Main Menu
Cyber Security
Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
DOJ Seizes Huione Group Cloud Accounts in $4B Fraud Crackdown
Cisco Unified CM SSRF Flaw CVE-2026-20230 Under Active Exploit
Two Scattered Spider Members Plead Guilty in TfL Hack Case
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
Algerian Phishing Marketplace Operator Extradited to US
Anthropic’s Mythos AI Found Flaws in Classified US Government Systems
Samsung KNOX Kernel Flaw CVE-2026-20971 Affects Galaxy S9 to S25
macOS ClickFix Variant Silently Mounts DMG to Deploy AMOS Stealer
Dify DifyTap Flaws Expose Cross-Tenant AI App Data
Fake AI Agent Skill Reaches 26,000 Agents in Supply Chain Test
Canada’s CSIS Uses Court Warrant to Dismantle Foreign Botnet
Elastic Exposes OXLOADER and CastleStealer in Russian Malvertising
Understanding Cloud Detection and Response (CDR) and Its Security Role
FFmpeg PixelSmash Heap Overflow Enables RCE in Media Apps
Microsoft AutoGen AI Framework Vulnerable to Localhost RCE
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
TeamPCP Open-Source Supply Chain Investigation Reveals Years of Access
Multiple Groups Exploit Critical FortiSandbox Flaws Across 200 Countries
Kodak Confirms Data Breach After ShinyHunters Sets Leak Deadline
F5 Emergency Patch: Critical NGINX Unauthenticated RCE Hits 40 Percent of Web Servers
Atlassian and Splunk Patch Critical Flaws: Splunk AI Toolkit RCE, Atlassian Dependencies
Critical Command Execution Vulnerability Patched in Cisco ISE
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps
Phantom Stealer Fileless Malware Targets Browser Credentials in Memory
INC Ransomware Targets Healthcare, Education, and Local Government
ClickFix Campaign Linked to Vice Society Uses Compromised WordPress Sites
FortiBleed Compromises 74K Fortinet Firewall Credentials Worldwide
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
Cybersecurity
U.K. Unveils Cybersecurity Reform to Safeguard Critical Infrastructure
Mitchell Langley November 13, 2025
The U.K. is overhauling its cybersecurity laws to better protect critical infrastructure from escalating cyberattacks, expanding NIS regulations to cover more sectors and third-party providers. ...
CISO Forum 2025 Summit Explores AI, Cloud Risk, and Governance Realities
Cybersecurity
CISO Forum 2025: Summit Explores AI, Cloud Risk, and Governance Realities
Gabby Lee November 13, 2025
The 2025 CISO Forum Virtual Summit highlighted how modern CISOs must balance innovation with expanding attack surfaces. Sessions focused on AI governance, cloud security, and ...
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Cybersecurity
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
Andrew Doyle November 13, 2025
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
News
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
Mitchell Langley November 13, 2025
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
Cybersecurity
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
Gabby Lee November 13, 2025
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
News
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
Andrew Doyle November 13, 2025
Google has filed a lawsuit against a China-based cybercriminal group behind the “Lighthouse” Phishing-as-a-Service toolkit, used in mass SMS phishing (smishing) attacks. The case seeks ...
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Application Security
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
Andrew Doyle November 12, 2025
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers a critical Hyper-V remote code ...
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
CVE Vulnerability Alerts
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
Mitchell Langley November 12, 2025
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
News
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
Gabby Lee November 12, 2025
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via malicious WhatsApp messages, Maverick shares ...
Rhadamanthys Infostealer Operation Disrupted Customers Lose Server Access
Cybersecurity
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
Andrew Doyle November 12, 2025
Operations behind the Rhadamanthys infostealer have abruptly gone dark, locking out users from control panels and servers. The disruption—possibly a law enforcement takedown or exit ...
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Endpoint Security
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
Mitchell Langley November 12, 2025
Synology patched a critical RCE flaw (CVE-2025-22082) in its BeeStation storage devices after researchers exploited it live at Pwn2Own 2025. The pre-authentication bug allowed full ...
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Cybersecurity
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
Gabby Lee November 12, 2025
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Application Security
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
Andrew Doyle November 12, 2025
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Application Security
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
Mitchell Langley November 12, 2025
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
Cybersecurity
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
Gabby Lee November 12, 2025
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
Application Security
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
Andrew Doyle November 12, 2025
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Cybersecurity
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
Mitchell Langley November 11, 2025
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
Cybersecurity
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
Gabby Lee November 11, 2025
The Thayer Hotel at West Point notified customers that unauthorized access compromised names, ID document numbers and, for a small number, Social Security numbers of 33,000+ individuals.
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
Application Security
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
Andrew Doyle November 11, 2025
APT37 leveraged phishing, credential theft, and Google Find Hub to execute destructive Android wipes from compromised Windows systems, demonstrating an advanced hybrid desktop-to-mobile attack chain.
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Information Security
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
Gabby Lee November 11, 2025
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.
Application Security
Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce
Mitchell Langley June 24, 2026
Cybersecurity
Two Scattered Spider Members Plead Guilty in TfL Hack Case
Gabby Lee June 24, 2026
Cybersecurity
Rokarolla Android Banking Trojan Targets 217 Banking and Crypto Apps
Gabby Lee June 23, 2026
Cybersecurity
Phantom Stealer Fileless Malware Targets Browser Credentials in Memory
Gabby Lee June 23, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
Application Security
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
CVE Vulnerability Alerts
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
Cybersecurity
DOJ Seizes Huione Group Cloud Accounts in $4B Fraud Crackdown

This Week’s Security Spotlight

Cybersecurity
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
Mitchell Langley June 24, 2026
Application Security
Anthropic’s Mythos AI Found Flaws in Classified US Government Systems
Gabby Lee June 24, 2026
Cybersecurity
Multiple Groups Exploit Critical FortiSandbox Flaws Across 200 Countries
Gabby Lee June 23, 2026
Atlassian and Splunk Patch Critical Flaws Splunk AI Toolkit RCE, Atlassian Dependencies
Cybersecurity
Atlassian and Splunk Patch Critical Flaws: Splunk AI Toolkit RCE, Atlassian Dependencies
Gabby Lee June 23, 2026
More In News
Trending
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
iRhythm Confirms PHI Exfiltration via Social Engineering
APT37 Deploys NarwhalRAT via Fake Microsoft Security Alerts
The Quarry PhaaS: IRS Lures, ConnectWise RAT, 500+ Victims

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Cracking eSIM: Exposing the Hidden Threats in Next-Gen Mobile Security
July 11, 2025
Podcasts
Qantas Breach and Beyond: Cybersecurity Risks in Australia’s Digital Supply Chains
July 10, 2025
Podcasts
Taiwan Sounds the Alarm: TikTok, WeChat, and the Chinese Data Threat
July 8, 2025

Cyber Security News

Confident Posture Navigating Ransomware Incidents with Expert Guidance
Blog
Confident Posture: Navigating Ransomware Incidents with Expert Guidance
April 24, 2026
Cybersecurity
Threat Actors Are Ramping Up Microsoft Teams Exploitation for Network Access
April 21, 2026
Cybersecurity
Cybercriminals Are Bending Trust, Not Breaking Systems
April 21, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
April 21, 2026
CVE Vulnerability Alerts
Severe Command Injection Flaw Discovered in SGLang
April 21, 2026
Cybersecurity
Serial-to-IP Converter Flaws in Lantronix and Silex Products Put Critical Systems at Risk
April 21, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Coordinated Zero-Day Exploits Target Citrix and Cisco Vulnerabilities in Custom Malware Campaign
November 13, 2025
Attackers chained two unpatched zero-day flaws—CitrixBleed 2 and a critical Cisco ISE vulnerability—to deploy custom, stealthy malware before fixes were available. Amazon CISO CJ Moses ...
DanaBot Resurfaces with New Windows Variant Six Months After Takedown
November 13, 2025
DanaBot has resurfaced with version 669 after six months of silence following Operation Endgame, signaling a rebuilt infrastructure and upgraded loaders. The new variant features ...
China’s Cyber Silence Compared to Russia’s Noise Signals a Strategic Shift in Cyber Geopolitics
November 13, 2025
China’s increasingly silent, covert cyber operations may pose a greater long-term threat than Russia’s overt digital aggression, warns NTT strategist Mihoko Matsubara. Coupled with emerging ...
Google Sues Chinese Cybercriminal Group Behind Massive “Lighthouse” Smishing Campaign
November 13, 2025
Google has filed a lawsuit against a China-based cybercriminal group behind the “Lighthouse” Phishing-as-a-Service toolkit, used in mass SMS phishing (smishing) attacks. The case seeks ...
Microsoft Issues First Extended Security Update for Windows 10 Post-End-of-Life
November 12, 2025
Microsoft has issued KB5068781, the first Extended Security Update (ESU) for Windows 10 post–end of support. The paid update delivers a critical Hyper-V remote code ...
Microsoft Patch Tuesday Fixes 60+ Bugs, Including Actively Exploited Windows Kernel Zero-Day
November 12, 2025
Microsoft’s November 2025 Patch Tuesday fixes over 60 vulnerabilities, including an actively exploited Windows Kernel zero-day (CVE-2025-30080) enabling privilege escalation. The flaw—used in real-world attacks—poses ...
Maverick Banking Malware Shares Codebase With Coyote in Targeted Brazilian Campaigns
November 12, 2025
Researchers have linked the new Maverick malware to the Coyote banking trojan, both targeting financial users in Brazil. Distributed via malicious WhatsApp messages, Maverick shares ...
Rhadamanthys Infostealer Operation Disrupted: Customers Lose Server Access
November 12, 2025
Operations behind the Rhadamanthys infostealer have abruptly gone dark, locking out users from control panels and servers. The disruption—possibly a law enforcement takedown or exit ...
Synology Patches Critical RCE Bug in BeeStation Following Pwn2Own Taipei Demo
November 12, 2025
Synology patched a critical RCE flaw (CVE-2025-22082) in its BeeStation storage devices after researchers exploited it live at Pwn2Own 2025. The pre-authentication bug allowed full ...
ASIO Chief Warns of State-Backed Cyber Sabotage Targeting Critical Infrastructure
November 12, 2025
Australia’s ASIO warns that nation-state hackers are moving from espionage to infrastructure sabotage, pre-positioning malware in energy and telecom systems. Director-general Mike Burgess cautions that ...
Triofox Vulnerability Exploited for Remote Code Execution Through Built-In Antivirus
November 12, 2025
Researchers uncovered a flaw in Gladinet’s Triofox platform that lets attackers exploit its antivirus scanning logic to execute code with SYSTEM-level privileges. By manipulating file ...
Adobe Addresses Critical Vulnerabilities Across Creative Suite Products
November 12, 2025
Adobe’s patch cycle fixes 29 security flaws across Creative Cloud apps, including Photoshop, Illustrator, and InDesign. Several critical vulnerabilities allowed remote code execution and privilege ...
China Alleges U.S. Behind 2020 Cyberattack Targeting Bitcoin Miners
November 12, 2025
China’s cybersecurity agency CVERC has accused the U.S. of orchestrating a 2020 cyberattack on a bitcoin mining facility, citing malware links to alleged NSA tools. ...
SAP Patches Critical SQL Anywhere Monitor Flaw With Hardcoded Credentials
November 12, 2025
SAP’s November 2025 patch cycle fixed 19 flaws, including a critical RCE vulnerability (CVE-2025-42890) in SQL Anywhere Monitor caused by hardcoded credentials. With a CVSS ...
Doctor Alliance Breach Exposes 1.2 Million Patient Records Online
November 11, 2025
A data‑haul of more than 1.2 million patient records is claimed to be stolen from Doctor Alliance, exposing prescriptions, diagnoses, insurance data and increasing risks of medical‑identity ...
Data Breach at Thayer Hotel West Point Exposes Over 33,000 Guest Records
November 11, 2025
The Thayer Hotel at West Point notified customers that unauthorized access compromised names, ID document numbers and, for a small number, Social Security numbers of 33,000+ individuals.
APT37 Exploits Google Find Hub to Remotely Wipe Android Devices
November 11, 2025
APT37 leveraged phishing, credential theft, and Google Find Hub to execute destructive Android wipes from compromised Windows systems, demonstrating an advanced hybrid desktop-to-mobile attack chain.
Intel Engineer Allegedly Walks off With 18,000 Confidential Files in Data Theft Lawsuit
November 11, 2025
A former Intel engineer is sued for allegedly copying 18,000 confidential files – including “Top Secret” documents – before disappearing, prompting major insider‑risk concerns.
AI Startups Leak Cloud Secrets on GitHub, Exposing Model Data
November 11, 2025
Sensitive credentials and configuration secrets tied to high-profile artificial intelligence (AI) companies were found exposed on public GitHub repositories, potentially allowing attackers unauthorized access to ...
Critical Vulnerability in ‘expr-eval’ Library Enables Remote Code Execution
November 11, 2025
A critical flaw in the popular JavaScript library expr-eval allows remote code execution through unsafe expression parsing. With over 800,000 weekly NPM downloads, the issue ...
Microsoft Exposes Windows Crypto Clipper Using USB Worm and Tor C2
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
DOJ Seizes Huione Group Cloud Accounts in $4B Fraud Crackdown
Cisco Unified CM SSRF Flaw CVE-2026-20230 Under Active Exploit
Two Scattered Spider Members Plead Guilty in TfL Hack Case
Gizmodo Account Hijacked to Push ClickFix Malware at Readers
Algerian Phishing Marketplace Operator Extradited to US
Anthropic’s Mythos AI Found Flaws in Classified US Government Systems
Samsung KNOX Kernel Flaw CVE-2026-20971 Affects Galaxy S9 to S25
macOS ClickFix Variant Silently Mounts DMG to Deploy AMOS Stealer
Dify DifyTap Flaws Expose Cross-Tenant AI App Data
Fake AI Agent Skill Reaches 26,000 Agents in Supply Chain Test
Canada’s CSIS Uses Court Warrant to Dismantle Foreign Botnet
Elastic Exposes OXLOADER and CastleStealer in Russian Malvertising
Understanding Cloud Detection and Response (CDR) and Its Security Role
FFmpeg PixelSmash Heap Overflow Enables RCE in Media Apps
Microsoft AutoGen AI Framework Vulnerable to Localhost RCE
WhatsApp Phishing Deploys ManageEngine RMM Malware Across Continents
TeamPCP Open-Source Supply Chain Investigation Reveals Years of Access