Cyber Security
How to Defend Your Organization Against Scattered Spider’s Service Desk Attacks
Ivanti Workspace Control Exposes SQL Credentials Through Hardcoded Key Flaws
The Exploding Threat of Cybercrime-as-a-Service (CaaS): How it’s Reshaping the Cybercrime Landscape
Quantum Hacking Is Coming: How to Prepare with Post-Quantum Security Today
Interlock Ransomware Suspected in Kettering Health System-Wide Outage
RVTools Supply Chain Attack Delivered Bumblebee Malware via Trojanized Installer
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
The Truth About Identity Attacks: How to Protect Your Business and Data
CISA Warns of Ongoing Cyber Threats to U.S. Oil and Gas Infrastructure
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
The Rising Tide of Supply Chain Cybersecurity Risks in 2025
Fighting AI with AI: Using Artificial Intelligence to Strengthen Enterprise Cybersecurity
27 Million Records Allegedly Leaked from French Retailer Boulanger
13 Cybersecurity Assumptions That Are Getting You Hacked (And What to Do Instead)
Navigating the Complex Intersection of AI and Data Privacy
Cookie-Bite Attack Uses Chrome Extension to Steal Microsoft Session Tokens and Bypass MFA
Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests
FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud
Remote Desktop Protocol (RDP): A Double-Edged Sword for IT Teams
Google Faces £5 Billion UK Antitrust Lawsuit Over Search Advertising Practices
Skyward Specialty Insurance Data Breach Exposes Sensitive Information
Hacker Forum ‘Cracked’ Resurfaces Online After FBI Seizure in Global Cybercrime Operation
Wolters Kluwer Data Breach Claim Raises Alarms Across Fortune 500 Network
Fall River Public Schools Responds to Cybersecurity Breach
COBIT 2019 vs. COBIT 5: What’s New and Why It Matters
The Soaring Cost of Data Breaches for Enterprise Businesses in 2024
ChatGPT is Down Worldwide Impacting Millions
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years
10 Key Benefits of Cyber Tabletop Exercises
Ransomware Attack on Kettering Health Forces Mass Procedure Cancellations and Exposes Patient Safety Risks
News
Ransomware Attack on Kettering Health Forces Mass Procedure Cancellations and Exposes Patient Safety Risks
A ransomware attack on Kettering Health forced mass cancellations across 120+ medical sites, exposing patient safety risks and prompting scam attempts targeting sensitive patient data. ...
BlackLock Ransomware Group Claims Breach of Toho, But Evidence Falls Short
News
BlackLock Ransomware Group Claims Breach of Toho, But Evidence Falls Short
Cybercriminal group BlackLock claims to have breached Japanese film giant Toho, but researchers found no credible data, casting doubt on the authenticity of the attack. ...
Coca-Cola Investigates Alleged Data Breach Tied to Everest Ransomware Group
News
Coca-Cola Investigates Alleged Data Breach Tied to Everest Ransomware Group
Hackers from the Everest group claim to have leaked Coca-Cola employee and HR data, including PII and internal documents, potentially tied to a Middle East ...
Chinese Hackers Exploit Ivanti EPMM Zero-Day to Breach Government Agencies
News
Chinese Hackers Exploit Ivanti EPMM Zero-Day to Breach Government Agencies
Chinese hackers exploited a zero-day flaw in Ivanti EPMM to breach global government systems. Immediate patching and security monitoring are strongly advised.
iOS Sleep App Exposes Personal and Health Data of Over 25,000 Users
News
iOS Sleep App Exposes Personal and Health Data of Over 25,000 Users
Sleep Journey iOS app exposed over 25,000 users' personal and health data due to a misconfigured Firebase database, posing significant privacy and security risks.
Chinese Hackers Exploit Cityworks Zero-Day to Breach U.S. Local Government Systems
News
Chinese Hackers Exploit Cityworks Zero-Day to Breach U.S. Local Government Systems
Hackers from the Everest group claim to have leaked Coca-Cola employee and HR data, including PII and internal documents, potentially tied to a Middle East ...
Russian APT28 Hackers Target Ukraine Aid Operations Through Global Espionage Campaign
News
Russian APT28 Hackers Target Ukraine Aid Operations Through Global Espionage Campaign
Russian APT28 hackers have targeted international aid operations to Ukraine since 2022, using cyber espionage to monitor, disrupt, and exfiltrate data from key sectors.
Marks & Spencer Projects $402 Million Profit Loss After Cyberattack Disrupts Operations
News
Marks & Spencer Projects $402 Million Profit Loss After Cyberattack Disrupts Operations
Marks & Spencer faces a $402 million profit hit following a cyberattack linked to Scattered Spider, disrupting sales and operations and exposing customer data.
Interlock Ransomware Suspected in Kettering Health System-Wide Outage
Cybersecurity
Interlock Ransomware Suspected in Kettering Health System-Wide Outage
Kettering Health canceled elective procedures after a ransomware-linked outage. Interlock ransomware group is suspected. Emergency services remain operational, but threat actors may leak stolen data. ...
3AM Ransomware Operators Use Spoofed IT Calls, Email Bombing for Network Breaches
News
3AM Ransomware Operators Use Spoofed IT Calls, Email Bombing for Network Breaches
The 3AM ransomware gang exploits spoofed IT support calls and email bombing to socially engineer remote access, targeting corporate networks in stealthy credential-based breaches.
Global Crackdown Dismantles Lumma Infostealer Malware Network, Seizes 2,300 Domains
News
Global Crackdown Dismantles Lumma Infostealer Malware Network, Seizes 2,300 Domains
Authorities and private sector partners have dismantled the infrastructure of the Lumma Infostealer malware, a dominant player in the malware-as-a-service (MaaS) ecosystem.
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools
News
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools
EU Sanctions Stark Industries and Leadership for Supporting Russian Cyber Operations
News
EU Sanctions Stark Industries and Leadership for Supporting Russian Cyber Operations
The EU has sanctioned Stark Industries and its leadership for enabling Russian cyber operations, disinformation, and infrastructure support used in attacks against European interests.
Serviceaide Data Leak Exposes Health Records of Over 480,000 Catholic Health Patients
News
Serviceaide Data Leak Exposes Health Records of Over 480,000 Catholic Health Patients
Serviceaide exposed over 480,000 Catholic Health patients' records due to a misconfigured Elasticsearch database, putting sensitive personal and medical data at risk.
Coinbase Data Breach Exposes Personal Information of 69,461 Customers in Contractor-Driven Incident
News
Coinbase Data Breach Exposes Personal Information of 69,461 Customers in Contractor-Driven Incident
Coinbase confirms a data breach involving overseas contractors that exposed personal and financial information of 69,461 users, prompting fears of social engineering and financial fraud. ...
RVTools Supply Chain Attack Delivered Bumblebee Malware via Trojanized Installer
Cybersecurity
RVTools Supply Chain Attack Delivered Bumblebee Malware via Trojanized Installer
A supply chain attack on RVTools delivered Bumblebee malware through a trojanized installer, compromising virtualization admins and enabling follow-on ransomware or data exfiltration attacks.
Over 100 Malicious Chrome Extensions Found Masquerading as AI Tools, VPNs, and Crypto Utilities
News
Over 100 Malicious Chrome Extensions Found Masquerading as AI Tools, VPNs, and Crypto Utilities
A massive and ongoing campaign involving over 100 malicious Chrome extensions has been uncovered, with threat actors deploying browser add-ons ...
SK Telecom Malware Breach Lasted 3 Years, Exposed 27 Million Phone Numbers
News
SK Telecom Malware Breach Lasted 3 Years, Exposed 27 Million Phone Numbers
SK Telecom’s malware breach exposed 27 million phone numbers over three years via a supply chain attack targeting its security affiliate SK Shieldus.
Tesco, Aldi Supplier Peter Green Chilled Hit by Ransomware, Disrupting UK Retail Supply Chains
News
Tesco, Aldi Supplier Peter Green Chilled Hit by Ransomware, Disrupting UK Retail Supply Chains
UK logistics firm Peter Green Chilled suffered a ransomware attack, disrupting deliveries for Tesco, Aldi, and Sainsbury’s amid a rising wave of supply chain cyberattacks. ...
PowerSchool Hacker Pleads Guilty to Student Data Extortion Scheme
News
PowerSchool Hacker Pleads Guilty to Student Data Extortion Scheme
A 19-year-old hacker has pleaded guilty to breaching PowerSchool and extorting millions by threatening to leak sensitive data on over 71 million students and teachers. ...

TOP CYBERSECURITY HEADLINES

SECURITYWEEK INDUSTRY EXPERTS

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Threat Actors
  • Threat Detection Tools
  • Uncategorized
Zero-Day in the Call Center: Mitel MiCollab Exploited in Active Attacks
In this episode, we dissect the critical vulnerabilities plaguing Mitel MiCollab, a widely used unified communications platform, and explore how attackers are exploiting these flaws ...
Graphite Spyware Used in Zero-Click iOS Attacks on European Journalists
Citizen Lab confirms Paragon’s Graphite spyware exploited an iOS zero-day to launch zero-click attacks on European journalists through iMessage without any user interaction.
Password-Spraying Campaign Hits Over 80,000 Microsoft Entra ID Accounts with TeamFiltration Tool
Threat actor UNK_SneakyStrike used TeamFiltration to launch password-spraying attacks on over 80,000 Microsoft Entra ID accounts across hundreds of global organizations.
The Info-Stealer Sting: A Deep Dive into INTERPOL’s Operation Secure
Join us for a gripping discussion on “Operation Secure,” a landmark international crackdown that reverberated through the dark corners of the cybercriminal world between January ...
Hackers Claim 64 Million T-Mobile Records Leaked Online
Hackers claim to have leaked 64 million T-Mobile records online, including sensitive personal and device data. The breach may contain new data unseen in past ...
Qilin Ransomware Claims Asefa Attack: 210GB of Data Leaked Including FC Barcelona Insurance Files
Qilin ransomware group claims to have stolen 210GB of sensitive data from Spanish insurer Asefa, including internal documents and a Camp Nou insurance plan.
Spyware Scandal Expands as Second Italian Journalist Targeted with Paragon Surveillance Tool
Citizen Lab confirms Paragon spyware targeted a second journalist at Fanpage, deepening Italy’s political surveillance controversy and raising new concerns over investigative oversight.
How to Defend Your Organization Against Scattered Spider’s Service Desk Attacks
Scattered Spider service desk attacks exploit social engineering to bypass security, targeting help desks for credential access. Learn defense strategies using open-source tools and training. ...
Food Delivery App GonnaOrder Leaked Customer Names, Addresses, and Order Info for Nearly Two Years
A misconfigured Kafka Broker on GonnaOrder’s platform exposed customer names, phone numbers, and delivery details across Europe from August 2022 to May 2025.
Headero App Data Leak Exposes Over Four Million Sensitive User Records, Including GPS and Sexual Preferences
A misconfigured database tied to the Headero dating app exposed over four million sensitive user records, including GPS coordinates, explicit chat logs, and STD statuses. ...
Ransomware Attack on Mastery Schools Exposes Thousands of Sensitive Records, Including Credit Card and Biometric Data
A ransomware breach at Mastery Schools in Philadelphia exposed sensitive personal and financial records, affecting over 37,000 individuals including students, staff, and families.
Mental Health Provider Mount Rogers Targeted by INC Ransom, Internal Documents and Personal Details Leaked
Ransomware group INC Ransom breached Mount Rogers Community Services, leaking internal files, personal emails, and invoices from the mental health provider's systems.
Erie Insurance Cyberattack Causes System-Wide Disruptions and Portal Outages
Erie Insurance confirms a cyberattack as the source of major service disruptions since June 7, affecting customer access, claims processing, and business operations.
Tomcat Manager Attacks: 400 IPs in Coordinated Brute-Force Attack
On June 5, 2025, GreyNoise flagged a massive spike in coordinated brute-force login attempts targeting Apache Tomcat Manager interfaces. Nearly 400 unique IP addresses, many ...
TxDOT Data Leak: 423,391 Texans Exposed
On May 12, 2025, the Texas Department of Transportation (TxDOT) disclosed a significant data breach that compromised crash reports containing personal data of over 423,000 ...
Ghost Students and AI Scams: How Identity Theft is Gutting Financial Aid
What happens when hundreds of thousands of college applications are submitted—not by hopeful students, but by bots using stolen identities? In this episode, we dive ...
BlackSuit (Royal) Ransomware: Conti Ransomware Reborn
BlackSuit, formerly Royal, is a sophisticated ransomware group using multi-vector attacks, partial encryption, and double extortion to target global organizations, including critical infrastructure. Their operations ...
Ivanti Workspace Control Exposes SQL Credentials Through Hardcoded Key Flaws
Ivanti patched three high-severity vulnerabilities in Workspace Control caused by hardcoded cryptographic keys, which exposed SQL and environment credentials to local authenticated attackers.
Texas Dept. of Transportation Breach Exposes 300,000 Crash Records in May 2025
TxDOT suffered a breach on May 12, 2025, leaking 300,000 crash reports. Stolen data includes driver’s license numbers, insurance info, and crash details.
Mirai Botnet Exploits Wazuh Servers via Remote Code Execution Vulnerability
A critical RCE flaw in Wazuh servers is being exploited by Mirai botnet variants, allowing attackers to execute Python code through malicious API requests.
IdeaLab Confirms Data Stolen in Ransomware Attack Linked to Hunters International
Kelly Benefits Data Breach Exposes Personal Information of Over 550,000 Individuals
Esse Health Data Breach Impacts Over 263,000 Patients in Prolonged Cyber Incident
Spain Arrests Hackers Behind Data Breach Targeting Politicians and Journalists
Citrix Patch for Critical NetScaler Vulnerabilities Causes Login Issues for Some Customers
Forminator Plugin Flaw Leaves 600,000+ WordPress Sites at Risk of Full Takeover
Grafana Issues Critical Security Fixes for Image Renderer Plugin and Synthetic Monitoring Agent
Hunters International Ransomware Group Shuts Down, Offers Free Decryptors Amid Exit
Spanish Authorities Dismantle €10 Million Investment Scam Network With Fake Advisors and Crypto Portals
Cisco Removes Hardcoded Root Account from Unified CM to Prevent Remote Takeover
Fake Crypto Wallet Add-ons Flood Firefox Store in Ongoing Credential Theft Campaign
Qantas Confirms Data Breach Following Cyberattack on Third-Party Platform
macOS Under Siege: NimDoor Malware Targets Telegram, Wallets, and Keychains
Cisco Unified CM Vulnerability: Root Access Risk for Enterprise VoIP Networks
Forminator Flaw Exposes WordPress Sites to Takeover Attacks: Vulnerability Threatens 600,000+ Sites
Stormous Ransomware: The Pro-Russian Cyber Gang Targeting Global Networks
Kelly Benefits Breach: Over 550,000 Victims and the Rising Identity Theft Crisis
The Rising Tide of Cybersecurity Threats in Hospitality: How Hotels Can Stay Secure this Summer
FileFix, HTA, and MotW Bypass—The Alarming Evolution of HTML-Based Attacks
Critical Flaws in Microsens NMP Web+ Threaten Industrial Network Security