Main Menu
Cyber Security
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
cPanel and WHM Patch Three CVEs, Two Rated High Severity
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Fake Claude AI Site Delivers New Beagle Windows Backdoor
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Booking.com Confirms Unauthorized Access Compromising User Data
Application Security
Booking.com Confirms Unauthorized Access Compromising User Data
Mitchell Langley April 14, 2026
Unauthorized access at Booking.com exposes user and reservation data, raising cybersecurity concerns.
LinkedIn's Browser Extension Draws Corporate Espionage Allegations
Application Security
LinkedIn’s Browser Extension Draws Corporate Espionage Allegations
Gabby Lee April 14, 2026
Examination of allegations linking LinkedIn's browser extension to corporate espionage conducted by Microsoft.
OpenAI Responds to Supply Chain Attack Affecting macOS Security
Application Security
OpenAI Responds to Supply Chain Attack Affecting macOS Security
Andrew Doyle April 14, 2026
OpenAI confronts potential compromise of macOS code signing certificate due to North Korean-linked Axios supply chain attack.
Juniper Networks Addresses Critical Junos OS Vulnerabilities
Cybersecurity
Juniper Networks Addresses Critical Junos OS Vulnerabilities
Andrew Doyle April 13, 2026
Remote exploitation of Junos OS flaw could lead to device takeover.
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
Application Security
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
Mitchell Langley April 13, 2026
New Zig dropper in GlassWorm campaign targets IDEs, posing threats to developers.
LucidRook Malware Targets Taiwanese Universities and NGOs
News
LucidRook Malware Targets Taiwanese Universities and NGOs
Gabby Lee April 13, 2026
Exploration of LucidRook, a Lua-based malware targeting NGOs and universities in Taiwan linked to UAT-10362.
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
Cybersecurity
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
Gabby Lee April 13, 2026
Public views are invited on radiofrequency jammers to help shape laws targeting cybercrime devices.
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
Cybersecurity
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
Andrew Doyle April 13, 2026
Discover how $100 million in AI resources are being deployed to detect critical vulnerabilities in open source software through Project Glasswing.
AI Browser Extensions Pose a Hidden Risk to Network Security
Application Security
AI Browser Extensions Pose a Hidden Risk to Network Security
Gabby Lee April 13, 2026
Exploring the overlooked risks AI browser extensions pose to network security.
Critical Marimo Vulnerability Is Now Being Actively Exploited for Credential Theft
Application Security
Critical Marimo Vulnerability Is Now Being Actively Exploited for Credential Theft
Andrew Doyle April 13, 2026
Marimo faces a severe RCE vulnerability allowing credential theft. Immediate action is crucial.
Cybercriminals Target Venice’s Flood Control Systems, Exposing Dangerous Gaps in Urban Security
Cybersecurity
Cybercriminals Target Venice’s Flood Control Systems, Exposing Dangerous Gaps in Urban Security
Mitchell Langley April 13, 2026
Hackers have infiltrated Venice's crucial San Marco flood defenses, revealing vulnerabilities in operational technology.
Adobe Addresses Critical Flaw in Acrobat Reader with Emergency Updates
CVE Vulnerability Alerts
Adobe Addresses Critical Flaw in Acrobat Reader with Emergency Updates
Gabby Lee April 13, 2026
Adobe releases emergency patches to fix a critical flaw in Acrobat Reader actively exploited in the wild, CVE-2026-34621.
Emerging Threats in Malware Recent Developments in Software Vulnerabilities
Application Security
Emerging Threats in Malware: Recent Developments in Software Vulnerabilities
Andrew Doyle April 13, 2026
New malicious npm packages, deceptive LNK files, and compromised servers illustrate evolving malware tactics.
U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs
Cybersecurity
U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs
Mitchell Langley April 13, 2026
U.S. cybersecurity agencies warn of Iran-linked APTs exploiting exposed Rockwell PLCs, urging swift disconnection.
CPUID Website Was Briefly Compromised to Spread Remote Access Trojan
Application Security
CPUID Website Was Briefly Compromised to Spread Remote Access Trojan
Gabby Lee April 13, 2026
Threat actors compromised the CPUID site for less than 24 hours, deploying a remote access trojan.
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Cybersecurity
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
Mitchell Langley April 10, 2026
Atomic Stealer malware targets macOS users, using Script Editor in campaigns exploiting ClickFix attack variations.
Chaos Malware Expands Its Reach to Cloud Deployments
Cybersecurity
Chaos Malware Expands Its Reach to Cloud Deployments
Gabby Lee April 10, 2026
Chaos malware is now targeting misconfigured cloud systems, moving beyond just routers and edge gear.
APT28 Deploys PRISMEX Malware Against Ukraine and Its Allies
News
APT28 Deploys PRISMEX Malware Against Ukraine and Its Allies
Andrew Doyle April 10, 2026
Russian APT28 exploits spear-phishing in Ukraine with a novel malware, PRISMEX, harnessing advanced steganography and COM hijacking.
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
Cybersecurity
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
Mitchell Langley April 10, 2026
OpenSSL patches seven vulnerabilities, with several posing serious Denial of Service attack risks alongside a notable data leakage flaw.
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Application Security
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
Gabby Lee April 10, 2026
CISA mandates U.S. agencies to patch critical Ivanti EPMM vulnerability within four days as active exploitation continues.
Application Security
CVE-2026-7482 in Ollama Exposes 300,000 AI Servers to Memory Leaks
Gabby Lee May 11, 2026
Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
Andrew Doyle May 11, 2026
Cybersecurity
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Mitchell Langley May 11, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
Cybersecurity
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Cybersecurity
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator

This Week’s Security Spotlight

Cybersecurity
NVIDIA GeForce NOW Breach Exposes Armenian Users’ Data
Andrew Doyle May 11, 2026
Application Security
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
Andrew Doyle May 11, 2026
Cybersecurity
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Gabby Lee May 11, 2026
Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
More In News
Trending
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Tax Season Never Really Ends for Hackers

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot
October 23, 2025
Podcasts
Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents
October 23, 2025
Podcasts
Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover
October 23, 2025

Cyber Security News

FTC Bans Data Broker Kochava from Selling Americans Location Data
Cybersecurity
FTC Bans Data Broker Kochava from Selling Americans Location Data
May 6, 2026
Apache CVE-2026-23918 Enables DoS and RCE in HTTP2 -- Patch to 2.4.67
Application Security
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
May 6, 2026
China-Linked UAT-8302 Targets Governments in South America and Europe
Cybersecurity
China-Linked UAT-8302 Targets Governments in South America and Europe
May 6, 2026
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Cybersecurity
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
May 6, 2026
Microsoft AiTM Phishing Hit 35,000 Users in 26 Countries
Cybersecurity
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
May 6, 2026
Palo Alto CVE-2026-0300 Under Active Attack -- Patch Due May 13
CVE Vulnerability Alerts
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
May 6, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Juniper Networks Addresses Critical Junos OS Vulnerabilities
April 13, 2026
Remote exploitation of Junos OS flaw could lead to device takeover.
GlassWorm Campaign Deploys New Zig Dropper to Target Developer IDEs
April 13, 2026
New Zig dropper in GlassWorm campaign targets IDEs, posing threats to developers.
LucidRook Malware Targets Taiwanese Universities and NGOs
April 13, 2026
Exploration of LucidRook, a Lua-based malware targeting NGOs and universities in Taiwan linked to UAT-10362.
UK Government Seeks Public Input on Radiofrequency Jammers to Shape Upcoming Legislation
April 13, 2026
Public views are invited on radiofrequency jammers to help shape laws targeting cybercrime devices.
$100 Million AI Initiative Targets Hidden Vulnerabilities in Open Source Software
April 13, 2026
Discover how $100 million in AI resources are being deployed to detect critical vulnerabilities in open source software through Project Glasswing.
AI Browser Extensions Pose a Hidden Risk to Network Security
April 13, 2026
Exploring the overlooked risks AI browser extensions pose to network security.
Critical Marimo Vulnerability Is Now Being Actively Exploited for Credential Theft
April 13, 2026
Marimo faces a severe RCE vulnerability allowing credential theft. Immediate action is crucial.
Cybercriminals Target Venice’s Flood Control Systems, Exposing Dangerous Gaps in Urban Security
April 13, 2026
Hackers have infiltrated Venice's crucial San Marco flood defenses, revealing vulnerabilities in operational technology.
Adobe Addresses Critical Flaw in Acrobat Reader with Emergency Updates
April 13, 2026
Adobe releases emergency patches to fix a critical flaw in Acrobat Reader actively exploited in the wild, CVE-2026-34621.
Emerging Threats in Malware: Recent Developments in Software Vulnerabilities
April 13, 2026
New malicious npm packages, deceptive LNK files, and compromised servers illustrate evolving malware tactics.
U.S. Cybersecurity Agencies Warn of Rising Threats From Exposed Rockwell Automation PLCs
April 13, 2026
U.S. cybersecurity agencies warn of Iran-linked APTs exploiting exposed Rockwell PLCs, urging swift disconnection.
CPUID Website Was Briefly Compromised to Spread Remote Access Trojan
April 13, 2026
Threat actors compromised the CPUID site for less than 24 hours, deploying a remote access trojan.
Atomic Stealer Exploits Script Editor in a New Attack Targeting macOS Users
April 10, 2026
Atomic Stealer malware targets macOS users, using Script Editor in campaigns exploiting ClickFix attack variations.
Chaos Malware Expands Its Reach to Cloud Deployments
April 10, 2026
Chaos malware is now targeting misconfigured cloud systems, moving beyond just routers and edge gear.
APT28 Deploys PRISMEX Malware Against Ukraine and Its Allies
April 10, 2026
Russian APT28 exploits spear-phishing in Ukraine with a novel malware, PRISMEX, harnessing advanced steganography and COM hijacking.
Seven Vulnerabilities Patched in OpenSSL, Several Enabling DoS Attacks
April 10, 2026
OpenSSL patches seven vulnerabilities, with several posing serious Denial of Service attack risks alongside a notable data leakage flaw.
U.S. Agencies Given Four Days to Patch Critical Ivanti EPMM Vulnerability
April 10, 2026
CISA mandates U.S. agencies to patch critical Ivanti EPMM vulnerability within four days as active exploitation continues.
Critical RCE Flaw in Apache ActiveMQ Classic Went Undetected for 13 Years
April 10, 2026
A serious RCE flaw in Apache ActiveMQ Classic hid for 13 years, posing new risks.
A $30,000 AI GPU Still Loses to Consumer Hardware in Password Cracking
April 10, 2026
Investigating why consumer GPUs outperform a $30,000 AI GPU in password cracking.
Massachusetts Hospital Faces Service Interruptions Amid Cyberattack
April 10, 2026
Signature Healthcare hospital in Massachusetts was forced to cancel some services after a cyberattack disrupted operations.
RansomHouse Breaches Trellix; Source Code Repositories Accessed
Fake OpenAI Repo Trended on Hugging Face Before Malware Found
MacSync Infostealer Weaponizes Google Ads and Claude.ai Chats
Germany, Spain Dismantle Rebooted Crimenetwork, Arrest Operator
TCLBanker Trojan Spreads via WhatsApp and Outlook, Hits 59 Banks
cPanel and WHM Patch Three CVEs, Two Rated High Severity
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Fake Claude AI Site Delivers New Beagle Windows Backdoor
RCE, MCP OAuth Hijack, and Prompt Injection Found in Claude Dev Tools
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms