Cyber Security
Identity and Access Management
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
San Francisco startup Keycard has emerged from stealth with $38M in funding to launch an IAM platform built for AI agents. Designed to secure autonomous ...
Product Reviews
SailPoint Identity Risk Review: Intelligent Identity Threat Detection
SailPoint Identity Risk delivers advanced visibility into identity-based threats across human and machine accounts. It unifies access intelligence, behavioral analytics, and risk-based policy automation for ...
Application Security
Massive Gmail Data Breach Exposes 183 Million User Credentials
A massive Gmail breach exposed 183 million user credentials compiled by Synthient, prompting cybersecurity warnings about reused passwords and urging users to enable multi-factor authentication.
Application Security
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
Malware built on the RedTiger red-teaming toolkit is actively stealing Discord tokens, browser credentials and crypto wallet data, enabling account takeover even after victims reset ...
Application Security
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
Researchers uncovered a TCAP-layer SS7 bypass that lets attackers intercept SMS, reroute calls, manipulate billing, and track locations by embedding extended TCAP tags to evade ...
Cybersecurity
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
The Philippine privacy regulator is investigating GCash over unauthorized user transactions while the e-wallet operator denies any data leak, raising concerns about mobile wallet security ...
Application Security
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
Meta has patched two low-risk WhatsApp flaws—CVE-2025-55177 and CVE-2025-30401—affecting desktop and mobile sync features. Both required user interaction and posed no remote code execution risk, ...
CVE Vulnerability Alerts
TP-Link Patches Critical Omada Gateway Vulnerabilities Preventing Remote Attacks
TP-Link has patched four critical flaws—two enabling unauthenticated remote code execution—affecting Omada gateway devices. The vulnerabilities (CVE-2025-6542, -6541, -7850, -7851) impact multiple ER, G, and ...
Application Security
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
A new phishing technique called “CoPhish” exploits Microsoft Copilot Studio to deliver OAuth-based attacks through legitimate Microsoft domains. By embedding malicious login flows in Copilot ...
Application Security
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
A global wave of remote code execution attacks is targeting outdated WordPress plugins, including GutenKit, Hunk Companion, and WP Ghost. Despite available patches, sluggish updates ...
Application Security
Exploitable Bug in Rust async-tar Library — TARmageddon Gives Attackers RCE
The TARmageddon flaw (CVE-2025-62518) in Rust’s async-tar and tokio-tar libraries allows remote code execution via desynchronized TAR parsing. Exploited through nested archives, it threatens CI/CD, ...
CVE Vulnerability Alerts
Critical WSUS Flaw (CVE-2025-61884) Drives Elevated RCE Attacks on Windows Server
A critical RCE flaw, CVE-2025-59287, in Microsoft WSUS allows unauthenticated attackers to gain SYSTEM access via unsafe deserialization. Despite patches, active exploitation continues, prompting urgent ...
Application Security
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
SessionReaper (CVE-2025-54236) is being actively exploited in Adobe Commerce and Magento stores, enabling account takeover and web-shell deployment as more than 60% of installations remain ...
Cybersecurity
Blue Cross Blue Shield of Montana Breach Exposes Data of 462,000 Members
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Application Security
Post-Patch ‘ToolShell’ Exploit: CVE-2025-53770 Abused in Microsoft SharePoint
Chinese state-backed hackers are exploiting a critical Microsoft SharePoint flaw, CVE-2025-53770 “ToolShell,” enabling unauthenticated remote code execution and data theft. Despite emergency patches, exploitation persists, ...
CVE Vulnerability Alerts
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
CISA warns that a critical Lanscope Endpoint Manager flaw (CVE-2025-61932) is being exploited in the wild, prompting urgent patching and endpoint management lockdowns globally.
Cybersecurity
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
Moroccan cybercriminals—tracked as Jingle Thief/Atlas Lion/Storm-0539—use sophisticated phishing and Entra ID abuse to hijack Microsoft 365 workflows and issue fraudulent gift cards at scale. Their ...
Cybersecurity
Iran-Linked APT Deploys Phoenix Backdoor Against 100+ Government Organisations
Iran-linked MuddyWater deployed Phoenix v4 backdoor via spear-phishing to over 100 government organisations, using trusted tools and stealth techniques to enable global espionage operations.
Application Security
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
Researchers warn of rising “AI sidebar spoofing” attacks in browsers like Atlas and Comet, where fake AI panels mimic trusted interfaces to steal credentials, deploy ...
News
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
A ransomware attack on Maryland’s Transit Administration crippled paratransit scheduling, disrupting transportation for disabled riders. The Rhysida group claimed responsibility, demanding ransom after locking key ...
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
TOP CYBERSECURITY HEADLINES
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
Russian-linked ransomware group claims to have stolen 1.5 million records from Dublin Airport’s passenger systems, raising urgent concerns around aviation supply-chain cybersecurity and travel-data exposure.
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
HSBC USA confirmed a cybersecurity breach exposing sensitive financial and personal data through unauthorized vendor access. The bank strengthened encryption, monitoring, and multi-layered authentication systems ...
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
Pwn2Own Ireland 2025 awarded over $1 million for 73 zero-day discoveries across phones, NAS devices, and smart tech. The Summoning Team won “Master of Pwn,” ...
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Researchers discovered a prompt injection flaw in OpenAI’s ChatGPT Atlas browser that lets attackers manipulate its AI agent via malformed omnibox input. The bug exposes ...
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
San Francisco startup Keycard has emerged from stealth with $38M in funding to launch an IAM platform built for AI agents. Designed to secure autonomous ...
SailPoint Identity Risk Review: Intelligent Identity Threat Detection
SailPoint Identity Risk delivers advanced visibility into identity-based threats across human and machine accounts. It unifies access intelligence, behavioral analytics, and risk-based policy automation for ...
Massive Gmail Data Breach Exposes 183 Million User Credentials
A massive Gmail breach exposed 183 million user credentials compiled by Synthient, prompting cybersecurity warnings about reused passwords and urging users to enable multi-factor authentication.
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
Malware built on the RedTiger red-teaming toolkit is actively stealing Discord tokens, browser credentials and crypto wallet data, enabling account takeover even after victims reset ...
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
Researchers uncovered a TCAP-layer SS7 bypass that lets attackers intercept SMS, reroute calls, manipulate billing, and track locations by embedding extended TCAP tags to evade ...
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
The Philippine privacy regulator is investigating GCash over unauthorized user transactions while the e-wallet operator denies any data leak, raising concerns about mobile wallet security ...
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
Meta has patched two low-risk WhatsApp flaws—CVE-2025-55177 and CVE-2025-30401—affecting desktop and mobile sync features. Both required user interaction and posed no remote code execution risk, ...
$1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk”
The Pwn2Own Ireland 2025 hacking competition was set to feature one of its most anticipated moments — a $1 million zero-click remote code execution exploit ...
OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw
A serious vulnerability has been discovered in the OpenAI Atlas omnibox, a hybrid interface designed to handle both URLs and user prompts. Researchers at NeuralTrust ...
Microsoft Rushes Emergency Fix for WSUS Remote Code Execution Flaw (CVE-2025-59287)
A critical remote code execution (RCE) flaw, tracked as CVE-2025-59287, has put thousands of enterprise networks at risk by exposing the Windows Server Update Service ...
TP-Link Patches Critical Omada Gateway Vulnerabilities Preventing Remote Attacks
TP-Link has patched four critical flaws—two enabling unauthenticated remote code execution—affecting Omada gateway devices. The vulnerabilities (CVE-2025-6542, -6541, -7850, -7851) impact multiple ER, G, and ...
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
A new phishing technique called “CoPhish” exploits Microsoft Copilot Studio to deliver OAuth-based attacks through legitimate Microsoft domains. By embedding malicious login flows in Copilot ...
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
A global wave of remote code execution attacks is targeting outdated WordPress plugins, including GutenKit, Hunk Companion, and WP Ghost. Despite available patches, sluggish updates ...
Exploitable Bug in Rust async-tar Library — TARmageddon Gives Attackers RCE
The TARmageddon flaw (CVE-2025-62518) in Rust’s async-tar and tokio-tar libraries allows remote code execution via desynchronized TAR parsing. Exploited through nested archives, it threatens CI/CD, ...
Critical WSUS Flaw (CVE-2025-61884) Drives Elevated RCE Attacks on Windows Server
A critical RCE flaw, CVE-2025-59287, in Microsoft WSUS allows unauthenticated attackers to gain SYSTEM access via unsafe deserialization. Despite patches, active exploitation continues, prompting urgent ...
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
SessionReaper (CVE-2025-54236) is being actively exploited in Adobe Commerce and Magento stores, enabling account takeover and web-shell deployment as more than 60% of installations remain ...