Cyber Security
Cybersecurity
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
The U.K. is overhauling its cybersecurity laws to better protect critical infrastructure from escalating cyberattacks, expanding NIS regulations to cover more sectors and third-party providers. ...
Cybersecurity
CISO Forum 2025: Summit Explores AI, Cloud Risk, and Governance Realities
The 2025 CISO Forum Virtual Summit highlighted how modern CISOs must balance innovation with expanding attack surfaces. Sessions focused on AI governance, cloud security, and ...
Cybersecurity
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
News
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
Cybersecurity
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
News
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
Google has filed a lawsuit against a China-based cybercriminal group behind the “Lighthouse” Phishing-as-a-Service toolkit, used in mass SMS phishing (smishing) attacks. The case seeks ...
Application Security
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers a critical Hyper-V remote code ...
CVE Vulnerability Alerts
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
News
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via malicious WhatsApp messages, Maverick shares ...
Cybersecurity
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
Operations behind the Rhadamanthys infostealer have abruptly gone dark, locking out users from control panels and servers. The disruption—possibly a law enforcement takedown or exit ...
Endpoint Security
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Synology patched a critical RCE flaw (CVE-2025-22082) in its BeeStation storage devices after researchers exploited it live at Pwn2Own 2025. The pre-authentication bug allowed full ...
Cybersecurity
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Application Security
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Application Security
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
Cybersecurity
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
Application Security
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Cybersecurity
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
Cybersecurity
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
The Thayer Hotel at West Point notified customers that unauthorized access compromised names, ID document numbers and, for a small number, Social Security numbers of 33,000+ individuals.
Application Security
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
APT37 leveraged phishing, credential theft, and Google Find Hub to execute destructive Android wipes from compromised Windows systems, demonstrating an advanced hybrid desktop-to-mobile attack chain.
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
TOP CYBERSECURITY HEADLINES
Application Security
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Cybersecurity
TVING Data Breach Triggers South Korean Government Probe
This Week’s Security Spotlight
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
Google has filed a lawsuit against a China-based cybercriminal group behind the “Lighthouse” Phishing-as-a-Service toolkit, used in mass SMS phishing (smishing) attacks. The case seeks ...
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers a critical Hyper-V remote code ...
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via malicious WhatsApp messages, Maverick shares ...
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
Operations behind the Rhadamanthys infostealer have abruptly gone dark, locking out users from control panels and servers. The disruption—possibly a law enforcement takedown or exit ...
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Synology patched a critical RCE flaw (CVE-2025-22082) in its BeeStation storage devices after researchers exploited it live at Pwn2Own 2025. The pre-authentication bug allowed full ...
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
The Thayer Hotel at West Point notified customers that unauthorized access compromised names, ID document numbers and, for a small number, Social Security numbers of 33,000+ individuals.
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
APT37 leveraged phishing, credential theft, and Google Find Hub to execute destructive Android wipes from compromised Windows systems, demonstrating an advanced hybrid desktop-to-mobile attack chain.
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
Sensitive credentials and configuration secrets tied to high-profile artificial intelligence (AI) companies were found exposed on public GitHub repositories, potentially allowing attackers unauthorized access to ...
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
A critical flaw in the popular JavaScript library expr-eval allows remote code execution through unsafe expression parsing. With over 800,000 weekly NPM downloads, the issue ...