Cyber Security
Opera GX Flaw Let Malicious Sites Silently Install Mods on 25M Users
TrojPix Leaks Data from Air-Gapped PCs via Video Cable Emissions
SkillCloak Lets Malicious AI Agent Skills Evade 90% of Static Scanners
Zscaler: Two Active Campaigns Hijack AI Agents for Crypto Theft
Google and FBI Seize NetNut Proxy Network Used by 316 Threat Actors
PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords
CVE-2026-8451 Exploited Within 24 Hours of Citrix NetScaler Patch
ToddyCat APT’s Umbrij Tool Reads Corporate Gmail via OAuth Silently
Apple Hide My Email Still Leaks Real Addresses After Claimed Fix
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Unit 42 Confirms 13,000 Malicious Phantom Squatting Sites
Trump Administration Lifts Claude Fable 5 Access Restrictions
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
CISA Adds SharePoint RCE CVE-2026-45659 to KEV Catalog
Poisoned Email Turns Claude Desktop Into a Reverse Shell
Adobe’s Seven CVSS 10.0 Flaws Span ColdFusion and Campaign Classic
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries
FortiBleed True Scale: 430,000 Firewalls Targeted, INC and Lynx Linked
Unpatched Argo CD RCE Puts Kubernetes Clusters at Risk
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
DeepSeek Built Browser Ransomware Using Chrome File System API
Scattered Spider Suspect Peter Stokes Extradited From Finland
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Attackers Hit Oracle EBS CVE-2026-46817 Days After Patch
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
BioShocking Attack Turns AI Browsers Into Credential Thieves
Blog
Endpoint Security Solutions: How to Protect Every Enterprise Device
Discover what endpoint security solutions are, how EDR and EPP work, and how to implement enterprise endpoint protection.
Cybersecurity
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Google's GTIG disclosed UNC6508, a China-nexus group that maintained silent email forwarding inside US medical and military research networks for more than two years using ...
Application Security
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Defused confirmed active exploitation of CVE-2026-39813 and CVE-2026-39808 in FortiSandbox, chained with CVE-2026-25089 to deliver unauthenticated root code execution across seven financial and critical infrastructure ...
CVE Vulnerability Alerts
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued a 13-day federal deadline.
Application Security
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
Cybersecurity
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
Cybersecurity
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
DOJ seized CFAKE.com and SOCFAKE.com in the first TAKE IT DOWN Act enforcement, following a French arrest of the 31-year-old SOCFAKE operator and 340,000 registered ...
Cybersecurity
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
CybersecurityNews and SOCRadar exposed The Quarry, a PhaaS platform active since April 2026 running IRS and SSA impersonation campaigns that silently install ConnectWise ScreenConnect for ...
Cybersecurity
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
Application Security
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
Cybersecurity
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
ShinyHunters claims 61 million records stolen from Sysco's Salesforce CRM, including pricing schedules and contact data, with a June 18 publication deadline.
Blog
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Application Security
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot source code.
Cybersecurity
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police Department in Texas.
Cybersecurity
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Application Security
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
Application Security
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Cybersecurity
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.
Application Security
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
MalExt Sentry found 23 Chrome extensions routing 758,000 users' search queries through attacker relay servers to generate unauthorized advertising revenue.
Application Security
India IDRBT .bank.in Registry Leaked 5,576 Employee Records
Application Security
JADEPUFFER: First AI-Orchestrated Ransomware Exploits Langflow RCE
Cybersecurity
Qilin Ransomware Claims Canadian Manufacturer Chamco Industries

TOP CYBERSECURITY HEADLINES

This Week’s Security Spotlight

Application Security
DuneSlide Flaws Let Prompt Injection Break Cursor AI Sandbox
Application Security
DeepSeek Built Browser Ransomware Using Chrome File System API
CVE Vulnerability Alerts
Citrix Patches Six NetScaler Flaws Including HTTP/2 Bomb Vector
Application Security
Apple Patches 30+ Flaws as AI Systems Earn WebKit CVE Credit
Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
Cisco released patches for CVE-2026-20262, an unauthenticated server-side request forgery flaw in SD-WAN Manager now actively exploited, as CISA issued a 13-day federal deadline.
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
CISA added LiteSpeed cPanel CVE-2026-54420 to its KEV catalog with a 48-hour deadline as exploitation of the unauthenticated REST API privilege escalation flaw was confirmed ...
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
North Korean APT37 deployed NarwhalRAT, a new backdoor with encrypted custom C2, via fake Microsoft OTP security alerts targeting South Korean defense and crypto sectors.
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
DOJ seized CFAKE.com and SOCFAKE.com in the first TAKE IT DOWN Act enforcement, following a French arrest of the 31-year-old SOCFAKE operator and 340,000 registered ...
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
CybersecurityNews and SOCRadar exposed The Quarry, a PhaaS platform active since April 2026 running IRS and SSA impersonation campaigns that silently install ConnectWise ScreenConnect for ...
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
ESET Research disclosed WIN_DRV, a kernel-mode Windows rootkit linked to China-aligned Earth Lusca — the first confirmed Windows variant of SprySOCKS — signed with a ...
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal all managed AI API keys.
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
CVE-2026-48558, a critical OIDC authentication bypass in SimpleHelp RMM, lets unauthenticated attackers gain full admin access on 14,000 exposed servers.
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
ShinyHunters claims 61 million records stolen from Sysco's Salesforce CRM, including pricing schedules and contact data, with a June 18 publication deadline.
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Scareware tricks users with fake virus warnings into paying for rogue security software. Learn how it works, examples, and how to remove it.
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Lapsus$ listed 3,800 stolen GitHub internal repositories for sale 25 days after the confirmed breach, including Copilot, CodeQL, and Dependabot source code.
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Nightspire ransomware listed four US victims including Blue Nile Medical Center with 3,000 exposed patient EHR records and Silsbee Police Department in Texas.
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Oleksii Lytvynenko, a Ukrainian national extradited from Ireland, pleaded guilty to developing the malware loader that delivered Conti ransomware payloads.
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
Attackers hijacked Awesome Motive's CDN to push a backdoor to OptinMonster, TrustPulse, and PushEngage, creating rogue admin accounts on WordPress sites.
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Varonis disclosed a three-step vulnerability chain in Microsoft 365 Copilot that allowed attackers to steal emails and documents with a single crafted link.
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
Novo Nordisk confirmed a breach exposing pseudonymized clinical trial biomarker data and healthcare provider records. No threat actor claimed responsibility.
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
MalExt Sentry found 23 Chrome extensions routing 758,000 users' search queries through attacker relay servers to generate unauthorized advertising revenue.
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
TheGentlemen ransomware posted 20 new victims across 14 countries, including Croatia's Health Ministry and Denmark's National Museum, using double extortion.
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Two Chrome ad blocker extensions captured conversations from 90,000 users across ChatGPT, Claude, Gemini, and five other AI platforms, researchers found.
Triple Extortion Ransomware: How It Works and How to Stop It
Triple extortion ransomware attacks combine encryption, data theft, and DDoS pressure to coerce payment from multiple angles. This guide explains the full attack lifecycle, real-world ...