked, Allowing Free Data Recovery
News
MuddyWater’s DarkBit Ransomware Cracked, Allowing Free Data Recovery
Andrew Doyle August 12, 2025
Profero cracked DarkBit ransomware’s encryption, exploiting weak key generation to recover a victim’s ESXi server data for free, disrupting a politically driven MuddyWater-linked cyberattack.
Global Cybersecurity Spending Projected to Reach $213 Billion in 2025
Cybersecurity
Global Cybersecurity Spending Projected to Reach $213 Billion in 2025
Gabby Lee August 11, 2025
Global cybersecurity spending is projected to hit $213 billion in 2025, driven by rising ransomware threats, cloud adoption, and generative AI risks. Gartner forecasts sustained ...
Senate Committee Advances Nominee to Lead Cybersecurity Agency
Cybersecurity
Senate Committee Advances Nominee to Lead Cybersecurity Agency
Andrew Doyle August 11, 2025
Amid heightened scrutiny over election security and foreign cyber threats, the U.S. Senate Homeland Security Committee has advanced the nomination ...
Google Calendar Invites Let Researchers Hijack Gemini in Stealthy Prompt-Injection Attack
News
Google Calendar Invites Let Researchers Hijack Gemini in Stealthy Prompt-Injection Attack
Mitchell Langley August 11, 2025
Researchers used poisoned Google Calendar invites to exploit a Gemini vulnerability, enabling email exfiltration, smart-home control and other actions; Google says the bug is fixed. ...
Google Confirms Salesforce CRM Breach Exposed Google Ads Customers
News
Google Confirms Salesforce CRM Breach Exposed Google Ads Customers
Mitchell Langley August 11, 2025
Google confirms a Salesforce CRM breach exposed business contact information for prospective Google Ads customers; ShinyHunters claim roughly 2.55 million records were stolen in total. ...
WinRAR Zero-Day (CVE-2025-8088) Exploited in Phishing Attacks to Drop RomCom Backdoors
News
WinRAR Zero-Day (CVE-2025-8088) Exploited in Phishing Attacks to Drop RomCom Backdoors
Mitchell Langley August 11, 2025
WinRAR zero-day CVE-2025-8088 let attackers craft RARs that extract executables into autorun folders, enabling RomCom backdoors via spearphishing; the bug is fixed in WinRAR 7.13. ...
Ivy League University Hack Exposed Personal, Financial and Health Records of 868,969 People
News
Ivy League University Hack Exposed Personal, Financial and Health Records of 868,969 People
Andrew Doyle August 11, 2025
Columbia University says a May 16, 2025 network intrusion exposed personal, financial and health data for 868,969 people; the university offers two years of credit ...
U.S. Judiciary confirms cyberattack on court electronic records service, tightens access to sealed filings
News
U.S. Judiciary Confirms Cyberattack on Court Electronic Records Service, Tightens Access to Sealed Filings
Andrew Doyle August 11, 2025
The U.S. Judiciary confirmed a cyberattack on its electronic case systems, tightening access to sealed filings after reports suggested confidential informant identities were exposed publicly. ...
Cisco ISE Vulnerability Exposes Critical Remote Code Execution Risk Across Enterprise Networks
News
Cisco ISE Vulnerability Exposes Critical Remote Code Execution Risk Across Enterprise Networks
Mitchell Langley August 11, 2025
A critical Cisco ISE vulnerability (CVE-2025-20337) exposes systems to remote code execution and root access. Enterprises must upgrade to Patch 7 or Patch 2 immediately. ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Critical Lenovo Firmware Flaws Expose Millions to Persistent UEFI Attacks
July 30, 2025
Podcasts
Promptfoo Secures $18.4M to Combat AI Security Threats in Generative AI
July 30, 2025
Podcasts
1.1 Million Private Messages Leaked: Inside the Tea App Privacy Disaster
July 29, 2025

Cyber Security News

Teen Hacker Arrested in Spain for Major Data Breach Scheme
Cybersecurity
Teen Hacker Arrested in Spain for Major Data Breach Scheme
December 11, 2025
Satellite Signal Interruption Causes Porsche Immobilization in Russia
Cybersecurity
Satellite Signal Interruption Causes Porsche Immobilization in Russia
December 11, 2025
Ivanti Urges Immediate Patch for Endpoint Manager Vulnerability
CVE Vulnerability Alerts
Ivanti Urges Immediate Patch for Endpoint Manager Vulnerability
December 11, 2025
Prime Security Secures $20 Million to Advance AI-Powered Security Tools
Cybersecurity
Prime Security Secures $20 Million to Advance AI-Powered Security Tools
December 11, 2025
Microsoft Appoints New Operating CISOs to Enhance AI-Driven Cyberdefense
Cybersecurity
Microsoft Appoints New Operating CISOs to Enhance AI-Driven Cyberdefense
December 11, 2025
Fortinet Releases Fixes for Critical Vulnerabilities Affecting FortiOS and Other Products
Application Security
Fortinet Releases Fixes for Critical Vulnerabilities Affecting FortiOS and Other Products
December 11, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
August 28, 2025
Healthcare Services Group reports a late-2024 intrusion that exposed personal data for 624,000 people; company offers identity protection and continues forensic investigations.
PromptLock Ransomware Uses AI to Encrypt and Steal Data
August 28, 2025
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights risks of weaponized AI in ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
August 28, 2025
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand of 1.5 BTC was reported.
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations
August 28, 2025
The recent Salesforce data breach underscores a growing reality in cybersecurity: even when core SaaS platforms are secure, their third-party integrations often aren’t. Between August ...
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
August 28, 2025
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple AI platforms.
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
August 28, 2025
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not impacted, CNIL was notified.
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
August 28, 2025
A critical SSRF in Docker Desktop (CVE-2025-9074) let containers reach the Docker Engine API and bind host storage; Docker issued Docker Desktop 4.44.3 to fix ...
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
August 28, 2025
CISA warns of actively exploited Git vulnerability CVE-2025-48384 that enables arbitrary code execution via crafted submodules; federal patch deadline set for September 15.
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
August 28, 2025
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing credential-based attacks during US back-to-school ...
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
August 28, 2025
Citrix patches critical NetScaler RCE CVE-2025-7775 exploited in zero-day attacks; admins must upgrade affected NetScaler ADC and Gateway builds immediately.
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
August 28, 2025
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18, with services disrupted for nearly ...
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
August 28, 2025
Forbes found over 370,000 Grok conversations indexed by search engines after users clicked "share," exposing personal data, attachments, passwords, and illicit instructions including assassination plans.
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
August 28, 2025
Murky Panda hijacks trusted cloud relationships to reach downstream customers, abusing Entra ID and DAP paths, reading email, and escalating privileges after initial access via ...
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
August 28, 2025
Salesloft breach exposed Drift OAuth tokens used to access Salesforce instances; attackers extracted AWS keys, passwords, and Snowflake tokens to pivot and exfiltrate data.
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
August 28, 2025
A newly advertised data-scraping service claims to index 1.8 billion Discord messages, 207 million voice sessions, and profiles from 35 million users. Researchers warn the ...
Silk Typhoon Hackers Hijack Captive Portals to Deliver PlugX Backdoor
August 28, 2025
Silk Typhoon used captive-portal AitM redirects to deliver a signed dropper that decrypts and side-loads a PlugX-variant backdoor, GTIG reports and blocks domains.
Farmers Insurance Data Breach Impacts 1.1 Million Customers in Salesforce Cyberattack
August 28, 2025
Farmers Insurance confirmed a third-party vendor database was breached on May 29, exposing PII for 1,111,386 customers in the wider Salesforce data theft campaign.
AI Summary Injection Turns Summaries into Malware Delivery
August 28, 2025
Researchers show attackers hide malicious payloads in HTML using CSS obfuscation and prompt overdose so AI summaries output malware instructions that lead to ransomware execution.
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
August 28, 2025
Nissan has confirmed a data breach at its Tokyo-based subsidiary, Creative Box Inc. (CBI), following unauthorized access on August 16, 2025. The Qilin ransomware group ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited