Main Menu
Cyber Security
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Under Armour Account Breach: 72.7 Million Accounts Impacted
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
Serious Bugs in Chainlit Could Expose Sensitive Credentials
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Google Chrome Introduces Option to Delete Local AI Models
Tennessee Hacker Admits Guilt in Supreme Court Filing System Breach
Monnai Secures $12 Million to Bolster Identity and Risk Data Services
New Chrome Extensions Disguised as HR Tools Pose Security Threat
Verizon Offers Compensation after Nationwide Wireless Service Outage
Microsoft Patch Tuesday Update Sparks Unrest in PCs
HPE OneView Mass Vulnerability Exploitation Threatens Government Agencies
Project Eleven Secures $20 Million Funding to Propel Post-Quantum Security
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
XSS Vulnerability in StealC Malware’s Control Panel Uncovered
Analyzing AI in Security Testing: SQL Injection Strong yet Fails in Controls
New Vulnerability Affects Google’s Fast Pair Bluetooth Protocol
New Attack Method, Reprompt, Poses Significant Risk to AI Chatbots
Critical Security Vulnerabilities: Redis Found at Risk of Unauthenticated RCE
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Visual Studio Code’s Copilot Studio Extension Now Widely Available
AWS CodeBuild Critical Security Flaw Exposed GitHub Repositories
Cisco Removes Hardcoded Root Account from Unified CM to Prevent Remote Takeover
News
Cisco Removes Hardcoded Root Account from Unified CM to Prevent Remote Takeover
Mitchell Langley July 4, 2025
Cisco warns of critical backdoor vulnerability in Unified Communications Manager allowing root access. No workaround exists—organizations must patch immediately to prevent remote system takeover.
Fake Crypto Wallet Add-ons Flood Firefox Store in Ongoing Credential Theft Campaign
News
Fake Crypto Wallet Add-ons Flood Firefox Store in Ongoing Credential Theft Campaign
Andrew Doyle July 4, 2025
Over 40 fake Firefox extensions posing as crypto wallets are stealing seed phrases. Victims unknowingly lose funds in attacks that mimic trusted browser plugins.
Qantas Confirms Data Breach Following Cyberattack on Third-Party Platform
News
Qantas Confirms Data Breach Following Cyberattack on Third-Party Platform
Mitchell Langley July 4, 2025
Qantas confirmed a cyberattack impacting six million customers. Linked to aviation-targeting threat actors, the breach highlights growing risks to identity systems and third-party platforms.
Stormous Ransomware: Unmasking the Pro-Russian Cyber Threat
Blog
Stormous Ransomware: The Pro-Russian Cyber Gang Targeting Global Networks
Gabby Lee July 3, 2025
Stormous ransomware is a pro-Russian ransomware gang using double extortion and RaaS tools to target global enterprises, especially in the U.S., Ukraine, and Europe.
The Rising Tide of Cybersecurity Threats in Hospitality: How Hotels Can Stay Secure this Summer
Blog
The Rising Tide of Cybersecurity Threats in Hospitality: How Hotels Can Stay Secure this Summer
Andrew Doyle July 2, 2025
Explore how hospitality businesses can defend against hotel cyber attacks, summer cyber threats, and guest data breaches with smart cybersecurity strategies tailored for the industry. ...
International Criminal Court Investigates Another Sophisticated Cyberattack
News
International Criminal Court Investigates Another Sophisticated Cyberattack
Andrew Doyle July 2, 2025
The International Criminal Court confirms a second cyberattack in two years, citing a sophisticated breach and ongoing threats targeting its global judicial infrastructure.
Aeza Group Sanctioned by U.S. Treasury for Enabling Cybercriminal Infrastructure
News
Aeza Group Sanctioned by U.S. Treasury for Enabling Cybercriminal Infrastructure
Mitchell Langley July 2, 2025
The U.S. Treasury sanctioned Aeza Group for hosting ransomware and malware infrastructure used by threat groups like BianLian, RedLine, and darknet marketplace BlackSprut.
Europol Busts $540 Million Crypto Fraud Ring Operating Across Multiple Countries
News
Europol Busts $540 Million Crypto Fraud Ring Operating Across Multiple Countries
Mitchell Langley July 1, 2025
Europol dismantles a $540 million crypto investment fraud ring targeting thousands across borders. The syndicate used AI tools, shell companies, and crypto wallets for laundering. ...
FBI Issues Alert as Cybercriminals Impersonate Health Fraud Investigators to Steal Patient Data
News
FBI Issues Alert as Cybercriminals Impersonate Health Fraud Investigators to Steal Patient Data
Andrew Doyle July 1, 2025
FBI warns of cybercriminals impersonating health fraud investigators to steal sensitive medical data. Fraudulent emails and texts are targeting patients and providers nationwide.
Johnson Controls Begins Notifying Individuals Impacted by 2023 Ransomware Attack
News
Johnson Controls Begins Notifying Individuals Impacted by 2023 Ransomware Attack
Mitchell Langley July 1, 2025
Johnson Controls is notifying individuals impacted by a 2023 ransomware attack that exposed data and disrupted global operations. Dark Angels ransomware group is believed responsible. ...
Ransomware Attack on Swiss Government Vendor Leads to Massive Data Leak
News
Ransomware Attack on Swiss Government Vendor Leads to Massive Data Leak
Andrew Doyle July 1, 2025
Switzerland confirms government data was stolen in a ransomware attack on Radix. Leaked records include documents, contracts, and communications now circulating on the dark web. ...
Europol Busts $540 Million Crypto Fraud Ring Operating Across Multiple Countries
News
Europol Busts $540 Million Crypto Fraud Ring Operating Across Multiple Countries
Mitchell Langley July 1, 2025
Europol dismantles a $540 million crypto investment fraud ring targeting thousands across borders. The syndicate used AI tools, shell companies, and crypto wallets for laundering. ...
Canada Orders Hikvision to Shut Down National Operations Over Security Concerns
News
Canada Orders Hikvision to Shut Down National Operations Over Security Concerns
Mitchell Langley July 1, 2025
Canada orders Hikvision to shut down operations after a national security review. Government bans all public sector use of Hikvision surveillance equipment nationwide.
This Week In Cybersecurity: 23rd June to 27th June
Cybersecurity Newsletter
This Week In Cybersecurity: 23rd June to 27th June
Andrew Doyle June 30, 2025
News Stories New ‘FileFix’ Attack Exploits Windows File Explorer to Deliver Stealthy Commands Threat actors use the search-ms URI protocol ...
INC Ransomware: TTPs, Impact and Mitigation
Blog
INC Ransomware: TTPs, Impact and Mitigation
Gabby Lee June 30, 2025
INC Ransomware is a sophisticated threat actor employing advanced techniques for devastating double extortion attacks. This in-depth analysis reveals their methods, targets, and the critical ...
Cyberattack on Hannaford Exposes Data of Over 2.2 Million, Including 95,000 Mainers
News
Cyberattack on Hannaford Exposes Data of Over 2.2 Million, Including 95,000 Mainers
Andrew Doyle June 30, 2025
A cyberattack on Hannaford in late 2024 exposed personal data of over 2.2 million people, including 95,000 Mainers, affecting customers and employees alike.
Scattered Spider Expands Attacks to Aviation and Transportation Sectors
News
Scattered Spider Expands Attacks to Aviation and Transportation Sectors
Mitchell Langley June 30, 2025
Scattered Spider hackers have shifted their campaign toward aviation and transport, exploiting identity systems and help desks to breach major airlines using sophisticated social engineering. ...
Scattered Spider Ransomware Group Turns Its Focus to North American Airlines
News
Scattered Spider Ransomware Group Turns Its Focus to North American Airlines
Andrew Doyle June 30, 2025
Scattered Spider ransomware group is now targeting North American airlines, with Hawaiian Airlines likely the first victim in a wider campaign against aviation and transportation. ...
Data Breaches at Sheffield City Council Surge to Three-Year High Amid Growing Cybersecurity Concerns
News
Data Breaches at Sheffield City Council Surge to Three-Year High Amid Growing Cybersecurity Concerns
Mitchell Langley June 30, 2025
Sheffield City Council faced over 1,500 data breaches since 2022, paying £20,000 in claims amid rising human error and cyberattack incidents targeting local governments.
Massive Data Breach Hits U.S. Federal Bureau of Prisons, Exposes Sensitive Inmate Information
News
Massive Data Breach Hits U.S. Federal Bureau of Prisons, Exposes Sensitive Inmate Information
Mitchell Langley June 30, 2025
A major data breach allegedly targeting the U.S. Federal Bureau of Prisons has exposed 320GB of sensitive inmate and staff records, prompting a federal investigation. ...
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Cybersecurity
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
Mitchell Langley January 22, 2026
Under Armour Account Breach 72.7 Million Accounts Impacted
Data Security
Under Armour Account Breach: 72.7 Million Accounts Impacted
Gabby Lee January 22, 2026
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
News
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
Andrew Doyle January 20, 2026
GootLoader Employs Malformed ZIP Files to Evade Detection
News
GootLoader Employs Malformed ZIP Files to Evade Detection
Gabby Lee January 19, 2026

TOP CYBERSECURITY HEADLINES

Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
Cybersecurity
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Cybersecurity
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Contagious Interview Campaign Targets Multiple Sectors Worldwide
News
Contagious Interview Campaign Targets Multiple Sectors Worldwide
Zoom's Critical Security Update Resolves Severe Vulnerability
CVE Vulnerability Alerts
Zoom’s Critical Security Update Resolves Severe Vulnerability

This Week’s Security Spotlight

TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
Canada's Investment Watchdog Suffers Massive Data Breach 750,000 Impacted by CIRO Security Incident
Data Security
Canada’s Investment Watchdog Suffers Massive Data Breach: 750,000 Impacted by CIRO Security Incident
Mitchell Langley January 18, 2026
AMD's ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Endpoint Security
AMD’s ‘StackWarp’ Exploit Raises Concerns for Confidential Virtual Machines
Gabby Lee January 18, 2026
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Cybersecurity
Court Dismisses Investor Dispute Against CrowdStrike Due to Insufficient Evidence
Mitchell Langley January 15, 2026
More In News
Trending
Illinois Man Charged for Snapchat Phishing Scheme
Email Security’s True Challenge: Evaluating Post-access Threats
How Misconfigured Email Routing Opens the Door for Credential Theft
Phishers Pose as Booking.com to Compromise European Hotels

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Scattered Spider Strikes Again: Inside the VMware ESXi Ransomware Tactics
July 28, 2025
Podcasts
Koske Malware Hides in Panda Images, Weaponizes AI to Target Linux
July 25, 2025
Podcasts
Operation Checkmate: BlackSuit Ransomware’s Dark Web Sites Seized
July 25, 2025

Cyber Security News

Amazon Web Services Confronts Service Failures What Went Wrong and Lessons Learned
Cybersecurity
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
November 25, 2025
Defensive Strategies Against New ClickFix Ransomware Tactics
Data Security
Defensive Strategies Against New ClickFix Ransomware Tactics
November 25, 2025
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Cybersecurity
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
November 25, 2025
Harvard Experiences Data Breach via Vishing Attack
Data Security
Harvard Experiences Data Breach via Vishing Attack
November 25, 2025
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
Data Security
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
November 25, 2025
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
CVE Vulnerability Alerts
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
November 24, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Google Calendar Invites Let Researchers Hijack Gemini in Stealthy Prompt-Injection Attack
August 11, 2025
Researchers used poisoned Google Calendar invites to exploit a Gemini vulnerability, enabling email exfiltration, smart-home control and other actions; Google says the bug is fixed. ...
Google Confirms Salesforce CRM Breach Exposed Google Ads Customers
August 11, 2025
Google confirms a Salesforce CRM breach exposed business contact information for prospective Google Ads customers; ShinyHunters claim roughly 2.55 million records were stolen in total. ...
WinRAR Zero-Day (CVE-2025-8088) Exploited in Phishing Attacks to Drop RomCom Backdoors
August 11, 2025
WinRAR zero-day CVE-2025-8088 let attackers craft RARs that extract executables into autorun folders, enabling RomCom backdoors via spearphishing; the bug is fixed in WinRAR 7.13. ...
Ivy League University Hack Exposed Personal, Financial and Health Records of 868,969 People
August 11, 2025
Columbia University says a May 16, 2025 network intrusion exposed personal, financial and health data for 868,969 people; the university offers two years of credit ...
U.S. Judiciary Confirms Cyberattack on Court Electronic Records Service, Tightens Access to Sealed Filings
August 11, 2025
The U.S. Judiciary confirmed a cyberattack on its electronic case systems, tightening access to sealed filings after reports suggested confidential informant identities were exposed publicly. ...
Cisco ISE Vulnerability Exposes Critical Remote Code Execution Risk Across Enterprise Networks
August 11, 2025
A critical Cisco ISE vulnerability (CVE-2025-20337) exposes systems to remote code execution and root access. Enterprises must upgrade to Patch 7 or Patch 2 immediately. ...
Free Wi-Fi Loophole Lets Hackers Breach Smart Bus Control Systems
August 11, 2025
A new cybersecurity investigation has revealed that the same free passenger Wi-Fi offered on many smart buses is directly connected to critical onboard systems — ...
RiteCheck Notifies Nearly 70,000 After Year-Old Cyberattack Exposed Sensitive Customer Data
August 11, 2025
Nearly 70,000 customers and employees of RiteCheck had personal and payment data exposed in a 2024 breach. Notification letters were only sent out this week. ...
BlackSuit Ransomware and Royal Operations Breached 450+ U.S. Companies
August 8, 2025
DHS reports BlackSuit and Royal ransomware gangs hit over 450 U.S. victims, collected $370 million, and saw infrastructure seized in international Operation Checkmate last month. ...
Pandora Confirms Third-Party Data Breach, Advises Customers to Stay Alert
August 8, 2025
Pandora confirms a third-party data breach exposing customer names and emails, warns users of potential phishing risks as attackers exploit basic contact details without breaching ...
CISA Orders Federal Agencies to Patch Critical Exchange Hybrid Vulnerability by Monday Morning
August 8, 2025
CISA orders federal agencies to fix a critical Exchange hybrid vulnerability (CVE-2025-53786) by Monday; migration to a dedicated hybrid app is required to prevent tenant ...
Bouygues Telecom Data Breach Exposes 6.4 Million Customers’ Information
August 8, 2025
Bouygues Telecom confirms cyberattack exposed personal data for 6.4 million customers, including contact details and IBANs; investigation ongoing and authorities notified; customers informed via SMS. ...
Technical Glitch Briefly Erases Sections of U.S. Constitution from Congress.gov, Restored Quickly
August 8, 2025
Critical sections of the Constitution briefly vanished from Congress.gov due to a software glitch; the Library of Congress restored them within hours and is implementing ...
ReVault: Critical Dell Firmware Flaws Allow Windows Login Bypass and Persistent Implants
August 7, 2025
In a powerful reminder that hardware security is just as critical as software defense, Cisco Talos researchers have uncovered “ReVault,” a collection of five high-severity ...
Air France–KLM Data Breach Exposes Customer Info via Compromised Third-Party Platform
August 7, 2025
The aviation industry has suffered yet another major cybersecurity incident. Air France and KLM have confirmed a data breach impacting customer records via an external ...
Critical Flaws in CyberArk Conjur and HashiCorp Vault Put Enterprise Secrets at Risk
August 7, 2025
Enterprise secrets managers—long considered the most secure components in modern infrastructure—are now under fire. In a groundbreaking report, cybersecurity firm Cyata revealed 14 critical zero-day ...
Prompt Injection Nightmare: Critical AI Vulnerabilities in ChatGPT, Copilot, Gemini & More
August 7, 2025
Enterprise AI assistants are revolutionizing productivity—but they’re also opening new doors for cyberattacks. In this episode, we explore explosive research from Zenity Labs, which reveals ...
Air France and KLM Confirm Third-Party Data Breach Impacting Customer Information
August 7, 2025
Air France and KLM have confirmed a data breach via a third-party vendor, exposing personal information of loyalty members and airline customers to potential cyber ...
Akira Ransomware Disables Microsoft Defender Using Intel Driver Exploit in New Wave of Attacks
August 7, 2025
Akira ransomware disables Microsoft Defender using Intel’s driver in BYOVD attacks. Researchers warn of new techniques, SonicWall VPN exploits, and trojanized IT tool installers.
MagentaTV Data Leak Exposes Over 324 Million Logs Linked to Deutsche Telekom’s Streaming Platform
August 7, 2025
A data leak tied to Deutsche Telekom’s MagentaTV platform exposed over 324 million logs, including user IPs, MAC addresses, and session details.
Threat Actors Exploit Misconfigured Security Training Apps for Cloud Breaches
aiFWall Launches to Elevate AI Protection in Cyber Security
Microsoft Recommends Fix for Outlook Freezing Post-Windows Updates
Cloudflare Addresses ACME Validation Flaw Exposing Origin Servers
CyberNut Secures $5 Million Funding to Enhance K-12 Security Awareness
Contagious Interview Campaign Targets Multiple Sectors Worldwide
Zoom’s Critical Security Update Resolves Severe Vulnerability
Security Updates from Zoom and GitLab Address Critical Vulnerabilities
Under Armour Account Breach: 72.7 Million Accounts Impacted
PcComponentes Faces Credential Stuffing Attack: Denies Data Breach Claims
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads
Critical Vulnerabilities Identified in Git Model Context Protocol Server by Anthropic
Serious Bugs in Chainlit Could Expose Sensitive Credentials
Google Gemini’s Vulnerability to Prompt Injection: Accessing Sensitive Calendar Information
SolyxImmortal An Info-Stealer Abusing Trusted APIs and Discord Webhooks
Google Gemini Security Vulnerability Exposes Google Calendar to Data Exploitation
Jordanian Hacker Pleads Guilty to Selling Network Access in the United States
Ingram Micro Faces Data Breach Impacting 42,000 Individuals’ Personal Information
U.K. Authorities Alerted to Russian-Aligned Hacktivist DDoS Threats