Main Menu
Cyber Security
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
What is Cloud Detection and Response (CDR) and How Does it Work
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
France’s Tchap Messaging App Breached, 643K Messages Exposed
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
British Telco Brsk Under Cybersecurity Scrutiny Amid Claims of Data Breach
Cybersecurity
British Telco Brsk Under Cybersecurity Scrutiny Amid Claims of Data Breach
Andrew Doyle November 30, 2025
Brsk, a British telecommunications company, finds itself embroiled in a cybersecurity investigation following claims of a data breach involving over 230,000 files. Cybercriminals allege they ...
PostHog Hit by Shai-Hulud 2.0 npm Worm Through CICD Automation Flaw
Cybersecurity
PostHog Hit by Shai-Hulud 2.0 npm Worm Through CI/CD Automation Flaw
Mitchell Langley November 30, 2025
A significant security breach involving the Shai-Hulud 2.0 npm worm revealed vulnerabilities in CI/CD workflows. PostHog experienced an unprecedented incident with attackers injecting malicious code ...
Microsoft Alerts Users to Windows 11 Lock Screen Malfunction
Application Security
Microsoft Alerts Users to Windows 11 Lock Screen Malfunction
Mitchell Langley November 30, 2025
Microsoft has announced a technical issue affecting Windows 11 users where recent updates may cause the password sign-in option to disappear from the lock screen. ...
Project Cites State Access Fears as Cloud Sovereignty Debate Intensifies
Cybersecurity
Project Cites State Access Fears as Cloud Sovereignty Debate Intensifies
Andrew Doyle November 30, 2025
French cloud provider OVHcloud faces criticism as privacy concerns lead GrapheneOS to move servers. This development highlights the growing cloud sovereignty debate, with significant implications ...
Advanced Capabilities of Unrestricted LLMs Emerging Threats for Cybersecurity
Cybersecurity
Advanced Capabilities of Unrestricted LLMs: Emerging Threats for Cybersecurity
Mitchell Langley November 30, 2025
Emerging threats highlight the growing capabilities of unrestricted large language models like WormGPT 4 and KawaiiGPT. Their potential to generate functional scripts for ransomware and ...
Intense Surge in Phishing Campaigns with New Malicious Domains
News
Intense Surge in Phishing Campaigns with New Malicious Domains
Gabby Lee November 30, 2025
A recent investigation by ReliaQuest has highlighted the presence of new phishing domains and weaponized helpdesk tickets associated with Zendesk users. These latest findings suggest ...
New Microsoft Teams Guest Access Flaw Bypasses Defender Protections
Application Security
New Microsoft Teams Guest Access Flaw Bypasses Defender Protections
Andrew Doyle November 30, 2025
Microsoft Teams has a newly exposed vulnerability in its guest access feature that permits attackers to bypass Microsoft Defender for Office 365 protections. A security ...
WatchTowr Warns of Major Data Leaks Through Developer Tools
Application Security
WatchTowr Warns of Major Data Leaks Through Developer Tools
Mitchell Langley November 30, 2025
Recent research by WatchTowr has exposed significant leaks of sensitive data, highlighting the risks posed by popular developer platforms such as JSONFormatter and CodeBeautify. Despite ...
UK Government's Digital ID Plans Face Scrutiny Over Cost and Savings
Identity and Access Management
UK Government’s Digital ID Plans Face Scrutiny Over Cost and Savings
Gabby Lee November 30, 2025
The UK's ambitious digital ID plans have sparked debate as the Office for Budget Responsibility (OBR) reveals an annual cost of £600 million. Despite a ...
Bloody Wolf's Cyber Offensive A Deep Dive into Targeted Attacks in Central Asia
Cybersecurity
Bloody Wolf’s Cyber Offensive: A Deep Dive into Targeted Attacks in Central Asia
Andrew Doyle November 30, 2025
The Bloody Wolf cyber threat group has launched a methodical campaign to deliver NetSupport RAT in Kyrgyzstan and Uzbekistan, revealing a calculated expansion in its ...
Asahi Cyberattack Exposes Extensive Data Breach A Blow to Japan's Brewer Giant
Cybersecurity
Asahi Cyberattack Exposes Extensive Data Breach: A Blow to Japan’s Brewer Giant
Gabby Lee November 28, 2025
A ransomware attack on Asahi resulted in a data breach, compromising personal information of customers and employees. The incident highlights the ongoing cybersecurity challenges faced ...
OpenAI Scrutinizes Vendor Relationships After Mixpanel's Data Breach
Cybersecurity
OpenAI Scrutinizes Vendor Relationships After Mixpanel’s Data Breach
Mitchell Langley November 28, 2025
OpenAI has initiated a comprehensive review of its vendor relationships following a data breach at its former analytics partner, Mixpanel. This incident highlights vulnerabilities in ...
Naver's Cryptocurrency Exchange Acquisition Marred by Cyberattack
Cybersecurity
Naver’s Cryptocurrency Exchange Acquisition Marred by Cyberattack
Gabby Lee November 28, 2025
Naver's recent acquisition of a cryptocurrency exchange immediately faces challenges. A cyberattack has exposed vulnerabilities, sparking buyer’s remorse for the South Korean tech giant. The ...
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Cybersecurity
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Andrew Doyle November 28, 2025
Ciaran Martin, former NCSC chief, investigates the online leak of the UK's Budget forecast. His findings will determine how the leak occurred prior to the ...
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Mitchell Langley November 27, 2025
A flaw in 'node-forge,' a widely-used cryptography library, allows attackers to craft valid-looking data, bypassing signature verification. Regular updates are recommended for mitigation.
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Network Security
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Gabby Lee November 27, 2025
The ShadowV2, a new Mirai-based botnet, threatens IoT security by exploiting known vulnerabilities in devices from D-Link, TP-Link, and other vendors.
Comcast's $1.5 Million Settlement in Data Breach Incident with FCC
Data Security
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
Andrew Doyle November 27, 2025
Comcast agrees to pay a $1.5 million fine to the Federal Communications Commission after a data breach by a vendor affected nearly 275,000 customers. The ...
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Cybersecurity
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Andrew Doyle November 27, 2025
A U.S. civil engineering firm's security was compromised by RomCom malware in September 2025. Researchers at Arctic Wolf Labs discovered the attack's intricacies, including the ...
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
Cybersecurity
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
Mitchell Langley November 27, 2025
The Shai-Hulud supply chain attack has advanced to the Maven ecosystem, compromising over 830 packages in the npm registry. It has now been linked to ...
ShadowV2 Botnet A Test Run Amidst AWS Outage
Cybersecurity
ShadowV2 Botnet: A Test Run Amidst AWS Outage
Andrew Doyle November 27, 2025
ShadowV2, a Mirai-based botnet, exploited last October's AWS outage to infect IoT devices worldwide. Experts at Fortinet highlight this event as potentially laying the groundwork ...
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Gabby Lee June 12, 2026
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
Mitchell Langley June 12, 2026
Blog
Triple Extortion Ransomware: How It Works and How to Stop It
Andrew Doyle June 12, 2026
Cybersecurity
Europol Dismantles AudiA6 Crypto Laundering Service
Gabby Lee June 12, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers

This Week’s Security Spotlight

Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Andrew Doyle June 10, 2026
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Gabby Lee June 10, 2026
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
More In News
Trending
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Massive NPM Breach: Malicious Packages Spread via Compromised Maintainer Accounts
July 24, 2025
Podcasts
Clorox Sues Cognizant Over $356M Cyberattack: Who’s Really to Blame?
July 24, 2025
Podcasts
HeroDevs Secures $125M to Extend Life of Critical Open Source Software
July 24, 2025

Cyber Security News

Hackers Target Trucking and Logistics Firms in Organized Crime-Linked Cyber Campaign
Cybersecurity
Hackers Target Trucking and Logistics Firms in Organized Crime-Linked Cyber Campaign
April 20, 2026
Critical Nginx-UI Vulnerability Lets Attackers Seize Full Server Control
CVE Vulnerability Alerts
Critical Nginx-UI Vulnerability Lets Attackers Seize Full Server Control
April 16, 2026
Digitally Signed Adware Disables Antivirus Across Multiple Sectors
Application Security
Digitally Signed Adware Disables Antivirus Across Multiple Sectors
April 16, 2026
Cybercriminals Are Weaponizing n8n to Launch Phishing Attacks
Application Security
Cybercriminals Are Weaponizing n8n to Launch Phishing Attacks
April 16, 2026
Microsoft Awards $2.3 Million to Researchers in Zero Day Quest Hacking Contest
Cybersecurity
Microsoft Awards $2.3 Million to Researchers in Zero Day Quest Hacking Contest
April 16, 2026
Sweden Points to Pro-Russian Group in Cyberattack on Energy Infrastructure
Cybersecurity
Sweden Points to Pro-Russian Group in Cyberattack on Energy Infrastructure
April 16, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Microsoft Alerts Users to Windows 11 Lock Screen Malfunction
November 30, 2025
Microsoft has announced a technical issue affecting Windows 11 users where recent updates may cause the password sign-in option to disappear from the lock screen. ...
Project Cites State Access Fears as Cloud Sovereignty Debate Intensifies
November 30, 2025
French cloud provider OVHcloud faces criticism as privacy concerns lead GrapheneOS to move servers. This development highlights the growing cloud sovereignty debate, with significant implications ...
Advanced Capabilities of Unrestricted LLMs: Emerging Threats for Cybersecurity
November 30, 2025
Emerging threats highlight the growing capabilities of unrestricted large language models like WormGPT 4 and KawaiiGPT. Their potential to generate functional scripts for ransomware and ...
Intense Surge in Phishing Campaigns with New Malicious Domains
November 30, 2025
A recent investigation by ReliaQuest has highlighted the presence of new phishing domains and weaponized helpdesk tickets associated with Zendesk users. These latest findings suggest ...
New Microsoft Teams Guest Access Flaw Bypasses Defender Protections
November 30, 2025
Microsoft Teams has a newly exposed vulnerability in its guest access feature that permits attackers to bypass Microsoft Defender for Office 365 protections. A security ...
WatchTowr Warns of Major Data Leaks Through Developer Tools
November 30, 2025
Recent research by WatchTowr has exposed significant leaks of sensitive data, highlighting the risks posed by popular developer platforms such as JSONFormatter and CodeBeautify. Despite ...
UK Government’s Digital ID Plans Face Scrutiny Over Cost and Savings
November 30, 2025
The UK's ambitious digital ID plans have sparked debate as the Office for Budget Responsibility (OBR) reveals an annual cost of £600 million. Despite a ...
Bloody Wolf’s Cyber Offensive: A Deep Dive into Targeted Attacks in Central Asia
November 30, 2025
The Bloody Wolf cyber threat group has launched a methodical campaign to deliver NetSupport RAT in Kyrgyzstan and Uzbekistan, revealing a calculated expansion in its ...
Asahi Cyberattack Exposes Extensive Data Breach: A Blow to Japan’s Brewer Giant
November 28, 2025
A ransomware attack on Asahi resulted in a data breach, compromising personal information of customers and employees. The incident highlights the ongoing cybersecurity challenges faced ...
OpenAI Scrutinizes Vendor Relationships After Mixpanel’s Data Breach
November 28, 2025
OpenAI has initiated a comprehensive review of its vendor relationships following a data breach at its former analytics partner, Mixpanel. This incident highlights vulnerabilities in ...
Naver’s Cryptocurrency Exchange Acquisition Marred by Cyberattack
November 28, 2025
Naver's recent acquisition of a cryptocurrency exchange immediately faces challenges. A cyberattack has exposed vulnerabilities, sparking buyer’s remorse for the South Korean tech giant. The ...
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
November 28, 2025
Ciaran Martin, former NCSC chief, investigates the online leak of the UK's Budget forecast. His findings will determine how the leak occurred prior to the ...
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
November 27, 2025
A flaw in 'node-forge,' a widely-used cryptography library, allows attackers to craft valid-looking data, bypassing signature verification. Regular updates are recommended for mitigation.
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
November 27, 2025
The ShadowV2, a new Mirai-based botnet, threatens IoT security by exploiting known vulnerabilities in devices from D-Link, TP-Link, and other vendors.
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
November 27, 2025
Comcast agrees to pay a $1.5 million fine to the Federal Communications Commission after a data breach by a vendor affected nearly 275,000 customers. The ...
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
November 27, 2025
A U.S. civil engineering firm's security was compromised by RomCom malware in September 2025. Researchers at Arctic Wolf Labs discovered the attack's intricacies, including the ...
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
November 27, 2025
The Shai-Hulud supply chain attack has advanced to the Maven ecosystem, compromising over 830 packages in the npm registry. It has now been linked to ...
ShadowV2 Botnet: A Test Run Amidst AWS Outage
November 27, 2025
ShadowV2, a Mirai-based botnet, exploited last October's AWS outage to infect IoT devices worldwide. Experts at Fortinet highlight this event as potentially laying the groundwork ...
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
November 27, 2025
South Korea's financial sector has recently been hit by a sophisticated supply chain attack involving the deployment of Qilin ransomware. The attack showcases a combination ...
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
November 27, 2025
CodeRED's emergency alert system in several US towns faces a severe interruption following a cyberattack on its provider. Authorities grapple with communication difficulties amidst a ...
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies