Cyber Security
Cybersecurity
UK Proposes New Cybersecurity Law with Stricter Reporting and Governance Rules
Andrew Doyle
August 13, 2025
The UK’s proposed Cyber Security and Resilience Bill expands oversight to critical suppliers, MSPs, and digital services, introducing stricter governance, 24/72-hour incident reporting, and enhanced ...
Cybersecurity
North St. Paul Municipal Data Breach Targets Police Department
Gabby Lee
August 13, 2025
A phishing email targeting a police department account triggered a cyber breach in North St. Paul. While contained quickly, the incident prompted a forensic investigation, ...
Cybersecurity
Qualys Unveils Agentic AI for Autonomous Cyber Risk Management
Andrew Doyle
August 13, 2025
Qualys has unveiled Agentic AI, an autonomous security framework within its Enterprise TruRisk platform. Designed to automate risk analysis, threat prioritization, and remediation, it promises ...
Cybersecurity
Windows 11 August 2025 Security Update Introduces AI Features
Mitchell Langley
August 13, 2025
The Windows 11 August 2025 update blends security patches with bold AI features, from Recall’s controversial memory function to upcoming “agentic companions,” signaling Microsoft’s long-term ...
News
Deepfake Vishing Incidents Surge by 170% in Q2 2025
Mitchell Langley
August 13, 2025
Deepfake-enabled vishing attacks are skyrocketing, with criminals using AI-cloned voices to impersonate executives, officials, and loved ones. These scams bypass defenses, exploit trust, and are ...
News
August Infosec Spotlight: Elastic EASE & Black Kite ASI Advance AI Threat Detection
Gabby Lee
August 13, 2025
Two new AI-driven tools—Elastic’s AI SOC Engine and Black Kite’s Adversary Susceptibility Index—are setting a new standard in cybersecurity by automating detection, enhancing context, and ...
Blog
Cybersecurity Complexity Due to Tool Sprawl and Multi-Vendor Ecosystems
Andrew Doyle
August 13, 2025
Cybersecurity teams are drowning in complexity, not threats. Multi-vendor tool sprawl inflates costs, weakens visibility, and burns out staff—proving that smarter integration, not more tools, ...
Cybersecurity
Bitdefender Launches Cybersecurity Advisory Services to Address Security Gaps
Andrew Doyle
August 12, 2025
Bitdefender has launched its Cybersecurity Advisory Services to help enterprises close skills gaps, strengthen compliance, and boost resilience. The program offers tailored strategy, risk management, ...
Cybersecurity
Palo Alto Networks Acquires CyberArk in $25 Billion Deal
Gabby Lee
August 12, 2025
Palo Alto Networks is acquiring CyberArk for $25B, marking one of cybersecurity’s largest deals. The move signals a strategic pivot to identity security, addressing human ...
Cybersecurity
UK Now Third Most Targeted Nation for Malware Attacks in 2025
Gabby Lee
August 12, 2025
The UK is now the third most targeted country for malware, recording over 100 million attacks in three months. Rising ransomware, phishing, and identity fraud ...
Cybersecurity
US Becomes Ransomware Capital with 146% Increase in Attacks
Mitchell Langley
August 12, 2025
The U.S. now accounts for 50% of global ransomware incidents, with attacks surging 146% year-over-year. Critical sectors like manufacturing, healthcare, and energy face escalating threats ...
Cybersecurity
Ransomware-as-a-Service (RaaS) Fuels Record Cyberattack Surge in 2025
Gabby Lee
August 12, 2025
Ransomware-as-a-Service is driving a surge in cyberattacks, making sophisticated ransomware accessible to low-skilled criminals. With incidents up 149% in early 2025, experts warn that RaaS ...
News
Pacific HealthWorks Hit By Everest Ransomware; Patient Data From 50+ Practices Published
Gabby Lee
August 12, 2025
Everest ransomware posted hundreds of Pacific HealthWorks files, exposing patient and billing records from 50+ medical groups; leaked samples show SSNs, claims and medical IDs. ...
News
Kimsuky Data Leak Exposes 8.9GB of Alleged North Korean APT Tooling and Stolen Records
Gabby Lee
August 12, 2025
Two hackers leaked an 8.9GB dump they say came from North Korea’s Kimsuky APT, exposing phishing logs, toolkits, source code and possible campaign data today. ...
News
U.S. Judiciary Confirms Breach Of Federal Court Electronic Records System
Mitchell Langley
August 12, 2025
The U.S. Federal Judiciary confirmed a cyberattack on its case management systems, prompting heightened security for sealed court filings amid escalating, sophisticated cyber threats targeting ...
News
MuddyWater’s DarkBit Ransomware Cracked, Allowing Free Data Recovery
Andrew Doyle
August 12, 2025
Profero cracked DarkBit ransomware’s encryption, exploiting weak key generation to recover a victim’s ESXi server data for free, disrupting a politically driven MuddyWater-linked cyberattack.
Cybersecurity
Global Cybersecurity Spending Projected to Reach $213 Billion in 2025
Gabby Lee
August 11, 2025
Global cybersecurity spending is projected to hit $213 billion in 2025, driven by rising ransomware threats, cloud adoption, and generative AI risks. Gartner forecasts sustained ...
Cybersecurity
Senate Committee Advances Nominee to Lead Cybersecurity Agency
Andrew Doyle
August 11, 2025
Amid heightened scrutiny over election security and foreign cyber threats, the U.S. Senate Homeland Security Committee has advanced the nomination ...
News
Google Calendar Invites Let Researchers Hijack Gemini in Stealthy Prompt-Injection Attack
Mitchell Langley
August 11, 2025
Researchers used poisoned Google Calendar invites to exploit a Gemini vulnerability, enabling email exfiltration, smart-home control and other actions; Google says the bug is fixed. ...
News
Google Confirms Salesforce CRM Breach Exposed Google Ads Customers
Mitchell Langley
August 11, 2025
Google confirms a Salesforce CRM breach exposed business contact information for prospective Google Ads customers; ShinyHunters claim roughly 2.55 million records were stolen in total. ...
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Gabby Lee
May 26, 2026
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Gabby Lee
May 26, 2026
Cybersecurity
Incransom Claims Meirc Breach, Threatens to Leak 1TB of Client Data
Gabby Lee
May 26, 2026
TOP CYBERSECURITY HEADLINES
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Mitchell Langley
May 25, 2026
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
Gabby Lee
May 25, 2026
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Gabby Lee
May 22, 2026
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee
May 21, 2026
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
August 28, 2025
The 2025 Purple Knight Report paints a stark picture of enterprise identity security: the average security assessment score for hybrid Active Directory (AD) and Entra ...
AI-Powered Polymorphic Phishing: The New Era of Social Engineering
August 28, 2025
Cybercrime is entering a new phase—one marked by AI-powered phishing attacks, the weaponization of legitimate remote access tools, and the rise of professionalized underground markets. ...
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
August 28, 2025
CPAP’s systems were breached in December 2024, exposing names, SSNs, and protected health information for over 90,000 individuals including military beneficiaries.
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
August 28, 2025
Healthcare Services Group reports a late-2024 intrusion that exposed personal data for 624,000 people; company offers identity protection and continues forensic investigations.
PromptLock Ransomware Uses AI to Encrypt and Steal Data
August 28, 2025
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights risks of weaponized AI in ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
August 28, 2025
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
August 28, 2025
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand of 1.5 BTC was reported.
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations
August 28, 2025
The recent Salesforce data breach underscores a growing reality in cybersecurity: even when core SaaS platforms are secure, their third-party integrations often aren’t. Between August ...
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
August 28, 2025
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple AI platforms.
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
August 28, 2025
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not impacted, CNIL was notified.
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
August 28, 2025
A critical SSRF in Docker Desktop (CVE-2025-9074) let containers reach the Docker Engine API and bind host storage; Docker issued Docker Desktop 4.44.3 to fix ...
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
August 28, 2025
CISA warns of actively exploited Git vulnerability CVE-2025-48384 that enables arbitrary code execution via crafted submodules; federal patch deadline set for September 15.
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
August 28, 2025
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing credential-based attacks during US back-to-school ...
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
August 28, 2025
Citrix patches critical NetScaler RCE CVE-2025-7775 exploited in zero-day attacks; admins must upgrade affected NetScaler ADC and Gateway builds immediately.
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
August 28, 2025
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18, with services disrupted for nearly ...
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
August 28, 2025
Forbes found over 370,000 Grok conversations indexed by search engines after users clicked "share," exposing personal data, attachments, passwords, and illicit instructions including assassination plans.
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
August 28, 2025
Murky Panda hijacks trusted cloud relationships to reach downstream customers, abusing Entra ID and DAP paths, reading email, and escalating privileges after initial access via ...
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
August 28, 2025
Salesloft breach exposed Drift OAuth tokens used to access Salesforce instances; attackers extracted AWS keys, passwords, and Snowflake tokens to pivot and exfiltrate data.
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
August 28, 2025
A newly advertised data-scraping service claims to index 1.8 billion Discord messages, 207 million voice sessions, and profiles from 35 million users. Researchers warn the ...




































