Cyber Security
Cybersecurity
AI Summary Injection Turns Summaries into Malware Delivery
Researchers show attackers hide malicious payloads in HTML using CSS obfuscation and prompt overdose so AI summaries output malware instructions that lead to ransomware execution.
Cybersecurity
Nissan Confirms Data Breach at Creative Box After Qilin Ransomware Attack
Nissan has confirmed a data breach at its Tokyo-based subsidiary, Creative Box Inc. (CBI), following unauthorized access on August 16, 2025. The Qilin ransomware group ...
Resources
Gunra Ransomware: Tactics, Victims, and Threat Intelligence
Gunra is a double-extortion ransomware group, active since April 2025, leveraging leaked Conti code for high-speed, cross-platform attacks. With victims spanning healthcare, manufacturing, and IT, ...
Blog
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Australia is facing a surge in AI-driven cyberattacks, from deepfake phishing and malware development to supply chain compromises. With over 70 major incidents in 2025 ...
CVE Vulnerability Alerts
CISA Expands Known Exploited Vulnerabilities Catalog: 47 New Threats Identified
CISA has added 47 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, including flaws in SharePoint, Google Chromium, and Cisco devices. The ...
Cybersecurity
Arizona Seeks $10M to Bolster Election Cybersecurity: Post-Attack Response Plan
A cyberattack on Arizona’s election portal, linked to Iranian-affiliated actors, has spurred calls for $10 million in cybersecurity funding and $3.5 million annually. Secretary of ...
Application Security
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
Microsoft has patched CVE-2025-53783, a heap-based buffer overflow in Teams that enables remote code execution across desktop, mobile, and hardware devices. Though exploitation requires social ...
Cybersecurity
Apple Patches Zero-Day Exploit: Immediate Fix for CVE-2025-43300 Threat
Apple has released emergency patches for CVE-2025-43300, a zero-day flaw in the Image I/O framework enabling remote code execution via malicious images. Actively exploited in ...
News
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised as PDFs, these droppers fetch ...
Application Security
Google to Verify Android Developers: A New Era in App Security Emerges
Google is rolling out its Developer Verification program, requiring all Android developers—inside and outside the Play Store—to verify their identity by 2027. The policy aims ...
Data Security
Okta Raises Annual Forecasts Amid Surging Demand for Cybersecurity Tools
Okta has lifted its fiscal 2026 revenue forecast after reporting strong Q2 results, driven by soaring demand for identity verification tools. As AI-powered impersonation attacks ...
Blog
The Dual Role of AI in Cybersecurity: Weapon and Shield
AI hacking has moved from speculation to reality, enabling deepfake phishing, automated malware, and large-scale social engineering. While defenders deploy AI for detection and response, ...
Blog
FraudGPT, WormGPT, and Dark AI Models Fuel Surge in Cybercrime
Malicious AI models like FraudGPT, WormGPT, and PoisonGPT are reshaping cybercrime, enabling scalable phishing, malware generation, and disinformation. Unlike mainstream LLMs, these blackhat tools strip ...
Blog
The Imperative for a New Cyber Defense Playbook
Traditional cybersecurity models are failing against AI-driven threats, workforce fatigue, and complex tool sprawl. From adaptive malware and deepfake phishing to poorly governed machine identities, ...
News
UpCrypter Phishing Campaign Exploits Fake Emails to Deliver RAT Payloads
A new phishing campaign is distributing the UpCrypter malware loader through fake voicemail and purchase order emails. Targeting industries worldwide, UpCrypter delivers multiple remote access ...
Cybersecurity
Senator Wyden Demands Independent Review After Federal Court Cyber Breaches
Senator Ron Wyden is urging an independent review of federal court cybersecurity after breaches exposed sealed case files. Citing outdated systems and weak defenses, he ...
Cybersecurity
Nevada State Offices Shut Down Amid Major Network Security Incident
Nevada’s state government was forced to suspend in-person services and shut down major websites after a large-scale network security incident on August 25, 2025. Early ...
Application Security
Android Malware Masquerades as FSB Antivirus To Spy on Russian Business Executives
A fake FSB antivirus hides Android malware spying on Russian executives, logging keystrokes, streaming cameras, exfiltrating messenger data, and rotating providers for command and control.
Cybersecurity
Orange Suffers Data Breach Affecting 850k Customers
Orange Belgium reports a cyberattack exposing SIM details, PUK codes, names, phone numbers, and tariff plans for 850,000 customers; no financial data or passwords were ...
Cybersecurity
Michigan Health System Hack Exposes Patients’ Lab Results in Healthcare Data Breach
Aspire Rural Health Systems suffered a major healthcare data breach, exposing nearly 140,000 patients’ records — including lab results, financial data, and personal identifiers.
TOP CYBERSECURITY HEADLINES
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
CrowdStrike Acquires Pangea to Launch AI Detection and Response (AIDR)
At Fal.Con 2025, CrowdStrike announced one of its boldest moves yet: the acquisition of AI security startup Pangea. The deal signals CrowdStrike’s intent to redefine ...
RaccoonO365: $100K Phishing-as-a-Service Scheme Taken Down
Microsoft and Cloudflare have successfully dismantled RaccoonO365, a global phishing-as-a-service (PhaaS) operation that had been running for over a year. This criminal platform, marketed on ...
AI-Generated Phishing and Deepfakes Supercharge Social Engineering Attacks
Social engineering has reclaimed center stage as today’s most reliable intrusion vector—and it’s not just email anymore. Recent warnings from law enforcement and national cyber ...
Phoenix Attack Breaks DDR5 Rowhammer Defenses: Root in 109 Seconds
The infamous Rowhammer vulnerability, long thought to be contained by new DRAM protections, has resurfaced with devastating force. Academic researchers, working with Google, have unveiled ...
Silent Push Raises $10M Series B to Expand Threat Intelligence Platform
Cybercriminals aren’t just breaking in—they’re borrowing your brand to do it. This episode dives into the critical intersection of brand protection, threat intelligence, and external ...
Google Accused of Shadow Lobbying Against California Privacy Opt-Out Law
California’s Assembly Bill 566 (AB 566) has become one of the most hotly contested pieces of privacy legislation in the country. The bill would require ...
FinWise Bank Data Breach Exposes 700K Customers Amid Predatory Lending Allegations
FinWise Bank is facing a double crisis—one of data security and another of public trust. Nearly 700,000 customers of American First Finance (AFF), a FinWise ...
ShinyHunters Claims 160 Million Vietnamese Credit Records Stolen from National Database
ShinyHunters claims 160 million Vietnam credit records stolen from CIC; samples verified by ReSecurity include PII, credit histories, and government IDs with recent timestamps.
Everest Ransomware Gang Names Allegis Group on Dark Web Claiming Client Lists
Everest ransomware gang claims Allegis Group documents and client lists were taken; screenshots show spreadsheets of 135,000 and 426,000 lines, researchers warn of phishing risks.
Apple Warns Users of Sophisticated Spyware Attacks Across Multiple Countries
Apple has warned users in over 150 countries of mercenary spyware attacks using zero-days and zero-click exploits, urging Lockdown Mode and emergency security assistance.
Microsoft to Roll Out Built-In Link Warnings for Teams Chats
Microsoft will roll out real-time malicious link warnings for Teams chats in September 2025, adding another security layer to protect enterprise users from phishing and ...
National Cyber Director Pushes for Aggressive Cyber Strategy to Shift Risk to Adversaries
National Cyber Director Sean Cairncross calls for a unified cyber strategy, urging CISA 2015 reauthorization, IT modernization, and stronger deterrence measures to shift risk onto ...
U.S. Sanctions Southeast Asian Cybercrime Networks That Stole $10 Billion from Americans
The U.S. Treasury sanctioned 19 Southeast Asian cybercrime networks tied to forced labor, trafficking, and scams that stole over $10 billion from Americans in 2024.
Temu Fined $2 Million for INFORM Consumers Act Violations
Temu will pay $2 million to settle FTC and DoJ claims it violated the INFORM Consumers Act by failing to disclose seller details and suspicious ...
Threat Actor Upgrades Docker API Attacks, Moves Toward Botnet Development
Attackers targeting exposed Docker APIs have upgraded their tools, enabling persistent access, lateral movement, and self-replication—laying the groundwork for a potential large-scale botnet campaign.
NSW Health Data Breach Exposes Personal and Professional Records Of Nearly 600 Doctors
A major data privacy lapse has rattled the New South Wales (NSW) health system after confidential records of nearly 600 medical staff — including 67 ...
Wealthsimple Data Breach Exposes Government IDs in Third-Party Attack
Wealthsimple confirmed a third-party data breach exposing account numbers, government IDs, and SINs of 30,000 clients. No funds stolen, but identity theft risks remain significant.
Dynatrace Confirms Customer Data Exposure in Salesforce Supply Chain Breach
Dynatrace confirmed customer data exposure in the Salesforce supply chain breach via Salesloft Drift, joining Cloudflare, Google, and others hit by the Scattered LapSus$ Hunters ...
External Attack Surface Management: CISO’s Guide to Mitigating Risk Before It Strikes
External Attack Surface Management gives CISOs continuous visibility into internet-facing assets, prioritizes risks by context, and enables proactive remediation—shrinking exposure before attackers exploit vulnerabilities.
Salesloft Data Breach Exposes 700 Companies Through OAuth Token Attack
A major security breach at Salesloft has compromised sensitive information from more than 700 companies, marking one of the largest enterprise incidents linked to OAuth ...