Main Menu
Cyber Security
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
What is Cloud Detection and Response (CDR) and How Does it Work
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
LiteLLM CVE-2026-42271 Added to CISA KEV: AI API Keys at Risk
France’s Tchap Messaging App Breached, 643K Messages Exposed
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Exploit Published for Linux Kernel nf_tables CVE-2026-23111
CVE Vulnerability Alerts
PAN-OS CVE-2026-0257 Exploited Just 4 Days After Public Disclosure
Andrew Doyle June 1, 2026
CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, saw active exploitation begin just four days after public disclosure, with attacks ongoing for weeks.
CVE Vulnerability Alerts
CIFSwitch Linux Kernel Flaw Gets Public PoC, Root Access Possible
Mitchell Langley June 1, 2026
CIFSwitch is a 19-year-old Linux kernel privilege escalation flaw with a public PoC that enables root access on Ubuntu, RHEL, Debian, and other distributions.
Application Security
Public Exploit Raises Flowise CVE-2026-40933 RCE to Immediate Risk
Andrew Doyle June 1, 2026
Public exploit code for CVE-2026-40933 now targets Flowise, a self-hosted AI chatflow builder, via a one-click malicious import that executes arbitrary code on the server.
Cybersecurity
Western Officials Warn Russia Steals Tech Via Shell Firms and Hacks
Gabby Lee June 1, 2026
Western intelligence officials issued a coordinated warning that Russian state actors are using shell companies, false recruiters, and cyber operations to steal sanctioned technology.
Cybersecurity
Dashlane Suspends Accounts After Multi-Country Brute-Force Campaign
Gabby Lee June 1, 2026
Dashlane temporarily suspended customer accounts after detecting coordinated brute-force login attempts originating from multiple countries simultaneously targeting its login infrastructure.
Cybersecurity
Russia Sends Submarines to Survey UK Undersea Internet Cables
Andrew Doyle June 1, 2026
UK officials confirmed Russian submarines are surveying critical undersea cables, prompting Royal Navy deployment and emergency legislation to protect national communications infrastructure.
Application Security
Microsoft: 14 npm Packages Linked to Single Actor Stealing AWS Keys
Mitchell Langley June 1, 2026
Microsoft attributed 14 malicious npm packages impersonating OpenSearch and Elasticsearch to a single threat actor who stole AWS credentials and CI/CD secrets from developer environments.
Cybersecurity
NC Man Gets 121 Months for Selling Elderly Americans’ Data to Scammers
Andrew Doyle June 1, 2026
Troy Murray, 57, of North Carolina was sentenced to 121 months in prison and ordered to forfeit $5.2 million for selling elderly Americans' data to ...
Cybersecurity
LLMShare Campaign Hosts Infostealer Downloads on ChatGPT’s Own Domain
Andrew Doyle June 1, 2026
LLMShare, discovered by Push Security, abuses ChatGPT's share links on chatgpt.com to host fake outage pages that deliver infostealer malware to Windows and macOS users.
Cybersecurity
California AG Sues 23andMe Successor Over 2023 Genetic Data Breach
Gabby Lee June 1, 2026
California AG Rob Bonta sued Chrome Holding Co., 23andMe's successor after bankruptcy, over the 2023 breach exposing genetic health data for millions of users.
Application Security
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
Gabby Lee June 1, 2026
A CVSS 9.4 argument injection zero-day in Gogs lets any authenticated user achieve RCE on internet-exposed servers. No patch exists and Rapid7 has released a ...
Cybersecurity
Dutch Police Seize 200+ Servers in 17-Million-Device Botnet Takedown
Mitchell Langley June 1, 2026
Dutch law enforcement dismantled a botnet of 17 million compromised devices by seizing over 200 command-and-control servers in a major coordinated takedown with hosting provider ...
Cybersecurity
Russia Sends Submarines to Survey UK Undersea Internet Cables
Andrew Doyle June 1, 2026
UK officials confirmed Russian submarines are surveying critical undersea cables, prompting Royal Navy deployment and emergency legislation to protect national communications infrastructure.
Cybersecurity
Dashlane Suspends Accounts After Multi-Country Brute-Force Campaign
Gabby Lee June 1, 2026
Dashlane temporarily suspended customer accounts after detecting coordinated brute-force login attempts originating from multiple countries simultaneously targeting its login infrastructure.
Cybersecurity
Western Officials Warn Russia Steals Tech Via Shell Firms and Hacks
Andrew Doyle June 1, 2026
Western intelligence officials issued a coordinated warning that Russian state actors are using shell companies, false recruiters, and cyber operations to steal sanctioned technology.
Application Security
Public Exploit Raises Flowise CVE-2026-40933 RCE to Immediate Risk
Mitchell Langley June 1, 2026
Public exploit code for CVE-2026-40933 now targets Flowise, a self-hosted AI chatflow builder, via a one-click malicious import that executes arbitrary code on the server.
Application Security
CIFSwitch Linux Kernel Flaw Gets Public PoC, Root Access Possible
Gabby Lee June 1, 2026
CIFSwitch is a 19-year-old Linux kernel privilege escalation flaw with a public PoC that enables root access on Ubuntu, RHEL, Debian, and other distributions.
Cybersecurity
PAN-OS CVE-2026-0257 Exploited Just 4 Days After Public Disclosure
Gabby Lee June 1, 2026
CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, saw active exploitation begin just four days after public disclosure, with attacks ongoing for weeks.
Cybersecurity
Dutch Police Seize 200+ Servers in 17-Million-Device Botnet Takedown
Gabby Lee June 1, 2026
Dutch law enforcement dismantled a botnet of 17 million compromised devices by seizing over 200 command-and-control servers in a major coordinated takedown with hosting provider ...
Application Security
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
Gabby Lee June 1, 2026
A CVSS 9.4 argument injection zero-day in Gogs lets any authenticated user achieve RCE on internet-exposed servers. No patch exists and Rapid7 has released a ...
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Gabby Lee June 12, 2026
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
Mitchell Langley June 12, 2026
Blog
Triple Extortion Ransomware: How It Works and How to Stop It
Andrew Doyle June 12, 2026
Cybersecurity
Europol Dismantles AudiA6 Crypto Laundering Service
Gabby Lee June 12, 2026

TOP CYBERSECURITY HEADLINES

Cybersecurity
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers

This Week’s Security Spotlight

Cybersecurity
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Andrew Doyle June 12, 2026
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Andrew Doyle June 10, 2026
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Gabby Lee June 10, 2026
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
More In News
Trending
SideCopy APT Targets Afghan Finance Ministry with Xeno RAT
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Veeam Acquires Securiti AI for $1.725 Billion to Unite Data Resilience, Security, and AI
October 22, 2025
Podcasts
Defakto Raises $30.75 Million to Redefine Machine Identity Security
October 22, 2025
Podcasts
Dr. Allan Friedman Joins NetRise: The Father of SBOMs Goes Private to Fuse AI and Supply Chain Security
October 22, 2025

Cyber Security News

Cybersecurity
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
June 10, 2026
Cybersecurity
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
June 10, 2026
Application Security
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
June 10, 2026
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
June 9, 2026
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
June 9, 2026
Application Security
WhatsApp Files Contempt Motion Over New NSO Group Spyware Activity
June 9, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Western Officials Warn Russia Steals Tech Via Shell Firms and Hacks
June 1, 2026
Western intelligence officials issued a coordinated warning that Russian state actors are using shell companies, false recruiters, and cyber operations to steal sanctioned technology.
Dashlane Suspends Accounts After Multi-Country Brute-Force Campaign
June 1, 2026
Dashlane temporarily suspended customer accounts after detecting coordinated brute-force login attempts originating from multiple countries simultaneously targeting its login infrastructure.
Russia Sends Submarines to Survey UK Undersea Internet Cables
June 1, 2026
UK officials confirmed Russian submarines are surveying critical undersea cables, prompting Royal Navy deployment and emergency legislation to protect national communications infrastructure.
Microsoft: 14 npm Packages Linked to Single Actor Stealing AWS Keys
June 1, 2026
Microsoft attributed 14 malicious npm packages impersonating OpenSearch and Elasticsearch to a single threat actor who stole AWS credentials and CI/CD secrets from developer environments.
NC Man Gets 121 Months for Selling Elderly Americans’ Data to Scammers
June 1, 2026
Troy Murray, 57, of North Carolina was sentenced to 121 months in prison and ordered to forfeit $5.2 million for selling elderly Americans' data to ...
LLMShare Campaign Hosts Infostealer Downloads on ChatGPT’s Own Domain
June 1, 2026
LLMShare, discovered by Push Security, abuses ChatGPT's share links on chatgpt.com to host fake outage pages that deliver infostealer malware to Windows and macOS users.
California AG Sues 23andMe Successor Over 2023 Genetic Data Breach
June 1, 2026
California AG Rob Bonta sued Chrome Holding Co., 23andMe's successor after bankruptcy, over the 2023 breach exposing genetic health data for millions of users.
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
June 1, 2026
A CVSS 9.4 argument injection zero-day in Gogs lets any authenticated user achieve RCE on internet-exposed servers. No patch exists and Rapid7 has released a ...
Dutch Police Seize 200+ Servers in 17-Million-Device Botnet Takedown
June 1, 2026
Dutch law enforcement dismantled a botnet of 17 million compromised devices by seizing over 200 command-and-control servers in a major coordinated takedown with hosting provider ...
Russia Sends Submarines to Survey UK Undersea Internet Cables
June 1, 2026
UK officials confirmed Russian submarines are surveying critical undersea cables, prompting Royal Navy deployment and emergency legislation to protect national communications infrastructure.
Dashlane Suspends Accounts After Multi-Country Brute-Force Campaign
June 1, 2026
Dashlane temporarily suspended customer accounts after detecting coordinated brute-force login attempts originating from multiple countries simultaneously targeting its login infrastructure.
Western Officials Warn Russia Steals Tech Via Shell Firms and Hacks
June 1, 2026
Western intelligence officials issued a coordinated warning that Russian state actors are using shell companies, false recruiters, and cyber operations to steal sanctioned technology.
Public Exploit Raises Flowise CVE-2026-40933 RCE to Immediate Risk
June 1, 2026
Public exploit code for CVE-2026-40933 now targets Flowise, a self-hosted AI chatflow builder, via a one-click malicious import that executes arbitrary code on the server.
CIFSwitch Linux Kernel Flaw Gets Public PoC, Root Access Possible
June 1, 2026
CIFSwitch is a 19-year-old Linux kernel privilege escalation flaw with a public PoC that enables root access on Ubuntu, RHEL, Debian, and other distributions.
PAN-OS CVE-2026-0257 Exploited Just 4 Days After Public Disclosure
June 1, 2026
CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass, saw active exploitation begin just four days after public disclosure, with attacks ongoing for weeks.
Dutch Police Seize 200+ Servers in 17-Million-Device Botnet Takedown
June 1, 2026
Dutch law enforcement dismantled a botnet of 17 million compromised devices by seizing over 200 command-and-control servers in a major coordinated takedown with hosting provider ...
Gogs CVSS 9.4 RCE Zero-Day Has No Patch and a Metasploit Module
June 1, 2026
A CVSS 9.4 argument injection zero-day in Gogs lets any authenticated user achieve RCE on internet-exposed servers. No patch exists and Rapid7 has released a ...
California AG Sues 23andMe Successor Over 2023 Genetic Data Breach
June 1, 2026
California AG Rob Bonta sued Chrome Holding Co., 23andMe's successor after bankruptcy, over the 2023 breach exposing genetic health data for millions of users.
LLMShare Campaign Hosts Infostealer Downloads on ChatGPT’s Own Domain
June 1, 2026
LLMShare, discovered by Push Security, abuses ChatGPT's share links on chatgpt.com to host fake outage pages that deliver infostealer malware to Windows and macOS users.
NC Man Gets 121 Months for Selling Elderly Americans’ Data to Scammers
June 1, 2026
Troy Murray, 57, of North Carolina was sentenced to 121 months in prison and ordered to forfeit $5.2 million for selling elderly Americans' data to ...
Kyushu Electric Loses Drive With Data on 10.9M Customers
Anthropic Disputes Jailbreak Claim Against Claude Fable 5
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
Anthropic Releases Guardrail-Free Mythos 5 to Security Researchers
Novo Nordisk Discloses Breach of Clinical Trials Patient Data
Europol Dismantles AudiA6 Crypto Laundering Service
Three LangGraph Flaws Chain to Remote Code Execution
OnyxC2 Stealer Targets 200+ Apps for $250 Per Month
Maine AG Portal Abused to Post Fabricated Breach Notices
Fortinet FortiSandbox CVE-2026-25089 Allows Unauthenticated RCE
OpenSSL Patches 16 Flaws Including Heap Use-After-Free RCE Risk
Akira Claims Industrial Finisher, NJ Country Club, Architecture Firm
Chaos Ransomware Lists Airespring as Iranian False-Flag History Looms
Shai-Hulud Hades Wave Poisons 29 Bioinformatics PyPI Packages
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Nottingham University Breach Exposes Data on 454,600 Students
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies