Cyber Security
News
LinkedIn Becomes a Launchpad for Phishing Campaigns Targeting Executives
Cybercriminals are increasingly using LinkedIn to launch phishing campaigns targeting executives through direct messages. By exploiting professional trust and bypassing email defenses, attackers deliver malicious ...
Cybersecurity
Russian Initial Access Broker Pleads Guilty in Yanluowang Ransomware Campaign
A Russian national has pleaded guilty to serving as an initial access broker for the Yanluowang ransomware group, enabling breaches of at least eight U.S. ...
Application Security
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
CVE Vulnerability Alerts
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
Application Security
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Cybersecurity
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
News
Route Redirect Automates Large-Scale Microsoft 365 Phishing
Researchers uncovered Quantum Route Redirect, a phishing-as-a-service platform using over 1,000 fake Microsoft 365 domains to automate credential theft. With geo-fencing, redirect cloaking, and evasion ...
Application Security
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
NAKIVO has released Backup & Replication v11.1, adding real-time replication, enhanced Proxmox VE integration, granular physical backups, and MSP Direct Connect. The update boosts disaster ...
Cybersecurity
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Microsoft researchers revealed Whisper Leak, a side-channel flaw that allows attackers to infer AI chat content through encrypted HTTPS traffic analysis. By studying packet sizes ...
Application Security
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Security researchers disclosed three severe runC vulnerabilities (CVE-2024-21626, -23651, -23652) enabling container escapes in Docker and Kubernetes. The flaws allow host-level command injection and privilege ...
News
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
The Swiss NCSC warns of a phishing campaign impersonating Apple’s lost device alerts to steal Apple ID credentials. Attackers exploit users’ fear of losing iPhones ...
News
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
Israeli-made Graphite spyware has been used to target Italian political adviser Francesco Nicodemo, marking Italy’s fifth confirmed infection. The case intensifies concerns over state-backed surveillance, ...
Cybersecurity
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
QNAP released urgent patches for seven zero-day flaws exposed during Pwn2Own 2025, impacting QTS, QuTS hero, and other key NAS tools. The vulnerabilities posed serious ...
Application Security
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Security researchers report the return of GlassWorm, a malware campaign exploiting VSCode extension marketplaces. Three malicious extensions, downloaded over 10,000 times, embedded obfuscated JavaScript for ...
Cybersecurity
Sensitive Data at OB/GYN Associates Exposed in Data Breach
A data breach at OB/GYN Associates exposed personal and health-insurance information of some patients, prompting containment efforts, credit-monitoring offers and heightened guidance for affected individuals.
Cybersecurity
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
State-sponsored threat actors breached SonicWall’s cloud backup service, accessing firewall configuration files for all users and prompting urgent customer resets and governance reforms.
News
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation in Europe’s high-profile media-sector cyberattacks.
Application Security
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Microsoft’s latest Windows Insider build introduces major upgrades to Quick Machine Recovery and Smart App Control, enhancing system restoration speed and flexibility. The updates simplify ...
Application Security
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
Security researchers uncovered malicious NuGet packages embedded with time-delayed payloads set to activate in 2027–2028, targeting enterprise software and industrial systems. The stealthy implants exploit ...
CVE Vulnerability Alerts
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
A zero-day flaw in Samsung Galaxy devices (CVE-2025-21042) was exploited to deploy LANDFALL spyware across the Middle East, enabling full device compromise and covert data ...
TOP CYBERSECURITY HEADLINES
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Firefox 145 Brings Major Privacy Upgrade to Defend Against Fingerprinting
Mozilla’s Firefox 145 strengthens anti-fingerprinting defenses, curbing one of the web’s hardest-to-block tracking methods. The update standardizes system data reporting, limits API access, and reduces ...
Triofox CVE-2025-12480 Exploited in Attacks Despite Available Patch
Google’s Mandiant confirmed active exploitation of CVE-2025-12480, a critical authentication bypass flaw in Gladinet’s Triofox platform. The vulnerability allows unauthorized admin access and remote code ...
CISA Orders Federal Agencies to Patch Samsung Zero-Day Exploited by LandFall Spyware
CISA has issued an emergency directive after discovering active exploitation of a Samsung zero-day (CVE-2023-21492) used to deploy LandFall spyware via WhatsApp. The flaw disables ...
Konni Campaign Impersonates Human Rights Groups in Cross-Platform Espionage Operation
North Korea-linked APT group Konni is conducting new cyberattacks using social engineering and cross-platform malware for Android and Windows. Disguised as mental health or activism ...
Route Redirect Automates Large-Scale Microsoft 365 Phishing
Researchers uncovered Quantum Route Redirect, a phishing-as-a-service platform using over 1,000 fake Microsoft 365 domains to automate credential theft. With geo-fencing, redirect cloaking, and evasion ...
NAKIVO Enhances Disaster Recovery With Real-Time Replication and Multilingual Support
NAKIVO has released Backup & Replication v11.1, adding real-time replication, enhanced Proxmox VE integration, granular physical backups, and MSP Direct Connect. The update boosts disaster ...
Microsoft Reveals Whisper Leak Side-Channel Attack That Threatens LLM Communication Privacy
Microsoft researchers revealed Whisper Leak, a side-channel flaw that allows attackers to infer AI chat content through encrypted HTTPS traffic analysis. By studying packet sizes ...
Critical runC Vulnerabilities Undermine Container Isolation in Docker and Kubernetes
Security researchers disclosed three severe runC vulnerabilities (CVE-2024-21626, -23651, -23652) enabling container escapes in Docker and Kubernetes. The flaws allow host-level command injection and privilege ...
Swiss Cybersecurity Agency Warns of Phishing Scam Targeting Apple ID Credentials
The Swiss NCSC warns of a phishing campaign impersonating Apple’s lost device alerts to steal Apple ID credentials. Attackers exploit users’ fear of losing iPhones ...
Graphite Spyware Targets Italian Political Adviser Francesco Nicodemo
Israeli-made Graphite spyware has been used to target Italian political adviser Francesco Nicodemo, marking Italy’s fifth confirmed infection. The case intensifies concerns over state-backed surveillance, ...
QNAP Patches Seven Zero-Day Vulnerabilities Exploited at Pwn2Own 2025
QNAP released urgent patches for seven zero-day flaws exposed during Pwn2Own 2025, impacting QTS, QuTS hero, and other key NAS tools. The vulnerabilities posed serious ...
GlassWorm Returns With Malicious VSCode Extensions Infecting Thousands
Security researchers report the return of GlassWorm, a malware campaign exploiting VSCode extension marketplaces. Three malicious extensions, downloaded over 10,000 times, embedded obfuscated JavaScript for ...
Sensitive Data at OB/GYN Associates Exposed in Data Breach
A data breach at OB/GYN Associates exposed personal and health-insurance information of some patients, prompting containment efforts, credit-monitoring offers and heightened guidance for affected individuals.
SonicWall Confirms State-Sponsored Hackers Targeted Cloud Backup Service
State-sponsored threat actors breached SonicWall’s cloud backup service, accessing firewall configuration files for all users and prompting urgent customer resets and governance reforms.
KISS FM Hit by Rhysida Ransomware in Major Spanish Media Breach
Rhysida ransomware operators breached Spain’s KISS FM, stealing internal data and demanding 300 000 U.S. dollars, marking a new escalation in Europe’s high-profile media-sector cyberattacks.
Microsoft Enhances Quick Machine Recovery and Smart App Control in Windows Insider Build
Microsoft’s latest Windows Insider build introduces major upgrades to Quick Machine Recovery and Smart App Control, enhancing system restoration speed and flexibility. The updates simplify ...
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
Security researchers uncovered malicious NuGet packages embedded with time-delayed payloads set to activate in 2027–2028, targeting enterprise software and industrial systems. The stealthy implants exploit ...
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
A zero-day flaw in Samsung Galaxy devices (CVE-2025-21042) was exploited to deploy LANDFALL spyware across the Middle East, enabling full device compromise and covert data ...
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
A malicious Visual Studio Code extension mimicking “pyms-folders” was found on Microsoft’s marketplace, encrypting user files in a ransomware-like attack. Researchers believe the extension was ...
Cisco Warns of New Attack Variant Exploiting Secure Firewall ASA and FTD Vulnerabilities
Cisco has warned of a new attack variant targeting its Secure Firewall ASA and FTD devices, exploiting CVE-2025-20333 and CVE-2025-20362 in tandem for remote code ...