Cyber Security
Cybersecurity
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
Hackers breached Evertec’s Brazilian subsidiary Sinqia, attempting a $130 million theft via Pix. Using stolen vendor credentials, they initiated unauthorized transfers before operations were suspended ...
Cybersecurity
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Cloudflare confirmed its Salesforce instance was breached through compromised SalesLoft and Drift integrations, exposing customer data in a campaign affecting 700+ companies. The company’s detailed ...
Blog
Exploring Ransomware EDR-Killer Tools: How New Tactics Undermine Endpoint Security
A new wave of EDR-killer tools is reshaping ransomware tactics, enabling groups like RansomHub, Medusa, and Blacksuit to disable endpoint defenses. By exploiting vulnerable drivers ...
Blog
Agentic AI Steals Spotlight at Black Hat 2025 with Real-Time Threat Response
Agentic AI took center stage at Black Hat USA 2025, marking a definitive pivot from conceptual discussions to real-world deployment. ...
Cybersecurity
DHS Cuts $27M Cybersecurity Support: Impact on 19,000 Local Governments
The Department of Homeland Security (DHS) will halt $27 million in annual federal funding for the Multi-State Information Sharing and ...
Cybersecurity
TamperedChef Infostealer Delivered Through Fraudulent PDF Editor Ads
Cybercriminals used fraudulent Google Ads to spread a fake PDF Editor app delivering TamperedChef infostealer, leveraging code-signing certificates, residential proxy enrollment
Application Security
Amazon Disrupts Midnight Blizzard Campaign Targeting Microsoft 365
Amazon disrupted a Midnight Blizzard campaign where Russian hackers used compromised websites, fake Cloudflare pages, and Microsoft device code abuse to target enterprise Microsoft 365 ...
Application Security
Zscaler Data Breach Exposes Customer Information After Salesloft Drift Compromise
Zscaler confirmed a Salesforce data breach linked to the Salesloft Drift compromise, exposing customer information but not its core services. The incident highlights escalating OAuth ...
Cybersecurity
Hackers Threaten Google with Data Leak Unless it Fires Threat Intelligence Employees
Hackers calling themselves Scattered LapSus Hunters threatened to leak Google databases unless two employees are dismissed, linking their demand to recent Salesforce-driven phishing attacks.
Cybersecurity
SK Telecom Hit with Record US$96.9 Million Fine After Data Breach Exposes 23 Million Users
SK Telecom has been fined $96.9 million after a breach exposed 23 million users’ data, marking the largest privacy penalty ever imposed on a South ...
Cybersecurity
Hackers Leak Sensitive Healthcare Data of 433,000 U.S. Doctors
Hackers leaked data on 433,000 U.S. doctors, exposing names, addresses, and emails. Experts warn of phishing, identity theft, and ransomware risks targeting healthcare professionals and ...
Cybersecurity
Tea App Data Breach Exposes Sensitive Images
Tea Dating Advice confirmed a July 2025 breach affecting 4,244 users, exposing sensitive PII, identity documents, and private images, raising concerns over larger-scale data exposure.
Application Security
NCSC Warns of Malware Campaign Using Fake PDF Editors
The NCSC uncovered a malware campaign using fake PDF editors and manual finder tools to turn devices into residential proxies, enabling criminals to mask their ...
Cybersecurity
TransUnion Data Breach Exposes Personal Information of 4.4 Million
TransUnion confirmed a cyberattack exposing data of over 4.4 million U.S. consumers, tied to Salesforce breaches attributed to ShinyHunters and UNC6395 extortion groups.
Application Security
Brokewell Android Malware Spread Through Fake TradingView Ads
Cybercriminals are exploiting Meta’s ad network to push fake TradingView Premium apps that secretly install Brokewell malware on Android devices, stealing data and hijacking user ...
Cybersecurity
SentinelOne Q3 Revenue Jumps 22% Amid Cybersecurity Surge
SentinelOne has raised its annual revenue forecast amid surging demand for AI-driven cybersecurity. With its Singularity platform and growing ARR surpassing $1 billion, the company ...
Cybersecurity
U.S. and Allies Expose Salt Typhoon Cyber Espionage Network
A sweeping international advisory accuses Chinese tech firms of fueling cyber espionage campaigns tied to Salt Typhoon and related groups. The attacks span telecom networks, ...
Cybersecurity
Senator Wyden Demands Independent Cybersecurity Review of Federal Courts
A wave of breaches exposing sealed court records and confidential informant data has drawn sharp criticism of the judiciary’s outdated IT. Senator Ron Wyden is ...
Endpoint Security
FEMA Fires 24 Staff After DHS Cybersecurity Audit Uncovers Major Failures
A DHS audit prompted FEMA to fire 24 staff, including top IT leaders, over cybersecurity failures such as weak authentication and outdated protocols, highlighting federal ...
News
Maryland’s Paratransit Ransomware Strike: Cyberattack Disrupts Disabled Transit Services
A ransomware attack on Maryland’s Mobility paratransit system has disrupted critical transportation for disabled residents, blocking new reservations and rebookings. While core transit services remain ...
TOP CYBERSECURITY HEADLINES
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Fairmont Federal Credit Union Confirms Two-Year-Old Data Breach Exposing PINs and Medical Data
Fairmont Federal Credit Union revealed a 2023 breach impacting 187,000 individuals, exposing PINs, financial and medical data, with threat intelligence suggesting BlackBasta ransomware involvement in ...
Akira Ransomware Exploits Unpatched SonicWall SSLVPN Vulnerability
Akira ransomware is exploiting CVE-2024-40766 in SonicWall SSLVPN devices again, targeting unpatched endpoints. ACSC and Rapid7 warn enterprises to patch, rotate passwords, and enforce MFA ...
VMScape Attack Bypasses Hypervisor Isolation on AMD and Intel CPUs
ETH Zurich researchers reveal VMScape, a Spectre-like attack leaking secrets from QEMU hypervisors on AMD and Intel CPUs, bypassing mitigations and threatening multi-tenant cloud security.
Popular AI Chatbots Leak Sensitive User Data from Unsecured Server
An unsecured Elasticsearch instance leaked 116 GB of live logs from ImagineArt, Chatly, and Chatbotx, exposing prompts, bearer tokens, and user agents for millions of ...
Farmer Bros. Reveals Data Breach Affecting Over 14,000 Individuals
Farmer Bros. confirmed a breach affecting over 14,000 people; filings show unauthorized access in late 2023 and identity monitoring offered amid a ransomware claim.
UK Arrests Scattered Spider Teens Linked to TfL Cyberattack
UK police arrest two teens tied to Scattered Spider and the 2024 TfL cyberattack, linking them to global breaches, U.S. healthcare attacks, and $115M in ...
ShinyHunters Claims 1.5 Billion Salesforce Records
ShinyHunters claims 1.5 billion Salesforce records stolen from 760 companies after attackers harvested Salesloft Drift OAuth tokens, exposing CRM, case data, and secrets.
Hello Gym Phone Service Exposes 1.6 Million Audio Recordings Containing Member Data
A public storage repository exposed 1,605,345 gym call recordings managed by Hello Gym, revealing PII and billing details and creating risks for targeted fraud and ...
Lotte Card Confirms Data Breach Exposing 2.97 Million Customers
Lotte Card confirmed a breach exposing 2.97 million customers; 280,000 had full card data leaked. Company pledges compensation and steps to reissue cards.
Hackers Use SEO Poisoning to Deliver Malware through Fake Apps
Researchers warn SEO-poisoning campaigns push trojanized Signal, WhatsApp and Chrome installers that bundle legitimate apps with Hiddengh0st and Winos malware for long-term surveillance.
Panama’s Finance Ministry Confirms Cyberattack as INC Ransom Claims Massive Data Theft
Panama’s MEF confirms a cyberattack but says systems remain safe. INC Ransom claims stealing financial data, emails, and documents, posting samples on its dark web ...
HybridPetya Ransomware Bypasses UEFI Secure Boot
ESET found HybridPetya, a Petya-style ransomware that exploits CVE-2024-7344 to bypass UEFI Secure Boot, install a bootkit, encrypt MFT clusters, and demand Bitcoin.
Microsoft Fairwater Center: Hyperscale AI Hub Coming to Wisconsin
Microsoft is building Fairwater, a hyperscale AI data center in Wisconsin with clustered NVIDIA GPUs, closed-loop liquid cooling, and a Datacenter Academy for local workforce ...
SystemBC Turns Infected VPS Hosts Into Global Proxy Highway
SystemBC leverages vulnerable commercial VPS hosts to run a 1,500-node proxy botnet that serves scraping, proxy resale, and high-volume criminal traffic globally.
Clarins Listed by Everest Ransomware Gang on Dark Web Post
Paris-headquartered luxury skincare maker Clarins has been named on a dark web leak page run by the Everest ransomware gang, which claims to have obtained ...
Hackers Claim Breach of Italian Post, Researchers Disagree
Hackers claim to have breached Poste Italiane, but researchers say the data is recycled from older leaks with fabricated fields, meaning no new compromise actually ...
New Kid Warlock Steps Up Ransomware Attacks with SharePoint Exploits
Warlock — tracked as Storm 2603 and GOLD SALEM — has surged since March 2025, exploiting SharePoint and other enterprise flaws and listing dozens of ...
Hundreds of NPM Packages Compromised in Self-Replicating Supply Chain Attack
A worm-style supply chain attack has compromised hundreds of NPM packages, harvesting npm tokens and secrets while propagating across popular JavaScript libraries and developer scopes.
Baltimore Medical System Claimed by Brain Cipher Ransomware
Brain Cipher claims several terabytes stolen from Baltimore Medical System, posting large server and database samples; impact could include medical identity theft for thousands of ...
Hackers Now Going Straight to the Source — Company Data Backups
Hackers are increasingly targeting company backups, with 18% of breaches linked to backup attacks — crippling recovery efforts and highlighting the urgent need for secure, ...