Cyber Security
News
Episource Data Breach Hits Over 5 Million Patients, Sensitive Medical and Insurance Data Potentially Exposed
A cyberattack on Episource, a UnitedHealth subsidiary, compromised the personal and medical data of over five million patients, including Social Security and health insurance details. ...
News
Abacus Market Disappears in Suspected Exit Scam After Handling $300 Million in Darknet Transactions
Abacus Market, a major darknet platform for drug trade, has abruptly gone offline, sparking suspicions of a large-scale exit scam involving millions in crypto.
News
DragonForce Claims Cyberattack on US Retail Giant Belk, Leaks 156GB of Sensitive Customer and Employee Data
Hackers from the DragonForce ransomware group claim to have breached US retailer Belk, leaking 156GB of customer orders, employee profiles, and mobile app data.
News
Diskstation Ransomware Gang Dismantled After Years of Targeting NAS Devices Across Europe
Authorities dismantled the Diskstation ransomware group targeting NAS devices since 2021, arresting the primary suspect in Romania after seizing evidence during international raids.
News
Consentik Breach Exposes Hundreds of Shopify Stores to Admin Takeovers and Data Theft
A misconfigured Shopify plugin leaked sensitive access tokens and analytics, leaving hundreds of e-commerce businesses vulnerable to admin-level compromise and malicious exploitation.
Blog
Why is Activity Logging Crucial for Detecting Cyberattacks
Activity logging uncovers cyber threats, insider abuse, and compliance gaps. Discover why it’s the foundation of effective detection, response, and long-term security strategy.
Resources
SafePay Ransomware: LockBit’s Lonewolf Ghost
SafePay is a centralized ransomware group leveraging LockBit-derived code, stealthy infiltration, and rapid encryption—targeting SMEs and MSPs globally without using affiliates or public channels.
News
Saudi Industrial Giant Rezayat Group Listed on Dark Web After Alleged Everest Ransomware Breach
Saudi-based Rezayat Group has allegedly been breached by the Everest ransomware gang, with hackers claiming to have stolen 10GB of sensitive corporate and client data. ...
News
Interlock Ransomware Now Deploying FileFix to Deliver RAT Payloads via Social Engineering
Interlock Ransomware Switches to FileFix for Stealthy RAT Delivery The Interlock ransomware operation has adopted a new delivery mechanism known as FileFix, using it to ...
News
Gigabyte Firmware Vulnerabilities Expose Over 240 Motherboards to Stealth UEFI Malware Attacks
Gigabyte motherboards face critical firmware flaws that enable stealthy UEFI malware to bypass Secure Boot, posing long-term risks to systems in enterprise and industrial environments. ...
News
Louis Vuitton UK Confirms Customer Data Breach Amid Growing Wave of Retail Cyberattacks
Louis Vuitton UK confirms a data breach exposing customer PII, marking the latest in a string of high-profile retail cyberattacks across the country this year. ...
News
Elmo’s X Account Hacked: Hacker Incite Violence Against Jews and Trump and Mentions Epstein Files
Elmo’s official X account was hijacked by a hacker who posted antisemitic slurs and inflammatory content about Trump and Jeffrey Epstein, sparking widespread outrage online. ...
News
Google Gemini Email Summary Flaw Enables Hidden Phishing Attacks
A hidden prompt injection flaw in Google Gemini allows attackers to plant invisible phishing instructions in emails, triggering deceptive summaries without links or attachments.
News
Alabama City of Gardendale Allegedly Hit by INC Ransom Gang in Data Breach
The City of Gardendale, Alabama, has allegedly suffered a ransomware breach, with threat actors claiming to have stolen 50GB of sensitive municipal and citizen data. ...
News
Critical Vulnerabilities Discovered in Adobe Acrobat Reader and ASUS Armoury Crate
Four high-severity security flaws were found in ASUS Armoury Crate and Adobe Acrobat Reader, exposing millions of users to potential system hijacking and data theft ...
News
Nippon Steel Hit by Zero-Day Attack, Sensitive Data Believed Stolen
Nippon Steel confirms a zero-day cyberattack in March exposed sensitive information belonging to customers, employees, and partners, raising concerns over escalating threats to industrial firms. ...
News
Wing FTP Server Under Active Exploitation Following Critical RCE Vulnerability Disclosure
Hackers are actively exploiting a critical remote code execution vulnerability in Wing FTP Server, just one day after technical details became public, targeting enterprise systems ...
News
Hackers Trojanize Legitimate Mac Developer Tools with ZuRu Malware
Hackers are embedding ZuRu malware into legitimate Mac developer apps like Termius, compromising systems with persistent backdoors and targeting environments lacking strong endpoint protection.
News
Russian Basketball Player Arrested in France for Alleged Role in Ransomware Operations
Former Penn State basketball player Daniil Kasatkin is facing extradition to the U.S. after being arrested in France for allegedly acting as a ransomware gang ...
News
McDonald’s Massive AI-Linked Breach Sparks Industry Concerns Over Data Security and Governance
A data breach affecting 60 million McDonald’s job applicants has reignited debate over AI’s data handling risks, with experts urging stronger fundamentals in data security. ...
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
TOP CYBERSECURITY HEADLINES
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
This Week’s Security Spotlight
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Fortinet Warns of FortiSIEM Zero-Day CVE-2025-25256 Critical RCE Flaw
Fortinet has patched CVE-2025-25256, a FortiSIEM vulnerability rated CVSS 9.8 that allows unauthenticated remote code execution. Exploit code is active in the wild, and security ...
Quantum Key Distribution Faces Real-World Cybersecurity Risks
Quantum Key Distribution (QKD) is often described as unbreakable, but recent research exposes flaws in real-world systems. From photorefraction and side-channel attacks to theoretical weaknesses, ...
Cybercrime Groups ShinyHunters and Scattered Spider Collaborate in Extortion Attacks
A possible alliance between ShinyHunters, Scattered Spider, and Lapsu$ points to a new wave of coordinated cybercrime. By merging social engineering and data theft, these ...
Thorium: CISA’s New Open-Source Malware Analysis and Forensic Platform
CISA has released Thorium, an open-source platform for malware analysis and digital forensics. Built with automation and scalability, it enables security teams to analyze millions ...
FBI Flags $9.9M in Losses from Crypto Recovery Scams
The FBI warns of a growing wave of “crypto recovery scams,” where fraudsters pose as attorneys or law firms to exploit victims of earlier crypto ...
Cisco’s Critical FMC RADIUS Vulnerability: CVSS 10.0 Remote Code Execution Risk
Cisco’s CVE-2025-20188 vulnerability, rated CVSS 10.0, exposes IOS XE devices and Firepower Management Center to unauthenticated remote code execution. The flaw, caused by a hard-coded ...
U.S. Sanctions Grinex, the Russian Crypto Exchange Born from Garantex’s Ashes
The U.S. Department of the Treasury has announced sweeping sanctions against Grinex, a Russian-linked cryptocurrency exchange identified as the direct successor to the previously sanctioned ...
Canadian House of Commons Breach Tied to Microsoft SharePoint Zero-Day
On August 8th, 2025, hackers breached the Canadian House of Commons by exploiting a critical Microsoft SharePoint zero-day vulnerability—CVE-2025-53770—with a severity score of 9.8. The ...
Norwegian Authorities Blame Pro-Russian Hackers for Critical Infrastructure Breach
In April 2025, Norway experienced a chilling reminder of the risks facing its critical infrastructure when pro-Russian hackers took control of the Lake Risevatnet dam ...
MadeYouReset: New HTTP/2 Flaw Could Unleash Massive DDoS Storms
A newly disclosed HTTP/2 vulnerability—dubbed MadeYouReset (CVE-2025-8671)—is making waves across the cybersecurity community for its potential to power devastating Denial-of-Service attacks. Building on the 2023 ...
Cybersecurity Budgets Hit Historic Slowdown as Global Tensions Mount
Global cybersecurity strategies are being tested like never before as organizations face the dual pressure of escalating cyber threats and shrinking budgets. Both IANS and ...
CFE Data Leak Exposes 600GB Of Internal Logs of Mexico’s Power Operations
Over 600GB of CFE network and security logs were publicly exposed for years, potentially enabling attackers to map weaknesses and target Mexico’s industrial control systems.
Crypto24 Ransomware Hits Big Targets With Custom EDR Evasion And Google Drive Exfiltration
Crypto24 ransomware is hitting large enterprises with custom EDR evasion, keyloggers, and Google Drive exfiltration, abusing Windows services and uninstallers, researchers say, while encrypting systems.
House Of Commons Data Breach Under Investigation After Targeted Cyberattack
Canada’s House of Commons is probing a cyberattack-linked breach that exposed employee details, with investigators citing recently patched Microsoft flaws and warning of impersonation risks.
Why Zero Trust Architecture is Now Essential for 2025 Cyber Defense
Zero Trust Architecture is now a core cybersecurity strategy in 2025, driven by hybrid work, cloud adoption, and AI threats. Enterprises and governments worldwide are ...
Microsoft August 2025 Patch: 107 Fixes, Including Kerberos Zero-Day
Microsoft’s August 2025 Patch Tuesday fixes 107 flaws, including the “BadSuccessor” Kerberos zero-day in Windows Server 2025. The vulnerability could enable domain-wide compromise, prompting urgent ...
HTTP/1.1 Desync Flaw Leaves 24 Million Websites Open to Complete Takeover
Researchers find 24 million sites reliant on HTTP/1.1 in the proxy chain. Request smuggling enables desync attacks that can steal accounts, poison caches, and fully ...
Accenture Acquires CyberCX in $650 Million Deal to Bolster Cybersecurity Services
Accenture has acquired Australian cybersecurity firm CyberCX for $650 million, expanding its AI-driven defense capabilities across Asia-Pacific and addressing the region’s talent gap amid rising ...
Generative AI Cybersecurity Threats 2025: From Promptware to Deepfake Attacks
Generative AI is reshaping the cyber threat landscape in 2025, fueling attacks from deepfake websites to promptware exploits. Experts say only proactive, AI-augmented, and Zero ...
IoT Security in Crisis: BadBox Botnet, AI Exploits, and CNI Risks
In 2025, IoT security threats are accelerating, from massive botnets like BadBox 2.0 to targeted attacks on critical infrastructure. Legacy systems, insecure devices, and AI ...