Cyber Security
Cybersecurity
Lexington-Richland 5 Data Breach Exposes Students’ Names, Addresses and SSNs
Lexington-Richland 5 says former students’ names, addresses and Social Security numbers were posted on a threat-actor forum after a June breach; notifications and monitoring offered.
News
Panera Agrees to $2.5M Settlement After 2024 Data Breach
Panera agrees to a $2.5 million settlement after a February 2024 cyber incident; about 147,321 eligible claimants can seek documented or tiered payments.
News
IBM Finds “AI Oversight Gap” in Organizations That Suffered AI-Related Breaches
IBM reports 97% of organisations in AI-related breaches lacked AI access controls; shadow AI added $670,000 to average breach costs while defensive AI sped containment.
News
PayPal Denies Breach Amid 16M Login Leak on Dark Web
A forum post claims 15.8 million PayPal credentials were leaked; PayPal says the data ties to a 2022 incident. Researchers could not verify the full ...
Application Security
NIST Proposes AI Cybersecurity Overlays to Secure Generative and Predictive Systems
The National Institute of Standards and Technology (NIST) has released a concept paper proposing control overlays to secure artificial intelligence (AI) systems, including generative and ...
News
Microsoft Opens Inquiry After Reports Israel Used Azure for Mass Surveillance
Microsoft probes allegations Unit 8200 used Azure to store millions of Palestinian call recordings. The company says mass surveillance of civilians would violate Azure terms.
Cybersecurity
MoD Contractor Data Breach Exposes Thousands Of Afghan Nationals
MoD confirms a contractor-linked data breach affecting up to 3,700 ARAP arrivals, exposing names and passport details and reigniting concerns over subcontractor security and Afghan ...
News
AT&T Settlement Clears $177M for Victims Of 2019 and 2024 Data Breaches
Federal court approves $177 million AT&T settlement covering 2019 and 2024 data breaches; claimants can seek documented losses or tiered payments, with $7,500 maximum possible.
Cybersecurity
Workday Data Breach Linked To Third-Party CRM Amid Salesforce Social Engineering Wave
Workday discloses a data breach tied to a third-party CRM after social engineering attacks. No tenant data was accessed; business contact details were exposed amid ...
Cybersecurity
Healthplex Fined $2M After Phishing-Driven Data Breach Exposed Tens Of Thousands
A phishing click at Healthplex exposed tens of thousands’ health data; delayed reporting triggered a $2 million DFS fine and a mandatory independent MFA audit.
News
Bragg Discloses Cybersecurity Incident; Says Impact Appears Limited
Bragg Gaming Group detected a cybersecurity incident on August 16, 2025. Preliminary findings say the impact was internal only, with no indication personal data was ...
Cybersecurity
WestJet Data Breach Exposes Passenger Details, Including Names, DOB and Travel Details
WestJet confirms a June cyberattack exposed passenger details but not payment data. The airline offers two years of TransUnion monitoring and identity restoration while the ...
Resources
Crypto24 Ransomware: The Phantom Encryptor
Crypto24 is a rising ransomware group targeting mid-sized global firms, using stealth tools, cloud exfiltration, and double-extortion tactics to steal, encrypt, and leak sensitive data.
Resources
Charon Ransomware: Stealthy Cyber Extortion Syndicate
Charon ransomware, emerging in 2025, targets Middle East sectors with APT-level tactics, DLL sideloading, hybrid encryption, and advanced evasion, posing a severe threat to critical ...
News
U.S. Seizes $1M in Cryptocurrency from BlackSuit Ransomware Gang
U.S. agencies seized over $1 million in cryptocurrency and critical infrastructure from the BlackSuit ransomware gang. While the takedown marks progress, core members have already ...
Cybersecurity
Citrix NetScaler Zero-Day Breach Hits Critical Dutch Infrastructure
A Citrix NetScaler zero-day, CVE-2025-6543, has been exploited in the wild, leading to breaches of Dutch critical infrastructure. Thousands of devices remain unpatched worldwide, prompting ...
Blog
Why Supply Chain Security is a 2025 Cyber Priority
Supply chain security has become a top cybersecurity priority in 2025. Weak vendor defenses, low visibility, and nation-state attacks are fueling breaches, underscoring the urgent ...
Cybersecurity
Fortinet Warns of FortiSIEM Zero-Day CVE-2025-25256 Critical RCE Flaw
Fortinet has patched CVE-2025-25256, a FortiSIEM vulnerability rated CVSS 9.8 that allows unauthenticated remote code execution. Exploit code is active in the wild, and security ...
Blog
Quantum Key Distribution Faces Real-World Cybersecurity Risks
Quantum Key Distribution (QKD) is often described as unbreakable, but recent research exposes flaws in real-world systems. From photorefraction and side-channel attacks to theoretical weaknesses, ...
Cybersecurity
Cybercrime Groups ShinyHunters and Scattered Spider Collaborate in Extortion Attacks
A possible alliance between ShinyHunters, Scattered Spider, and Lapsu$ points to a new wave of coordinated cybercrime. By merging social engineering and data theft, these ...
TOP CYBERSECURITY HEADLINES
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Chess.com Confirms Data Breach Through Third-Party File Transfer Application
Chess.com disclosed a June 2025 data breach after attackers exploited a third-party file transfer application, exposing personal data of about 4,500 users while leaving main ...
Bridgestone Confirms Cyberattack Disrupts Manufacturing Operations in North America
Bridgestone confirmed a cyberattack disrupting manufacturing at North American plants. The company quickly contained the incident, assured no customer data was compromised, and continues forensic ...
Hackers Turn to HexStrike-AI to Accelerate Exploitation of N-Day Flaws
Hackers are adopting HexStrike-AI, an AI-powered red teaming tool, to exploit Citrix flaws. The automation shrinks patching windows from days to minutes, raising enterprise security ...
Jaguar Land Rover Cyberattack Severely Disrupts Production, Systems Taken Offline
Jaguar Land Rover confirmed a cyberattack that forced factories offline and disrupted production. Systems remain down, though the automaker says no customer data has been ...
GPS Jamming Attack Forces Ursula Von Der Leyen’s Plane to Land Without Navigation
Ursula von der Leyen’s plane was hit by a suspected Russian GPS jamming attack over Bulgaria, forcing pilots to land manually with paper maps after ...
Embassy Breach Alert: Iranian Hackers Exploit 100+ Email Accounts via Phishing
Iranian state-backed hackers have launched a phishing campaign compromising 104 email accounts and targeting 50+ embassies, ministries, and organizations worldwide. Using hijacked government emails and ...
Cato Networks Acquires Aim Security to Bolster AI Defense in SASE
Cato Networks, a leader in Secure Access Service Edge (SASE), has made its first acquisition, purchasing Aim Security, an AI security startup founded in 2022. ...
Tidal Cyber Secures $10M to Advance Threat-Informed Defense
Cybersecurity startup Tidal Cyber, founded in 2022 by three former MITRE experts, has raised $10 million in Series A funding, bringing its total capital to ...
Disney Fined $10M for COPPA Violations Over Mislabeling Kids’ Content on YouTube
Disney has reached a $10 million settlement with the U.S. Federal Trade Commission (FTC) after being found in violation of the Children’s Online Privacy Protection ...
Google Patches 111 Android Flaws in September 2025, Including Two Zero-Days Under Attack
Google has released its September 2025 Android security patches, addressing a staggering 111 unique vulnerabilities, including two actively exploited zero-day flaws that are already being ...
Santa Fe County Website “Hack” Likely Based on Old Source Code
Hackers claimed to leak Santa Fe County’s website source code, but researchers found the data outdated, likely from the early 2010s, raising doubts about its ...
Salesforce Supply Chain Breach Hits Palo Alto Networks Customers
Palo Alto Networks confirmed exposure of customer records in a Salesforce breach via Drift tokens, as Unit 42 warned attackers mass-exfiltrated sensitive data and credentials ...
Google Warns of Sitecore Zero-Day: ViewState Deserialization Under Fire
A critical zero-day vulnerability, CVE-2025-53690, is being actively exploited in the wild, targeting Sitecore Experience Manager (XM) and Experience Platform (XP) systems deployed with outdated ...
Evertec Confirms $130M Fraud Attempt in Sinqia Pix Cyberattack
Hackers breached Evertec’s Brazilian subsidiary Sinqia, attempting a $130 million theft via Pix. Using stolen vendor credentials, they initiated unauthorized transfers before operations were suspended ...
Cloudflare Confirms Salesforce Breach in Growing Supply Chain Attack
Cloudflare confirmed its Salesforce instance was breached through compromised SalesLoft and Drift integrations, exposing customer data in a campaign affecting 700+ companies. The company’s detailed ...
Exploring Ransomware EDR-Killer Tools: How New Tactics Undermine Endpoint Security
A new wave of EDR-killer tools is reshaping ransomware tactics, enabling groups like RansomHub, Medusa, and Blacksuit to disable endpoint defenses. By exploiting vulnerable drivers ...
Agentic AI Steals Spotlight at Black Hat 2025 with Real-Time Threat Response
Agentic AI took center stage at Black Hat USA 2025, marking a definitive pivot from conceptual discussions to real-world deployment. As the cybersecurity industry grapples ...
DHS Cuts $27M Cybersecurity Support: Impact on 19,000 Local Governments
The Department of Homeland Security (DHS) will halt $27 million in annual federal funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC) by the ...
TamperedChef Infostealer Delivered Through Fraudulent PDF Editor Ads
Cybercriminals used fraudulent Google Ads to spread a fake PDF Editor app delivering TamperedChef infostealer, leveraging code-signing certificates, residential proxy enrollment
Amazon Disrupts Midnight Blizzard Campaign Targeting Microsoft 365
Amazon disrupted a Midnight Blizzard campaign where Russian hackers used compromised websites, fake Cloudflare pages, and Microsoft device code abuse to target enterprise Microsoft 365 ...