Main Menu
Cyber Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
TamperedChef Hides Malware Inside Signed Apps
Chrome 148 Patches Critical WebRTC Use-After-Free
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
LG Uplus Confirms Major Server Breach Following Industrywide Cyberattacks
Cybersecurity
LG Uplus Confirms Major Server Breach Following Industrywide Cyberattacks
Mitchell Langley October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Toys “R” Us Canada Data Breach Customer Records Exposed to Cyber Threats
Data Security
Toys “R” Us Canada Data Breach: Customer Records Exposed to Cyber Threats
Gabby Lee October 27, 2025
Toys “R” Us Canada confirmed a cyber incident exposing customer names, addresses, emails, and phone numbers. While no financial data was leaked, experts warn the ...
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
Cybersecurity
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
Andrew Doyle October 27, 2025
PhantomCaptcha spear-phishing campaign targeted over a dozen Ukraine relief organisations using fake CAPTCHA and WebSocket RAT chains to infiltrate humanitarian networks and steal intelligence.
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
Cybersecurity
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
Mitchell Langley October 27, 2025
Lithuanian police dismantled a massive bot farm in Vilnius, seizing 75,000 SIM cards and hundreds of SIM boxes used for large-scale cyber fraud and fake ...
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
Cybersecurity
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
Gabby Lee October 27, 2025
FinWise’s insider breach exposed nearly 700,000 customer records and revealed weak encryption controls, underscoring that data encryption—and key governance—must stand as the final line of ...
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Cybersecurity
Hackers Target Hundreds of Federal Agents in Targeted Attacks
Andrew Doyle October 22, 2025
Hackers exposed data of nearly 1,000 DHS, DOJ, and FBI staff, escalating threats against federal officers amid politically charged cyberattacks and cartel-linked bounty schemes.
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
Cybersecurity
Hackers Threaten to Leak 47GB of Data from Leading Golf Apparel Company
Syed Arslan October 22, 2025
INC Ransom claims to have stolen 47GB of data from Summit Golf Brands, threatening a public leak as part of its escalating multi-extortion ransomware campaign.
Attackers Exploit OAuth Tokens After Password Resets
Cybersecurity
Attackers Exploit OAuth Tokens After Password Resets
Andrew Doyle October 22, 2025
Proofpoint warns hackers are abusing internal OAuth apps to maintain access even after password resets and MFA, enabling persistent control of Microsoft 365 mailboxes and ...
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
Cybersecurity
Hackers Exploit Windows SMB Flaw to Gain SYSTEM Privileges
Mitchell Langley October 22, 2025
Attackers are exploiting CVE-2025-33073 in Windows SMB to gain SYSTEM privileges, prompting CISA to mandate urgent patching and SMB signing enforcement before November 10.
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
Resources
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
Gabby Lee October 22, 2025
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact, and practical strategies to prevent ...
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Application Security
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
Andrew Doyle October 22, 2025
CISA confirmed active exploitation of Oracle E-Business Suite CVE-2025-61884 SSRF, urging immediate patching and network hardening after leaked exploits enabled data-theft and extortion campaigns.
CISA Updates KEV Catalog 5 Exploited Vulnerabilities Confirmed
CVE Vulnerability Alerts
CISA Updates KEV Catalog: 5 Exploited Vulnerabilities Confirmed
Mitchell Langley October 22, 2025
CISA has added 15 actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog for October 2025, covering flaws in Microsoft, Oracle, Apple, Juniper, and ...
Supply Chain Attack 'GlassWorm' Malware Infects VS Code Extensions
Application Security
Supply Chain Attack: ‘GlassWorm’ Malware Infects VS Code Extensions
Gabby Lee October 22, 2025
A newly discovered malware dubbed GlassWorm has infected over 35,800 Visual Studio Code extensions, marking one of the most advanced supply chain attacks to date. ...
Prosper Data Breach 17.6 Million Accounts Compromised
Data Security
Prosper Data Breach: 17.6 Million Accounts Compromised
Andrew Doyle October 22, 2025
Prosper has confirmed a major data breach affecting 17.6 million individuals after attackers accessed its customer databases. Exposed data includes names, SSNs, and employment details, ...
Myanmar Military Dismantles Cybercrime Hub, Over 2,000 Arrested
Cybersecurity
Myanmar Military Dismantles Cybercrime Hub, Over 2,000 Arrested
Andrew Doyle October 22, 2025
Myanmar’s military has dismantled the notorious KK Park scam compound near the Thai border, detaining over 2,000 people in one of Southeast Asia’s largest cybercrime ...
Odido Fined €1.5 Million for Inadequate Security in Wiretapping System
Cybersecurity
Odido Fined €1.5 Million for Inadequate Security in Wiretapping System
Gabby Lee October 22, 2025
The Dutch RDI fined Odido €1.5 million after finding external suppliers had access to its wiretapping system, risking exposure of state secrets and criminal data.
Verisure Data Breach Compromises 35,000 Swedish Alert Alarm Users
Cybersecurity
Verisure Data Breach Compromises 35,000 Swedish Alert Alarm Users
Mitchell Langley October 22, 2025
A data breach at Verisure’s third-party billing partner exposed personal details of 35,000 Alert Alarm users, prompting forensic analysis but leaving Verisure’s core systems unaffected.
Getir Probes Alleged Data Leak After Hackers Claim Breach of Company Intranet
Cybersecurity
Getir Probes Alleged Data Leak After Hackers Claim Breach of Company Intranet
Andrew Doyle October 22, 2025
Hackers claim to have breached Getir’s intranet, leaking internal metadata. Researchers suggest the data originated from a third-party provider, posing social engineering and system exposure ...
CISA Alert Actively Exploited Adobe AEM Forms Vulnerability
Application Security
CISA Alert: Actively Exploited Adobe AEM Forms Vulnerability
Gabby Lee October 22, 2025
A critical flaw in Adobe Experience Manager Forms (CVE-2025-54253) is being actively exploited, allowing unauthenticated remote code execution via a misconfigured Struts debug mode. CISA ...
ReliaQuest GreyMatter Review — Agentic AI Security Operations for Enterprise Protection
Application Security
ReliaQuest GreyMatter Review — Agentic AI Security Operations for Enterprise Protection
Gabby Lee October 21, 2025
ReliaQuest GreyMatter delivers an agentic AI security operations platform that enables CISOs to detect threats at the source, reduce alert noise, and respond within minutes.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Mitchell Langley May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Gabby Lee May 25, 2026
Cybersecurity
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Mitchell Langley May 25, 2026

TOP CYBERSECURITY HEADLINES

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
Cybersecurity
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Cybersecurity
Netherlands Seizes 800 Stark Industries Servers, Arrests Two

This Week’s Security Spotlight

Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
More In News
Trending
INTERPOL Operation Ramz: 201 Arrests in 13-Nation MENA Sweep
Tycoon2FA Adds Device-Code Attack to Bypass Microsoft 365 MFA
Operation HookedWing: 4-Year Campaign Compromises 500 Orgs
ShinyHunters Leaks 50GB After Vishing Breach at Cushman & Wakefield

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
The UNFI Cyberattack: How Hackers Disrupted the U.S. Food Supply Chain
July 17, 2025
Podcasts
Zuckerberg on Trial: The $8 Billion Data Privacy Reckoning
July 17, 2025
Podcasts
Operation Eastwood: Inside the Takedown of NoName057(16)
July 17, 2025

Cyber Security News

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
Cybersecurity
OpenClaw Vulnerability Allowed Websites to Hijack AI Agents
March 3, 2026
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
Cybersecurity
Criminals Exploit Dubai Crisis With Elaborate Fake Police Scheme
March 3, 2026
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
Cybersecurity
Russian APT28 Allegedly Exploited MSHTML Vulnerability Before Microsoft Patch
March 3, 2026
Madison Square Garden Cyber Incident Revealed Months Later
Cybersecurity
Madison Square Garden Cyber Incident Revealed Months Later
March 3, 2026
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
Cybersecurity
Samsung Reaches Settlement with Texas Over Smart TV Data Collection
March 2, 2026
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
Cybersecurity
Hackers Used Claude Code to Steal 150GB of Mexican Government Data
March 2, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Blue Cross Blue Shield of Montana Breach Exposes Data of 462,000 Members
October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Post-Patch ‘ToolShell’ Exploit: CVE-2025-53770 Abused in Microsoft SharePoint
October 27, 2025
Chinese state-backed hackers are exploiting a critical Microsoft SharePoint flaw, CVE-2025-53770 “ToolShell,” enabling unauthenticated remote code execution and data theft. Despite emergency patches, exploitation persists, ...
CISA Warns of Lanscope Endpoint Manager Vulnerability Exploited in Attacks
October 27, 2025
CISA warns that a critical Lanscope Endpoint Manager flaw (CVE-2025-61932) is being exploited in the wild, prompting urgent patching and endpoint management lockdowns globally.
Moroccan Cybercriminals Employ Advanced Deception to Steal Gift Cards
October 27, 2025
Moroccan cybercriminals—tracked as Jingle Thief/Atlas Lion/Storm-0539—use sophisticated phishing and Entra ID abuse to hijack Microsoft 365 workflows and issue fraudulent gift cards at scale. Their ...
Iran-Linked APT Deploys Phoenix Backdoor Against 100+ Government Organisations
October 27, 2025
Iran-linked MuddyWater deployed Phoenix v4 backdoor via spear-phishing to over 100 government organisations, using trusted tools and stealth techniques to enable global espionage operations.
Spoofed AI Sidebars Pose New Cyber Risks for Atlas and Comet Browser Users
October 27, 2025
Researchers warn of rising “AI sidebar spoofing” attacks in browsers like Atlas and Comet, where fake AI panels mimic trusted interfaces to steal credentials, deploy ...
Maryland Paratransit Ransomware Disrupts Mobility: New Ride Requests Halted
October 27, 2025
A ransomware attack on Maryland’s Transit Administration crippled paratransit scheduling, disrupting transportation for disabled riders. The Rhysida group claimed responsibility, demanding ransom after locking key ...
LG Uplus Confirms Major Server Breach Following Industrywide Cyberattacks
October 27, 2025
A cyberattack on Blue Cross Blue Shield of Montana exposed personal and medical data of 462,000 members, prompting legal investigations and renewed scrutiny of healthcare ...
Toys “R” Us Canada Data Breach: Customer Records Exposed to Cyber Threats
October 27, 2025
Toys “R” Us Canada confirmed a cyber incident exposing customer names, addresses, emails, and phone numbers. While no financial data was leaked, experts warn the ...
PhantomCaptcha ClickFix Attack Targets Ukraine War-Relief Organizations
October 27, 2025
PhantomCaptcha spear-phishing campaign targeted over a dozen Ukraine relief organisations using fake CAPTCHA and WebSocket RAT chains to infiltrate humanitarian networks and steal intelligence.
Lithuanian Police Dismantle Massive Bot Farm, Seizing 75,000 SIM Cards
October 27, 2025
Lithuanian police dismantled a massive bot farm in Vilnius, seizing 75,000 SIM cards and hundreds of SIM boxes used for large-scale cyber fraud and fake ...
FinWise Data Breach Shows Why Encryption Must Remain the Final Line of Defense
October 27, 2025
FinWise’s insider breach exposed nearly 700,000 customer records and revealed weak encryption controls, underscoring that data encryption—and key governance—must stand as the final line of ...
Perplexity Comet AI Browser Launch Exploited in Coordinated Impersonation Scam
October 27, 2025
The launch of Perplexity’s Comet AI browser — a major step forward in AI-assisted browsing — was almost immediately hijacked by cybercriminals. Within weeks of ...
Lazarus Group Targets European UAV Firms in North Korea’s Drone Espionage Push
October 27, 2025
A new wave of cyber-espionage attacks reveals North Korea’s deepening effort to steal critical defense technologies from Europe. In a sophisticated campaign dubbed Operation Dream ...
Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak
October 24, 2025
Toys “R” Us Canada has confirmed a customer data breach after records from its database appeared on the dark web on July 30, 2025, prompting ...
Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution
October 24, 2025
A dangerous zero-day vulnerability in Kyocera Communications subsidiary Motex’s Lanscope Endpoint Manager has triggered a global cybersecurity alert after being actively exploited in real-world attacks. ...
BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws
October 24, 2025
The Internet Systems Consortium (ISC) has released a series of critical BIND 9 updates to fix multiple high-severity vulnerabilities affecting DNS resolver systems worldwide. The ...
Adobe Confirms Active Exploitation of SessionReaper Vulnerability in Commerce Platforms
October 24, 2025
A critical new vulnerability is wreaking havoc across the global e-commerce ecosystem. Tracked as CVE-2025-54236 and dubbed SessionReaper, this flaw affects Adobe Commerce and Magento ...
AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces
October 24, 2025
Cybersecurity firm SquareX has unveiled a new and alarming threat to users of AI-enabled browsers — a technique called AI Sidebar Spoofing. This sophisticated attack ...
Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft
October 23, 2025
Oregon-based Jewett-Cameron Company, a manufacturer of fencing, kennels, and specialty wood products, has confirmed that it was the victim of a double-extortion ransomware attack on ...
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
ShinyHunters Claims 42M Charter Records, Sets May 27 Deadline
Netherlands Seizes 800 Stark Industries Servers, Arrests Two
ShinyHunters Claims 260K Baker Distributing Salesforce Records
Ubiquiti Patches 3 Max-Severity UniFi OS Flaws, 100K Exposed
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Mysk: WhatsApp Stores Chats Unencrypted, Meta Apps Can Read Them
Wireshark 4.6.6 Patches ROHC Crash and MACsec Buffer Overflow
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
Deleted Google API Keys Stay Active for Up to 23 Minutes
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Texas AG Sues Meta Over WhatsApp Encryption Claims
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
UNG0002 Hides Cobalt Strike in macOS Folder Structures
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
Operation Dragon Whistle Uses VS Code Tunnels as C2