Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
OneClik Campaign Exploits Microsoft ClickOnce and AWS to Breach Energy and Industrial Networks
News
OneClik Campaign Exploits Microsoft ClickOnce and AWS to Breach Energy and Industrial Networks
Mitchell Langley June 26, 2025
A stealthy malware campaign abuses Microsoft ClickOnce and AWS services to deploy Golang-based RunnerBeacon backdoors targeting energy and industrial organizations with advanced evasion techniques.
Columbia University Struggles to Restore Services Following Suspected Cyberattack
News
Columbia University Struggles to Restore Services Following Suspected Cyberattack
Mitchell Langley June 26, 2025
Columbia University is working to restore critical systems following a suspected cyberattack that has caused widespread outages, impacting thousands of students and faculty.
CISA Confirms Active Exploitation of Critical AMI MegaRAC BMC Vulnerability Enabling Remote Server Hijack
News
CISA Confirms Active Exploitation of Critical AMI MegaRAC BMC Vulnerability Enabling Remote Server Hijack
Mitchell Langley June 26, 2025
CISA confirms that a critical vulnerability in AMI MegaRAC BMC firmware is being exploited to hijack servers remotely, prompting urgent patching across government and enterprise ...
Hacker 'IntelBroker' Indicted in $25M Global Data Theft Campaign
News
Hacker ‘IntelBroker’ Indicted in $25M Global Data Theft Campaign
Andrew Doyle June 26, 2025
British hacker ‘IntelBroker’ charged by U.S. authorities for stealing and selling sensitive data worldwide, causing $25 million in damage to governments and global enterprises.
French Authorities Arrest BreachForums v2 Operators Behind Global Data Theft Campaigns
News
French Authorities Arrest BreachForums v2 Operators Behind Global Data Theft Campaigns
Andrew Doyle June 26, 2025
French police arrest BreachForums v2 operators, including ShinyHunters and IntelBroker, tied to major global and national data breaches affecting millions of users and enterprises.
Scattered Spider: What You Know About It and What You Don’t
Blog
Scattered Spider: The Threat You Think You Know
Gabby Lee June 25, 2025
Scattered Spider isn’t a single group but a sprawling web of identity-based attackers exploiting help desks, MFA gaps, and cloud admin tools to breach enterprises. ...
New FileFix Attack Exploits Windows File Explorer to Deliver Stealthy Commands
News
New FileFix Attack Exploits Windows File Explorer to Deliver Stealthy Commands
Andrew Doyle June 25, 2025
A researcher has revealed a new FileFix attack that abuses Windows File Explorer’s address bar to stealthily execute commands, expanding on previous ClickFix phishing techniques. ...
Trojanized SonicWall NetExtender Client Targets VPN Credentials via Spoofed Sites
News
Trojanized SonicWall NetExtender Client Targets VPN Credentials via Spoofed Sites
Mitchell Langley June 25, 2025
SonicWall and Microsoft have discovered a trojanized version of the NetExtender VPN client being distributed via spoofed websites, stealing remote access credentials from unsuspecting users. ...
New Spear Phishing Campaign Targets Financial Executives Using Legitimate Remote Access Tools
News
New Spear Phishing Campaign Targets Financial Executives Using Legitimate Remote Access Tools
Mitchell Langley June 25, 2025
A sophisticated spear phishing campaign is targeting CFOs and finance leaders worldwide, using legitimate tools like NetBird and OpenSSH to quietly breach enterprise networks.
Two Healthcare Data Breaches Expose Over 220,000 Records at Mainline Health and Select Medical
News
Two Healthcare Data Breaches Expose Over 220,000 Records at Mainline Health and Select Medical
Mitchell Langley June 25, 2025
Mainline Health and Select Medical Holdings have disclosed separate data breaches impacting more than 220,000 individuals, with ransomware and third-party compromise behind the incidents.
UK Government Warns of £1.6 Million in Ticket Scams Ahead of Glastonbury Festival
News
UK Government Warns of £1.6 Million in Ticket Scams Ahead of Glastonbury Festival
Andrew Doyle June 25, 2025
Concertgoers in the UK have lost over £1.6 million to ticket fraud in 2024, prompting urgent warnings from the government as festival season begins.
170K-Record Database Exposes Unencrypted PII from Real Estate Sector
News
170K-Record Database Exposes Unencrypted PII from Real Estate Sector
Andrew Doyle June 24, 2025
A misconfigured database tied to a U.S. real estate firm exposed 170,000 records of sensitive personal and internal data, including Social Security numbers and employment ...
Anubis Ransomware: A Destructive, Cross-Platform Threat
Resources
Anubis Ransomware: A Destructive, Cross-Platform Threat
Mitchell Langley June 24, 2025
Anubis ransomware combines encryption and file-wiping capabilities, targeting Windows, Linux, and NAS systems with stealthy command-line execution and affiliate-driven campaigns across multiple industries.
Steel Giant Nucor Confirms Data Theft in Recent Cybersecurity Breach
News
Steel Giant Nucor Confirms Data Theft in Recent Cybersecurity Breach
Mitchell Langley June 24, 2025
Nucor, North America’s largest steel producer, has confirmed data theft following a cybersecurity breach that temporarily disrupted operations and forced system shutdowns.
Chinese APT Group ‘Salt Typhoon’ Breaches Canadian Telecom Firm Using Cisco IOS XE Vulnerability
News
Chinese APT Group ‘Salt Typhoon’ Breaches Canadian Telecom Firm Using Cisco IOS XE Vulnerability
Mitchell Langley June 24, 2025
Canada confirms a state-sponsored breach in its telecom sector, where Salt Typhoon exploited an unpatched Cisco vulnerability to compromise devices and reroute sensitive network traffic. ...
Russia-Linked Hackers Deploy Sophisticated Social Engineering Attack and Evade MFA
News
Russia-Linked Hackers Deploy Sophisticated Social Engineering Attack and Evade MFA
Mitchell Langley June 24, 2025
Russian state-sponsored hackers targeted a critic of the Kremlin using a novel social engineering tactic that tricked the victim into bypassing multi-factor authentication protections.
16 Billion Passwords Exposed in Record-Breaking Breach: A Deep Dive into the Data Leak That Affects Everyone
News
16 Billion Passwords Exposed in Record-Breaking Breach: A Deep Dive into the Data Leak That Affects Everyone
Andrew Doyle June 24, 2025
A massive breach has exposed 16 billion login credentials, potentially affecting services like Facebook, Google, and Apple. This fresh infostealer data opens the door to ...
APT28 Hackers Use Signal to Target Ukraine with New Malware Families BeardShell and SlimAgent
News
APT28 Hackers Use Signal to Target Ukraine with New Malware Families BeardShell and SlimAgent
Andrew Doyle June 24, 2025
Russian threat group APT28 is using Signal messages to deliver new malware—BeardShell and SlimAgent—targeting Ukrainian government entities through sophisticated phishing and loader tactics.
Anubis Ransomware Gang Claims 64GB Disneyland Paris Leak in Alleged Construction Data Breach
News
Anubis Ransomware Gang Claims 64GB Disneyland Paris Leak in Alleged Construction Data Breach
Mitchell Langley June 24, 2025
Anubis ransomware group claims to hold 64GB of Disneyland Paris data, including engineering plans and behind-the-scenes content, though the source and sensitivity remain unclear.
McLaren Health Care Data Breach Exposes Personal Information of 743,000 Individuals
News
McLaren Health Care Data Breach Exposes Personal Information of 743,000 Individuals
Mitchell Langley June 24, 2025
McLaren Health Care has suffered a major data breach, exposing sensitive personal and medical data of 743,000 individuals, following a history of ransomware incidents.
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
StrongestLayer Raises $5.2M to Fight AI-Powered Phishing with TRACE
July 21, 2025
Podcasts
750,000 Records Exposed: Inside the TADTS Data Breach by BianLian
July 21, 2025
Podcasts
SS7 Is Still Broken: How Surveillance Firms Are Bypassing Telco Defenses
July 21, 2025

Cyber Security News

ShadyPanda Malware Exploits Browser Extensions for Mass Infiltration
Application Security
ShadyPanda Malware Exploits Browser Extensions for Mass Infiltration
December 2, 2025
SmartTube YouTube Client for Android TV Compromised in Malicious Update Incident
Cybersecurity
SmartTube YouTube Client for Android TV Compromised in Malicious Update Incident
December 2, 2025
South Korea's Coupang Faces Data Breach Impacting Millions Implications for The Retail Giant
Data Security
South Korea’s Coupang Faces Data Breach Impacting Millions: Implications for The Retail Giant
December 2, 2025
Seven-Year Browser Extension Campaign Poses Significant Threat to Users
Application Security
Seven-Year Browser Extension Campaign Poses Significant Threat to Users
December 2, 2025
India's Telecommunications Ministry Mandates Preloaded Cybersecurity App
Application Security
India’s Telecommunications Ministry Mandates Preloaded Cybersecurity App
December 2, 2025
Microsoft Tackles Excel Attachment Issue in New Outlook Client
Application Security
Microsoft Tackles Excel Attachment Issue in New Outlook Client
December 2, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
New Linux Backdoor “Plague” Evades Detection for Months
August 6, 2025
A stealthy Linux backdoor named Plague has evaded antivirus detection for months, exploiting PAM authentication modules to provide attackers with persistent SSH access and near-total ...
From Google to LVMH: ShinyHunters’ Salesforce Breaches Spark Global Ransom Crisis
August 6, 2025
A new wave of cyber extortion is sweeping across global enterprises, and the battlefield is Salesforce CRM. The notorious **ShinyHunters group—tracked internally by Google as ...
Cisco Hit by Vishing Attack: CRM Breach Exposes Millions of User Profiles
August 6, 2025
Cisco has confirmed a new data breach after a vishing (voice phishing) attack tricked a company representative into exposing access to a third-party CRM system. ...
Ox Security Unveils Agent Ox: AI Tool That Writes Tailored Fixes for Software Vulnerabilities
August 6, 2025
The world of application security is shifting dramatically as AI begins to move from simply flagging vulnerabilities to actively fixing them. Ox Security has launched ...
Meta Deletes 6.8 Million Scam Accounts as AI-Powered Fraud Rings Exploit WhatsApp
August 6, 2025
Meta has removed 6.8 million accounts tied to criminal scam centers in the first half of 2025, marking one of the most aggressive crackdowns on ...
APT28 / Fancy Bear: Russian State Sponsored APT
August 6, 2025
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical infrastructure.
Meta Found Liable: Jury Rules Against Tech Giant in Flo Health Privacy Case
August 5, 2025
In a landmark decision, a California jury has ruled Meta guilty of violating user privacy laws in a class-action lawsuit tied to the popular Flo ...
TSMC Insider Threat: Six Arrested in Taiwan Over 2nm Chip Trade Secrets
August 5, 2025
In a stunning development, Taiwanese authorities have arrested six individuals suspected of stealing trade secrets from Taiwan Semiconductor Manufacturing Co. (TSMC), the world’s most advanced ...
Approov Secures £5M to Fortify Mobile App and API Security Against AI-Driven Threats
August 5, 2025
In a major step for mobile and API cybersecurity, Approov, the Edinburgh-based security firm specializing in real-time mobile attestation and API protection, has raised £5 ...
Pwn2Own Ireland 2025: $1M WhatsApp Exploit Bounty Raises the Stakes
August 5, 2025
This October, Pwn2Own Ireland 2025 will take over Cork with one of the most ambitious cybersecurity competitions yet. Co-sponsored by Meta and organized by Trend ...
FraudOnTok Malware Campaign Targets TikTok Shop Users Through Fake Apps and Phishing Tactics
August 5, 2025
CTM360 exposes the FraudOnTok campaign targeting TikTok Shop users through fake apps and phishing, using SparkKitty spyware to steal crypto wallet data and drain funds. ...
Palo Alto Networks to Acquire CyberArk in $25 Billion Deal to Strengthen Identity Security
August 5, 2025
Palo Alto Networks will acquire CyberArk for $25 billion to combine AI-powered security with identity and privilege controls, targeting evolving enterprise threats.
Chanel Confirms US Customer Data Breach Linked to Salesforce Social Engineering Attacks
August 5, 2025
Chanel confirms a U.S.-based data breach from Salesforce social engineering attacks, exposing contact details amid a broader extortion campaign targeting global enterprise brands.
CurXecute Prompt-Injection Flaw in Cursor IDE Enables Remote Code Execution
August 5, 2025
Cursor IDE’s CurXecute flaw lets malicious prompts escalate to remote code execution; Pi-hole donor emails leaked via GiveWP plugin misconfiguration. Patches released.
Ransomware Gangs Exploit Microsoft SharePoint Flaws in Widespread Attack Campaign
August 5, 2025
Ransomware groups are exploiting Microsoft SharePoint flaws in a global attack campaign, affecting over 148 organizations and linking to Chinese state-backed threat actors.
348,000 Patients Impacted in Mt. Baker Imaging Data Breach
August 5, 2025
A cyberattack on Mt. Baker Imaging exposed sensitive data for 348,000 Washington patients, including medical and financial records, triggering a class action lawsuit.
Everest Ransomware Group Claims Mailchimp but Experts Say Leak Is Minor and Unproven
August 5, 2025
Everest claims Mailchimp data breach, citing a small internal dataset; security insiders and Intuit report no evidence of systemic compromise.
Akira Ransomware Surges on SonicWall Devices Using Zero-Day and Credential Abuse
August 5, 2025
A sharp uptick in Akira ransomware activity is exploiting SonicWall remote access infrastructure, potentially via an unpatched zero-day. Akira Ransomware Campaign Intensifies Against SonicWall SSL ...
Attackers Abuse Link-Wrapping Services to Steal Microsoft 365 Credentials
August 5, 2025
Attackers hijack Proofpoint and Intermedia link-wrapping to hide Microsoft 365 phishing pages, using compromised protected accounts to harvest login credentials.
Nvidia Triton Inference Server Vulnerabilities Expose AI Infrastructure to Attack
August 4, 2025
A major warning has hit the AI community: Nvidia’s Triton Inference Server — one of the most widely used open-source platforms for deploying and scaling ...
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited