Cyber Security
Cybersecurity
UK Proposes New Cybersecurity Law with Stricter Reporting and Governance Rules
The UK’s proposed Cyber Security and Resilience Bill expands oversight to critical suppliers, MSPs, and digital services, introducing stricter governance, 24/72-hour incident reporting, and enhanced ...
Cybersecurity
North St. Paul Municipal Data Breach Targets Police Department
A phishing email targeting a police department account triggered a cyber breach in North St. Paul. While contained quickly, the incident prompted a forensic investigation, ...
Cybersecurity
Qualys Unveils Agentic AI for Autonomous Cyber Risk Management
Qualys has unveiled Agentic AI, an autonomous security framework within its Enterprise TruRisk platform. Designed to automate risk analysis, threat prioritization, and remediation, it promises ...
Cybersecurity
Windows 11 August 2025 Security Update Introduces AI Features
The Windows 11 August 2025 update blends security patches with bold AI features, from Recall’s controversial memory function to upcoming “agentic companions,” signaling Microsoft’s long-term ...
News
Deepfake Vishing Incidents Surge by 170% in Q2 2025
Deepfake-enabled vishing attacks are skyrocketing, with criminals using AI-cloned voices to impersonate executives, officials, and loved ones. These scams bypass defenses, exploit trust, and are ...
News
August Infosec Spotlight: Elastic EASE & Black Kite ASI Advance AI Threat Detection
Two new AI-driven tools—Elastic’s AI SOC Engine and Black Kite’s Adversary Susceptibility Index—are setting a new standard in cybersecurity by automating detection, enhancing context, and ...
Blog
Cybersecurity Complexity Due to Tool Sprawl and Multi-Vendor Ecosystems
Cybersecurity teams are drowning in complexity, not threats. Multi-vendor tool sprawl inflates costs, weakens visibility, and burns out staff—proving that smarter integration, not more tools, ...
Cybersecurity
Bitdefender Launches Cybersecurity Advisory Services to Address Security Gaps
Bitdefender has launched its Cybersecurity Advisory Services to help enterprises close skills gaps, strengthen compliance, and boost resilience. The program offers tailored strategy, risk management, ...
Cybersecurity
Palo Alto Networks Acquires CyberArk in $25 Billion Deal
Palo Alto Networks is acquiring CyberArk for $25B, marking one of cybersecurity’s largest deals. The move signals a strategic pivot to identity security, addressing human ...
Cybersecurity
UK Now Third Most Targeted Nation for Malware Attacks in 2025
The UK is now the third most targeted country for malware, recording over 100 million attacks in three months. Rising ransomware, phishing, and identity fraud ...
Cybersecurity
US Becomes Ransomware Capital with 146% Increase in Attacks
The U.S. now accounts for 50% of global ransomware incidents, with attacks surging 146% year-over-year. Critical sectors like manufacturing, healthcare, and energy face escalating threats ...
Cybersecurity
Ransomware-as-a-Service (RaaS) Fuels Record Cyberattack Surge in 2025
Ransomware-as-a-Service is driving a surge in cyberattacks, making sophisticated ransomware accessible to low-skilled criminals. With incidents up 149% in early 2025, experts warn that RaaS ...
News
Pacific HealthWorks Hit By Everest Ransomware; Patient Data From 50+ Practices Published
Everest ransomware posted hundreds of Pacific HealthWorks files, exposing patient and billing records from 50+ medical groups; leaked samples show SSNs, claims and medical IDs. ...
News
Kimsuky Data Leak Exposes 8.9GB of Alleged North Korean APT Tooling and Stolen Records
Two hackers leaked an 8.9GB dump they say came from North Korea’s Kimsuky APT, exposing phishing logs, toolkits, source code and possible campaign data today. ...
News
U.S. Judiciary Confirms Breach Of Federal Court Electronic Records System
The U.S. Federal Judiciary confirmed a cyberattack on its case management systems, prompting heightened security for sealed court filings amid escalating, sophisticated cyber threats targeting ...
News
MuddyWater’s DarkBit Ransomware Cracked, Allowing Free Data Recovery
Profero cracked DarkBit ransomware’s encryption, exploiting weak key generation to recover a victim’s ESXi server data for free, disrupting a politically driven MuddyWater-linked cyberattack.
Cybersecurity
Global Cybersecurity Spending Projected to Reach $213 Billion in 2025
Global cybersecurity spending is projected to hit $213 billion in 2025, driven by rising ransomware threats, cloud adoption, and generative AI risks. Gartner forecasts sustained ...
Cybersecurity
Senate Committee Advances Nominee to Lead Cybersecurity Agency
Amid heightened scrutiny over election security and foreign cyber threats, the U.S. Senate Homeland Security Committee has advanced the nomination ...
News
Google Calendar Invites Let Researchers Hijack Gemini in Stealthy Prompt-Injection Attack
Researchers used poisoned Google Calendar invites to exploit a Gemini vulnerability, enabling email exfiltration, smart-home control and other actions; Google says the bug is fixed. ...
News
Google Confirms Salesforce CRM Breach Exposed Google Ads Customers
Google confirms a Salesforce CRM breach exposed business contact information for prospective Google Ads customers; ShinyHunters claim roughly 2.55 million records were stolen in total. ...
TOP CYBERSECURITY HEADLINES
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
Application Security
Laravel Lang Supply Chain Attack Hijacks 700 Package Versions
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
The 2025 Purple Knight Report paints a stark picture of enterprise identity security: the average security assessment score for hybrid Active Directory (AD) and Entra ...
AI-Powered Polymorphic Phishing: The New Era of Social Engineering
Cybercrime is entering a new phase—one marked by AI-powered phishing attacks, the weaponization of legitimate remote access tools, and the rise of professionalized underground markets. ...
Storm-0501 Shifts From On-Premises Ransomware to Cloud-Based Extortion
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
CPAP Data Breach Exposes 90k Records of Military-Linked Customers
CPAP’s systems were breached in December 2024, exposing names, SSNs, and protected health information for over 90,000 individuals including military beneficiaries.
Healthcare Services Group Data Breach Impacts 624,000 Individuals After 2024 Network Intrusion
Healthcare Services Group reports a late-2024 intrusion that exposed personal data for 624,000 people; company offers identity protection and continues forensic investigations.
PromptLock Ransomware Uses AI to Encrypt and Steal Data
Researchers uncovered PromptLock, the first AI-powered ransomware generating malicious Lua scripts via LLM prompts. Though only a proof-of-concept, it highlights risks of weaponized AI in ...
FreePBX Administrator Control Panels Under Active Zero-Day Exploit
Microsoft warns Storm-0501 now focuses on cloud-native extortion: exfiltrating data, destroying backups, and encrypting cloud storage rather than encrypting on-premises endpoints.
Miljödata Cyberattack Disrupts Services for More Than 200 Swedish Municipalities
A cyberattack on Miljödata disrupted services across 200+ Swedish municipalities and may have exposed sensitive personal data; a ransom demand of 1.5 BTC was reported.
Salesforce Breach: How OAuth Token Theft Exposed Hundreds of Organizations
The recent Salesforce data breach underscores a growing reality in cybersecurity: even when core SaaS platforms are secure, their third-party integrations often aren’t. Between August ...
Image-Scaling Prompt Injection Exposes Hidden Risks in AI Systems
Researchers show image-scaling prompt injection can hide executable instructions that surface only after downscaling, enabling LLM-driven data exfiltration across multiple AI platforms.
Auchan Notifies Customers After Loyalty Account Data Exposure in Cyberattack
Auchan disclosed a cyberattack exposing contact and loyalty data for several hundred thousand customers; bank details and passwords were not impacted, CNIL was notified.
Critical Docker Desktop SSRF Vulnerability Compromises Hosts Using Containers
A critical SSRF in Docker Desktop (CVE-2025-9074) let containers reach the Docker Engine API and bind host storage; Docker issued Docker Desktop 4.44.3 to fix ...
CISA Warns of Actively Exploited Git Arbitrary Code Execution Vulnerability
CISA warns of actively exploited Git vulnerability CVE-2025-48384 that enables arbitrary code execution via crafted submodules; federal patch deadline set for September 15.
Coordinated Scans Surged Targeting Microsoft RDP Auth Servers
GreyNoise detected nearly 1,971 IPs scanning Microsoft RDP Web Auth portals to test timing flaws and enumerate usernames, potentially preparing credential-based attacks during US back-to-school ...
Citrix Fixes NetScaler RCE Flaw Exploited in Zero-Day Attacks
Citrix patches critical NetScaler RCE CVE-2025-7775 exploited in zero-day attacks; admins must upgrade affected NetScaler ADC and Gateway builds immediately.
MathWorks Data Breach Exposes 10,000 Users in a Ransomware Attack
MathWorks disclosed a ransomware attack exposing PII for more than 10,000 users; intrusion lasted from April 17 to May 18, with services disrupted for nearly ...
Thousands of Grok AI Chats Leaked, Transcripts Indexed Publicly
Forbes found over 370,000 Grok conversations indexed by search engines after users clicked "share," exposing personal data, attachments, passwords, and illicit instructions including assassination plans.
Murky Panda Exploits Cloud Trust to Breach Customers in Supply Chain Attacks
Murky Panda hijacks trusted cloud relationships to reach downstream customers, abusing Entra ID and DAP paths, reading email, and escalating privileges after initial access via ...
Salesloft Breach Exposes OAuth Tokens Used in Salesforce Data-Theft Campaign
Salesloft breach exposed Drift OAuth tokens used to access Salesforce instances; attackers extracted AWS keys, passwords, and Snowflake tokens to pivot and exfiltrate data.
Discord Message-Scraping Service Claims Access to 1.8 Billion Messages
A newly advertised data-scraping service claims to index 1.8 billion Discord messages, 207 million voice sessions, and profiles from 35 million users. Researchers warn the ...