Cyber Security
Cybersecurity
Gmail Breach Exposes 2.5 Billion Accounts in Social Engineering Attack
Google confirmed a massive breach exposing 2.5 billion Gmail accounts, with hacker group ShinyHunters exploiting Salesforce access through social engineering and launching large-scale phishing and ...
Blog
Ethical and Regulatory Challenges in AI-Driven Cybersecurity
As AI becomes central to cybersecurity, it is also weaponized for deepfakes, adaptive malware, and phishing. Organizations now face ethical dilemmas, regulatory fragmentation, and governance ...
Blog
AI-Powered DDoS Attacks Prompt Advanced Defense Mechanisms
AI-powered DDoS attacks are reshaping the cybersecurity landscape, replacing brute-force floods with adaptive, machine-led precision. By mimicking legitimate traffic and shifting tactics in real time, ...
Cybersecurity
Palo Alto Networks Forecasts $10.5B in 2026 Revenue on AI Cybersecurity Growth
Palo Alto Networks projects up to $10.53B in fiscal 2026 revenue, fueled by demand for AI cybersecurity tools and strategic acquisitions like CyberArk. With stronger ...
Application Security
WinRAR Zero-Day Vulnerability Exploited by Multiple Threat Actors
A newly discovered zero-day in WinRAR, CVE-2025-8088, is being exploited by RomCom hackers to plant executables in Windows Startup folders via path traversal. The flaw ...
Cybersecurity
FortiOS Auth Bypass Vulnerability Allows Attackers to Gain Full Control
Fortinet has disclosed CVE-2024-26009, a high-severity authentication bypass in the FGFM protocol. The flaw lets attackers impersonate managed FortiGate devices via FortiManager, enabling full administrative ...
Blog
Decline in Cybersecurity Prevention Effectiveness Raises Concerns for CISOs
New research from Horizon3.ai, WEF, Trend Micro, and others shows a widening gap between cybersecurity strategies and real-world results. CISOs face declining prevention effectiveness, rising ...
Cybersecurity
Norway Attributes Dam Cyberattack to Russian Hackers
Norway confirmed that Russian state-sponsored hackers breached the Bremanger dam’s control systems in April 2025, releasing 1.9 million gallons of water. While no damage occurred, ...
Cybersecurity
Chrome Extension FreeVPN One Secretly Captures Screens
Security researchers found that FreeVPN.One, a Chrome extension with over 100,000 installs and a verified badge, secretly captured user screenshots, URLs, and device data. Updates ...
CVE Vulnerability Alerts
Critical PostgreSQL Flaws Allow Code Injection During Database Restoration
The PostgreSQL team has disclosed three critical vulnerabilities—CVE-2025-8714, CVE-2025-8715, and CVE-2025-1094—impacting backup and restore utilities. These flaws enable malicious code injection and SQL exploitation, posing ...
Cybersecurity
Internet Archive Abused to Host Stealthy Malware JScript Loaders
Attackers are abusing the Internet Archive to host obfuscated malware loaders, launching multi-stage infection chains that deliver the Remcos RAT. By exploiting trusted infrastructure, threat ...
Cybersecurity
Business Council of New York State Data Breach: Personal Health Data of 47,000 People Exposed
BCNYS reports a two-day February intrusion discovered in August exposed personal, financial, and health data for 47,329 people, prompting rolling notifications and credit monitoring for ...
Cybersecurity
Clickjacking Vulnerability Exposes Autofill Data Across Major Extensions
Attackers use ADFS redirect phishing through legitimate office.com links, bypassing URL filters and MFA, to steal Microsoft 365 logins via malvertising and conditional access tricks.
Cybersecurity
Financial App Data Leak in Turkey Puts Millions at Risk
An unprotected MongoDB tied to FinansCepte and FinansWebde exposed over four million records, putting Turkish users at risk of phishing, credential stuffing, and manipulated financial ...
News
GenAI Powers Harder-to-Detect Phishing Threats
New research from Unit 42 shows adversaries are combining AI website builders, writing assistants, deepfakes, and chatbots to automate large-scale campaigns that closely mimic trusted ...
Cybersecurity
LG Hai Phong Earns CSMS Level 3 Certification at Its Largest Vehicle Component Base
LG’s Hai Phong plant earned CSMS Level 3 Certification from TÜV Rheinland, the first facility to hold both Level 2 and Level 3 simultaneously, validating ...
Cybersecurity
XenoRAT Malware Campaign Targets Embassies in South Korea
A multi-stage espionage campaign using XenoRAT malware has targeted foreign embassies in South Korea, with evidence linking the activity to both North Korean and Chinese ...
Cybersecurity
SentinelOne Expands Partnership With Mimecast to Advance People-Focused Cybersecurity
SentinelOne and Mimecast deepen integration, pairing Singularity endpoint telemetry with Human Risk Management to prioritize people-focused cybersecurity and reduce human-caused breaches.
News
Inotiv Ransomware Attack Disrupts Operations After Qilin Claims 176GB Data Theft
Inotiv confirms a ransomware attack encrypted systems and data, disrupting operations. SEC filing cites Qilin claims of 176GB theft as investigators restore and assess impact.
Cybersecurity
Researcher Harvests 270k Employee Records Exploiting Intel Flaw
Researcher Eaton Zveare found four flaws that exposed 270,000 Intel employee records via unauthenticated APIs and hardcoded credentials, then received only an automated “Thank You ...
TOP CYBERSECURITY HEADLINES
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
U.S. Charges Ukrainian National for Administering Ransomware
The U.S. charged Ukrainian national Volodymyr Tymoshchuk for administering LockerGoga, MegaCortex, and Nefilim ransomware, linked to hundreds of corporate breaches and millions in damages worldwide.
Doctors Outraged After NSW Health Department Leaks Personal and Professional Data
NSW Health exposed passports, medical credentials, and IDs of nearly 600 doctors, sparking outrage and raising serious risks of identity theft, fraud, and professional impersonation.
Salt Typhoon Breach Exposes U.S. Telecom Wiretap Systems
Chinese-linked APT group Salt Typhoon infiltrated major U.S. telecom providers in 2024, compromising surveillance systems and metadata from millions of users. The breach exposed lawful ...
China Is Blurring the Lines Between Civilian AI and Military Power
China is merging civilian AI with military applications. Everyday tools like drones and voice apps are being leveraged by the PLA, according to a CSET ...
Rose Acre Farms Targeted in Alleged Lynx Ransomware Attack
Rose Acre Farms, America’s second-largest egg producer, was allegedly hit by Lynx ransomware, with attackers claiming encrypted data in a breach that threatens food supply ...
Lovesac Confirms Data Breach Following Ransomware Attack
Lovesac confirmed a ransomware-linked data breach impacting personal information. Attackers accessed systems in February 2025, with stolen data linked to the RansomHub ransomware group’s extortion ...
GhostAction Supply Chain Attack on GitHub Exposes 3,325 Secrets
The GhostAction supply chain attack on GitHub compromised 3,325 secrets, including npm, PyPI, AWS, and GitHub tokens, after attackers injected malicious workflows into 817 repositories.
Qantas Airways Reduces CEO’s Bonus Following July Data Breach
Qantas Airways reduced CEO Vanessa Hudson’s pay by $250,000 following a July cyber attack that exposed 4.5 million customer records, reflecting leadership accountability and strengthened ...
The “s1ngularity” Attack: How Hackers Hijacked Nx and Leaked Thousands of Repositories
In late August 2025, the open-source software ecosystem was rocked by a sophisticated two-phase supply chain attack, now known as “s1ngularity.” The incident began when ...
Canadian Investment Giant Wealthsimple Hit by Vendor Compromise
Wealthsimple, one of Canada’s largest online investment platforms, has confirmed a data breach that exposed the sensitive information of fewer than 1% of its three ...
FireCompass Raises $20M to Scale AI-Powered Offensive Security
In a year when cybercrime is projected to cost the world over $10.5 trillion, FireCompass has emerged as one of the most closely watched AI-driven ...
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems
A newly uncovered critical vulnerability, tracked as CVE-2025-42957, is sending shockwaves through the enterprise technology world. Affecting all SAP S/4HANA deployments, both on-premise and in ...
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto
North Korean cybercriminals have escalated their social engineering operations, deploying a wave of sophisticated campaigns designed to infiltrate cryptocurrency and decentralized finance (DeFi) organizations. At ...
North Korean Hackers Pose as Recruiters To Launch Global Cyberattacks
North Korean hackers posed as recruiters to target blockchain and finance professionals, exploiting Slack and cyber intelligence platforms to steal cryptocurrency in a global campaign ...
Social Engineering Breach Opens Door to Google Salesforce Data Leak
A phishing attack on a Google employee led to a Salesforce breach, exposing business contact data. Gmail remained secure, but the incident underscores the power ...
Czech Cybersecurity Agency Warns Against Chinese Technology in Critical Infrastructure
The Czech Republic’s cybersecurity agency warns critical infrastructure operators against Chinese technology, elevates threat level to “High,” and cites confirmed malicious activity, data access risks, ...
This Week In Cybersecurity: September 1–5, 2025
News Stories Jaguar Land Rover Cyberattack Severely Disrupts Production Systems Taken Offline Jaguar Land Rover halted operations after a cyberattack disabled its production systems, forcing ...
Cybersecurity Leadership: An Expert Talks Executive Risk
Leah Santos, CISO and Cyber Resilience Advisor Talks Executive Risk
Wealthsimple Data Breach Leaked Client Information Online
Wealthsimple confirmed a September 2025 data breach affecting under one percent of clients. Personal details were exposed, but passwords and funds remained fully secure throughout ...
Hack on In-Flight Connectivity Provider Anuvu Exposes Starlink User Data
Hackers breached inflight connectivity provider Anuvu, exposing sensitive data including Starlink service records, user credentials, and corporate details linked to major airline and maritime customers ...