Cyber Security
Network Security
Redis Releases Update to Fix CVE-2025-49844 Critical RCE Vulnerability
A critical use-after-free vulnerability in Redis (CVE-2025-49844) enables remote code execution via Lua scripting. Affecting all versions up to 8.2.1, the flaw is already being ...
Application Security
Industrial Control at Risk: Red Lion RTU Vulnerabilities Score 10.0 CVSS
Researchers uncovered two critical Red Lion Sixnet RTU vulnerabilities that allow attackers to bypass authentication and execute root-level commands remotely. Widely used in energy, water, ...
Information Security
Salesforce Hacks: Extortion Group Leaks Millions of Sensitive Records
A unified extortion group known as Scattered Lapsus$ Hunters exploited OAuth token leaks from Salesloft integrations to infiltrate Salesforce-connected systems. At least 44 major companies ...
Data Security
Capita Hit with £14M Fine for Data Breach Impacting 6.6M Individuals
Capita has been fined £14 million by the UK ICO for failing to prevent a 2023 cyberattack that exposed data from over 6.6 million people. ...
Cybersecurity
U.S. Seizes $15 Billion in Bitcoin Linked to Major Pig Butchering Crypto Scam
U.S. authorities seized $15 billion in bitcoin linked to a major “pig butchering” scam run by Chen Zhi and Prince Holding Group, combining fraud and ...
Cybersecurity
Pixnapping Attack Steals MFA Codes Pixel by Pixel on Android Devices
Pixnapping is a new Android attack that steals 2FA codes and on-screen data by reading pixel rendering side-channels—no permissions needed, and effective in under 30 ...
Cybersecurity
Vietnam Airlines Confirms Customer Data Breach Linked to Third-Party Support Platform
Vietnam Airlines says a third-party customer-service platform was breached, possibly exposing customer contact data; payments, passwords and passports were not affected, investigation and notifications are ...
Cybersecurity
Oracle Quietly Patches Zero-Day Vulnerability Revealed by ShinyHunters Leak
Oracle quietly patched a zero-day exploit leaked by ShinyHunters, enabling remote command execution in enterprise applications. Customers are urged to deploy updates immediately and audit ...
Cybersecurity
CoinbaseCartel Threatens to Publish SK Telecom Source Code unless Ransom Talks Start
Ransom group CoinbaseCartel claims to have stolen SK Telecom source code, build files and cloud keys via a repository compromise and threatens public disclosure this ...
Cybersecurity
Russia Suspected in Jaguar Land Rover Cyberattack That Halted Production for Weeks
UK investigators probe Russian involvement after a September cyberattack at Jaguar Land Rover disabled 800 systems and halted production; government underwrites a £1.5bn loan guarantee.
Cybersecurity
Northern Rivers Resilient Homes Program Breach Exposes Personal Data of 2,031 Residents
An internal AI upload exposed the personal and health data of 2,031 Northern Rivers Resilient Homes participants. The NSW Reconstruction Authority opened investigations and issued ...
Cybersecurity
Qantas Customer Data Leaked on Dark Web After July Cyberattack
Hackers have leaked data of nearly six million Qantas customers on the dark web after a Salesforce-linked breach, exposing names, contact details, and frequent flyer ...
Cybersecurity
Discord Breach Exposes 70,000 ID Photos and Raises Questions about Third-Party Age Verification
Discord has confirmed that government-issued identification photos belonging to roughly 70,000 users may have been exposed in a third-party breach ...
Cybersecurity
SimonMed Confirms Data Breach Exposed 1.2 Million Patients in January
SimonMed Imaging says a January 2025 breach exposed data for 1.2 million patients. Medusa claimed theft of 212 GB including scanned IDs, medical records, and ...
Cybersecurity
Fake “Inflation Refund” Texts Target New Yorkers in Sophisticated Phishing Scam
Fraudulent “inflation refund” texts are scamming New Yorkers into surrendering personal data. Attackers steal IDs and financial information through fake government portals posing as refund ...
Cybersecurity
Zero-Day in Gladinet CentreStack and Triofox Actively Exploited
CVE-2025-11371, an unauthenticated LFI in Gladinet CentreStack and Triofox, is being exploited to retrieve machine keys and enable remote code execution; admins must apply Web.config ...
Cybersecurity
LockBit, Qilin, DragonForce Form Ransomware Cartel to Coordinate Attacks
A fresh ransomware cartel reportedly unites LockBit, Qilin and DragonForce to share infrastructure, coordinate attacks and pool revenue, raising defense complexity for incident responders.
Cybersecurity
Spain Dismantles “GXC Team” Crime-as-a-Service Network and Arrests 25-Year-Old Leader
Spanish authorities dismantled GXC Team, arresting “GoogleXcoder.” The CaaS network supplied phishing kits, Android malware, and voice-scam tools across countries; tools seized, funds recovered.
Cybersecurity
Hackers Claim Massive Salesforce Breach Allegedly Exposing 1 Billion Records from Global Customers
Hackers claim to have stolen over one billion Salesforce customer records in an alleged breach tied to misconfigured integrations, prompting an active investigation by Salesforce.
Cybersecurity
Quebec HopHop App Leak Exposes Children’s Data Across Hundreds of Schools and Daycares
A vulnerability in the HopHop school pickup app exposed photos, names and pickup controls for children and parents across Quebec, prompting government action and parental ...
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
TOP CYBERSECURITY HEADLINES
Application Security
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Cybersecurity
TVING Data Breach Triggers South Korean Government Probe
This Week’s Security Spotlight
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Violet Typhoon: China-Nexus Espionage Actor
Violet Typhoon, a China-linked cyber-espionage actor active since 2015, targets governments, NGOs, and academic institutions using SharePoint zero-day exploits. Its “ToolShell” campaign installs web shells, ...
Pwn2Own Automotive 2026: $3 Million Bounty Targets Tesla and EV Infrastructure Flaws
The upcoming Pwn2Own Automotive 2026 hacking contest, hosted by Trend Micro’s Zero Day Initiative (ZDI), is set to redefine the economics of automotive cybersecurity. With ...
China Claims NSA Breached National Time Network, Threatening Finance and Defense Stability
China’s Ministry of State Security (MSS) has publicly accused the U.S. National Security Agency (NSA) of conducting a multi-year cyber espionage campaign targeting its National ...
Cl0p Ransomware Targets Oracle E-Business Suite in Global Data Extortion Spree
A new wave of Cl0p ransomware attacks has struck organizations worldwide by exploiting vulnerabilities in Oracle’s E-Business Suite (EBS) — a mission-critical enterprise management platform ...
ConnectWise Automate Patches Critical Flaws Allowing AitM and Malicious Updates
Critical flaws in ConnectWise Automate allow agents to communicate over unencrypted HTTP and accept unsigned updates, opening the door to adversary-in-the-middle attacks and malicious code ...
Netcore Cloud Data Leak: 13TB Breach Exposes 40 Billion Records
A massive data breach at Netcore Cloud exposed more than 40 billion records in a 13.4TB unsecured database, leaking email logs, healthcare messages, partial banking ...
F5 Releases Urgent BIG-IP Patches After Stolen Vulnerability Breach
A newly disclosed breach of F5 Networks has triggered an unprecedented federal response after state-linked attackers stole BIG-IP source code and internal vulnerability data. Fearing ...
Microsoft Patches Highest-Severity ASP.NET Core Flaw Enabling Remote Code Execution
Microsoft has released an emergency patch for CVE-2025-55315, a critical ASP.NET Core vulnerability in the Kestrel web server with a record-high CVSS score of 9.9. ...
Europol Cracks SIM-Cartel: €4.5M Fraud Losses Mitigated in Cybercrime Campaign
European authorities have dismantled SIMCARTEL, a massive cybercrime-as-a-service network that used 1,200 SIM boxes and 40,000 active SIM cards to power large-scale smishing, fraud, and ...
Europe Endures 300 Daily Cyberattacks: Geopolitical Tensions Fuel Digital Risk
Cyberattacks in Europe have surged due to rising geopolitical tensions, particularly the Russia-Ukraine conflict, making the region one of the world’s most targeted. Critical infrastructure, ...
US Power Grid at Risk: Unified Cybersecurity Framework Urged to Combat Industrial Vulnerabilities
Cyberattacks on U.S. utilities surged 70% in 2024 as legacy systems, poor cyber hygiene, and fragmented regulations leave the power grid dangerously exposed. Experts warn ...
WhatsApp Wins Landmark Case Against NSO Group Over Spyware Attacks
After six years of intense litigation, WhatsApp has secured a decisive legal victory against the NSO Group, the controversial spyware maker accused of exploiting a ...
Google Project Zero Exposes Dolby Decoder Flaw Enabling Zero-Click Android Exploits
A newly discovered vulnerability in Dolby’s Unified Decoder has sent shockwaves through the cybersecurity world. Tracked as CVE-2025-54957, the flaw — uncovered by Google Project ...
AISLE Launches AI Cyber Reasoning System to Shrink Patch Times from Weeks to Minute
AISLE has entered the cybersecurity arena with an AI-native Cyber Reasoning System (CRS) built to do what most tools don’t: fix vulnerabilities—fast. While attackers increasingly ...
AI-Powered Villager Pen Test Tool Hits 11K Downloads, Sparks Abuse Concerns
Villager, an AI-driven penetration testing tool released on PyPI, has surged past 11,000 downloads by automating network scanning, exploitation, and privilege escalation via natural language ...
Oracle E-Business Suite Hit by Cl0p Ransomware Using CVE-2025-61882
Cl0p ransomware is actively exploiting a zero-day in Oracle E-Business Suite (CVE-2025-61882), allowing unauthenticated remote code execution via the BI Publisher component. The attacks have ...
Microsoft Revokes 200+ Fraudulent Certificates: Thwarts Rhysida Ransomware Campaign
Microsoft has revoked over 200 compromised digital certificates to disrupt a ransomware campaign abusing fake Microsoft Teams installers. Threat actor Vanilla Tempest used SEO poisoning ...
WatchGuard Fireware OS Vulnerability: CVE-2025-9242 Enables Remote Code Execution
A critical flaw in WatchGuard Fireware OS (CVE-2025-9242) allows remote, unauthenticated code execution through vulnerable VPN configurations and is already being actively exploited. Even devices ...
SonicWall VPN Breach: Over 100 Accounts Compromised in Security Incident
Attackers have compromised over 100 SonicWall VPN accounts by exploiting stolen credentials, unpatched vulnerabilities, and OTP seed theft to bypass MFA. Threat groups like UNC6148 ...
Stealit Malware Exploits Node.js: Sneaky Infection via Game and VPN Installers
Cybersecurity researchers have uncovered a stealthy malware campaign abusing Node.js’s Single Executable Application feature to package Stealit malware as fake game and VPN installers. Distributed ...