Cyber Security
News
AI-Powered Phishing Campaigns Mimic Enterprise Marketing Operations
Generative AI has transformed phishing operations into scalable, targeted attack campaigns that mirror corporate marketing. Here's how organizations can respond.
News
California Man Pleads Guilty to Laundering $25 Million From $230 Million Cryptocurrency Heist
A 45-year-old California man has admitted to laundering over $25 million stolen in a 2023 cryptocurrency heist tied to North Korea’s Lazarus Group.
Application Security
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
News
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
Cybersecurity
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Cybersecurity startup Mate has emerged from stealth with a $15.5M seed round to accelerate its enterprise-focused cloud security platform. The company plans to expand engineering, ...
Cybersecurity
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...
News
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
Amazon’s threat intelligence team has linked Iranian state-backed hackers to cyber intrusions that directly supported physical military operations. The findings show Tehran merging digital espionage ...
Cybersecurity
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
The U.S., U.K., and Australia have jointly sanctioned Russian nationals Aleksandr Ermakov and Aleksandr Rakitin, along with several bulletproof hosting providers, for enabling ransomware groups ...
Endpoint Security
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
Operation WrtHug is hijacking tens of thousands of outdated ASUS routers worldwide by exploiting old firmware flaws and default credentials. The botnet is growing rapidly, ...
Application Security
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
A new campaign in Brazil hijacks WhatsApp accounts to spread the Eternidade Stealer banking trojan. Attackers use trusted contacts to deliver malicious files, enabling credential ...
Application Security
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
A critical flaw in the W3 Total Cache plugin allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious payloads into WordPress comments. With ...
CVE Vulnerability Alerts
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
A newly disclosed 7-Zip vulnerability, CVE-2025-11001, is being actively exploited, allowing remote code execution through malicious archive files. NHS England warns organizations to urgently update ...
Cybersecurity
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Provincial investigations found Canadian school boards unprepared for a 2024 PowerSchool cyberattack, affecting 5.2 million people and revealing inadequate breach response and oversight protocols.
Application Security
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Microsoft is adding a false-positive reporting feature to Teams, allowing users to flag messages incorrectly quarantined by Defender for Office 365. The feedback will help ...
Application Security
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
Microsoft is bringing one of its most widely-used threat detection tools, Sysmon (System Monitor), into the Windows operating system itself—removing ...
Cybersecurity
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
The U.S. is preparing to expand offensive cyber operations in response to escalating nation-state attacks, according to National Cyber Director Sean Cairncross. While timelines remain ...
Application Security
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
Microsoft is introducing two new Windows 11 recovery tools—Point-in-Time Restore and Cloud Rebuild—to help enterprises quickly recover from misconfigurations, faulty updates, or system failures. The ...
News
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
The Sneaky 2FA phishing platform now incorporates Browser-in-the-Browser deception, enabling attackers to convincingly mimic legitimate login windows and harvest credentials and MFA codes. This upgrade ...
Cybersecurity
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
The FCC is preparing to vote on rolling back cybersecurity rules imposed after the Salt Typhoon espionage campaign, following heavy telecom industry pushback. Carriers argue ...
Network Security
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
A configuration error at Cloudflare on November 18 caused a major global outage affecting ChatGPT, Shopify, X, and multiple public-sector sites. Though resolved within an ...
Application Security
Mastra AI npm Supply Chain Attack Hits 1.1M Weekly Downloads
TOP CYBERSECURITY HEADLINES
Application Security
CISA Adds Joomla JCE CVE-2026-48907 to KEV Amid Active Scans
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
This Week’s Security Spotlight
Cybersecurity
iRhythm Confirms PHI Exfiltration via Social Engineering
Application Security
Obsidian Finds CVSS 9.9 Attack Chain in LiteLLM AI Gateway
Application Security
PromptSnatcher Extensions Stole AI Chats From 90,000 Users
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Rising DevOps Threats Drive Urgent Need for Automated Repository Backups
DevOps teams are increasingly facing outages, misconfigurations, and access control failures that jeopardize source code repositories and CI/CD pipelines. With accidental deletions and external threats ...
ShinySp1d3r Ransomware-as-a-Service Previews its Threat Capabilities
An early leak of the ShinySp1d3r ransomware-as-a-service platform reveals a modular, highly customizable framework still in development. Featuring configurable encryption modes, anti-analysis techniques, and a ...
Mate Raises $15.5 Million to Launch Enterprise-Focused Cloud Security Platform
Cybersecurity startup Mate has emerged from stealth with a $15.5M seed round to accelerate its enterprise-focused cloud security platform. The company plans to expand engineering, ...
Secure.com Launches AI-Powered Digital Security Teammate After $4.5M Seed Funding
Secure.com has launched its AI-powered Digital Security Teammate (DST), an autonomous agent designed to perform continuous incident detection, investigation, and escalation. Backed by $4.5M in ...
Amazon Uncovers Iran’s Use of Cyber Operations to Enable Kinetic Attacks
Amazon’s threat intelligence team has linked Iranian state-backed hackers to cyber intrusions that directly supported physical military operations. The findings show Tehran merging digital espionage ...
U.S., U.K., and Australia Sanction Russian Bulletproof Hosting Providers Supporting Ransomware
The U.S., U.K., and Australia have jointly sanctioned Russian nationals Aleksandr Ermakov and Aleksandr Rakitin, along with several bulletproof hosting providers, for enabling ransomware groups ...
Operation WrtHug Compromises ASUS Routers in Global Botnet Expansion
Operation WrtHug is hijacking tens of thousands of outdated ASUS routers worldwide by exploiting old firmware flaws and default credentials. The botnet is growing rapidly, ...
WhatsApp Hijack Campaign Distributes Brazilian Banking Trojan
A new campaign in Brazil hijacks WhatsApp accounts to spread the Eternidade Stealer banking trojan. Attackers use trusted contacts to deliver malicious files, enabling credential ...
Critical W3 Total Cache Plugin Flaw Lets Attackers Execute Remote PHP Commands
A critical flaw in the W3 Total Cache plugin allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious payloads into WordPress comments. With ...
7-Zip Vulnerability CVE-2025-11001 Actively Exploited in the Wild
A newly disclosed 7-Zip vulnerability, CVE-2025-11001, is being actively exploited, allowing remote code execution through malicious archive files. NHS England warns organizations to urgently update ...
School Boards Found Unprepared Following Mass Student Data Breach Across Canada
Provincial investigations found Canadian school boards unprepared for a 2024 PowerSchool cyberattack, affecting 5.2 million people and revealing inadequate breach response and oversight protocols.
Microsoft Adds False-Positive Reporting to Teams Security Alerts
Microsoft is adding a false-positive reporting feature to Teams, allowing users to flag messages incorrectly quarantined by Defender for Office 365. The feedback will help ...
Microsoft to Integrate Sysmon Natively into Windows 11 and Server 2025
Microsoft is bringing one of its most widely-used threat detection tools, Sysmon (System Monitor), into the Windows operating system itself—removing the need for administrators to ...
U.S. Cyber Chief Signals More Offensive Operations, But Keeps Timeline Secret
The U.S. is preparing to expand offensive cyber operations in response to escalating nation-state attacks, according to National Cyber Director Sean Cairncross. While timelines remain ...
Microsoft Unveils Windows 11 Recovery Tools to Reduce Downtime and Data Loss
Microsoft is introducing two new Windows 11 recovery tools—Point-in-Time Restore and Cloud Rebuild—to help enterprises quickly recover from misconfigurations, faulty updates, or system failures. The ...
Sneaky 2FA PhaaS Platform Adds Browser-in-the-Browser Attacks to Bypass MFA
The Sneaky 2FA phishing platform now incorporates Browser-in-the-Browser deception, enabling attackers to convincingly mimic legitimate login windows and harvest credentials and MFA codes. This upgrade ...
FCC Reconsiders Biden-Era Cybersecurity Rules After Industry Pushback
The FCC is preparing to vote on rolling back cybersecurity rules imposed after the Salt Typhoon espionage campaign, following heavy telecom industry pushback. Carriers argue ...
Cloudflare Outage Causes Global Disruptions but Rules Out Cyberattack
A configuration error at Cloudflare on November 18 caused a major global outage affecting ChatGPT, Shopify, X, and multiple public-sector sites. Though resolved within an ...
MI5 Warns of Chinese Espionage Campaign Exploiting LinkedIn for Intelligence Gathering
MI5 warns that Chinese intelligence operatives are using LinkedIn and fake recruiters to target UK professionals with access to sensitive information. Thousands have reportedly been ...
Pennsylvania Attorney General’s Office Confirms Data Breach After Ransomware Attack
A ransomware attack by the Inc Ransom group has hit the Pennsylvania Office of the Attorney General, with attackers claiming to have stolen over 700GB ...