Main Menu
Cyber Security
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach
What Is Scareware? How Fake Security Warnings Lead to Real Malware
Lapsus$ Lists GitHub Internal Repos for Sale, Copilot Source Included
Nightspire Claims Blue Nile Medical and Silsbee Police as New Victims
Ukrainian Conti Developer Pleads Guilty to Ransomware Loader Coding
Awesome Motive CDN Compromised; Backdoor Served to OptinMonster Users
CVE-2026-42824: M365 Copilot SearchLeak Enables 1-Click Email Theft
Novo Nordisk Confirms Hack of Clinical Trial Biomarker Data
SearchJack: 23 Chrome Extensions Intercept 758,000 Users’ Searches
TheGentlemen Ransomware Posts 20 Victims Across 14 Countries
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Cybersecurity
AI Agent Security Firm Vijil Secures $17 Million to Enhance Platform
Andrew Doyle November 26, 2025
Vijil has announced securing $17 million to advance its AI-based cybersecurity platform. This funding aims to bolster the resilience and accelerate the deployment of its ...
Tor Introduces Counter Galois Onion Encryption for Improved Security
Cybersecurity
Tor Introduces Counter Galois Onion Encryption for Improved Security
Mitchell Langley November 26, 2025
Tor has replaced its existing Tor1 relay encryption algorithm with the new Counter Galois Onion encryption design, offering enhanced security for circuit traffic. The update ...
Microsoft Exchange Online Outage Customer Access Disrupted
Cybersecurity
Microsoft Exchange Online Outage: Customer Access Disrupted
Gabby Lee November 26, 2025
Customers using Outlook desktop client face access issues as Microsoft investigates Exchange Online service outage. The disruption affects user experience, specifically for those relying on ...
Delta Dental of Virginia Incident Exposes Personal and Health Information
Data Security
Delta Dental of Virginia Incident Exposes Personal and Health Information
Gabby Lee November 25, 2025
Delta Dental of Virginia experienced a major data breach impacting 146,000 customers. Personal and health data, including Social Security numbers and ID numbers, were compromised ...
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
Cybersecurity
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
Mitchell Langley November 25, 2025
A series of vulnerabilities in Fluent Bit, a widely used open-source log collection tool, has raised significant security concerns. The vulnerabilities have left open doors ...
SitusAMC Admits to Data Breach Impacting Client Information
Data Security
SitusAMC Admits to Data Breach Impacting Client Information
Andrew Doyle November 25, 2025
SitusAMC revealed a data breach incident affecting customer data. The company provides services to top banks and lenders, making the event noteworthy for the financial ...
Amazon Web Services Confronts Service Failures What Went Wrong and Lessons Learned
Cybersecurity
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
Mitchell Langley November 25, 2025
Amazon Web Services (AWS) recently made a groundbreaking move by admitting their mistakes and discontinuing services that failed to meet expectations. Delving into this decision ...
Defensive Strategies Against New ClickFix Ransomware Tactics
Data Security
Defensive Strategies Against New ClickFix Ransomware Tactics
Gabby Lee November 25, 2025
ClickFix ransomware now employs deceptive Windows Update animations to mislead users. This article explores the ClickFix attack evolution, detection innovations, and proactive user protection strategies ...
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Cybersecurity
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
Mitchell Langley November 25, 2025
A novel ClickFix attack method leverages fake Windows update prompts and malformed PNG files to deploy infostealer malware. This campaign seeks to exploit user trust ...
Harvard Experiences Data Breach via Vishing Attack
Data Security
Harvard Experiences Data Breach via Vishing Attack
Gabby Lee November 25, 2025
Harvard's Alumni Affairs systems fell victim to a sophisticated vishing attack, compromising sensitive data such as emails, phone numbers, and biographical details. This breach highlights ...
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
Data Security
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
Andrew Doyle November 25, 2025
Russian cyber perpetrators craftily embed StealC V2 malware within Blender files. These files, hosted on popular 3D model marketplaces, pose a sophisticated threat to digital ...
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
CVE Vulnerability Alerts
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
Andrew Doyle November 24, 2025
SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and Gen8 firewalls, impacting cybersecurity.
Security Alert Remote Code Execution Vulnerability in Glob Pattern Matching Library
Cybersecurity
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
Mitchell Langley November 24, 2025
A remote code execution vulnerability has been identified in the glob file pattern matching library. Researchers urge swift updates to installations.
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Cybersecurity
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
Gabby Lee November 24, 2025
Iberia Airlines has disclosed a data breach affecting its customers, traced back to a compromised supplier. This announcement follows claims by threat actors on hacker ...
Deconstructing a Qilin Ransomware Attack How Analysts Overcame Limited Visibility
News
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
Andrew Doyle November 24, 2025
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts, and the ransomware path. Learn ...
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Data Security
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
Andrew Doyle November 24, 2025
Cox Enterprises has informed affected individuals about a data breach resulting from a zero-day vulnerability in Oracle E-Business Suite, allowing hackers to access sensitive personal ...
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
News
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
Mitchell Langley November 24, 2025
Cybercriminals have turned to browser notifications as a novel phishing vector using the Matrix Push C2 platform. This sophisticated approach leverages non-traditional browser features to ...
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Cybersecurity
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
Gabby Lee November 24, 2025
Avast unveils Scam Guardian, a new AI-based security tool. Using Gen Threat Labs data, it offers continuous online fraud detection and guidance.
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Application Security
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
Andrew Doyle November 24, 2025
SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Cybersecurity
British Teenagers in Court for TfL Cybersecurity Breach Allegations
Gabby Lee November 24, 2025
Facing accusations of breaching Transport for London's (TfL) systems, two teenagers appeared in court. This breach, which occurred in August 2024, reportedly resulted in millions ...
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
Mitchell Langley June 17, 2026
Cybersecurity
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
Gabby Lee June 17, 2026
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Mitchell Langley June 17, 2026
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Andrew Doyle June 17, 2026

TOP CYBERSECURITY HEADLINES

Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Cybersecurity
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps

This Week’s Security Spotlight

Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Mitchell Langley June 17, 2026
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Mitchell Langley June 16, 2026
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Mitchell Langley June 15, 2026
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
More In News
Trending
Storm-3075 Uses ChatGPT and Claude Brands to Harvest Credentials
Fake Claude Code Installers on Google Sites Steal AI API Keys
Fake Chrome Web Store DMCA Notices Target Extension Developers
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Dell Breach by World Leaks: Extortion Attempt Hits Demo Platform
July 22, 2025
Podcasts
Critical VPN Vulnerability: ExpressVPN Exposed IPs via RDP Misrouting
July 22, 2025
Podcasts
Dior Data Breach Exposes U.S. Customer Info in LVMH Vendor Attack
July 21, 2025

Cyber Security News

Confident Posture Navigating Ransomware Incidents with Expert Guidance
Blog
Confident Posture: Navigating Ransomware Incidents with Expert Guidance
April 24, 2026
Cybersecurity
Threat Actors Are Ramping Up Microsoft Teams Exploitation for Network Access
April 21, 2026
Cybersecurity
Cybercriminals Are Bending Trust, Not Breaking Systems
April 21, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
April 21, 2026
CVE Vulnerability Alerts
Severe Command Injection Flaw Discovered in SGLang
April 21, 2026
Cybersecurity
Serial-to-IP Converter Flaws in Lantronix and Silex Products Put Critical Systems at Risk
April 21, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Microsoft Exchange Online Outage: Customer Access Disrupted
November 26, 2025
Customers using Outlook desktop client face access issues as Microsoft investigates Exchange Online service outage. The disruption affects user experience, specifically for those relying on ...
Delta Dental of Virginia Incident Exposes Personal and Health Information
November 25, 2025
Delta Dental of Virginia experienced a major data breach impacting 146,000 customers. Personal and health data, including Social Security numbers and ID numbers, were compromised ...
Vulnerabilities in Fluent Bit Cloud Logging Tool Pose Significant Security Risks
November 25, 2025
A series of vulnerabilities in Fluent Bit, a widely used open-source log collection tool, has raised significant security concerns. The vulnerabilities have left open doors ...
SitusAMC Admits to Data Breach Impacting Client Information
November 25, 2025
SitusAMC revealed a data breach incident affecting customer data. The company provides services to top banks and lenders, making the event noteworthy for the financial ...
Amazon Web Services Confronts Service Failures: What Went Wrong and Lessons Learned
November 25, 2025
Amazon Web Services (AWS) recently made a groundbreaking move by admitting their mistakes and discontinuing services that failed to meet expectations. Delving into this decision ...
Defensive Strategies Against New ClickFix Ransomware Tactics
November 25, 2025
ClickFix ransomware now employs deceptive Windows Update animations to mislead users. This article explores the ClickFix attack evolution, detection innovations, and proactive user protection strategies ...
ClickFix Attacks Use Poisoned PNG Files to Deliver Malicious Code
November 25, 2025
A novel ClickFix attack method leverages fake Windows update prompts and malformed PNG files to deploy infostealer malware. This campaign seeks to exploit user trust ...
Harvard Experiences Data Breach via Vishing Attack
November 25, 2025
Harvard's Alumni Affairs systems fell victim to a sophisticated vishing attack, compromising sensitive data such as emails, phone numbers, and biographical details. This breach highlights ...
Russian-linked Campaign Distributes StealC V2 Malware via Sketchy Blender Files
November 25, 2025
Russian cyber perpetrators craftily embed StealC V2 malware within Blender files. These files, hosted on popular 3D model marketplaces, pose a sophisticated threat to digital ...
SonicWall Urges Immediate Update for High-Severity Vulnerability in SonicOS SSLVPN
November 24, 2025
SonicWall warns users about a critical buffer overflow vulnerability in SonicOS SSLVPN, urging immediate updates. This could crash Gen7 and Gen8 firewalls, impacting cybersecurity.
Security Alert: Remote Code Execution Vulnerability in Glob Pattern Matching Library
November 24, 2025
A remote code execution vulnerability has been identified in the glob file pattern matching library. Researchers urge swift updates to installations.
Iberia Airlines Warns Customers of Data Breach Linked to Supplier Compromise
November 24, 2025
Iberia Airlines has disclosed a data breach affecting its customers, traced back to a compromised supplier. This announcement follows claims by threat actors on hacker ...
Deconstructing a Qilin Ransomware Attack: How Analysts Overcame Limited Visibility
November 24, 2025
Huntress analysts deconstruct a Qilin ransomware attack using a single endpoint and limited logs, uncovering rogue access, failed infostealer attempts, and the ransomware path. Learn ...
Cox Enterprises Data Breach Highlights Zero-Day Vulnerability Impact
November 24, 2025
Cox Enterprises has informed affected individuals about a data breach resulting from a zero-day vulnerability in Oracle E-Business Suite, allowing hackers to access sensitive personal ...
Browser Notifications Hijacked for Phishing in Matrix Push C2 Scheme
November 24, 2025
Cybercriminals have turned to browser notifications as a novel phishing vector using the Matrix Push C2 platform. This sophisticated approach leverages non-traditional browser features to ...
Avast Launches AI-Powered Scam Guardian to Tackle Growing Online Threats
November 24, 2025
Avast unveils Scam Guardian, a new AI-based security tool. Using Gen Threat Labs data, it offers continuous online fraud detection and guidance.
SolarWinds Fixes Critical Serv-U Vulnerabilities Enabling Remote Code Execution
November 24, 2025
SolarWinds has patched three severe vulnerabilities in its Serv-U file transfer solution, which included a path restriction bypass tracked as CVE-2025-40549. These vulnerabilities permitted attackers ...
British Teenagers in Court for TfL Cybersecurity Breach Allegations
November 24, 2025
Facing accusations of breaching Transport for London's (TfL) systems, two teenagers appeared in court. This breach, which occurred in August 2024, reportedly resulted in millions ...
Nvidia Confirms Performance Issues in Windows 11 Updates Impact Gaming Experience
November 24, 2025
Nvidia has acknowledged that its recent security updates have triggered performance issues for gamers using Windows 11 24H2 and 25H2 systems. This acknowledgment highlights the ...
ShinyHunters Claims Responsibility for Gainsight Data Breach
November 24, 2025
ShinyHunters admits to exploiting Gainsight security vulnerabilities, affecting numerous Salesforce users. This breach heightens concerns over data security and ransomware in the tech industry.
ShinyHunters Claims 2.2 Million Kodak Records, Sets Leak Deadline
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
DragonForce’s Backdoor.Turn Routes C2 via Microsoft Teams TURN
iRhythm Confirms PHI Exfiltration via Social Engineering
Rokarolla Android Trojan Hits 217 Banking and Crypto Apps
Steam Workshop Wallpaper Packages Drop DarkKomet and Lumma
GhostTree NTFS Junctions Paralyze Windows Defender Scans
CVE-2026-2473: Vertex AI SDK Pickle Attack Enables Cross-Tenant RCE
Endpoint Security Solutions: How to Protect Every Enterprise Device
UNC6508 Abused Google Workspace Rules in Medical-Military Espionage
Three FortiSandbox CVEs Chained for Unauthenticated Root Execution
Cisco CVE-2026-20262 Added to CISA KEV; Eighth Exploited SD-WAN Flaw
LiteSpeed cPanel CVE-2026-54420 Escalates to Root on Shared Hosts
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
DOJ Seizes CFAKE.com and SOCFAKE.com in First TAKE IT DOWN Act Case
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims
ESET Finds WIN_DRV: Earth Lusca’s First Windows SprySOCKS Rootkit
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
CVE-2026-48558 Exposes 14,000 SimpleHelp RMM Servers to Auth Bypass
ShinyHunters Claims 61M Sysco Salesforce Records in Unverified Breach