Cyber Security
Application Security
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Microsoft has added a new web-based feature to the Microsoft Store that lets users create a single installer for multiple apps. The enhancement simplifies deployments, ...
Cybersecurity
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
Google has uncovered AI-driven malware capable of mutating its code during execution, evading traditional detection tools. By embedding machine learning models directly into payloads, attackers ...
News
Gootloader Resurfaces After Hiatus, Leveraging SEO Poisoning to Spread Malware
The Gootloader malware gang has resurfaced after months of inactivity, reviving its signature SEO poisoning attacks. By manipulating search results to distribute malicious downloads through ...
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Hyundai AutoEver America is now investigating a data breach that led to unauthorized access to sensitive personal information belonging to ...
Application Security
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
SonicWall has attributed its 2023 security breach to a suspected state-sponsored APT group that accessed firewall configuration backups. While no personal data was exposed, the ...
CVE Vulnerability Alerts
CISA Warns of Ongoing Exploitation of Critical CentOS Web Panel Flaw
CISA has warned of active exploitation of a critical flaw (CVE-2022-44877) in CentOS Web Panel, allowing unauthenticated remote code execution. Administrators are urged to patch ...
Information Security
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
The U.K. is launching a nationwide crackdown on phone scams as major mobile carriers partner with GCHQ to deploy anti-spoofing technology that blocks fake U.K. ...
Cybersecurity
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
ALT5 Sigma Corp has sued a former consultant for unauthorized data access, citing potential operational harm and reinforcing insider threat management as a key governance ...
Cybersecurity
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
Il Manifesto exposed millions of user logs and subscriber emails through an unsecured database, revealing politically sensitive reader data and analytics without password protection or ...
News
SquareX Named SINET16 Innovator for Browser Detection and Response
PALO ALTO, Calif., November 5, SquareX, a pioneer in the Browser Detection and Response (BDR) space, announced it has been ...
News
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Rhysida ransomware is spreading malware via malicious Bing ads targeting Microsoft Teams, Zoom, and PuTTY users while abusing code-signing certificates to evade detection and appear ...
Cybersecurity
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Russian hackers used Hyper-V to deploy a hidden Linux VM hosting custom malware, bypassing typical endpoint detection and enabling stealthy long-term access in target networks.
Application Security
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
A zero-day flaw in the Post SMTP WordPress plugin—installed on over 400,000 sites—is under active exploitation, allowing attackers to hijack admin accounts via a misconfigured ...
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Zscaler has uncovered a massive Android malware campaign distributing malicious apps through Google Play, amassing over 40 million downloads. The apps, posing as legitimate tools, ...
Application Security
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Google’s November 2025 Android security bulletin fixes a critical remote code execution flaw in the Android System component that could allow network-based compromise without user ...
Data Security
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Sweden’s privacy watchdog has launched a GDPR investigation into Miljödata after a major breach exposed sensitive health and employment records of 1.5 million people. The ...
News
Europol Busts €600M Crypto Fraud and Laundering Network
Europol has arrested nine suspects accused of running a €600 million cryptocurrency fraud and laundering network spanning multiple countries. The operation, coordinated across Spain and ...
Application Security
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Microsoft will retire Defender Application Guard for Office beginning February 2026, with full end-of-support by December 2027. The move marks a strategic shift toward cloud-based ...
News
Apache Disputes Akira Ransomware Claims Against OpenOffice Project
The Apache Software Foundation has denied claims by the Akira ransomware gang that it breached the Apache OpenOffice project and stole 23GB of data. ASF’s ...
Information Security
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
Japanese media giant Nikkei has disclosed a Slack data breach exposing personal information of over 17,000 employees and partners. The incident, discovered in October 2023 ...
TOP CYBERSECURITY HEADLINES
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
Application Security
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
This Week’s Security Spotlight
Application Security
Drupal Issues Highly Critical Patch, Exploits Expected Within Hours
Application Security
SAP S/4HANA SQL Injection CVE-2026-34260 Rated CVSS 9.6
CVE Vulnerability Alerts
Dell DSA-2026-047: CVSS 9.8 Hard-Coded Credentials in ECS Storage
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Gootloader Resurfaces After Hiatus, Leveraging SEO Poisoning to Spread Malware
The Gootloader malware gang has resurfaced after months of inactivity, reviving its signature SEO poisoning attacks. By manipulating search results to distribute malicious downloads through ...
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Hyundai AutoEver America is now investigating a data breach that led to unauthorized access to sensitive personal information belonging to employees and contractors. The automotive ...
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
SonicWall has attributed its 2023 security breach to a suspected state-sponsored APT group that accessed firewall configuration backups. While no personal data was exposed, the ...
CISA Warns of Ongoing Exploitation of Critical CentOS Web Panel Flaw
CISA has warned of active exploitation of a critical flaw (CVE-2022-44877) in CentOS Web Panel, allowing unauthenticated remote code execution. Administrators are urged to patch ...
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
The U.K. is launching a nationwide crackdown on phone scams as major mobile carriers partner with GCHQ to deploy anti-spoofing technology that blocks fake U.K. ...
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
ALT5 Sigma Corp has sued a former consultant for unauthorized data access, citing potential operational harm and reinforcing insider threat management as a key governance ...
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
Il Manifesto exposed millions of user logs and subscriber emails through an unsecured database, revealing politically sensitive reader data and analytics without password protection or ...
SquareX Named SINET16 Innovator for Browser Detection and Response
PALO ALTO, Calif., November 5, SquareX, a pioneer in the Browser Detection and Response (BDR) space, announced it has been named a SINET16 Innovator for ...
Rhysida Ransomware Gang Exploits Bing Ads to Spread Malware
Rhysida ransomware is spreading malware via malicious Bing ads targeting Microsoft Teams, Zoom, and PuTTY users while abusing code-signing certificates to evade detection and appear ...
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Russian hackers used Hyper-V to deploy a hidden Linux VM hosting custom malware, bypassing typical endpoint detection and enabling stealthy long-term access in target networks.
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
A zero-day flaw in the Post SMTP WordPress plugin—installed on over 400,000 sites—is under active exploitation, allowing attackers to hijack admin accounts via a misconfigured ...
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Zscaler has uncovered a massive Android malware campaign distributing malicious apps through Google Play, amassing over 40 million downloads. The apps, posing as legitimate tools, ...
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Google’s November 2025 Android security bulletin fixes a critical remote code execution flaw in the Android System component that could allow network-based compromise without user ...
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Sweden’s privacy watchdog has launched a GDPR investigation into Miljödata after a major breach exposed sensitive health and employment records of 1.5 million people. The ...
Europol Busts €600M Crypto Fraud and Laundering Network
Europol has arrested nine suspects accused of running a €600 million cryptocurrency fraud and laundering network spanning multiple countries. The operation, coordinated across Spain and ...
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Microsoft will retire Defender Application Guard for Office beginning February 2026, with full end-of-support by December 2027. The move marks a strategic shift toward cloud-based ...
Apache Disputes Akira Ransomware Claims Against OpenOffice Project
The Apache Software Foundation has denied claims by the Akira ransomware gang that it breached the Apache OpenOffice project and stole 23GB of data. ASF’s ...
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
Japanese media giant Nikkei has disclosed a Slack data breach exposing personal information of over 17,000 employees and partners. The incident, discovered in October 2023 ...
Critical React Native NPM Vulnerability Enables Cross-Platform Command Execution
A critical flaw in a popular React Native NPM package, CVE-2025-11953, enables arbitrary code execution on Windows, macOS, and Linux, threatening CI/CD pipelines.
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
A rushed out-of-band patch for a critical WSUS vulnerability has unintentionally broken hotpatching on Windows Server 2025, disabling one of its key uptime features. Administrators ...