Cyber Security
Cybersecurity
AI-Driven Zero-Day Attacks: Preparing for the Autonomous Cyber Threat Era
Autonomous AI agents are fueling a new wave of cyber threats, creating adaptive zero-day exploits and deepening risks for enterprises. Emerging defenses like AI Detection ...
Cybersecurity
Black Arrow Cyber Threat Intelligence Briefing: Analyzing Emerging Attack Vectors
Black Arrow’s 2025 Cyber Threat Intelligence Briefing highlights rising cyber threats, including AI-driven phishing, deepfake social engineering, ransomware, and nation-state exploits. CFOs, executives, and critical ...
Cybersecurity
Congress Struggles to Renew Cyber Threat Sharing Act Amid Rising Cybersecurity Concerns
The Cybersecurity Information Sharing Act (CISA) of 2015 is set to expire on September 30, 2025, with Congress divided on renewal. Political gridlock threatens critical ...
Cybersecurity
Brickstorm Backdoor Used Espionage Campaign Against U.S. Tech
Google reports Chinese hackers used Brickstorm malware to infiltrate U.S. tech and legal sectors for over a year, exfiltrating data while bypassing traditional security defenses.
Cybersecurity
GitHub Notifications Abused to Impersonate Y Combinator for Crypto Theft
Attackers abused GitHub issue notifications to impersonate YC, trick developers into EIP-712 signatures and drain wallets—inspect signed JSON, revoke approvals, and move assets now.
Cybersecurity
Interpol Operation HAECHI VI Recovers $439 Million From Global Cybercrime Networks
Operation HAECHI VI recovered $439 million, froze 68,000 bank accounts and seized 400 crypto wallets across 40 countries—demonstrating effective, coordinated disruption of global fraud networks.
Cybersecurity
China Mandates 1-Hour Cybersecurity Incident Reporting Under New CAC Rules
China’s Cyberspace Administration (CAC) now requires serious cybersecurity incidents to be reported within one hour, starting November 1, 2025. The regulation introduces strict severity tiers, ...
Cybersecurity
Kali Linux 2025.3 Released With 10 New Tools and Advanced Wi-Fi Features
Kali Linux 2025.3 adds 10 powerful tools, Nexmon Wi-Fi support, and NetHunter upgrades — offering red teams deeper attack capabilities and defenders new detection opportunities.
Threat Actors
Warlock Group / GOLD SALEM (aka Storm-2603) — Threat Profile
This threat actor profile examines the Warlock ransomware group, tracked as Storm-2603 and GOLD SALEM. Active since March 2025, Warlock exploits Microsoft SharePoint vulnerabilities to ...
Cybersecurity
65% of IT Leaders Admit Cyber Defenses are Outdated
Artificial intelligence is fueling a new wave of cyber threats, from polymorphic malware to deepfake-driven phishing. Lenovo’s latest “Work Reborn” report shows 65% of IT ...
Cybersecurity
Boyd Gaming Discloses Data Breach Following Cyberattack
Boyd Gaming confirmed a cyberattack that stole employee and individual data. Operations remain unaffected as the company investigates, notifies regulators, and works with law enforcement ...
Cybersecurity
CISA Says Hackers Breached Federal Agency Using GeoServer Exploit
CISA confirmed hackers exploited a critical GeoServer vulnerability to breach a federal agency, steal data, and move laterally. Agencies are urged to patch and monitor ...
Cybersecurity
Scattered Spider Alleged Ransom Scheme Netted More Than $115 Million
DOJ complaint alleges Scattered Spider actor Thalha Jubair helped extort over $115 million via 120 intrusions, prompting cross-border arrests, asset seizures and broad enforcement.
Cybersecurity
ENISA Confirms Ransomware Behind Airport Check-In Chaos
ENISA confirms ransomware disrupted Collins Aerospace’s MUSE check-in systems across multiple European airports, forcing manual processing and raising regulatory, fraud and supply-chain risk.
Cybersecurity
Stellantis Joins Salesforce Data Breach; 18 Million Customer Records Claimed
Stellantis confirms a Salesforce-linked breach exposing contact records; although no financial data was taken, the leak elevates phishing and supply-chain risk for millions of customers.
Cybersecurity
Pennsylvania Attorney General’s Office Grapples With Ransomware Attack
Pennsylvania’s Attorney General’s Office is recovering from a ransomware attack that disrupted 1,200 staff and court cases, though the scope of potential data compromise remains ...
Cybersecurity
Police Shut Down Streameast, the Largest Illegal Sports Streaming Network
Authorities dismantled Streameast, the world’s largest illegal sports streaming network, seizing 80 domains, arresting two operators, and uncovering millions laundered through shell companies and cryptocurrency.
Cybersecurity
AAPB Fixes Vulnerability Allowing Unauthorized Media Access
A flaw in AAPB’s website exposed private media for years, exploited by data hoarders until a recent fix secured the archive and halted unauthorized access.
Cybersecurity
Great Firewall Leak Exposes China’s Global Surveillance Exports
A 500GB leak from Geedge Networks exposes Great Firewall source code, internal logs and export contracts showing surveillance systems shipped to Myanmar, Pakistan, Ethiopia and ...
Cybersecurity
European Airports Struggle to Fix Check-In Glitch After Cyberattack
A cyberattack on Collins Aerospace’s MUSE check-in system disrupted Heathrow, Berlin, and Brussels, forcing manual operations, flight cancellations, and prompting regulators to investigate airport cybersecurity ...
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
TOP CYBERSECURITY HEADLINES
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
This Week’s Security Spotlight
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Unity Engine Flaw Permits Code Execution on Android and Escalation on Windows
A Unity runtime flaw (CVE-2025-59489) allows malicious apps or inputs to load attacker libraries, enabling code execution on Android and privilege escalation on Windows; developers ...
Discord Confirms Data Breach Linked to Third-Party Support Vendor
Discord has confirmed a significant data breach affecting users who interacted with its customer support teams, after hackers compromised a third-party service provider on September ...
ParkMobile Data Breach Ends in $32.8M Settlement — and a $1 Payout
The final chapter in the ParkMobile data breach saga has arrived—nearly four years after the 2021 cyberattack that compromised the personal information of 22 million ...
Oneleet Secures $33M Series A to Revolutionize Integrated Cybersecurity
Amsterdam-based cybersecurity startup Oneleet has raised $33 million in Series A funding, bringing its total capital to $35 million and positioning itself as one of ...
Weather Station Gateway Exploited: CISA Adds Meteobridge Bug to KEV List
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning following confirmation that a command injection vulnerability in Meteobridge weather station devices is ...
DrayTek Issues Critical Patch for Router RCE Flaw (CVE-2025-10547)
A serious unauthenticated remote code execution (RCE) flaw, identified as CVE-2025-10547, has been uncovered in DrayTek’s DrayOS routers. This vulnerability allows attackers to send crafted ...
Salesforce Faces Extortion Threat After Salesloft OAuth Token Exploits
A hacking consortium claims Salesloft OAuth tokens were abused to extract CRM records from 700+ companies; Salesforce says claims relate to past or unverified incidents ...
Discord Discloses Support Ticket Breach After Unauthorized Access to Third-Party System
Discord confirmed attackers accessed a third-party support system, stealing support tickets, IDs, IPs, messages and partial billing data; investigation and user notifications are ongoing.
VMware Virtual Machines Targeted in Zero-Day Exploitation by China-Linked Hackers
Broadcom warns of zero-day flaws in VMware software exploited by China-linked hackers, allowing privilege escalation for months, raising concerns over virtualization security and global enterprise ...
Boeing Supplier Dimensional Control Systems Targeted in Ransomware Attack
J Group ransomware gang claims to have stolen 11GB of sensitive internal documents from Boeing supplier Dimensional Control Systems, raising cybersecurity concerns across global manufacturing ...
Lynx Claims Ransomware Intrusion at TriMed Subsidiary of Henry Schein
Lynx claims a ransomware intrusion at TriMed, posting alleged executive, legal, employee and proprietary files; Henry Schein is investigating with law enforcement and forensic partners.
Red Hat Confirms Breach of Consulting GitLab Instance After Claim of 570.2 GB Leak
Red Hat confirmed unauthorized access to a consulting GitLab instance; an extortion group claims to have exfiltrated 570.2 GB from 28,000 repositories, including ~800 CERs.
DrayTek Vigor RCE Vulnerability Prompts Urgent Firmware Updates
DrayTek patched CVE-2025-10547, an uninitialized-variable flaw in Vigor routers that can lead to memory corruption and potential remote code execution; administrators must update firmware and ...
WestJet Data Breach Exposes Passports and IDs for 1.2 Million Customers
WestJet confirmed a June cyberattack exposed passports, IDs, and travel records of 1.2 million customers. The airline is notifying victims and offering two years of ...
Sendit Sued by FTC for Alleged Illegal Collection of Children’s Data
The FTC referred a complaint alleging Sendit collected children’s personal data without parental consent and used deceptive subscription practices, prompting a DoJ referral and potential ...
China Tightens Cyber Rules, Forcing One-Hour Reporting for Major Incidents
China’s Cyberspace Administration will require operators to report major cyber incidents within 60 minutes, or 30 minutes for severe events, with penalties for concealment or ...
Klopatra Android RAT Masquerades as IPTV and VPN App, Drains Banking Devices across Europe
Klopatra, disguised as an IPTV/VPN app, uses Accessibility abuse and a black-screen VNC to capture credentials and remotely drain over 3,000 Android devices across Europe.
Allianz Life Confirms July Breach Exposed SSNs for Nearly 1.5 Million People
Allianz Life confirmed a July CRM compromise exposed names, addresses, dates of birth and Social Security numbers for 1,497,036 people and offered two years of ...
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps
The Federal Trade Commission (FTC) has filed a high-profile lawsuit against Sendit, a social media companion app popular among teenagers, and its CEO. The case ...
Broadcom Patches VMware Zero-Day: CVE-2025-41244 Exploited by China-Linked UNC5174
Broadcom has released a critical security update addressing six vulnerabilities across VMware products, including four rated high-severity. At the center of the update is CVE-2025-41244, ...