Cyber Security
Application Security
Malicious NuGet Packages Found With Time-Delay Payloads Targeting Databases and ICS Devices
Security researchers uncovered malicious NuGet packages embedded with time-delayed payloads set to activate in 2027–2028, targeting enterprise software and industrial systems. The stealthy implants exploit ...
CVE Vulnerability Alerts
LANDFALL Spyware Exploited Samsung Galaxy Zero-Day in Targeted Middle East Attacks
A zero-day flaw in Samsung Galaxy devices (CVE-2025-21042) was exploited to deploy LANDFALL spyware across the Middle East, enabling full device compromise and covert data ...
Application Security
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
A malicious Visual Studio Code extension mimicking “pyms-folders” was found on Microsoft’s marketplace, encrypting user files in a ransomware-like attack. Researchers believe the extension was ...
CVE Vulnerability Alerts
Cisco Warns of New Attack Variant Exploiting Secure Firewall ASA and FTD Vulnerabilities
Cisco has warned of a new attack variant targeting its Secure Firewall ASA and FTD devices, exploiting CVE-2025-20333 and CVE-2025-20362 in tandem for remote code ...
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
The ClickFix malware campaign is redefining social engineering by tricking users into manually infecting their systems through fake video guides, countdown timers, and OS-specific commands. ...
News
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
The Clop ransomware gang has claimed responsibility for a cyberattack on The Washington Post, adding the newspaper to its dark web leak site amid ongoing ...
Cybersecurity
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Nevada has fully restored operations across 60 state agencies nearly a year after a massive ransomware attack crippled public services in August 2023. The state ...
Application Security
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
Truffle Security has raised $25 million in Series A funding led by Decibel to expand its enterprise-grade secrets detection and remediation platform. Evolving from its ...
Cybersecurity
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
The U.S. Congressional Budget Office has confirmed a cybersecurity incident involving unauthorized access to its network, with early evidence pointing to a foreign threat actor. ...
Application Security
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Researchers at Tenable uncovered seven security flaws in OpenAI’s ChatGPT, including critical vulnerabilities in the GPT-4o model that exposed memory-stored user data and allowed web ...
Cybersecurity
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Executive Russian hacking group Sandworm has hit Ukraine’s grain sector with destructive wiper malware, targeting economic infrastructure in attacks now reaching beyond government and energy ...
Cybersecurity
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Hackers allegedly breached Russia’s Radon nuclear waste plant, stealing testing data, user information, and employee details, raising national security concerns over access to sensitive nuclear ...
Cybersecurity
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
A misconfigured third-party database exposed over 50,000 Stanford Health Care and Hillsboro Medical Center staff records, including payroll data, emails, and hashed passwords, increasing phishing ...
Cybersecurity
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
The Qilin ransomware gang claims to have stolen data from Habib Bank AG Zurich, exposing sensitive customer details and internal source code.
Cybersecurity
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
A global survey found 82 percent of large financial-services organisations reported a data breach or leak in the past year, signalling pervasive cyber-risk across the ...
News
U.S. Sanctions North Korean Financial Network Over Cybercrime-Funded Weapons Program
The U.S. Treasury has sanctioned eight North Korea-linked individuals and entities accused of laundering funds from cyberattacks to finance Pyongyang’s weapons programs. The move targets ...
Application Security
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Microsoft has added a new web-based feature to the Microsoft Store that lets users create a single installer for multiple apps. The enhancement simplifies deployments, ...
Cybersecurity
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
Google has uncovered AI-driven malware capable of mutating its code during execution, evading traditional detection tools. By embedding machine learning models directly into payloads, attackers ...
News
Gootloader Resurfaces After Hiatus, Leveraging SEO Poisoning to Spread Malware
The Gootloader malware gang has resurfaced after months of inactivity, reviving its signature SEO poisoning attacks. By manipulating search results to distribute malicious downloads through ...
Data Security
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Hyundai AutoEver America is now investigating a data breach that led to unauthorized access to sensitive personal information belonging to ...
Application Security
Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce
TOP CYBERSECURITY HEADLINES
Application Security
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
CVE Vulnerability Alerts
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
This Week’s Security Spotlight
Application Security
Anthropic’s Mythos AI Found Flaws in Classified US Government Systems
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
A malicious Visual Studio Code extension mimicking “pyms-folders” was found on Microsoft’s marketplace, encrypting user files in a ransomware-like attack. Researchers believe the extension was ...
Cisco Warns of New Attack Variant Exploiting Secure Firewall ASA and FTD Vulnerabilities
Cisco has warned of a new attack variant targeting its Secure Firewall ASA and FTD devices, exploiting CVE-2025-20333 and CVE-2025-20362 in tandem for remote code ...
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
The ClickFix malware campaign is redefining social engineering by tricking users into manually infecting their systems through fake video guides, countdown timers, and OS-specific commands. ...
Clop Ransomware Group Adds The Washington Post to Leak Site After Alleged Breach
The Clop ransomware gang has claimed responsibility for a cyberattack on The Washington Post, adding the newspaper to its dark web leak site amid ongoing ...
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Nevada has fully restored operations across 60 state agencies nearly a year after a massive ransomware attack crippled public services in August 2023. The state ...
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
Truffle Security has raised $25 million in Series A funding led by Decibel to expand its enterprise-grade secrets detection and remediation platform. Evolving from its ...
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
The U.S. Congressional Budget Office has confirmed a cybersecurity incident involving unauthorized access to its network, with early evidence pointing to a foreign threat actor. ...
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Researchers at Tenable uncovered seven security flaws in OpenAI’s ChatGPT, including critical vulnerabilities in the GPT-4o model that exposed memory-stored user data and allowed web ...
Russian-Linked Sandworm Deploy Data Wipers to Disrupt Ukraine’s Grain Export Sector
Executive Russian hacking group Sandworm has hit Ukraine’s grain sector with destructive wiper malware, targeting economic infrastructure in attacks now reaching beyond government and energy ...
Radon Nuclear Waste Facility Breach Exposes Test Records and Staff Details
Hackers allegedly breached Russia’s Radon nuclear waste plant, stealing testing data, user information, and employee details, raising national security concerns over access to sensitive nuclear ...
Stanford Health Care Employee and Payroll Data Leaked in Perfectshift Database Breach
A misconfigured third-party database exposed over 50,000 Stanford Health Care and Hillsboro Medical Center staff records, including payroll data, emails, and hashed passwords, increasing phishing ...
Qilin Ransomware Gang Claims Cyberattack on Swiss Bank Habib Bank AG Zurich
The Qilin ransomware gang claims to have stolen data from Habib Bank AG Zurich, exposing sensitive customer details and internal source code.
82 Percent of Financial-Services Organizations Suffered a Data Breach in the Last Year
A global survey found 82 percent of large financial-services organisations reported a data breach or leak in the past year, signalling pervasive cyber-risk across the ...
U.S. Sanctions North Korean Financial Network Over Cybercrime-Funded Weapons Program
The U.S. Treasury has sanctioned eight North Korea-linked individuals and entities accused of laundering funds from cyberattacks to finance Pyongyang’s weapons programs. The move targets ...
Microsoft Store Adds Multi-App Install Support for Easier Windows 11 Deployments
Microsoft has added a new web-based feature to the Microsoft Store that lets users create a single installer for multiple apps. The enhancement simplifies deployments, ...
Malware Learns to Think: Google Warns of AI-Powered Evasive Techniques
Google has uncovered AI-driven malware capable of mutating its code during execution, evading traditional detection tools. By embedding machine learning models directly into payloads, attackers ...
Gootloader Resurfaces After Hiatus, Leveraging SEO Poisoning to Spread Malware
The Gootloader malware gang has resurfaced after months of inactivity, reviving its signature SEO poisoning attacks. By manipulating search results to distribute malicious downloads through ...
Hyundai AutoEver America Data Breach Exposes Employee and Contractor PII
Hyundai AutoEver America is now investigating a data breach that led to unauthorized access to sensitive personal information belonging to employees and contractors. The automotive ...
SonicWall Traces 2023 Breach to State-Linked Threat Group Targeting Firewalls
SonicWall has attributed its 2023 security breach to a suspected state-sponsored APT group that accessed firewall configuration backups. While no personal data was exposed, the ...
CISA Warns of Ongoing Exploitation of Critical CentOS Web Panel Flaw
CISA has warned of active exploitation of a critical flaw (CVE-2022-44877) in CentOS Web Panel, allowing unauthenticated remote code execution. Administrators are urged to patch ...