Cyber Security
Cybersecurity
European Airports Struggle to Fix Check-In Glitch After Cyberattack
A cyberattack on Collins Aerospace’s MUSE check-in system disrupted Heathrow, Berlin, and Brussels, forcing manual operations, flight cancellations, and prompting regulators to investigate airport cybersecurity ...
Cybersecurity
Stellantis Confirms Data Breach Following Salesforce-Linked Attack
Stellantis confirms a data breach impacting North American customers after a Salesforce-linked attack, with ShinyHunters claiming 18 million records stolen and FBI warning of ongoing ...
Cybersecurity
FBI Warns Bad Actors are Spoofing the IC3 Cybercrime Reporting Website
FBI warns criminals are cloning the IC3 complaint site; victims risk exposing PII. Type .gov directly, avoid sponsored links, and never pay to recover funds.
Cybersecurity
Tiffany & Co. Data Breach Exposes Thousands of Gift Card Holders
Tiffany & Co. confirms May 2025 data breach exposing 2,500+ customers’ gift card numbers, personal data, and sales records, raising fraud and phishing risks for ...
Cybersecurity
Attackers Claim 150K Records via Data Breach of American Income Life (AIL)
Attackers claim 150,000 AIL customer records were leaked on a forum, exposing personal and insurance data, raising risks of identity theft, phishing scams, and financial ...
Cybersecurity
Fairmont Federal Credit Union Confirms Two-Year-Old Data Breach Exposing PINs and Medical Data
Fairmont Federal Credit Union revealed a 2023 breach impacting 187,000 individuals, exposing PINs, financial and medical data, with threat intelligence suggesting BlackBasta ransomware involvement in ...
Cybersecurity
Akira Ransomware Exploits Unpatched SonicWall SSLVPN Vulnerability
Akira ransomware is exploiting CVE-2024-40766 in SonicWall SSLVPN devices again, targeting unpatched endpoints. ACSC and Rapid7 warn enterprises to patch, rotate passwords, and enforce MFA ...
Cybersecurity
VMScape Attack Bypasses Hypervisor Isolation on AMD and Intel CPUs
ETH Zurich researchers reveal VMScape, a Spectre-like attack leaking secrets from QEMU hypervisors on AMD and Intel CPUs, bypassing mitigations and threatening multi-tenant cloud security.
Cybersecurity
Popular AI Chatbots Leak Sensitive User Data from Unsecured Server
An unsecured Elasticsearch instance leaked 116 GB of live logs from ImagineArt, Chatly, and Chatbotx, exposing prompts, bearer tokens, and user agents for millions of ...
Cybersecurity
Farmer Bros. Reveals Data Breach Affecting Over 14,000 Individuals
Farmer Bros. confirmed a breach affecting over 14,000 people; filings show unauthorized access in late 2023 and identity monitoring offered amid a ransomware claim.
Cybersecurity
Hello Gym Phone Service Exposes 1.6 Million Audio Recordings Containing Member Data
A public storage repository exposed 1,605,345 gym call recordings managed by Hello Gym, revealing PII and billing details and creating risks for targeted fraud and ...
Cybersecurity
ShinyHunters Claims 1.5 Billion Salesforce Records
ShinyHunters claims 1.5 billion Salesforce records stolen from 760 companies after attackers harvested Salesloft Drift OAuth tokens, exposing CRM, case data, and secrets.
Cybersecurity
UK Arrests Scattered Spider Teens Linked to TfL Cyberattack
UK police arrest two teens tied to Scattered Spider and the 2024 TfL cyberattack, linking them to global breaches, U.S. healthcare attacks, and $115M in ...
Cybersecurity
Lotte Card Confirms Data Breach Exposing 2.97 Million Customers
Lotte Card confirmed a breach exposing 2.97 million customers; 280,000 had full card data leaked. Company pledges compensation and steps to reissue cards.
Cybersecurity
Panama’s Finance Ministry Confirms Cyberattack as INC Ransom Claims Massive Data Theft
Panama’s MEF confirms a cyberattack but says systems remain safe. INC Ransom claims stealing financial data, emails, and documents, posting samples on its dark web ...
Cybersecurity
Hackers Use SEO Poisoning to Deliver Malware through Fake Apps
Researchers warn SEO-poisoning campaigns push trojanized Signal, WhatsApp and Chrome installers that bundle legitimate apps with Hiddengh0st and Winos malware for long-term surveillance.
Cybersecurity
HybridPetya Ransomware Bypasses UEFI Secure Boot
ESET found HybridPetya, a Petya-style ransomware that exploits CVE-2024-7344 to bypass UEFI Secure Boot, install a bootkit, encrypt MFT clusters, and demand Bitcoin.
Cybersecurity
Microsoft Fairwater Center: Hyperscale AI Hub Coming to Wisconsin
Microsoft is building Fairwater, a hyperscale AI data center in Wisconsin with clustered NVIDIA GPUs, closed-loop liquid cooling, and a Datacenter Academy for local workforce ...
Cybersecurity
SystemBC Turns Infected VPS Hosts Into Global Proxy Highway
SystemBC leverages vulnerable commercial VPS hosts to run a 1,500-node proxy botnet that serves scraping, proxy resale, and high-volume criminal traffic globally.
Cybersecurity
Clarins Listed by Everest Ransomware Gang on Dark Web Post
Paris-headquartered luxury skincare maker Clarins has been named on a dark web leak page run by the Everest ransomware gang, ...
Application Security
Chrome 149 Patches 28 Flaws, Including 12 Use-After-Free Bugs
Cybersecurity
Kyushu Electric Loses Drive With Data on 10.9M Customers
TOP CYBERSECURITY HEADLINES
Application Security
Six Proto6 Flaws in protobuf.js Enable Node.js RCE
Application Security
npm v12 Disables Auto-Run Scripts to Cut Supply Chain Risk
This Week’s Security Spotlight
Application Security
SAP Patches CVSS 9.9 SAML Flaw and ABAP Memory Corruption
Application Security
Veeam CVE-2026-44963 Exposes Backup Servers to Low-Privilege RCE
Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Seven Years, £5.5 Billion, 128,000 Victims – The Case of Yadi Zhang
In a historic case that has captured global attention, UK authorities have secured a conviction against Zhimin Qian (also known as Yadi Zhang), the Chinese ...
Axonius Identities Review 2025: Unified IAM, Governance & Security
Axonius Identities delivers unified identity governance, lifecycle automation, and identity security posture for both human and non-human identities across complex enterprise environments, with actionable policy ...
11 Types of Social Engineering Attacks and How to Prevent Them
This detailed guide explores eleven prevalent social engineering attack types, explaining their mechanisms and offering practical preventative measures for individuals and organizations. Understand the psychology ...
Cisco ASA/FTD Flaws Under Siege: 50,000 Devices at Risk from Active Exploits
Two newly disclosed critical vulnerabilities—CVE-2025-20333 and CVE-2025-20362—are wreaking havoc across the global cybersecurity landscape, with nearly 50,000 Cisco ASA and FTD appliances actively under threat. ...
How to Use Cain and Abel for Penetration Testing: Step-by-Step Tutorial 2026
Cain and Abel is a powerful password recovery and penetration testing tool. Learn its features, uses, risks, and best practices for ethical cybersecurity operations.
MatrixPDF: The New Phishing Toolkit That Turns Safe PDFs into Cyber Weapons
A new cybercrime toolkit called MatrixPDF is changing the phishing landscape by weaponizing one of the most trusted file formats: PDFs. Marketed on cybercrime forums ...
UK Government Backs Jaguar Land Rover With £1.5 Billion Loan Guarantee After Cyberattack
The UK guaranteed £1.5bn to stabilise JLR after a major cyberattack; phased restart underway as forensic work, supplier relief and insurance clarity continue.
Harrods Suffers New Data Breach Exposing 430,000 Customer Records
A third-party compromise exposed 430,000 Harrods customer records; names, contacts and marketing tags were leaked—customers should expect increased phishing risk and follow protective guidance.
Friends of NRA Posts Mailing List Online, Exposing Nearly 10,000 Supporter Records
A 2018 Friends of NRA mailing list containing nearly 10,000 names and addresses was indexed publicly; removal, compliance assessment, and data-handling reforms are now urgent ...
Asahi Brewery Cyberattack Halts Domestic Operations Across Japan
Asahi Group Holdings, Ltd.—the brewer behind some of the world’s most iconic beers, including Peroni and Grolsch—has been hit by a crippling cyberattack that froze ...
Akira Ransomware Exploits SonicWall Flaw with Record-Breaking Speed
The Akira ransomware group has once again raised the stakes in cybercrime by exploiting a critical SonicWall vulnerability—CVE-2024-40766—to infiltrate corporate networks through SSL VPN accounts, ...
Ex-Hacktivist “Sabu” Backs SafeHill’s $2.6M Bet on Continuous Threat Management
A new cybersecurity startup with an infamous name attached is making headlines. SafeHill—formerly known as Tacticly—has secured $2.6 million in pre-seed funding to accelerate the ...
How to Enable Kernel-mode Hardware-Enforced Stack Protection in Windows 11
Enable Kernel-mode Hardware-enforced Stack Protection in Windows 11
Medusa Ransomware Claims Comcast Data Haul; $1.2M Extortion Demand Posted
Medusa claims 834.4GB exfiltration from Comcast and demands $1.2M; companies should preserve evidence, hunt IOCs, validate backups, and coordinate with CISA/FBI guidance.
Spacecom Breach Claims Questioned Amid Hacktivist Group’s Bold Assertions
Hacktivist group Handala claimed a major Spacecom breach, but researchers found limited evidence. Analysts warn of social engineering risks and rising hacktivist campaigns targeting critical ...
Asahi Group Suspends Operations After Cyberattack Disrupts Japanese Headquarters
Asahi has suspended orders, shipments and customer services in Japan after a cyberattack; investigation continues into whether systems were encrypted or sensitive data were exfiltrated.
WestJet Notifies U.S. Travelers After June Data Breach
WestJet warns some passenger and loyalty data were accessed in a June intrusion; travelers should monitor accounts, enable MFA, and watch for phishing or identity-fraud ...
Microsoft Warns of New XCSSET macOS Malware Variant Targeting Xcode Devs
Microsoft detects a new XCSSET variant targeting Xcode projects with clipboard hijacking, Firefox data theft, and LaunchDaemon persistence—inspect builds, patch systems, and harden CI pipelines.
Maryland Department of Transportation Confirms Data Loss in Rhysida Ransomware Attack
Rhysida claims to have stolen MDOT employee IDs and background checks and demands 30 BTC; MDOT confirms data loss while investigators and responders work to ...
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
The Co-operative Group has disclosed over $100 million in profit losses from the April 2025 Scattered Spider cyberattack. The breach caused £206 million in lost ...