Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
PhantomRaven Campaign Exploits AI Package Suggestions to Get into Developer Systems
Cybersecurity
PhantomRaven Campaign Exploits AI Package Suggestions to Get into Developer Systems
Gabby Lee October 30, 2025
The PhantomRaven campaign weaponized AI-generated package names to distribute malicious npm modules, stealing developer credentials and CI/CD tokens in a stealthy software supply chain attack.
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
Cybersecurity
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
Andrew Doyle October 30, 2025
Canadian authorities revealed multiple hacktivist intrusions into water, energy, and agricultural systems, manipulating industrial controls in opportunistic attacks that risked operational safety but aimed mainly ...
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
Cybersecurity
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
Mitchell Langley October 30, 2025
Nation-state hackers breached U.S. telecom provider Ribbon Communications, maintaining covert access for nearly a year and exposing sensitive customer data in a targeted cyberespionage campaign.
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
Application Security
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
Gabby Lee October 30, 2025
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates to prevent data exposure.
Phoenix Contact UPS Vulnerabilities Critical Flaws May Cause Denial-of-Service
Cybersecurity
Phoenix Contact UPS Vulnerabilities: Critical Flaws May Cause Denial-of-Service
Andrew Doyle October 30, 2025
Critical flaws in Phoenix Contact’s QUINT4 UPS devices could let attackers shut down power or steal credentials. One unpatched Modbus flaw risks remote “power denial” ...
Fuji Electric HMI Configurator Flaws Industrial Software Vulnerabilities Expose Hack Risks
Cybersecurity
Fuji Electric HMI Configurator Flaws: Industrial Software Vulnerabilities Expose Hack Risks
Gabby Lee October 30, 2025
Fuji Electric’s Monitouch V-SFT, Tellus Lite V-Simulator, and V-Server Lite tools contain critical flaws (CVE-2024-11787, others) enabling remote code execution. CISA urges urgent patching.
Atroposia Malware Now Comes With Built-In Local Vulnerability Scanner
Cybersecurity
Atroposia Malware Now Comes With Built-In Local Vulnerability Scanner
Mitchell Langley October 29, 2025
Atroposia is a newly surfaced malware-as-a-service kit that integrates remote access, credential theft and a built-in vulnerability scanner, enabling low-skill attackers to execute advanced campaigns.
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
Endpoint Security
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
Gabby Lee October 29, 2025
The TEE.Fail side-channel attack allows extraction of cryptographic keys from Intel SGX, AMD SEV-SNP and NVIDIA GPU confidential environments via low-cost DDR5 memory bus interposers.
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
CVE Vulnerability Alerts
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
Mitchell Langley October 29, 2025
CISA warns that two vulnerabilities in DELMIA Apriso (CVE-2025-6204 and CVE-2025-6205) are under active exploitation, urging immediate patching across manufacturing operations.
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Application Security
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
Gabby Lee October 29, 2025
The Australian regulator alleges Microsoft misled 2.7 million consumers into Copilot-integrated Microsoft 365 plans by concealing a cheaper Classic tier, prompting legal action and potential ...
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Cybersecurity
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Andrew Doyle October 29, 2025
Qilin ransomware now exploits the Windows Subsystem for Linux to deploy Linux encryptors on Windows hosts, blending BYOVD attacks and remote-management tools for stealth/
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
Cybersecurity
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
Mitchell Langley October 29, 2025
Dentsu has confirmed a cyberattack on its UK operations via Merkle’s servers, exposing employee payroll and personal details, raising identity theft and phishing concerns.
Palo Alto Networks Unveils AI Security Suite Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
Cybersecurity
Palo Alto Networks Unveils AI Security Suite: Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
Gabby Lee October 29, 2025
Palo Alto Networks has launched Cortex Cloud 2.0 and Prisma AIRS 2.0—AI-driven platforms for cloud and AI application security. Combining automation, real-time threat detection, and ...
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
Cybersecurity
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
Andrew Doyle October 28, 2025
An Italian spyware vendor has been linked to Google Chrome zero-day attacks targeting Android and Windows users, exploiting CVE-2025-1234 to deliver advanced surveillance tools globally.
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
Cybersecurity
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
Mitchell Langley October 28, 2025
QNAP warned that its Windows-based NetBak Replicator backup software is vulnerable to the critical ASP.NET flaw CVE-2024-43491, urging users to apply Microsoft’s latest security patches ...
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
Cybersecurity
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
Andrew Doyle October 28, 2025
NCX exchange exposed over 5 million records including wallet addresses, hashed passwords, 2FA codes and KYC documents—highlighting serious custodial risk and credential exploitation potential.
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
Cybersecurity
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
Andrew Doyle October 28, 2025
Russian-linked ransomware group claims to have stolen 1.5 million records from Dublin Airport’s passenger systems, raising urgent concerns around aviation supply-chain cybersecurity and travel-data exposure.
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Cybersecurity
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Andrew Doyle October 28, 2025
HSBC USA confirmed a cybersecurity breach exposing sensitive financial and personal data through unauthorized vendor access. The bank strengthened encryption, monitoring, and multi-layered authentication systems ...
Pwn2Own Ireland 2025 $1M Reward for 73 Zero-Day Exploits Uncovered
Cybersecurity
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
Gabby Lee October 28, 2025
Pwn2Own Ireland 2025 awarded over $1 million for 73 zero-day discoveries across phones, NAS devices, and smart tech. The Summoning Team won “Master of Pwn,” ...
OpenAI Atlas Omnibox Vulnerability Prompt Injection Flaw Exposes Unauthorized Access Risks
Application Security
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Gabby Lee October 27, 2025
Researchers discovered a prompt injection flaw in OpenAI’s ChatGPT Atlas browser that lets attackers manipulate its AI agent via malformed omnibox input. The bug exposes ...
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Dell Breach by World Leaks: Extortion Attempt Hits Demo Platform
July 22, 2025
Podcasts
Critical VPN Vulnerability: ExpressVPN Exposed IPs via RDP Misrouting
July 22, 2025
Podcasts
Dior Data Breach Exposes U.S. Customer Info in LVMH Vendor Attack
July 21, 2025

Cyber Security News

Coruna iOS Exploits Target Apple Devices in Espionage and Financial Attacks
Cybersecurity
Coruna iOS Exploits Target Apple Devices in Espionage and Financial Attacks
March 5, 2026
FBI Seizes LeakBase and Disrupts a Major Cybercrime Forum
Cybersecurity
FBI Seizes LeakBase and Disrupts a Major Cybercrime Forum
March 5, 2026
Zurich Forms Cyber Insurance Powerhouse with $11 Billion Beazley Acquisition
Cybersecurity
Zurich Forms Cyber Insurance Powerhouse with $11 Billion Beazley Acquisition
March 5, 2026
Retaliatory Hacktivism Escalates Amid Epic Fury and Roaring Lion Military Operations
Cybersecurity
Retaliatory Hacktivism Escalates Amid Epic Fury and Roaring Lion Military Operations
March 5, 2026
University of Mississippi Medical Center Resumes Operations After Nine-Day Ransomware Attack
Cybersecurity
University of Mississippi Medical Center Resumes Operations After Nine-Day Ransomware Attack
March 5, 2026
LexisNexis Data Breach Claimed by Fulcrumsec Group
Cybersecurity
LexisNexis Data Breach Claimed by Fulcrumsec Group
March 5, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Canada Confirms Hacktivist Breaches Targeting Water and Energy Infrastructure
October 30, 2025
Canadian authorities revealed multiple hacktivist intrusions into water, energy, and agricultural systems, manipulating industrial controls in opportunistic attacks that risked operational safety but aimed mainly ...
Ribbon Communications Breach Linked to Foreign State Hackers, Exposing Telecom Supply Chains
October 30, 2025
Nation-state hackers breached U.S. telecom provider Ribbon Communications, maintaining covert access for nearly a year and exposing sensitive customer data in a targeted cyberespionage campaign.
WordPress Security Plugin Vulnerability Exposes Private Server Files to Site Subscribers
October 30, 2025
A flaw in the Anti-Malware Security and Brute-Force Firewall plugin let WordPress subscribers access private server files, prompting urgent updates to prevent data exposure.
Phoenix Contact UPS Vulnerabilities: Critical Flaws May Cause Denial-of-Service
October 30, 2025
Critical flaws in Phoenix Contact’s QUINT4 UPS devices could let attackers shut down power or steal credentials. One unpatched Modbus flaw risks remote “power denial” ...
Fuji Electric HMI Configurator Flaws: Industrial Software Vulnerabilities Expose Hack Risks
October 30, 2025
Fuji Electric’s Monitouch V-SFT, Tellus Lite V-Simulator, and V-Server Lite tools contain critical flaws (CVE-2024-11787, others) enabling remote code execution. CISA urges urgent patching.
Atroposia Malware Now Comes With Built-In Local Vulnerability Scanner
October 29, 2025
Atroposia is a newly surfaced malware-as-a-service kit that integrates remote access, credential theft and a built-in vulnerability scanner, enabling low-skill attackers to execute advanced campaigns.
TEE.Fail Attack Undermines Confidential Computing on Intel, AMD, and NVIDIA CPUs
October 29, 2025
The TEE.Fail side-channel attack allows extraction of cryptographic keys from Intel SGX, AMD SEV-SNP and NVIDIA GPU confidential environments via low-cost DDR5 memory bus interposers.
CISA Alerts to Actively Exploited Vulnerabilities in DELMIA Apriso by Dassault Systèmes
October 29, 2025
CISA warns that two vulnerabilities in DELMIA Apriso (CVE-2025-6204 and CVE-2025-6205) are under active exploitation, urging immediate patching across manufacturing operations.
Microsoft Faces Lawsuit Over Misleading Customers Into Copilot-Enhanced Microsoft 365 Subscriptions
October 29, 2025
The Australian regulator alleges Microsoft misled 2.7 million consumers into Copilot-integrated Microsoft 365 plans by concealing a cheaper Classic tier, prompting legal action and potential ...
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
October 29, 2025
Qilin ransomware now exploits the Windows Subsystem for Linux to deploy Linux encryptors on Windows hosts, blending BYOVD attacks and remote-management tools for stealth/
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
October 29, 2025
Dentsu has confirmed a cyberattack on its UK operations via Merkle’s servers, exposing employee payroll and personal details, raising identity theft and phishing concerns.
Palo Alto Networks Unveils AI Security Suite: Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
October 29, 2025
Palo Alto Networks has launched Cortex Cloud 2.0 and Prisma AIRS 2.0—AI-driven platforms for cloud and AI application security. Combining automation, real-time threat detection, and ...
Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs
October 29, 2025
A newly uncovered cyber-espionage operation known as Operation ForumTroll has revealed the resurgence of commercial spyware in state-sponsored surveillance campaigns. According to new research from ...
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
October 28, 2025
A global smishing campaign of unprecedented scale has been uncovered by Palo Alto Networks, revealing the vast operations of a Chinese-speaking threat actor known as ...
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
October 28, 2025
The global ransomware economy is collapsing under growing resistance from its targets. According to new data from cybersecurity firm Coveware, the third quarter of 2025 ...
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
October 28, 2025
Mozilla is taking a decisive step toward transparency and user control by requiring all Firefox extensions to disclose how they collect and handle personal data. ...
Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software
October 28, 2025
Chainguard, the Kirkland, Washington-based cybersecurity company, has announced a landmark $280 million growth funding round led by General Catalyst’s Customer Value Fund (CVF), pushing its ...
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
October 28, 2025
An Italian spyware vendor has been linked to Google Chrome zero-day attacks targeting Android and Windows users, exploiting CVE-2025-1234 to deliver advanced surveillance tools globally.
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
October 28, 2025
QNAP warned that its Windows-based NetBak Replicator backup software is vulnerable to the critical ASP.NET flaw CVE-2024-43491, urging users to apply Microsoft’s latest security patches ...
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
October 28, 2025
NCX exchange exposed over 5 million records including wallet addresses, hashed passwords, 2FA codes and KYC documents—highlighting serious custodial risk and credential exploitation potential.
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2