Main Menu
Cyber Security
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
ShadowV2 Botnet: A Test Run Amidst AWS Outage
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
London Councils Face Cyberattack: Resident Data Potentially Compromised
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Gainsight Data Breach: Company Downplays Impact
HashJack Attack Unveils a New Cybersecurity Vulnerability
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Tor Introduces Counter Galois Onion Encryption for Improved Security
Microsoft Exchange Online Outage: Customer Access Disrupted
Delta Dental of Virginia Incident Exposes Personal and Health Information
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
SitusAMC Admits to Data Breach Impacting Client Information
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
Defensive Strategies Against New ClickFix Ransomware Tactics
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Harvard Experiences Data Breach via Vishing Attack
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
How TTP-Based Defenses Outperform Traditional IoC Hunting
Blog
How TTP-Based Defenses Outperform Traditional IoC Hunting
Gabby Lee November 17, 2025
Behavior-based detection is replacing traditional IoC-driven security as organizations focus on identifying attacker tactics and behaviors instead of static indicators. By analyzing TTPs like credential ...
Chinese APT Leveraged Claude AI for Automated Espionage Operation
News
Chinese APT Leveraged Claude AI for Automated Espionage Operation
Andrew Doyle November 17, 2025
Chinese APT group GTG-1002 has been caught abusing Anthropic’s Claude AI to automate phishing, malware development, and reconnaissance tasks. The campaign marks a major shift ...
North Korean ‘Contagious Interview’ Campaign Evolves With JSON-Based Malware Delivery
News
North Korean ‘Contagious Interview’ Campaign Evolves With JSON-Based Malware Delivery
Gabby Lee November 17, 2025
North Korea’s “Contagious Interview” campaign is evolving with new stealth techniques, using legitimate JSON-based storage services to host malware delivered through trojanized developer tools. NVISO ...
Amazon Identifies Massive NPM Package Flooding Attack as Token-Farming Campaign
Cybersecurity
Amazon Identifies Massive NPM Package Flooding Attack as Token-Farming Campaign
Mitchell Langley November 17, 2025
Attackers flooded the npm registry with thousands of benign-looking packages designed to harvest crypto-related authentication tokens rather than deploy malware. Amazon researchers say the large-scale ...
Logitech Confirms Data Breach After Clop Ransomware Attacks Oracle Systems
Application Security
Logitech Confirms Data Breach After Clop Ransomware Attacks Oracle Systems
Gabby Lee November 17, 2025
Clop exploited an unpatched Oracle E-Business Suite flaw to steal corporate data from Logitech, prompting the company to confirm exposure while emphasizing no operational disruption. ...
U.S. DOJ Secures Guilty Pleas in North Korea IT Worker and Crypto Fraud Case
Cybersecurity
U.S. DOJ Secures Guilty Pleas in North Korea IT Worker and Crypto Fraud Case
Gabby Lee November 17, 2025
A recently unsealed DOJ case reveals five defendants have pleaded guilty to helping North Korean operatives infiltrate U.S. companies as remote IT workers using stolen ...
CISA Warns of Akira Ransomware Targeting Nutanix AHV Virtual Machines
Application Security
CISA Warns of Akira Ransomware Targeting Nutanix AHV Virtual Machines
Andrew Doyle November 17, 2025
Akira ransomware now targets Nutanix AHV virtual machines, encrypting .qcow2 files, exploiting SonicWall vulnerabilities, and rapidly exfiltrating data across Linux-based enterprise environments.
DoorDash Discloses October Cybersecurity Breach Exposing User Contact Information
Cybersecurity
DoorDash Discloses October Cybersecurity Breach Exposing User Contact Information
Mitchell Langley November 17, 2025
DoorDash disclosed a new data breach after a social engineering attack exposed user contact information in October, prompting concerns over delayed notification and heightened phishing ...
IndonesianFoods Worm Overwhelms npm With 100,000 Auto-Generated Packages
Cybersecurity
IndonesianFoods Worm Overwhelms npm With 100,000 Auto-Generated Packages
Gabby Lee November 16, 2025
A self-replicating npm worm named IndonesianFoods has flooded the registry with over 100,000 packages, raising major supply-chain security concerns despite the absence of malicious code.
Kraken Ransomware Evolves With System Benchmarking, Cisco Warns
News
Kraken Ransomware Evolves With System Benchmarking, Cisco Warns
Andrew Doyle November 16, 2025
Kraken ransomware benchmarks system performance to choose full or partial encryption, enabling efficient data theft and encryption across Windows, Linux, and VMware ESXi networks globally.
Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts
Cybersecurity
Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts
Mitchell Langley November 16, 2025
A FortiWeb path traversal flaw is being actively exploited to create unauthorized admin accounts on unpatched devices, prompting urgent patching and security reviews by administrators.
ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers
CVE Vulnerability Alerts
ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers
Gabby Lee November 16, 2025
ASUS released urgent firmware updates to fix a critical authentication bypass flaw in multiple DSL routers, warning users to patch immediately and disable internet-exposed services.
Hamburg’s Miniatur Wunderland Hit by Cyberattack Exposing Credit Card Data
Cybersecurity
Hamburg’s Miniatur Wunderland Hit by Cyberattack Exposing Credit Card Data
Mitchell Langley November 13, 2025
Hamburg’s Miniatur Wunderland suffered a cyberattack that compromised its online ticket system, leaking visitors’ credit card data and potentially exposing thousands to fraud and identity ...
Data Leak Exposes Francis Frith’s Historic Photo Archive Customers
Cybersecurity
Data Leak Exposes Francis Frith’s Historic Photo Archive Customers
Gabby Lee November 13, 2025
A misconfigured database exposed over 300,000 Francis Frith customers’ personal details, including names and emails, putting buyers of the UK’s historic photo archive at phishing ...
Microsoft Expands Passwordless Security With Third-Party Passkey Manager Support in Windows 11
Application Security
Microsoft Expands Passwordless Security With Third-Party Passkey Manager Support in Windows 11
Andrew Doyle November 13, 2025
Windows 11 now supports third-party passkey managers like 1Password and Bitwarden, allowing users to authenticate with FIDO-compliant passkeys beyond Microsoft’s own tools. The update strengthens ...
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
Cybersecurity
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
Mitchell Langley November 13, 2025
The U.K. is overhauling its cybersecurity laws to better protect critical infrastructure from escalating cyberattacks, expanding NIS regulations to cover more sectors and third-party providers. ...
CISO Forum 2025 Summit Explores AI, Cloud Risk, and Governance Realities
Cybersecurity
CISO Forum 2025: Summit Explores AI, Cloud Risk, and Governance Realities
Gabby Lee November 13, 2025
The 2025 CISO Forum Virtual Summit highlighted how modern CISOs must balance innovation with expanding attack surfaces. Sessions focused on AI governance, cloud security, and ...
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Cybersecurity
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Andrew Doyle November 13, 2025
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
News
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
Mitchell Langley November 13, 2025
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
Cybersecurity
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
Gabby Lee November 13, 2025
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
Asahi Cyberattack Exposes Extensive Data Breach A Blow to Japan's Brewer Giant
Cybersecurity
Asahi Cyberattack Exposes Extensive Data Breach: A Blow to Japan’s Brewer Giant
Gabby Lee November 28, 2025
Comcast's $1.5 Million Settlement in Data Breach Incident with FCC
Data Security
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
Andrew Doyle November 27, 2025
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Cybersecurity
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Andrew Doyle November 27, 2025
ShadowV2 Botnet A Test Run Amidst AWS Outage
Cybersecurity
ShadowV2 Botnet: A Test Run Amidst AWS Outage
Andrew Doyle November 27, 2025

TOP CYBERSECURITY HEADLINES

Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Cybersecurity
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Network Security
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Comcast's $1.5 Million Settlement in Data Breach Incident with FCC
Data Security
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC

This Week’s Security Spotlight

Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Mitchell Langley November 27, 2025
London Councils Face Cyberattack Resident Data Potentially Compromised
Cybersecurity
London Councils Face Cyberattack: Resident Data Potentially Compromised
Mitchell Langley November 27, 2025
Microsoft Exchange Online Outage Customer Access Disrupted
Cybersecurity
Microsoft Exchange Online Outage: Customer Access Disrupted
Gabby Lee November 26, 2025
Harvard Experiences Data Breach via Vishing Attack
Data Security
Harvard Experiences Data Breach via Vishing Attack
Gabby Lee November 25, 2025
More In News
Trending
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
Dutch Police Dismantle Bulletproof Hosting Platform Used by Cybercriminals
Fraudsters Spoof U.S. Insurers in Health Scam Targeting Chinese Speakers
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot
October 23, 2025
Podcasts
Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents
October 23, 2025
Podcasts
Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover
October 23, 2025

Cyber Security News

Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cybersecurity
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
November 24, 2025
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Data Security
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
November 24, 2025
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Cybersecurity
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
November 24, 2025
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Application Security
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
November 24, 2025
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Cybersecurity
British Teenagers in Court for TfL Cybersecurity Breach Allegations
November 24, 2025
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
Application Security
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
November 24, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Amazon Identifies Massive NPM Package Flooding Attack as Token-Farming Campaign
November 17, 2025
Attackers flooded the npm registry with thousands of benign-looking packages designed to harvest crypto-related authentication tokens rather than deploy malware. Amazon researchers say the large-scale ...
Logitech Confirms Data Breach After Clop Ransomware Attacks Oracle Systems
November 17, 2025
Clop exploited an unpatched Oracle E-Business Suite flaw to steal corporate data from Logitech, prompting the company to confirm exposure while emphasizing no operational disruption. ...
U.S. DOJ Secures Guilty Pleas in North Korea IT Worker and Crypto Fraud Case
November 17, 2025
A recently unsealed DOJ case reveals five defendants have pleaded guilty to helping North Korean operatives infiltrate U.S. companies as remote IT workers using stolen ...
CISA Warns of Akira Ransomware Targeting Nutanix AHV Virtual Machines
November 17, 2025
Akira ransomware now targets Nutanix AHV virtual machines, encrypting .qcow2 files, exploiting SonicWall vulnerabilities, and rapidly exfiltrating data across Linux-based enterprise environments.
DoorDash Discloses October Cybersecurity Breach Exposing User Contact Information
November 17, 2025
DoorDash disclosed a new data breach after a social engineering attack exposed user contact information in October, prompting concerns over delayed notification and heightened phishing ...
IndonesianFoods Worm Overwhelms npm With 100,000 Auto-Generated Packages
November 16, 2025
A self-replicating npm worm named IndonesianFoods has flooded the registry with over 100,000 packages, raising major supply-chain security concerns despite the absence of malicious code.
Kraken Ransomware Evolves With System Benchmarking, Cisco Warns
November 16, 2025
Kraken ransomware benchmarks system performance to choose full or partial encryption, enabling efficient data theft and encryption across Windows, Linux, and VMware ESXi networks globally.
Fortinet FortiWeb Vulnerability Exploited to Create Unauthorized Admin Accounts
November 16, 2025
A FortiWeb path traversal flaw is being actively exploited to create unauthorized admin accounts on unpatched devices, prompting urgent patching and security reviews by administrators.
ASUS Patches Critical Authentication Bypass Vulnerability in DSL Series Routers
November 16, 2025
ASUS released urgent firmware updates to fix a critical authentication bypass flaw in multiple DSL routers, warning users to patch immediately and disable internet-exposed services.
Hamburg’s Miniatur Wunderland Hit by Cyberattack Exposing Credit Card Data
November 13, 2025
Hamburg’s Miniatur Wunderland suffered a cyberattack that compromised its online ticket system, leaking visitors’ credit card data and potentially exposing thousands to fraud and identity ...
Data Leak Exposes Francis Frith’s Historic Photo Archive Customers
November 13, 2025
A misconfigured database exposed over 300,000 Francis Frith customers’ personal details, including names and emails, putting buyers of the UK’s historic photo archive at phishing ...
Microsoft Expands Passwordless Security With Third-Party Passkey Manager Support in Windows 11
November 13, 2025
Windows 11 now supports third-party passkey managers like 1Password and Bitwarden, allowing users to authenticate with FIDO-compliant passkeys beyond Microsoft’s own tools. The update strengthens ...
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
November 13, 2025
The U.K. is overhauling its cybersecurity laws to better protect critical infrastructure from escalating cyberattacks, expanding NIS regulations to cover more sectors and third-party providers. ...
CISO Forum 2025: Summit Explores AI, Cloud Risk, and Governance Realities
November 13, 2025
The 2025 CISO Forum Virtual Summit highlighted how modern CISOs must balance innovation with expanding attack surfaces. Sessions focused on AI governance, cloud security, and ...
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
November 13, 2025
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
November 13, 2025
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
November 13, 2025
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
November 13, 2025
Google has filed a lawsuit against a China-based cybercriminal group behind the “Lighthouse” Phishing-as-a-Service toolkit, used in mass SMS phishing (smishing) attacks. The case seeks ...
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
November 12, 2025
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers a critical Hyper-V remote code ...
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
November 12, 2025
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
ShadowV2 Botnet: A Test Run Amidst AWS Outage
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
London Councils Face Cyberattack: Resident Data Potentially Compromised
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Gainsight Data Breach: Company Downplays Impact
HashJack Attack Unveils a New Cybersecurity Vulnerability
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Tor Introduces Counter Galois Onion Encryption for Improved Security
Microsoft Exchange Online Outage: Customer Access Disrupted
Delta Dental of Virginia Incident Exposes Personal and Health Information
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
SitusAMC Admits to Data Breach Impacting Client Information