Main Menu
Cyber Security
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
BreachForums Re-emerges Only to Fall Victim to Data Breach
Anthropic Responds to Viral Allegations of Account Bans
CISA Streamlines Security Measures With Vulnerability Catalog Adoption
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Email Security’s True Challenge: Evaluating Post-access Threats
APT28 Intensifies Credential Harvesting on Nuclear and Energy Sectors
NSA Announces Tim Kosiba as New Deputy Director
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
Illinois Department’s Database Error Leads to Massive Data Exposure
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
Vulnerability in Totolink Range Extender Firmware Allows Unauthorized Access
Vibe Hacking: How AI is Transforming Cybercrime’s Landscape
Logitech’s macOS Applications Disrupted by Expired Code-Signing Certificate
Ni8mare Vulnerability Threatens N8N Workflow Automation Platform
OwnCloud Urges Users to Implement Multi-factor Authentication for Enhanced Security
Navigating the Challenges of Fileless Malware in Cybersecurity
Microsoft Acknowledges Issues With Outlook Encryption Feature
Stalkerware Vendor’s Guilty Plea: A Rare Legal Victory in Consumer Spyware Prosecution
The Influence of Security Advice and Accountability in Cybersecurity
Chrome Extensions Masquerading as AITOPIA Pose Risk
Microsoft Alters Exchange Online User Email Limitations After Customer Pushback
European Space Agency Confronts Repeated Data Breaches with Legal Action
Generative AI Elevates Active Directory Password Attacks
Unpatched Vulnerability in TOTOLINK EX200 Puts Devices at Risk
Chrome Extensions Compromise Privacy by Exfiltrating ChatGPT and DeepSeek Conversations
Android’s January 2026 Update Patches Critical Dolby Audio Decoder Vulnerability
D-Link Routers Face New Threat as Attackers Exploit Legacy Vulnerability
NordVPN Denies Salesforce Server Breach Claims, Clarifying Access to Dummy Data
The Mirai Botnet The Infamous DDoS Weapon
Blog
The Mirai Botnet: The Infamous DDoS Weapon
Andrew Doyle March 19, 2025
The Mirai botnet, a notorious piece of malware, launched devastating DDoS attacks in 2016. This blog post delves into its origins, spread, impact, and the ...
StilachiRAT Malware Steals Crypto Using Advanced Reconnaissance
News
StilachiRAT Malware Steals Crypto Using Advanced Reconnaissance
Mitchell Langley March 18, 2025
Microsoft discovered StilachiRAT, a new RAT malware using sophisticated techniques to steal cryptocurrency and perform reconnaissance. Its advanced evasion capabilities make proactive defense crucial.
GitHub Action Supply Chain Attack Exposes CI/CD Secrets
News
GitHub Action Supply Chain Attack Exposes CI/CD Secrets
Andrew Doyle March 18, 2025
A supply chain attack on the popular tj-actions/changed-files GitHub Action exposed CI/CD secrets. Attackers compromised a PAT, impacting 23,000 repositories. GitHub has since removed the ...
Critical Apache Tomcat Flaw Actively Exploited in Attacks
News
Critical Apache Tomcat Flaw Actively Exploited in Attacks
Mitchell Langley March 18, 2025
Critical Apache Tomcat RCE vulnerability (CVE-2025-24813) is actively exploited, allowing attackers to take control of servers via simple PUT requests. Immediate patching is crucial.
Fake "Security Alert" on GitHub Used to Hijack OAuth App Accounts
News
Fake “Security Alert” on GitHub Used to Hijack OAuth App Accounts
Andrew Doyle March 18, 2025
A massive GitHub phishing campaign uses fake "Security Alert" issues and a malicious OAuth app to hijack accounts, granting attackers full control. Immediate action is ...
Lingnan University Suffers Cybersecurity Breach: Sensitive Data Exposed
News
Lingnan University Suffers Cybersecurity Breach: Sensitive Data Exposed
Andrew Doyle March 18, 2025
Lingnan University in Hong Kong suffered a data breach exposing thousands of records, including sensitive personal data. The university is taking steps to enhance security.
Florida Hospital Data Breach Impacts Over 120,000 Patients
News
Florida Hospital Data Breach Impacts Over 120,000 Patients
Mitchell Langley March 17, 2025
A Florida hospital, CDH, suffered a data breach impacting over 120,000 patients. Sensitive data, including Social Security numbers and health information, was compromised. The BianLian ...
BlackBasta Ransomware Uses Automated Tool 'BRUTED' to Brute-Force VPNs
News
BlackBasta Ransomware Uses Automated Tool ‘BRUTED’ to Brute-Force VPNs
Andrew Doyle March 17, 2025
The BlackBasta ransomware group uses an automated tool, BRUTED, to brute-force VPNs and firewalls, highlighting the need for robust multi-factor authentication.
JD.com Data Breach: Babuk Ransomware Cartel Claims Massive Data Theft
News
JD.com Data Breach: Babuk Ransomware Cartel Claims Massive Data Theft
Mitchell Langley March 17, 2025
JD.com, a major Chinese retailer, faces a massive data breach after the Babuk ransomware cartel claims to have stolen customer passwords and other sensitive information. ...
UDMI Radiology Firm Suffers Major Data Breach: Fog Ransomware Claims Responsibility
News
UDMI Radiology Firm Suffers Major Data Breach: Fog Ransomware Claims Responsibility
Andrew Doyle March 17, 2025
Fog ransomware group claims responsibility for a major data breach at UDMI, a radiology firm, impacting over 138,000 individuals. The incident underscores the critical need ...
FBI Issues Warning Against Medusa Ransomware for Gmail, Outlook, and VPN Users
News
FBI Issues Warning Against Medusa Ransomware for Gmail, Outlook, and VPN Users
Mitchell Langley March 17, 2025
The FBI warns of escalating Medusa ransomware attacks targeting Gmail, Outlook, and VPN users, urging immediate security enhancements to mitigate the threat.
LockBit Ransomware Developer Extradited to the United States
News
LockBit Ransomware Developer Extradited to the United States
Andrew Doyle March 17, 2025
A key LockBit ransomware developer, Rostislav Panev, has been extradited to the US to face charges for his role in the group's global attacks.
Compliance Isn’t Security Why a Checklist Alone Won’t Stop Cyberattacks
Blog
Compliance Isn’t Security: Why a Checklist Alone Won’t Stop Cyberattacks
Andrew Doyle March 17, 2025
This blog delves into the critical gap between meeting compliance standards and achieving true cybersecurity resilience. Learn why simply checking boxes isn't enough and how ...
This Week In Cybersecurity: 11th March to 14th March
Cybersecurity Newsletter
This Week In Cybersecurity: 11th March to 14th March
Andrew Doyle March 14, 2025
This week in cybersecurity highlights major incidents, including a $5 million theft from 1inch, a DDoS attack on X, and a significant data breach at ...
Insider Attack and Extortion at Stram Center, SSK Plastic Surgery and Grove at Valhalla Rehabilitation
News
Insider Attack and Extortion at Stram Center, SSK Plastic Surgery and Grove at Valhalla Rehabilitation
Mitchell Langley March 14, 2025
Three healthcare providers suffered data breaches from insider attacks, extortion, and third-party vulnerabilities, highlighting the need for robust cybersecurity measures.
CISA Reports Medusa Ransomware Attacks Over 300 Critical Infrastructure Organizations
News
CISA Reports Medusa Ransomware Attacks Over 300 Critical Infrastructure Organizations
Mitchell Langley March 14, 2025
A joint advisory from CISA, FBI, and MS-ISAC reveals Medusa ransomware impacted over 300 US critical infrastructure organizations by February 2025. The advisory details mitigation ...
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
News
Critical FreeType Vulnerability Exploited in Attacks: Urgent Update Required
Andrew Doyle March 14, 2025
Facebook disclosed a critical FreeType vulnerability (CVE-2025-27363), allowing arbitrary code execution. All versions up to 2.13 are affected; immediate updates are crucial.
Lazarus Group North Korean Hackers Infect Hundreds via Malicious npm Packages
News
Lazarus Group North Korean Hackers Infect Hundreds via Malicious npm Packages
Mitchell Langley March 14, 2025
The Lazarus Group, a North Korean hacking collective, deployed six malicious npm packages, infecting hundreds of developers. The packages steal credentials and deploy backdoors.
Sunflower Medical Group Data Breach: Rhysida Ransomware Attack Exposes 220,968 Records
News
Sunflower Medical Group Data Breach: Rhysida Ransomware Attack Exposes 220,968 Records
Andrew Doyle March 14, 2025
Kansas' Sunflower Medical Group suffered a data breach impacting 220,968 individuals. The Rhysida ransomware group claimed responsibility for the incident in January.
Infostealer Malware Infects 26 Million Devices, Steals Bank Card Data and Passwords
News
Infostealer Malware Infects 26 Million Devices, Steals Bank Card Data and Passwords
Mitchell Langley March 14, 2025
A devastating Infostealer malware campaign has compromised 26 million devices, stealing bank card details and passwords. Kaspersky's report highlights the scale of the threat.
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Data Security
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Gabby Lee January 12, 2026
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Data Security
California Privacy Protection Agency Takes Action Against Datamasters for Unauthorized Data Sales
Gabby Lee January 12, 2026
Diplomatic Exchange Between Nations Highlights Tensions in Cybercrime Prosecutions
News
Diplomatic Exchange Between Nations Highlights Tensions in Cybercrime Prosecutions
Mitchell Langley January 11, 2026
Ledger Breach Due to Global-e Attack Compromises Customer Data
Data Security
Ledger Breach Due to Global-e Attack Compromises Customer Data
Andrew Doyle January 6, 2026

TOP CYBERSECURITY HEADLINES

UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Cybersecurity
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
News
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
Data Security
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
BreachForums Re-emerges Only to Fall Victim to Data Breach
Application Security
BreachForums Re-emerges Only to Fall Victim to Data Breach

This Week’s Security Spotlight

BreachForums Re-emerges Only to Fall Victim to Data Breach
Application Security
BreachForums Re-emerges Only to Fall Victim to Data Breach
Mitchell Langley January 12, 2026
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Application Security
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Gabby Lee January 11, 2026
Chrome Extensions Masquerading as AITOPIA Pose Risk
Application Security
Chrome Extensions Masquerading as AITOPIA Pose Risk
Mitchell Langley January 7, 2026
European Space Agency Confronts Repeated Data Breaches with Legal Action
Data Security
European Space Agency Confronts Repeated Data Breaches with Legal Action
Gabby Lee January 7, 2026
More In News
Trending
Phishers Pose as Booking.com to Compromise European Hotels
Phishing Campaign Targets Users with Google Cloud Application Exploitation
Silver Fox Exploits Tax Lures in India to Spread ValleyRAT
Grubhub Users Face Sophisticated Phishing Scam Promising Bitcoin Payouts

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
CVE-2025-20309: Critical Cisco Root Access Flaw Threatens VoIP Security
July 4, 2025
Podcasts
macOS Under Siege: NimDoor Malware Targets Telegram, Wallets, and Keychains
July 3, 2025
Podcasts
Cisco Unified CM Vulnerability: Root Access Risk for Enterprise VoIP Networks
July 3, 2025

Cyber Security News

Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
Cybersecurity
Qilin Ransomware Leverages WSL to Deploy Linux Encryptors on Windows Systems
October 29, 2025
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
Cybersecurity
Dentsu Confirms Data Breach Exposing Employee Payroll and Personal Information
October 29, 2025
Palo Alto Networks Unveils AI Security Suite Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
Cybersecurity
Palo Alto Networks Unveils AI Security Suite: Cortex Cloud 2.0 & Prisma AIRS 2.0 Launched
October 29, 2025
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
Cybersecurity
Italian Spyware Vendor Linked to Chrome Zero-Day Attacks
October 28, 2025
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
Cybersecurity
QNAP Warns Windows Backup Software Impacted by ASP.NET Flaw
October 28, 2025
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
Cybersecurity
NCX Exchange Data Leak Exposes User Wallets, Passwords, and Authentication Keys
October 28, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
$25M for AI Email Security: Trustifi’s Big Bet on the MSP Market
June 4, 2025
In this episode, we dive into Trustifi’s recent $25 million Series A funding round, led by growth equity firm Camber Partners. Specializing in AI-powered email ...
GhostSec: From Hacktivist Roots to RaaS Powerhouse
June 4, 2025
GhostSec evolved from anti-ISIS hacktivists into a global ransomware threat, deploying GhostLocker via RaaS and targeting critical infrastructure with sophisticated, multi-stage infiltration tactics.
Malicious RubyGems Impersonate Fastlane Plugins to Steal Telegram Bot Data
June 4, 2025
Two malicious RubyGems imitating Fastlane plugins redirect Telegram API calls to attacker-controlled proxies, harvesting bot tokens, chat content, and sensitive developer data.
Victoria’s Secret Postpones Q1 Earnings Amid System Restoration After Security Incident
June 4, 2025
Victoria’s Secret has postponed its Q1 2025 earnings release due to system restoration efforts following a May 24 cyber incident affecting corporate, retail, and online ...
The Exploding Threat of Cybercrime-as-a-Service (CaaS): How it’s Reshaping the Cybercrime Landscape
June 4, 2025
The rise of Cybercrime-as-a-Service (CaaS) is transforming the threat landscape, democratizing cyberattacks and making them more frequent and diverse. This blog explores the various CaaS ...
Volkswagen Probes Hacker Claims Amid Ongoing Ransomware Threats
June 4, 2025
Volkswagen is investigating Stormous ransomware group’s breach claims, but internal reviews show no unauthorized access or compromised data within the company’s systems so far.
CISA Issues Alert on Actively Exploited ScreenConnect, ASUS Router, and Craft CMS Vulnerabilities
June 4, 2025
CISA has warned U.S. agencies of active attacks exploiting a ScreenConnect vulnerability and critical flaws in ASUS routers and Craft CMS. Patches and mitigations are ...
The North Face Discloses April Credential Stuffing Attack Impacting Customer Accounts
June 3, 2025
The North Face has confirmed a credential stuffing attack in April, exposing customer data including names, addresses, and emails. Payment information remains unaffected.
Nokota Packers Targeted in Ransomware Attack by Emerging J Group Gang
June 3, 2025
North Dakota-based Nokota Packers has reportedly suffered a ransomware attack by the J Group gang, with hackers claiming to have stolen 50GB of sensitive data. ...
Stormous Ransomware Gang Claims Volkswagen Hack Without Proof
June 3, 2025
Stormous ransomware gang claims a breach at Volkswagen, but provides no sample data. Researchers find no evidence yet of compromised systems or stolen information.
Google Chrome vs. Failing CAs: The Policy Behind the Distrust
June 3, 2025
In this episode, we dissect Google’s recent and upcoming decisions to distrust several Certificate Authorities (CAs) within the Chrome Root Store, including Entrust, Chunghwa Telecom, ...
CVE-2025-48827 & 48828: How vBulletin’s API and Template Engine Got Weaponized
June 3, 2025
Two critical, actively exploited vulnerabilities in vBulletin forum software—CVE-2025-48827 and CVE-2025-48828—have put thousands of websites at immediate risk of full system compromise. In this episode, ...
JINX-0132: How Cryptojackers Hijacked DevOps Infrastructure via Nomad and Docker
June 3, 2025
In this episode, we dissect the JINX-0132 cryptojacking campaign — a real-world example of how threat actors are exploiting cloud and DevOps environments to mine ...
Cartier Confirms Customer Data Exposure Following Cybersecurity Breach
June 3, 2025
Cartier has confirmed a cyberattack that exposed limited customer data, including names and email addresses. Sensitive financial and login information was not compromised.
Russian Market Becomes Leading Hub for Stolen Credentials from Info-Stealer Malware
June 3, 2025
The Russian Market has surged in popularity as a major cybercrime marketplace, offering stolen credentials harvested by info-stealer malware like Lumma and Acreed.
Multi-Stage Phishing Attacks Now Use Google Infrastructure—Here’s How
June 2, 2025
Recent phishing campaigns have entered a new phase—one where trust is weaponized. In this episode, we break down how cybercriminals are exploiting legitimate services like ...
Password Hashes Leaked via Linux Crash Handlers: The Truth Behind CVE-2025-5054 & 4598
June 2, 2025
In this episode, we unpack two newly disclosed Linux vulnerabilities—CVE-2025-5054 and CVE-2025-4598—discovered by the Qualys Threat Research Unit (TRU). These race condition flaws impact Ubuntu’s ...
Inside the AVCheck Takedown: How Law Enforcement Disrupted a Key Cybercrime Tool
June 2, 2025
In this episode, we unpack the international takedown of AVCheck, one of the largest counter antivirus (CAV) services used by cybercriminals to test and fine-tune ...
Kaiser Permanente Recovers from Widespread Network Outage That Disrupted Patient Services Nationwide
June 1, 2025
Kaiser Permanente suffered a major network outage that disrupted electronic health records and patient services across the U.S. System functionality was restored the following day. ...
Latrodectus Malware Infected Over 44,000 IPs Before Operation Endgame Takedown
June 1, 2025
Latrodectus malware infected over 44,000 IP addresses before Operation Endgame's global takedown, with Shadowserver warning of critical ongoing threats across infected systems.
UK Government Faces Rising Cybersecurity Concerns Amid Legal Aid and Foreign Office Attacks
Authorities in Spain Dismantle Cyber Fraud Network Tied to Black Axe Group
Ireland Recalls Thousands of Passports Due to Software-Induced Printing Defect
BreachForums Re-emerges Only to Fall Victim to Data Breach
Anthropic Responds to Viral Allegations of Account Bans
Iranian APT Group MuddyWater Launches Sophisticated Spear-Phishing Campaign
CISA Streamlines Security Measures With Vulnerability Catalog Adoption
Chinese-Speaking Threat Actors Allegedly Exploit SonicWall VPN for VMware ESXi Breach
Illinois Man Charged for Snapchat Phishing Scheme
Email Security’s True Challenge: Evaluating Post-access Threats
APT28 Intensifies Credential Harvesting on Nuclear and Energy Sectors
Diplomatic Exchange Between Nations Highlights Tensions in Cybercrime Prosecutions
NSA Announces Tim Kosiba as New Deputy Director
Threat Actors Target Vulnerable Proxy Servers in the Hunt for LLM Services
North Korean Hackers Exploit QR Codes to Breach Enterprise Cloud Security
Illinois Department’s Database Error Leads to Massive Data Exposure
Trend Micro Addresses Vulnerabilities in Apex Central, Mitigates Security Risks
Vulnerability in Totolink Range Extender Firmware Allows Unauthorized Access
Vibe Hacking: How AI is Transforming Cybercrime’s Landscape
How Misconfigured Email Routing Opens the Door for Credential Theft