Main Menu
Cyber Security
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
WatchTowr Warns of Major Data Leaks Through Developer Tools
Application Security
WatchTowr Warns of Major Data Leaks Through Developer Tools
Mitchell Langley November 30, 2025
Recent research by WatchTowr has exposed significant leaks of sensitive data, highlighting the risks posed by popular developer platforms such as JSONFormatter and CodeBeautify. Despite ...
UK Government's Digital ID Plans Face Scrutiny Over Cost and Savings
Identity and Access Management
UK Government’s Digital ID Plans Face Scrutiny Over Cost and Savings
Gabby Lee November 30, 2025
The UK's ambitious digital ID plans have sparked debate as the Office for Budget Responsibility (OBR) reveals an annual cost of £600 million. Despite a ...
Bloody Wolf's Cyber Offensive A Deep Dive into Targeted Attacks in Central Asia
Cybersecurity
Bloody Wolf’s Cyber Offensive: A Deep Dive into Targeted Attacks in Central Asia
Andrew Doyle November 30, 2025
The Bloody Wolf cyber threat group has launched a methodical campaign to deliver NetSupport RAT in Kyrgyzstan and Uzbekistan, revealing a calculated expansion in its ...
Asahi Cyberattack Exposes Extensive Data Breach A Blow to Japan's Brewer Giant
Cybersecurity
Asahi Cyberattack Exposes Extensive Data Breach: A Blow to Japan’s Brewer Giant
Gabby Lee November 28, 2025
A ransomware attack on Asahi resulted in a data breach, compromising personal information of customers and employees. The incident highlights the ongoing cybersecurity challenges faced ...
OpenAI Scrutinizes Vendor Relationships After Mixpanel's Data Breach
Cybersecurity
OpenAI Scrutinizes Vendor Relationships After Mixpanel’s Data Breach
Mitchell Langley November 28, 2025
OpenAI has initiated a comprehensive review of its vendor relationships following a data breach at its former analytics partner, Mixpanel. This incident highlights vulnerabilities in ...
Naver's Cryptocurrency Exchange Acquisition Marred by Cyberattack
Cybersecurity
Naver’s Cryptocurrency Exchange Acquisition Marred by Cyberattack
Gabby Lee November 28, 2025
Naver's recent acquisition of a cryptocurrency exchange immediately faces challenges. A cyberattack has exposed vulnerabilities, sparking buyer’s remorse for the South Korean tech giant. The ...
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Cybersecurity
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
Andrew Doyle November 28, 2025
Ciaran Martin, former NCSC chief, investigates the online leak of the UK's Budget forecast. His findings will determine how the leak occurred prior to the ...
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Cybersecurity
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
Mitchell Langley November 27, 2025
A flaw in 'node-forge,' a widely-used cryptography library, allows attackers to craft valid-looking data, bypassing signature verification. Regular updates are recommended for mitigation.
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Network Security
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
Gabby Lee November 27, 2025
The ShadowV2, a new Mirai-based botnet, threatens IoT security by exploiting known vulnerabilities in devices from D-Link, TP-Link, and other vendors.
Comcast's $1.5 Million Settlement in Data Breach Incident with FCC
Data Security
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
Andrew Doyle November 27, 2025
Comcast agrees to pay a $1.5 million fine to the Federal Communications Commission after a data breach by a vendor affected nearly 275,000 customers. The ...
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Cybersecurity
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
Andrew Doyle November 27, 2025
A U.S. civil engineering firm's security was compromised by RomCom malware in September 2025. Researchers at Arctic Wolf Labs discovered the attack's intricacies, including the ...
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
Cybersecurity
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
Mitchell Langley November 27, 2025
The Shai-Hulud supply chain attack has advanced to the Maven ecosystem, compromising over 830 packages in the npm registry. It has now been linked to ...
ShadowV2 Botnet A Test Run Amidst AWS Outage
Cybersecurity
ShadowV2 Botnet: A Test Run Amidst AWS Outage
Andrew Doyle November 27, 2025
ShadowV2, a Mirai-based botnet, exploited last October's AWS outage to infect IoT devices worldwide. Experts at Fortinet highlight this event as potentially laying the groundwork ...
South Korea's Financial Sector Confronts a Sophisticated Supply Chain Attack
Cybersecurity
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
Gabby Lee November 27, 2025
South Korea's financial sector has recently been hit by a sophisticated supply chain attack involving the deployment of Qilin ransomware. The attack showcases a combination ...
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Cybersecurity
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
Gabby Lee November 27, 2025
CodeRED's emergency alert system in several US towns faces a severe interruption following a cyberattack on its provider. Authorities grapple with communication difficulties amidst a ...
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
Identity and Access Management
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
Andrew Doyle November 27, 2025
Recent Windows updates have led to unexpected PIN prompts for users utilizing FIDO2 security keys. Microsoft identifies the issue affecting user sign-in and provides a ...
London Councils Face Cyberattack Resident Data Potentially Compromised
Cybersecurity
London Councils Face Cyberattack: Resident Data Potentially Compromised
Mitchell Langley November 27, 2025
Multiple London councils, including Kensington & Chelsea and Westminster, are grappling with a cyberattack that potentially compromised resident data. Authorities have launched an investigation, notifying ...
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Cybersecurity
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
Gabby Lee November 27, 2025
As mobile operators face evolving cyber threats, the GSMA emphasizes that fragmented and poorly designed laws increase compliance costs without effectively enhancing network security. By ...
Gainsight Data Breach Company Downplays Impact
Cybersecurity
Gainsight Data Breach: Company Downplays Impact
Andrew Doyle November 27, 2025
Gainsight CEO Chuck Ganapathi addressed a recent security breach involving their app integration with Salesforce, emphasizing that only a limited number of customers were impacted. ...
HashJack Attack Unveils a New Cybersecurity Vulnerability
Cybersecurity
HashJack Attack Unveils a New Cybersecurity Vulnerability
Mitchell Langley November 26, 2025
HashJack is a newly discovered threat exploiting AI browser assistants by concealing harmful prompts in URLs, bypassing usual defenses. Cato Networks has labeled this method ...
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Mitchell Langley June 17, 2026
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
Gabby Lee June 17, 2026
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Mitchell Langley June 17, 2026
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle June 17, 2026

TOP CYBERSECURITY HEADLINES

Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps

This Week’s Security Spotlight

Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Mitchell Langley June 17, 2026
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
More In News
Trending
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Cisco ISE Critical Flaws Now Actively Exploited: No Workarounds, Just Root Access
July 23, 2025
Podcasts
ToolShell: SharePoint Zero-Day Chain Gives Hackers Full Remote Access
July 22, 2025
Podcasts
CVE-2025-54309: CrushFTP Zero-Day Exploited in Global Admin Access Attacks
July 22, 2025

Cyber Security News

Tax Season Never Really Ends for Hackers
Cybersecurity
Tax Season Never Really Ends for Hackers
May 5, 2026
When Amazon Sends the Phishing Email
Cybersecurity
When Amazon Sends the Phishing Email
May 5, 2026
WhatsApp Patches Flaws That Let Hackers Hide Malware in Plain Sight
Application Security
WhatsApp Patches Flaws That Let Hackers Hide Malware in Plain Sight
May 5, 2026
North Korea Turned a Gaming App Into a Spyware Platform
Cybersecurity
North Korea Turned a Gaming App Into a Spyware Platform
May 5, 2026
Debug Mode Left Open Enterprise Platform Hit With Unauthenticated RCE
Application Security
Debug Mode Left Open: Enterprise Platform Hit With Unauthenticated RCE
May 5, 2026
One Zero-Day, 40,000 Servers The cPanel Mass-Compromise
Application Security
One Zero-Day, 40,000 Servers: The cPanel Mass-Compromise
May 5, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Bloody Wolf’s Cyber Offensive: A Deep Dive into Targeted Attacks in Central Asia
November 30, 2025
The Bloody Wolf cyber threat group has launched a methodical campaign to deliver NetSupport RAT in Kyrgyzstan and Uzbekistan, revealing a calculated expansion in its ...
Asahi Cyberattack Exposes Extensive Data Breach: A Blow to Japan’s Brewer Giant
November 28, 2025
A ransomware attack on Asahi resulted in a data breach, compromising personal information of customers and employees. The incident highlights the ongoing cybersecurity challenges faced ...
OpenAI Scrutinizes Vendor Relationships After Mixpanel’s Data Breach
November 28, 2025
OpenAI has initiated a comprehensive review of its vendor relationships following a data breach at its former analytics partner, Mixpanel. This incident highlights vulnerabilities in ...
Naver’s Cryptocurrency Exchange Acquisition Marred by Cyberattack
November 28, 2025
Naver's recent acquisition of a cryptocurrency exchange immediately faces challenges. A cyberattack has exposed vulnerabilities, sparking buyer’s remorse for the South Korean tech giant. The ...
Ex-NCSC Chief to Investigate Premature Online Leak of Budget Forecast
November 28, 2025
Ciaran Martin, former NCSC chief, investigates the online leak of the UK's Budget forecast. His findings will determine how the leak occurred prior to the ...
Critical Vulnerability in JavaScript Cryptography Library Poses Security Risk
November 27, 2025
A flaw in 'node-forge,' a widely-used cryptography library, allows attackers to craft valid-looking data, bypassing signature verification. Regular updates are recommended for mitigation.
ShadowV2 Botnet Malware Exploits IoT Vulnerabilities in D-Link and TP-Link Devices
November 27, 2025
The ShadowV2, a new Mirai-based botnet, threatens IoT security by exploiting known vulnerabilities in devices from D-Link, TP-Link, and other vendors.
Comcast’s $1.5 Million Settlement in Data Breach Incident with FCC
November 27, 2025
Comcast agrees to pay a $1.5 million fine to the Federal Communications Commission after a data breach by a vendor affected nearly 275,000 customers. The ...
RomCom Malware Exploits SocGholish to Deliver Mythic Agent
November 27, 2025
A U.S. civil engineering firm's security was compromised by RomCom malware in September 2025. Researchers at Arctic Wolf Labs discovered the attack's intricacies, including the ...
Second Wave of Shai-Hulud Supply Chain Attack Expands to Maven Ecosystem
November 27, 2025
The Shai-Hulud supply chain attack has advanced to the Maven ecosystem, compromising over 830 packages in the npm registry. It has now been linked to ...
ShadowV2 Botnet: A Test Run Amidst AWS Outage
November 27, 2025
ShadowV2, a Mirai-based botnet, exploited last October's AWS outage to infect IoT devices worldwide. Experts at Fortinet highlight this event as potentially laying the groundwork ...
South Korea’s Financial Sector Confronts a Sophisticated Supply Chain Attack
November 27, 2025
South Korea's financial sector has recently been hit by a sophisticated supply chain attack involving the deployment of Qilin ransomware. The attack showcases a combination ...
CodeRED Emergency Alert System Cyberattack Leaves US Regions Vulnerable
November 27, 2025
CodeRED's emergency alert system in several US towns faces a severe interruption following a cyberattack on its provider. Authorities grapple with communication difficulties amidst a ...
Microsoft Alerts Users About FIDO2 Security Keys PIN Issue After Recent Windows Updates
November 27, 2025
Recent Windows updates have led to unexpected PIN prompts for users utilizing FIDO2 security keys. Microsoft identifies the issue affecting user sign-in and provides a ...
London Councils Face Cyberattack: Resident Data Potentially Compromised
November 27, 2025
Multiple London councils, including Kensington & Chelsea and Westminster, are grappling with a cyberattack that potentially compromised resident data. Authorities have launched an investigation, notifying ...
GSMA Warns of Rising Cybersecurity Costs Amid Fragmented Regulations
November 27, 2025
As mobile operators face evolving cyber threats, the GSMA emphasizes that fragmented and poorly designed laws increase compliance costs without effectively enhancing network security. By ...
Gainsight Data Breach: Company Downplays Impact
November 27, 2025
Gainsight CEO Chuck Ganapathi addressed a recent security breach involving their app integration with Salesforce, emphasizing that only a limited number of customers were impacted. ...
HashJack Attack Unveils a New Cybersecurity Vulnerability
November 26, 2025
HashJack is a newly discovered threat exploiting AI browser assistants by concealing harmful prompts in URLs, bypassing usual defenses. Cato Networks has labeled this method ...
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
November 26, 2025
Vijil has announced securing $17 million to advance its AI-based cybersecurity platform. This funding aims to bolster the resilience and accelerate the deployment of its ...
Tor Introduces Counter Galois Onion Encryption for Improved Security
November 26, 2025
Tor has replaced its existing Tor1 relay encryption algorithm with the new Counter Galois Onion encryption design, offering enhanced security for circuit traffic. The update ...
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach