Main Menu
Cyber Security
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
Russia Seeks Extremist Label for Cyber Partisans and Silent Crow
Play Ransomware Hits Law Firm, Food Tech, Church, and Factory
Akira Threatens to Publish 53 GB from US Parts Maker and Ohio MLS
Qilin Ransomware Hits Avcon Jet, Slovenian Food Group, and Trican
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
WorldLeaks Targets Thai Infrastructure Giant CH Karnchang
Supreme Court Upholds $200M FCC Fines on AT&T and Verizon
FTC Seeks Public Comment on X Corp Bid to Void Twitter Settlement
CISA Orders Patch for Linux Container Escape CVE-2022-0492
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
Cybersecurity
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
Andrew Doyle October 28, 2025
An Italian spyware vendor has been linked to Google Chrome zero-day attacks targeting Android and Windows users, exploiting CVE-2025-1234 to deliver advanced surveillance tools globally.
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
Cybersecurity
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
Mitchell Langley October 28, 2025
QNAP warned that its Windows-based NetBak Replicator backup software is vulnerable to the critical ASP.NET flaw CVE-2024-43491, urging users to apply Microsoft’s latest security patches ...
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
Cybersecurity
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
Andrew Doyle October 28, 2025
NCX exchange exposed over 5 million records including wallet addresses, hashed passwords, 2FA codes and KYC documents—highlighting serious custodial risk and credential exploitation potential.
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
Cybersecurity
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
Andrew Doyle October 28, 2025
Russian-linked ransomware group claims to have stolen 1.5 million records from Dublin Airport’s passenger systems, raising urgent concerns around aviation supply-chain cybersecurity and travel-data exposure.
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Cybersecurity
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
Andrew Doyle October 28, 2025
HSBC USA confirmed a cybersecurity breach exposing sensitive financial and personal data through unauthorized vendor access. The bank strengthened encryption, monitoring, and multi-layered authentication systems ...
Pwn2Own Ireland 2025 $1M Reward for 73 Zero-Day Exploits Uncovered
Cybersecurity
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
Gabby Lee October 28, 2025
Pwn2Own Ireland 2025 awarded over $1 million for 73 zero-day discoveries across phones, NAS devices, and smart tech. The Summoning Team won “Master of Pwn,” ...
OpenAI Atlas Omnibox Vulnerability Prompt Injection Flaw Exposes Unauthorized Access Risks
Application Security
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
Gabby Lee October 27, 2025
Researchers discovered a prompt injection flaw in OpenAI’s ChatGPT Atlas browser that lets attackers manipulate its AI agent via malformed omnibox input. The bug exposes ...
Keycard Emerges from Stealth $38M Funding Fuels IAM Innovation for AI Agents
Identity and Access Management
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
Mitchell Langley October 27, 2025
San Francisco startup Keycard has emerged from stealth with $38M in funding to launch an IAM platform built for AI agents. Designed to secure autonomous ...
SailPoint Identity Risk Review Intelligent Identity Threat Detection
Product Reviews
SailPoint Identity Risk Review: Intelligent Identity Threat Detection
Andrew Doyle October 27, 2025
SailPoint Identity Risk delivers advanced visibility into identity-based threats across human and machine accounts. It unifies access intelligence, behavioral analytics, and risk-based policy automation for ...
Massive Gmail Data Breach Exposes 183 Million User Credentials
Application Security
Massive Gmail Data Breach Exposes 183 Million User Credentials
Mitchell Langley October 27, 2025
A massive Gmail breach exposed 183 million user credentials compiled by Synthient, prompting cybersecurity warnings about reused passwords and urging users to enable multi-factor authentication.
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
Application Security
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
Gabby Lee October 27, 2025
Malware built on the RedTiger red-teaming toolkit is actively stealing Discord tokens, browser credentials and crypto wallet data, enabling account takeover even after victims reset ...
SS7 Alarm TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
Application Security
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
Andrew Doyle October 27, 2025
Researchers uncovered a TCAP-layer SS7 bypass that lets attackers intercept SMS, reroute calls, manipulate billing, and track locations by embedding extended TCAP tags to evade ...
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
Cybersecurity
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
Mitchell Langley October 27, 2025
The Philippine privacy regulator is investigating GCash over unauthorized user transactions while the e-wallet operator denies any data leak, raising concerns about mobile wallet security ...
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
Application Security
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
Gabby Lee October 27, 2025
Meta has patched two low-risk WhatsApp flaws—CVE-2025-55177 and CVE-2025-30401—affecting desktop and mobile sync features. Both required user interaction and posed no remote code execution risk, ...
TP-Link Patches Critical Omada Gateway Vulnerabilities Preventing Remote Attacks
CVE Vulnerability Alerts
TP-Link Patches Critical Omada Gateway Vulnerabilities Preventing Remote Attacks
Gabby Lee October 27, 2025
TP-Link has patched four critical flaws—two enabling unauthenticated remote code execution—affecting Omada gateway devices. The vulnerabilities (CVE-2025-6542, -6541, -7850, -7851) impact multiple ER, G, and ...
CoPhish Exploit via Microsoft Copilot OAuth Token Theft Exposes Trusted Domains
Application Security
CoPhish Exploit via Microsoft Copilot: OAuth Token Theft Exposes Trusted Domains
Mitchell Langley October 27, 2025
A new phishing technique called “CoPhish” exploits Microsoft Copilot Studio to deliver OAuth-based attacks through legitimate Microsoft domains. By embedding malicious login flows in Copilot ...
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
Application Security
GutenKit, Hunk Companion, WP Ghost Exploits Drive New WordPress RCE Surge
Andrew Doyle October 27, 2025
A global wave of remote code execution attacks is targeting outdated WordPress plugins, including GutenKit, Hunk Companion, and WP Ghost. Despite available patches, sluggish updates ...
Exploitable Bug in Rust async-tar Library — TARmageddon Gives Attackers RCE
Application Security
Exploitable Bug in Rust async-tar Library — TARmageddon Gives Attackers RCE
Mitchell Langley October 27, 2025
The TARmageddon flaw (CVE-2025-62518) in Rust’s async-tar and tokio-tar libraries allows remote code execution via desynchronized TAR parsing. Exploited through nested archives, it threatens CI/CD, ...
Critical WSUS Flaw (CVE-2025-61884) Drives Elevated RCE Attacks on Windows Server
CVE Vulnerability Alerts
Critical WSUS Flaw (CVE-2025-61884) Drives Elevated RCE Attacks on Windows Server
Mitchell Langley October 27, 2025
A critical RCE flaw, CVE-2025-59287, in Microsoft WSUS allows unauthenticated attackers to gain SYSTEM access via unsafe deserialization. Despite patches, active exploitation continues, prompting urgent ...
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
Application Security
Hackers Exploit “SessionReaper” Flaw in Adobe Magento to Hijack E-Commerce Stores
Gabby Lee October 27, 2025
SessionReaper (CVE-2025-54236) is being actively exploited in Adobe Commerce and Magento stores, enabling account takeover and web-shell deployment as more than 60% of installations remain ...
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026

TOP CYBERSECURITY HEADLINES

TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Application Security
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Cybersecurity
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
Cybersecurity
TVING Data Breach Triggers South Korean Government Probe

This Week’s Security Spotlight

Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
Andrew Doyle June 8, 2026
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Gabby Lee June 5, 2026
Cybersecurity
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
Gabby Lee June 5, 2026
More In News
Trending
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Cracking eSIM: Exposing the Hidden Threats in Next-Gen Mobile Security
July 11, 2025
Podcasts
Qantas Breach and Beyond: Cybersecurity Risks in Australia’s Digital Supply Chains
July 10, 2025
Podcasts
Taiwan Sounds the Alarm: TikTok, WeChat, and the Chinese Data Threat
July 8, 2025

Cyber Security News

AFC Ajax Data Breach Exposed Systems and Allowed Intruder Control
Cybersecurity
AFC Ajax Data Breach Exposed Systems and Allowed Intruder Control
April 1, 2026
TP-Link Routers Receive Patches for High-Severity Security Flaws
Cybersecurity
TP-Link Routers Receive Patches for High-Severity Security Flaws
April 1, 2026
Cloudflare-Themed Scam Targets Macs With Infiniti Stealer Malware
Cybersecurity
Cloudflare-Themed Scam Targets Macs With Infiniti Stealer Malware
April 1, 2026
Infinity Stealer Malware Takes Aim at macOS Systems
Cybersecurity
Infinity Stealer Malware Takes Aim at macOS Systems
March 31, 2026
Iranian Hackers Breach FBI Director's Personal Email Account
Cybersecurity
Iranian Hackers Breach FBI Director’s Personal Email Account
March 31, 2026
European Commission Responds to Cloud Infrastructure Cyberattack
Cybersecurity
European Commission Responds to Cloud Infrastructure Cyberattack
March 31, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
October 28, 2025
A global smishing campaign of unprecedented scale has been uncovered by Palo Alto Networks, revealing the vast operations of a Chinese-speaking threat actor known as ...
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
October 28, 2025
The global ransomware economy is collapsing under growing resistance from its targets. According to new data from cybersecurity firm Coveware, the third quarter of 2025 ...
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
October 28, 2025
Mozilla is taking a decisive step toward transparency and user control by requiring all Firefox extensions to disclose how they collect and handle personal data. ...
Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software
October 28, 2025
Chainguard, the Kirkland, Washington-based cybersecurity company, has announced a landmark $280 million growth funding round led by General Catalyst’s Customer Value Fund (CVF), pushing its ...
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
October 28, 2025
An Italian spyware vendor has been linked to Google Chrome zero-day attacks targeting Android and Windows users, exploiting CVE-2025-1234 to deliver advanced surveillance tools globally.
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
October 28, 2025
QNAP warned that its Windows-based NetBak Replicator backup software is vulnerable to the critical ASP.NET flaw CVE-2024-43491, urging users to apply Microsoft’s latest security patches ...
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
October 28, 2025
NCX exchange exposed over 5 million records including wallet addresses, hashed passwords, 2FA codes and KYC documents—highlighting serious custodial risk and credential exploitation potential.
Dublin Airport Attack Claimed by Russian Ransomware Group Everest
October 28, 2025
Russian-linked ransomware group claims to have stolen 1.5 million records from Dublin Airport’s passenger systems, raising urgent concerns around aviation supply-chain cybersecurity and travel-data exposure.
HSBC USA Data Breach Exposes Sensitive Customer Financial Information
October 28, 2025
HSBC USA confirmed a cybersecurity breach exposing sensitive financial and personal data through unauthorized vendor access. The bank strengthened encryption, monitoring, and multi-layered authentication systems ...
Pwn2Own Ireland 2025: $1M Reward for 73 Zero-Day Exploits Uncovered
October 28, 2025
Pwn2Own Ireland 2025 awarded over $1 million for 73 zero-day discoveries across phones, NAS devices, and smart tech. The Summoning Team won “Master of Pwn,” ...
OpenAI Atlas Omnibox Vulnerability: Prompt Injection Flaw Exposes Unauthorized Access Risks
October 27, 2025
Researchers discovered a prompt injection flaw in OpenAI’s ChatGPT Atlas browser that lets attackers manipulate its AI agent via malformed omnibox input. The bug exposes ...
Keycard Emerges from Stealth: $38M Funding Fuels IAM Innovation for AI Agents
October 27, 2025
San Francisco startup Keycard has emerged from stealth with $38M in funding to launch an IAM platform built for AI agents. Designed to secure autonomous ...
SailPoint Identity Risk Review: Intelligent Identity Threat Detection
October 27, 2025
SailPoint Identity Risk delivers advanced visibility into identity-based threats across human and machine accounts. It unifies access intelligence, behavioral analytics, and risk-based policy automation for ...
Massive Gmail Data Breach Exposes 183 Million User Credentials
October 27, 2025
A massive Gmail breach exposed 183 million user credentials compiled by Synthient, prompting cybersecurity warnings about reused passwords and urging users to enable multi-factor authentication.
RedTiger Toolkit Weaponized to Steal Discord Tokens and Crypto Wallets
October 27, 2025
Malware built on the RedTiger red-teaming toolkit is actively stealing Discord tokens, browser credentials and crypto wallet data, enabling account takeover even after victims reset ...
SS7 Alarm: TCAP Tag Exploit Lets Attackers Intercept SMS and Track Users
October 27, 2025
Researchers uncovered a TCAP-layer SS7 bypass that lets attackers intercept SMS, reroute calls, manipulate billing, and track locations by embedding extended TCAP tags to evade ...
NPC Probes GCash Data Breach As E-Wallet Denies Leakage
October 27, 2025
The Philippine privacy regulator is investigating GCash over unauthorized user transactions while the e-wallet operator denies any data leak, raising concerns about mobile wallet security ...
WhatsApp Hack Uncovers 2 Low-Risk Vulnerabilities, No Arbitrary Code Execution
October 27, 2025
Meta has patched two low-risk WhatsApp flaws—CVE-2025-55177 and CVE-2025-30401—affecting desktop and mobile sync features. Both required user interaction and posed no remote code execution risk, ...
$1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk”
October 27, 2025
The Pwn2Own Ireland 2025 hacking competition was set to feature one of its most anticipated moments — a $1 million zero-click remote code execution exploit ...
OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw
October 27, 2025
A serious vulnerability has been discovered in the OpenAI Atlas omnibox, a hybrid interface designed to handle both URLs and user prompts. Researchers at NeuralTrust ...
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack