Cyber Security
News
Europol Cracks SIM-Cartel: €4.5M Fraud Losses Mitigated in Cybercrime Campaign
European authorities have dismantled SIMCARTEL, a massive cybercrime-as-a-service network that used 1,200 SIM boxes and 40,000 active SIM cards to power large-scale smishing, fraud, and ...
Cybersecurity
Europe Endures 300 Daily Cyberattacks: Geopolitical Tensions Fuel Digital Risk
Cyberattacks in Europe have surged due to rising geopolitical tensions, particularly the Russia-Ukraine conflict, making the region one of the world’s most targeted. Critical infrastructure, ...
Cybersecurity
US Power Grid at Risk: Unified Cybersecurity Framework Urged to Combat Industrial Vulnerabilities
Cyberattacks on U.S. utilities surged 70% in 2024 as legacy systems, poor cyber hygiene, and fragmented regulations leave the power grid dangerously exposed. Experts warn ...
Application Security
AI-Powered Villager Pen Test Tool Hits 11K Downloads, Sparks Abuse Concerns
Villager, an AI-driven penetration testing tool released on PyPI, has surged past 11,000 downloads by automating network scanning, exploitation, and privilege escalation via natural language ...
Application Security
Oracle E-Business Suite Hit by Cl0p Ransomware Using CVE-2025-61882
Cl0p ransomware is actively exploiting a zero-day in Oracle E-Business Suite (CVE-2025-61882), allowing unauthenticated remote code execution via the BI Publisher component. The attacks have ...
Application Security
Microsoft Revokes 200+ Fraudulent Certificates: Thwarts Rhysida Ransomware Campaign
Microsoft has revoked over 200 compromised digital certificates to disrupt a ransomware campaign abusing fake Microsoft Teams installers. Threat actor Vanilla Tempest used SEO poisoning ...
Application Security
WatchGuard Fireware OS Vulnerability: CVE-2025-9242 Enables Remote Code Execution
A critical flaw in WatchGuard Fireware OS (CVE-2025-9242) allows remote, unauthenticated code execution through vulnerable VPN configurations and is already being actively exploited. Even devices ...
Application Security
SonicWall VPN Breach: Over 100 Accounts Compromised in Security Incident
Attackers have compromised over 100 SonicWall VPN accounts by exploiting stolen credentials, unpatched vulnerabilities, and OTP seed theft to bypass MFA. Threat groups like UNC6148 ...
Application Security
Stealit Malware Exploits Node.js: Sneaky Infection via Game and VPN Installers
Cybersecurity researchers have uncovered a stealthy malware campaign abusing Node.js’s Single Executable Application feature to package Stealit malware as fake game and VPN installers. Distributed ...
Application Security
Linux Rootkit Conceals Itself with eBPF & Magic Packets: Exploiting CVE-2024-23897
A sophisticated Linux rootkit dubbed LinkPro uses eBPF modules and magic TCP packets to stay hidden and activate on demand. Discovered after attackers exploited a ...
Data Security
GPT-4-Powered MalTerminal Malware Automates Ransomware Creation: Reverse Shells at Scale
MalTerminal, a next-generation malware, embeds GPT-4 to autonomously generate ransomware or reverse shells at runtime, producing unique payloads that bypass signature-based defenses. Researchers say it ...
Application Security
Wondershare RepairIt Vulnerabilities Exposed: CVE-2025-10643 & 10644 Threaten Data & AI Models
Two critical vulnerabilities in Wondershare RepairIt (CVE-2025-10643 and CVE-2025-10644) allow unauthenticated remote code execution through misconfigured storage tokens. With CVSS scores up to 9.4 and ...
Cybersecurity
Mango Retailer Confirms Marketing Vendor Breach Exposing Customer Contact Details
MANGO says a marketing vendor compromise exposed customer first names, countries, postal codes, email and phone data. Core accounts, financials, and credentials were not impacted.
Application Security
NPM Supply Chain Attack: 175 Malicious Packages Target Industrial Firms
A wave of coordinated supply chain attacks is targeting the NPM ecosystem, with over 400 malicious packages used to deploy malware, steal credentials, and compromise ...
Cybersecurity
F5 Admits Hackers Stole BIG-IP Source Code and Undisclosed Vulnerabilities
F5 disclosed a breach in which threat actors exfiltrated portions of BIG-IP source code and undisclosed vulnerability information. CISA ordered federal agencies to patch and ...
Cybersecurity
Sotheby’s Confirms Data Breach Exposing Financial Information
Sotheby’s confirmed a cyber intrusion in July 2025 that exposed names, Social Security numbers and financial account details. It is offering identity monitoring and investigating.
Cybersecurity
Fake LastPass and Bitwarden “Breach Alerts” Lead to PC Hijacks via Remote Access Tools
Phishing emails impersonating LastPass and Bitwarden lure users to install malicious binaries. The payload deploys Syncro and ScreenConnect for remote PC control, code execution and ...
News
PowerSchool Hacker Sentenced to Four Years for Cyberattack on Education Platform
A 20-year-old college student has been sentenced to four years in prison for hacking PowerSchool and stealing data from more than 70 million students and ...
Application Security
ICTBroadcast Servers Under Threat: Cookie Vulnerability Enables Remote Code Execution
A critical vulnerability in ICTBroadcast (CVE-2025-2611) enables unauthenticated remote code execution through malicious session cookies. With public exploits and Metasploit modules available, attackers are actively ...
Application Security
SAP NetWeaver Patch Released for CVSS 10.0 Deserialization Flaw Vulnerability
A critical CVSS 10.0 vulnerability in SAP NetWeaver AS Java (CVE-2025-42944) allows unauthenticated attackers to remotely execute OS commands through insecure deserialization in the RMI-P4 ...
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
TOP CYBERSECURITY HEADLINES
Application Security
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Cybersecurity
TVING Data Breach Triggers South Korean Government Probe
This Week’s Security Spotlight
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Clop Ransomware: A Growing Danger to Cybersecurity Worldwide
Clop ransomware continues to evolve as one of the most destructive global cyber threats. Learn how it spreads, its impact, and practical strategies to prevent ...
CISA Confirms Hackers Exploited Oracle E-Business Suite SSRF Vulnerability
CISA confirmed active exploitation of Oracle E-Business Suite CVE-2025-61884 SSRF, urging immediate patching and network hardening after leaked exploits enabled data-theft and extortion campaigns.
Microsoft Sentinel Review — Cloud-Native SIEM, Analytics & Threat Response for Enterprises
Microsoft Sentinel delivers cloud-scale threat detection, intelligence-enriched analytics, automated playbooks and behavior analysis, enabling enterprise security operations to investigate and respond in real time.
CISA Updates KEV Catalog: 5 Exploited Vulnerabilities Confirmed
CISA has added 15 actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog for October 2025, covering flaws in Microsoft, Oracle, Apple, Juniper, and ...
Supply Chain Attack: ‘GlassWorm’ Malware Infects VS Code Extensions
A newly discovered malware dubbed GlassWorm has infected over 35,800 Visual Studio Code extensions, marking one of the most advanced supply chain attacks to date. ...
Prosper Data Breach: 17.6 Million Accounts Compromised
Prosper has confirmed a major data breach affecting 17.6 million individuals after attackers accessed its customer databases. Exposed data includes names, SSNs, and employment details, ...
Myanmar Military Dismantles Cybercrime Hub, Over 2,000 Arrested
Myanmar’s military has dismantled the notorious KK Park scam compound near the Thai border, detaining over 2,000 people in one of Southeast Asia’s largest cybercrime ...
Odido Fined €1.5 Million for Inadequate Security in Wiretapping System
The Dutch RDI fined Odido €1.5 million after finding external suppliers had access to its wiretapping system, risking exposure of state secrets and criminal data.
Verisure Data Breach Compromises 35,000 Swedish Alert Alarm Users
A data breach at Verisure’s third-party billing partner exposed personal details of 35,000 Alert Alarm users, prompting forensic analysis but leaving Verisure’s core systems unaffected.
Getir Probes Alleged Data Leak After Hackers Claim Breach of Company Intranet
Hackers claim to have breached Getir’s intranet, leaking internal metadata. Researchers suggest the data originated from a third-party provider, posing social engineering and system exposure ...
CISA Alert: Actively Exploited Adobe AEM Forms Vulnerability
A critical flaw in Adobe Experience Manager Forms (CVE-2025-54253) is being actively exploited, allowing unauthenticated remote code execution via a misconfigured Struts debug mode. CISA ...
ReliaQuest GreyMatter Review — Agentic AI Security Operations for Enterprise Protection
ReliaQuest GreyMatter delivers an agentic AI security operations platform that enables CISOs to detect threats at the source, reduce alert noise, and respond within minutes.
North Korean Hackers Enhance Malware with Merged BeaverTail and OtterCookie Tools
North Korean hackers have merged the BeaverTail and OtterCookie malware into a new espionage tool, OtterCookie v5, targeting developers and cryptocurrency firms. The modular malware ...
Experian Fined €2.7 Million by Dutch Regulator for Mass Collection of Personal Data
Experian Netherlands was fined €2.7 million for using aggregated public and private data to build large consumer profiles without informing individuals or obtaining appropriate consent ...
Envoy Air Data Breach: Oracle EBS Exploit Exposes Sensitive Data
Envoy Air confirmed a cybersecurity breach tied to Oracle’s E-Business Suite zero-day (CVE-2025-61882), exploited by the Clop ransomware group. While no sensitive customer data was ...
Everest Ransomware Group Claims Collins Aerospace Attack Linked to Europe’s Airport Disruptions
The Everest ransomware group claimed responsibility for Collins Aerospace’s cyberattack, linking it to last month’s European airport chaos that disrupted check-in systems across multiple major ...
TikTok Videos Instructing Users To Run PowerShell Commands
Researchers warn of a TikTok campaign where short “activation” videos urge users to paste PowerShell commands that secretly download malware. The scripts install credential stealers, ...
Microsoft Ties Storm-1175 to Medusa Ransomware via GoAnywhere Flaw (CVSS 10.0)
Microsoft has linked the exploitation of a critical GoAnywhere MFT vulnerability (CVE-2025-10035) to the Storm-1175 threat group, operators of the Medusa ransomware. The flaw, rated ...
Pwn2Own Automotive 2026 Offers $3M+ in Prizes for Security Vulnerabilities
Trend Micro’s Zero Day Initiative will host Pwn2Own Automotive 2026 in Tokyo, offering over $3 million for exploits targeting Tesla systems, EV chargers, and automotive ...
Muji Suspends Online Sales in Japan After Askul Ransomware Attack
Muji has halted its Japanese online sales following a ransomware attack on its logistics partner, Askul Corporation, disrupting orders, shipments, and digital retail services.