Cyber Security
Cybersecurity
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
The FTC referred a complaint alleging Sendit collected children’s personal data without parental consent and used deceptive subscription practices, prompting a DoJ referral and potential ...
Cybersecurity
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
China’s Cyberspace Administration will require operators to report major cyber incidents within 60 minutes, or 30 minutes for severe events, with penalties for concealment or ...
Cybersecurity
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
Klopatra, disguised as an IPTV/VPN app, uses Accessibility abuse and a black-screen VNC to capture credentials and remotely drain over 3,000 Android devices across Europe.
Cybersecurity
Allianz Life Confirms July Breach Exposed SSNs for Nearly 1.5 Million People
Allianz Life confirmed a July CRM compromise exposed names, addresses, dates of birth and Social Security numbers for 1,497,036 people and offered two years of ...
Identity and Access Management
Axonius Identities Review 2025: Unified IAM, Governance & Security
Axonius Identities delivers unified identity governance, lifecycle automation, and identity security posture for both human and non-human identities across complex enterprise environments, with actionable policy ...
Blog
11 Types of Social Engineering Attacks and How to Prevent Them
This detailed guide explores eleven prevalent social engineering attack types, explaining their mechanisms and offering practical preventative measures for individuals and organizations. Understand the psychology ...
Application Security
How to Use Cain and Abel for Penetration Testing: Step-by-Step Tutorial 2026
Cain and Abel is a powerful password recovery and penetration testing tool. Learn its features, uses, risks, and best practices for ethical cybersecurity operations.
Cybersecurity
UK Government Backs Jaguar Land Rover With £1.5 Billion Loan Guarantee After Cyberattack
The UK guaranteed £1.5bn to stabilise JLR after a major cyberattack; phased restart underway as forensic work, supplier relief and insurance clarity continue.
Cybersecurity
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
A third-party compromise exposed 430,000 Harrods customer records; names, contacts and marketing tags were leaked—customers should expect increased phishing risk and follow protective guidance.
Cybersecurity
Friends of NRA Posts Mailing List Online, Exposing Nearly 10,000 Supporter Records
A 2018 Friends of NRA mailing list containing nearly 10,000 names and addresses was indexed publicly; removal, compliance assessment, and data-handling reforms are now urgent ...
Application Security
How to Enable Kernel-mode Hardware-Enforced Stack Protection in Windows 11
Enable Kernel-mode Hardware-enforced Stack Protection in Windows 11
Cybersecurity
Medusa Ransomware Claims Comcast Data Haul; $1.2M Extortion Demand Posted
Medusa claims 834.4GB exfiltration from Comcast and demands $1.2M; companies should preserve evidence, hunt IOCs, validate backups, and coordinate with CISA/FBI guidance.
Cybersecurity
Spacecom Breach Claims Questioned Amid Hacktivist Group’s Bold Assertions
Hacktivist group Handala claimed a major Spacecom breach, but researchers found limited evidence. Analysts warn of social engineering risks and rising hacktivist campaigns targeting critical ...
Cybersecurity
Asahi Group Suspends Operations After Cyberattack Disrupts Japanese Headquarters
Asahi has suspended orders, shipments and customer services in Japan after a cyberattack; investigation continues into whether systems were encrypted or sensitive data were exfiltrated.
Cybersecurity
WestJet Notifies U.S. Travelers After June Data Breach
WestJet warns some passenger and loyalty data were accessed in a June intrusion; travelers should monitor accounts, enable MFA, and watch for phishing or identity-fraud ...
Application Security
Microsoft Warns of New XCSSET macOS Malware Variant Targeting Xcode Devs
Microsoft detects a new XCSSET variant targeting Xcode projects with clipboard hijacking, Firefox data theft, and LaunchDaemon persistence—inspect builds, patch systems, and harden CI pipelines.
Cybersecurity
Maryland Department of Transportation Confirms Data Loss in Rhysida Ransomware Attack
Rhysida claims to have stolen MDOT employee IDs and background checks and demands 30 BTC; MDOT confirms data loss while investigators and responders work to ...
Cybersecurity
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
The Co-operative Group has disclosed over $100 million in profit losses from the April 2025 Scattered Spider cyberattack. The breach caused £206 million in lost ...
Cybersecurity
Texas Compliance Vendor Exposes 40K+ Sensitive DOT Records in S3 Leak
Misconfigured S3 storage exposed 18,000 Social Security cards and 23,000 driver licenses tied to AJT Compliance’s DOT SHIELD, putting Texas truckers at high risk of ...
Cybersecurity
ICO Fines U.K. Energy Firms £550K for Unlawful Robo Marketing Calls
The ICO fined two U.K. energy companies £550K for unlawful robo-calls that targeted vulnerable individuals. Consumers are urged to register with TPS and report suspicious ...
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
TOP CYBERSECURITY HEADLINES
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
“Inflation Refund” Scam: How Fraudsters Are Stealing Identities Through Texts
A widespread smishing campaign is sweeping across New York, luring residents with fraudulent text messages about an “Inflation Refund” from the Department of Taxation and ...
Juniper Networks Patches 220 Vulnerabilities in Massive October Security Update
In one of the year’s most extensive patch cycles, Juniper Networks has released its October 2025 security advisories, addressing a staggering 220 vulnerabilities across its ...
Linked Exploitation Campaigns Target Cisco, Fortinet, and Palo Alto Networks Devices
Cyber intelligence firm GreyNoise has uncovered what appears to be a coordinated exploitation effort targeting network edge appliances from three major security vendors: Cisco, Fortinet, ...
Salesforce Refuses Ransom as Scattered LAPSUS$ Hunters Leak Millions of Records
A new wave of cyber extortion has rocked the enterprise world as the Scattered LAPSUS$ Hunters—a coalition formed from the notorious Lapsus$, Scattered Spider, and ...
Fake “Inflation Refund” Texts Target New Yorkers in Sophisticated Phishing Scam
Fraudulent “inflation refund” texts are scamming New Yorkers into surrendering personal data. Attackers steal IDs and financial information through fake government portals posing as refund ...
Zero-Day in Gladinet CentreStack and Triofox Actively Exploited
CVE-2025-11371, an unauthenticated LFI in Gladinet CentreStack and Triofox, is being exploited to retrieve machine keys and enable remote code execution; admins must apply Web.config ...
Spain Dismantles “GXC Team” Crime-as-a-Service Network and Arrests 25-Year-Old Leader
Spanish authorities dismantled GXC Team, arresting “GoogleXcoder.” The CaaS network supplied phishing kits, Android malware, and voice-scam tools across countries; tools seized, funds recovered.
LockBit, Qilin, DragonForce Form Ransomware Cartel to Coordinate Attacks
A fresh ransomware cartel reportedly unites LockBit, Qilin and DragonForce to share infrastructure, coordinate attacks and pool revenue, raising defense complexity for incident responders.
Hackers Claim Massive Salesforce Breach Allegedly Exposing 1 Billion Records from Global Customers
Hackers claim to have stolen over one billion Salesforce customer records in an alleged breach tied to misconfigured integrations, prompting an active investigation by Salesforce.
Quebec HopHop App Leak Exposes Children’s Data Across Hundreds of Schools and Daycares
A vulnerability in the HopHop school pickup app exposed photos, names and pickup controls for children and parents across Quebec, prompting government action and parental ...
Threat Actors Abuse Velociraptor DFIR Tool to Deploy Ransomware and Evade Detection
Attackers are installing Velociraptor as a covert C2 channel, downloading VS Code with tunneling, staging ransomware payloads—all under the guise of legitimate forensic activity.
SonicWall Confirms Theft of All Firewall Cloud Backups, Urges Immediate Action
SonicWall confirmed all customers using cloud backups had firewall configs stolen. Encrypted credentials exposed. Admins must reset credentials, review device lists, and harden firewall access.
Microsoft Warns of “Payroll Pirate” Attacks Diverting University Salaries
Microsoft says threat actor Storm-2657 targeted university employees with phishing and MFA bypasses, enabling compromise of HR systems like Workday and redirection of salaries.
ClayRat Spyware Tricks Android Users by Masquerading as WhatsApp, TikTok and YouTube
ClayRat Android spyware poses as WhatsApp, TikTok, and YouTube apps, stealing data, intercepting messages, and spreading automatically via SMS links sent to user contacts.
FBI Seizes BreachForums Infrastructure Used in Salesforce Extortion Scheme
The FBI and French authorities seized BreachForums’ domain infrastructure, disrupting ShinyHunters’ Salesforce extortion campaign and signaling a major shift in international cybercrime disruption strategies.
Discord Confirms Potential Age-Verification Vendor Breach Impacting About 70,000 Users
Discord has disclosed a potential data breach tied to a third-party age-verification provider that may have exposed official identification photos and other personal data for ...
Unisys Selected by EU Commission to Provide Cybersecurity Services to EU Public Entities
Unisys has announced that it has been selected by the European Commission to deliver cybersecurity services to public-sector organizations across the European Union. The agreement, ...
TwoNet Hacktivists Breach Decoy Water Treatment Plant, Alter PLC Setpoints and Disable Alarms Within 26 Hours
TwoNet breached a decoy water-treatment HMI in September, altering PLC setpoints and disabling alarms within about 26 hours after exploiting a known XSS vulnerability.
AI Companion Apps Expose Millions of Intimate Messages after Unprotected Kafka Instances
Two AI companion apps exposed 43 million messages and 600,000 media files after an unprotected Kafka Broker leaked data for over 400,000 users; instance now ...
Salesforce Refuses to Pay Ransom After Widespread CRM Data-Theft Campaigns
Salesforce refused extortion demands after attackers stole large CRM datasets via OAuth social engineering and stolen SalesLoft tokens; companies are revoking tokens and investigating scope.