Cyber Security
Cybersecurity
Scattered Spider Alleged Ransom Scheme Netted More Than $115 Million
DOJ complaint alleges Scattered Spider actor Thalha Jubair helped extort over $115 million via 120 intrusions, prompting cross-border arrests, asset seizures and broad enforcement.
Cybersecurity
ENISA Confirms Ransomware Behind Airport Check-In Chaos
ENISA confirms ransomware disrupted Collins Aerospace’s MUSE check-in systems across multiple European airports, forcing manual processing and raising regulatory, fraud and supply-chain risk.
Cybersecurity
Stellantis Joins Salesforce Data Breach; 18 Million Customer Records Claimed
Stellantis confirms a Salesforce-linked breach exposing contact records; although no financial data was taken, the leak elevates phishing and supply-chain risk for millions of customers.
Cybersecurity
Pennsylvania Attorney General’s Office Grapples With Ransomware Attack
Pennsylvania’s Attorney General’s Office is recovering from a ransomware attack that disrupted 1,200 staff and court cases, though the scope of potential data compromise remains ...
Cybersecurity
Police Shut Down Streameast, the Largest Illegal Sports Streaming Network
Authorities dismantled Streameast, the world’s largest illegal sports streaming network, seizing 80 domains, arresting two operators, and uncovering millions laundered through shell companies and cryptocurrency.
Cybersecurity
AAPB Fixes Vulnerability Allowing Unauthorized Media Access
A flaw in AAPB’s website exposed private media for years, exploited by data hoarders until a recent fix secured the archive and halted unauthorized access.
Cybersecurity
Great Firewall Leak Exposes China’s Global Surveillance Exports
A 500GB leak from Geedge Networks exposes Great Firewall source code, internal logs and export contracts showing surveillance systems shipped to Myanmar, Pakistan, Ethiopia and ...
Cybersecurity
European Airports Struggle to Fix Check-In Glitch After Cyberattack
A cyberattack on Collins Aerospace’s MUSE check-in system disrupted Heathrow, Berlin, and Brussels, forcing manual operations, flight cancellations, and prompting regulators to investigate airport cybersecurity ...
Cybersecurity
Attackers Abuse AI-Native Platforms to Host Fake CAPTCHA Pages
Phishers exploit AI-native platforms to publish fake CAPTCHA pages that fool users and evade scanners, redirecting victims to credential-harvesting sites and enabling large-scale phishing.
Cybersecurity
Stellantis Confirms Data Breach Following Salesforce-Linked Attack
Stellantis confirms a data breach impacting North American customers after a Salesforce-linked attack, with ShinyHunters claiming 18 million records stolen and FBI warning of ongoing ...
Cybersecurity
FBI Warns Bad Actors are Spoofing the IC3 Cybercrime Reporting Website
FBI warns criminals are cloning the IC3 complaint site; victims risk exposing PII. Type .gov directly, avoid sponsored links, and never pay to recover funds.
Cybersecurity
Tiffany & Co. Data Breach Exposes Thousands of Gift Card Holders
Tiffany & Co. confirms May 2025 data breach exposing 2,500+ customers’ gift card numbers, personal data, and sales records, raising fraud and phishing risks for ...
Cybersecurity
Attackers Claim 150K Records via Data Breach of American Income Life (AIL)
Attackers claim 150,000 AIL customer records were leaked on a forum, exposing personal and insurance data, raising risks of identity theft, phishing scams, and financial ...
Cybersecurity
Fairmont Federal Credit Union Confirms Two-Year-Old Data Breach Exposing PINs and Medical Data
Fairmont Federal Credit Union revealed a 2023 breach impacting 187,000 individuals, exposing PINs, financial and medical data, with threat intelligence suggesting BlackBasta ransomware involvement in ...
Cybersecurity
Akira Ransomware Exploits Unpatched SonicWall SSLVPN Vulnerability
Akira ransomware is exploiting CVE-2024-40766 in SonicWall SSLVPN devices again, targeting unpatched endpoints. ACSC and Rapid7 warn enterprises to patch, rotate passwords, and enforce MFA ...
Cybersecurity
VMScape Attack Bypasses Hypervisor Isolation on AMD and Intel CPUs
ETH Zurich researchers reveal VMScape, a Spectre-like attack leaking secrets from QEMU hypervisors on AMD and Intel CPUs, bypassing mitigations and threatening multi-tenant cloud security.
Cybersecurity
Popular AI Chatbots Leak Sensitive User Data from Unsecured Server
An unsecured Elasticsearch instance leaked 116 GB of live logs from ImagineArt, Chatly, and Chatbotx, exposing prompts, bearer tokens, and user agents for millions of ...
Cybersecurity
Farmer Bros. Reveals Data Breach Affecting Over 14,000 Individuals
Farmer Bros. confirmed a breach affecting over 14,000 people; filings show unauthorized access in late 2023 and identity monitoring offered amid a ransomware claim.
Cybersecurity
Hello Gym Phone Service Exposes 1.6 Million Audio Recordings Containing Member Data
A public storage repository exposed 1,605,345 gym call recordings managed by Hello Gym, revealing PII and billing details and creating risks for targeted fraud and ...
Cybersecurity
ShinyHunters Claims 1.5 Billion Salesforce Records
ShinyHunters claims 1.5 billion Salesforce records stolen from 760 companies after attackers harvested Salesloft Drift OAuth tokens, exposing CRM, case data, and secrets.
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
TOP CYBERSECURITY HEADLINES
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
DrayTek Vigor RCE Vulnerability Prompts Urgent Firmware Updates
DrayTek patched CVE-2025-10547, an uninitialized-variable flaw in Vigor routers that can lead to memory corruption and potential remote code execution; administrators must update firmware and ...
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
WestJet confirmed a June cyberattack exposed passports, IDs, and travel records of 1.2 million customers. The airline is notifying victims and offering two years of ...
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
The FTC referred a complaint alleging Sendit collected children’s personal data without parental consent and used deceptive subscription practices, prompting a DoJ referral and potential ...
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
China’s Cyberspace Administration will require operators to report major cyber incidents within 60 minutes, or 30 minutes for severe events, with penalties for concealment or ...
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
Klopatra, disguised as an IPTV/VPN app, uses Accessibility abuse and a black-screen VNC to capture credentials and remotely drain over 3,000 Android devices across Europe.
Allianz Life Confirms July Breach Exposed SSNs for Nearly 1.5 Million People
Allianz Life confirmed a July CRM compromise exposed names, addresses, dates of birth and Social Security numbers for 1,497,036 people and offered two years of ...
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps
The Federal Trade Commission (FTC) has filed a high-profile lawsuit against Sendit, a social media companion app popular among teenagers, and its CEO. The case ...
Broadcom Patches VMware Zero-Day: CVE-2025-41244 Exploited by China-Linked UNC5174
Broadcom has released a critical security update addressing six vulnerabilities across VMware products, including four rated high-severity. At the center of the update is CVE-2025-41244, ...
Seven Years, £5.5 Billion, 128,000 Victims – The Case of Yadi Zhang
In a historic case that has captured global attention, UK authorities have secured a conviction against Zhimin Qian (also known as Yadi Zhang), the Chinese ...
Axonius Identities Review 2025: Unified IAM, Governance & Security
Axonius Identities delivers unified identity governance, lifecycle automation, and identity security posture for both human and non-human identities across complex enterprise environments, with actionable policy ...
11 Types of Social Engineering Attacks and How to Prevent Them
This detailed guide explores eleven prevalent social engineering attack types, explaining their mechanisms and offering practical preventative measures for individuals and organizations. Understand the psychology ...
Cisco ASA/FTD Flaws Under Siege: 50,000 Devices at Risk from Active Exploits
Two newly disclosed critical vulnerabilities—CVE-2025-20333 and CVE-2025-20362—are wreaking havoc across the global cybersecurity landscape, with nearly 50,000 Cisco ASA and FTD appliances actively under threat. ...
How to Use Cain and Abel for Penetration Testing: Step-by-Step Tutorial 2026
Cain and Abel is a powerful password recovery and penetration testing tool. Learn its features, uses, risks, and best practices for ethical cybersecurity operations.
MatrixPDF: The New Phishing Toolkit That Turns Safe PDFs into Cyber Weapons
A new cybercrime toolkit called MatrixPDF is changing the phishing landscape by weaponizing one of the most trusted file formats: PDFs. Marketed on cybercrime forums ...
UK Government Backs Jaguar Land Rover With £1.5 Billion Loan Guarantee After Cyberattack
The UK guaranteed £1.5bn to stabilise JLR after a major cyberattack; phased restart underway as forensic work, supplier relief and insurance clarity continue.
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
A third-party compromise exposed 430,000 Harrods customer records; names, contacts and marketing tags were leaked—customers should expect increased phishing risk and follow protective guidance.
Friends of NRA Posts Mailing List Online, Exposing Nearly 10,000 Supporter Records
A 2018 Friends of NRA mailing list containing nearly 10,000 names and addresses was indexed publicly; removal, compliance assessment, and data-handling reforms are now urgent ...
Asahi Brewery Cyberattack Halts Domestic Operations Across Japan
Asahi Group Holdings, Ltd.—the brewer behind some of the world’s most iconic beers, including Peroni and Grolsch—has been hit by a crippling cyberattack that froze ...
Akira Ransomware Exploits SonicWall Flaw with Record-Breaking Speed
The Akira ransomware group has once again raised the stakes in cybercrime by exploiting a critical SonicWall vulnerability—CVE-2024-40766—to infiltrate corporate networks through SSL VPN accounts, ...
Ex-Hacktivist “Sabu” Backs SafeHill’s $2.6M Bet on Continuous Threat Management
A new cybersecurity startup with an infamous name attached is making headlines. SafeHill—formerly known as Tacticly—has secured $2.6 million in pre-seed funding to accelerate the ...