Main Menu
Cyber Security
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak
Russian Hackers Exploit Hyper-V to Hide Malware in Linux Virtual Machines
Attackers Exploit Critical Plugin Flaw to Hijack Admin Access on 400,000+ WordPress Sites
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Google’s November 2025 Android Security Update Fixes Critical Remote Code Execution Flaw
Swedish Privacy Regulator Launches Investigation Into Miljödata Cyberattack
Microsoft Plans to Retire Defender Application Guard for Office by 2027
Nikkei Slack Breach Exposes 17,000 Employees’ and Partners’ Data
Emergency WSUS Patch Breaks Hotpatching Function for Windows Server 2025 Systems
SleepyDuck Malware Poses Supply Chain Threat Through Fake VS Code Extension
How Device Code Phishing Abuses OAuth Flows on Google and Azure
Balancer Protocol Breached in $128 Million Attack on DeFi Pools
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Indian Government Issues High-Severity Warning for Google Chrome Users
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
CVE Vulnerability Alerts
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
Andrew Doyle October 27, 2025
CISA warns that a critical Lanscope Endpoint Manager flaw (CVE-2025-61932) is being exploited in the wild, prompting urgent patching and endpoint management lockdowns globally.
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
Cybersecurity
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
Mitchell Langley October 27, 2025
Moroccan cybercriminals—tracked as Jingle Thief/Atlas Lion/Storm-0539—use sophisticated phishing and Entra ID abuse to hijack Microsoft 365 workflows and issue fraudulent gift cards at scale. Their ...
Iran-Linked APT Deploys Phoenix Backdoor Against 100+ Government Organisations
Cybersecurity
Iran-Linked APT Deploys Phoenix Backdoor Against 100+ Government Organisations
Mitchell Langley October 27, 2025
Iran-linked MuddyWater deployed Phoenix v4 backdoor via spear-phishing to over 100 government organisations, using trusted tools and stealth techniques to enable global espionage operations.
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Application Security
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Gabby Lee October 27, 2025
Researchers warn of rising “AI sidebar spoofing” attacks in browsers like Atlas and Comet, where fake AI panels mimic trusted interfaces to steal credentials, deploy ...
Maryland Paratransit Ransomware Disrupts Mobility New Ride Requests Halted
News
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
Andrew Doyle October 27, 2025
A ransomware attack on Maryland’s Transit Administration crippled paratransit scheduling, disrupting transportation for disabled riders. The Rhysida group claimed responsibility, demanding ransom after locking key ...
LG Uplus Confirms Major Server Breach Following Industrywide Cyberattacks
Cybersecurity
LG Uplus Confirms Major Server Breach Following Industrywide Cyberattacks
Mitchell Langley October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Toys “R” Us Canada Data Breach Customer Records Exposed to Cyber Threats
Data Security
Toys “R” Us Canada Data Breach: Customer Records Exposed to Cyber Threats
Gabby Lee October 27, 2025
Toys “R” Us Canada confirmed a cyber incident exposing customer names, addresses, emails, and phone numbers. While no financial data was leaked, experts warn the ...
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
Cybersecurity
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
Andrew Doyle October 27, 2025
PhantomCaptcha spear-phishing campaign targeted over a dozen Ukraine relief organisations using fake CAPTCHA and WebSocket RAT chains to infiltrate humanitarian networks and steal intelligence.
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
Cybersecurity
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
Mitchell Langley October 27, 2025
Lithuanian police dismantled a massive bot farm in Vilnius, seizing 75,000 SIM cards and hundreds of SIM boxes used for large-scale cyber fraud and fake ...
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
Cybersecurity
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
Gabby Lee October 27, 2025
FinWise’s insider breach exposed nearly 700,000 customer records and revealed weak encryption controls, underscoring that data encryption—and key governance—must stand as the final line of ...
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Cybersecurity
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Andrew Doyle October 22, 2025
Hackers exposed data of nearly 1,000 DHS, DOJ, and FBI staff, escalating threats against federal officers amid politically charged cyberattacks and cartel-linked bounty schemes.
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
Cybersecurity
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
Syed Arslan October 22, 2025
INC Ransom claims to have stolen 47GB of data from Summit Golf Brands, threatening a public leak as part of its escalating multi-extortion ransomware campaign.
Attackers Exploit OAuth Tokens After Password Resets
Cybersecurity
Attackers Exploit OAuth Tokens After Password Resets
Andrew Doyle October 22, 2025
Proofpoint warns hackers are abusing internal OAuth apps to maintain access even after password resets and MFA, enabling persistent control of Microsoft 365 mailboxes and ...
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
Cybersecurity
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
Mitchell Langley October 22, 2025
Attackers are exploiting CVE-2025-33073 in Windows SMB to gain SYSTEM privileges, prompting CISA to mandate urgent patching and SMB signing enforcement before November 10.
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
Resources
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
Gabby Lee October 22, 2025
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact, and practical strategies to prevent ...
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Application Security
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Andrew Doyle October 22, 2025
CISA confirmed active exploitation of Oracle E-Business Suite CVE-2025-61884 SSRF, urging immediate patching and network hardening after leaked exploits enabled data-theft and extortion campaigns.
CISA Updates KEV Catalog 5 Exploited Vulnerabilities Confirmed
CVE Vulnerability Alerts
CISA Updates KEV Catalog: 5 Exploited Vulnerabilities Confirmed
Mitchell Langley October 22, 2025
CISA has added 15 actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog for October 2025, covering flaws in Microsoft, Oracle, Apple, Juniper, and ...
Supply Chain Attack 'GlassWorm' Malware Infects VS Code Extensions
Application Security
Supply Chain Attack: ‘GlassWorm’ Malware Infects VS Code Extensions
Gabby Lee October 22, 2025
A newly discovered malware dubbed GlassWorm has infected over 35,800 Visual Studio Code extensions, marking one of the most advanced supply chain attacks to date. ...
Prosper Data Breach 17.6 Million Accounts Compromised
Data Security
Prosper Data Breach: 17.6 Million Accounts Compromised
Andrew Doyle October 22, 2025
Prosper has confirmed a major data breach affecting 17.6 million individuals after attackers accessed its customer databases. Exposed data includes names, SSNs, and employment details, ...
Myanmar Military Dismantles Cybercrime Hub, Over 2,000 Arrested
Cybersecurity
Myanmar Military Dismantles Cybercrime Hub, Over 2,000 Arrested
Andrew Doyle October 22, 2025
Myanmar’s military has dismantled the notorious KK Park scam compound near the Thai border, detaining over 2,000 people in one of Southeast Asia’s largest cybercrime ...
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Application Security
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Andrew Doyle November 7, 2025
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Cybersecurity
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Gabby Lee November 6, 2025
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
Mitchell Langley November 6, 2025
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
News
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Mitchell Langley November 6, 2025

TOP CYBERSECURITY HEADLINES

Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
News
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Cybersecurity
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
Application Security
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Cybersecurity
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack

This Week’s Security Spotlight

Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Gabby Lee November 6, 2025
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Application Security
Malicious Android Apps Garner 40 Million Downloads on Google Play, Zscaler Finds
Mitchell Langley November 4, 2025
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Application Security
OpenAI Assistants API Abused in New Malware Campaign Leveraging Covert C2 Channel
Gabby Lee November 3, 2025
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Data Security
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Andrew Doyle November 2, 2025
More In News
Trending
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
11 Types of Social Engineering Attacks and How to Prevent Them
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot
October 23, 2025
Podcasts
Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents
October 23, 2025
Podcasts
Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover
October 23, 2025

Cyber Security News

Indian Government Issues High-Severity Warning for Google Chrome Users
Application Security
Indian Government Issues High-Severity Warning for Google Chrome Users
November 3, 2025
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
Cybersecurity
South Korea’s Telecom Giants Grapple With Cyber Breaches and Executive Shakeups
November 3, 2025
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
Data Security
Proton Warns of 300 Million Stolen Credentials Fueling Global Data Breach Crisis
November 3, 2025
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
Data Security
University of Pennsylvania Data Breach Exposes 1.2 Million Donor Records
November 2, 2025
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
Application Security
Open VSX Access Tokens Leaked, Allowing Malicious Extensions in Supply Chain Threat
November 2, 2025
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
Application Security
Bronze Butler Exploited Zero-Day in Motex Lanscope to Deploy Gokcpdoor Malware
November 2, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
October 27, 2025
A global wave of remote code execution attacks is targeting outdated WordPress plugins, including GutenKit, Hunk Companion, and WP Ghost. Despite available patches, sluggish updates ...
Exploitable Bug in Rust async-tar Library — TARmageddon Gives Attackers RCE
October 27, 2025
The TARmageddon flaw (CVE-2025-62518) in Rust’s async-tar and tokio-tar libraries allows remote code execution via desynchronized TAR parsing. Exploited through nested archives, it threatens CI/CD, ...
Critical WSUS Flaw (CVE-2025-61884) Drives Elevated RCE Attacks on Windows Server
October 27, 2025
A critical RCE flaw, CVE-2025-59287, in Microsoft WSUS allows unauthenticated attackers to gain SYSTEM access via unsafe deserialization. Despite patches, active exploitation continues, prompting urgent ...
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
October 27, 2025
SessionReaper (CVE-2025-54236) is being actively exploited in Adobe Commerce and Magento stores, enabling account takeover and web-shell deployment as more than 60% of installations remain ...
Blue Cross Blue Shield of Montana Breach Exposes Data of 462,000 Members
October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Post-Patch ‘ToolShell’ Exploit: CVE-2025-53770 Abused in Microsoft SharePoint
October 27, 2025
Chinese state-backed hackers are exploiting a critical Microsoft SharePoint flaw, CVE-2025-53770 “ToolShell,” enabling unauthenticated remote code execution and data theft. Despite emergency patches, exploitation persists, ...
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
October 27, 2025
CISA warns that a critical Lanscope Endpoint Manager flaw (CVE-2025-61932) is being exploited in the wild, prompting urgent patching and endpoint management lockdowns globally.
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
October 27, 2025
Moroccan cybercriminals—tracked as Jingle Thief/Atlas Lion/Storm-0539—use sophisticated phishing and Entra ID abuse to hijack Microsoft 365 workflows and issue fraudulent gift cards at scale. Their ...
Iran-Linked APT Deploys Phoenix Backdoor Against 100+ Government Organisations
October 27, 2025
Iran-linked MuddyWater deployed Phoenix v4 backdoor via spear-phishing to over 100 government organisations, using trusted tools and stealth techniques to enable global espionage operations.
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
October 27, 2025
Researchers warn of rising “AI sidebar spoofing” attacks in browsers like Atlas and Comet, where fake AI panels mimic trusted interfaces to steal credentials, deploy ...
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
October 27, 2025
A ransomware attack on Maryland’s Transit Administration crippled paratransit scheduling, disrupting transportation for disabled riders. The Rhysida group claimed responsibility, demanding ransom after locking key ...
LG Uplus Confirms Major Server Breach Following Industrywide Cyberattacks
October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Toys “R” Us Canada Data Breach: Customer Records Exposed to Cyber Threats
October 27, 2025
Toys “R” Us Canada confirmed a cyber incident exposing customer names, addresses, emails, and phone numbers. While no financial data was leaked, experts warn the ...
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
October 27, 2025
PhantomCaptcha spear-phishing campaign targeted over a dozen Ukraine relief organisations using fake CAPTCHA and WebSocket RAT chains to infiltrate humanitarian networks and steal intelligence.
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
October 27, 2025
Lithuanian police dismantled a massive bot farm in Vilnius, seizing 75,000 SIM cards and hundreds of SIM boxes used for large-scale cyber fraud and fake ...
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
October 27, 2025
FinWise’s insider breach exposed nearly 700,000 customer records and revealed weak encryption controls, underscoring that data encryption—and key governance—must stand as the final line of ...
Perplexity Comet AI Browser Launch Exploited in Coordinated Impersonation Scam
October 27, 2025
The launch of Perplexity’s Comet AI browser — a major step forward in AI-assisted browsing — was almost immediately hijacked by cybercriminals. Within weeks of ...
Lazarus Group Targets European UAV Firms in North Korea’s Drone Espionage Push
October 27, 2025
A new wave of cyber-espionage attacks reveals North Korea’s deepening effort to steal critical defense technologies from Europe. In a sophisticated campaign dubbed Operation Dream ...
Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak
October 24, 2025
Toys “R” Us Canada has confirmed a customer data breach after records from its database appeared on the dark web on July 30, 2025, prompting ...
Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution
October 24, 2025
A dangerous zero-day vulnerability in Kyocera Communications subsidiary Motex’s Lanscope Endpoint Manager has triggered a global cybersecurity alert after being actively exploited in real-world attacks. ...
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
U.S. Sanctions North Korean Financial Network Over Cybercrime-Funded Weapons Program
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
Gootloader Resurfaces After Hiatus, Leveraging SEO Poisoning to Spread Malware
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
CISA Warns of Ongoing Exploitation of Critical CentOS Web Panel Flaw
U.K. Mobile Carriers to Block Number Spoofing in Major Anti-Fraud Network Upgrade
ALT5 Sigma Pursues Legal Action Following Insider Data Breach
Italian Newspaper Il Manifesto Exposes Reader Data in Massive Database Leak