Cyber Security
Cybersecurity
Asahi Group Suspends Operations After Cyberattack Disrupts Japanese Headquarters
Asahi has suspended orders, shipments and customer services in Japan after a cyberattack; investigation continues into whether systems were encrypted or sensitive data were exfiltrated.
Cybersecurity
WestJet Notifies U.S. Travelers After June Data Breach
WestJet warns some passenger and loyalty data were accessed in a June intrusion; travelers should monitor accounts, enable MFA, and watch for phishing or identity-fraud ...
Application Security
Microsoft Warns of New XCSSET macOS Malware Variant Targeting Xcode Devs
Microsoft detects a new XCSSET variant targeting Xcode projects with clipboard hijacking, Firefox data theft, and LaunchDaemon persistence—inspect builds, patch systems, and harden CI pipelines.
Cybersecurity
Maryland Department of Transportation Confirms Data Loss in Rhysida Ransomware Attack
Rhysida claims to have stolen MDOT employee IDs and background checks and demands 30 BTC; MDOT confirms data loss while investigators and responders work to ...
Cybersecurity
Co-Op Reports $107 Million Loss After Scattered Spider Cyberattack
The Co-operative Group has disclosed over $100 million in profit losses from the April 2025 Scattered Spider cyberattack. The breach caused £206 million in lost ...
Cybersecurity
Texas Compliance Vendor Exposes 40K+ Sensitive DOT Records in S3 Leak
Misconfigured S3 storage exposed 18,000 Social Security cards and 23,000 driver licenses tied to AJT Compliance’s DOT SHIELD, putting Texas truckers at high risk of ...
Cybersecurity
ICO Fines U.K. Energy Firms £550K for Unlawful Robo Marketing Calls
The ICO fined two U.K. energy companies £550K for unlawful robo-calls that targeted vulnerable individuals. Consumers are urged to register with TPS and report suspicious ...
Cybersecurity
UK Arrests Suspect in Ransomware Attack That Disrupted European Airports
UK police arrested a suspect in the Collins Aerospace MUSE ransomware attack that disrupted major European airports; investigators continue forensic work while airports rely on ...
Application Security
Dark Web Monitoring Guide for CISOs: Turning Shadows into Signals
Dark web monitoring gives CISOs early warning of breaches, ransomware, and credential leaks. Turning intelligence into action helps enterprises anticipate attacks instead of merely reacting.
Threat Actors
GhostSec – From Hacktivist to Ransomware Warlord
GhostSec evolved from hacktivist roots into a hybrid ransomware threat, using GhostLocker to target global sectors with encryption, extortion, and high-impact double-extortion campaigns.
Blog
How to Remove a Hacker’s Access From a Hacked Device
Hacked phones can expose sensitive data to fraud, identity theft, and financial loss. This guide explains how to spot signs of compromise, regain control through ...
Blog
5 Cybersecurity Blind Spots Most Companies Ignore
Cyberattacks often exploit overlooked weaknesses, not just firewalls or antivirus gaps. This article highlights five common cybersecurity blind spots—shadow IT, poor access controls, unpatched systems, ...
Cybersecurity
Legislative Shifts in Cybersecurity: Analyzing the Impact of EU and UK Cyber Laws
How will Europe’s new cyber laws change operational risk? This analysis explains the impact of the EU Cyber Solidarity Act and the UK CSRB on ...
Cybersecurity
Cisco ASA 5500-X Devices Under Attack: U.S. CISA Issues Emergency Directive
CISA has issued an emergency directive following active exploitation of Cisco ASA 5500-X firewalls. Federal agencies must audit and patch devices immediately, as vulnerabilities allow ...
Cybersecurity
Teen Suspect in Scattered Spider Casino Hacks Allegedly Holds $1.8M Bitcoin
A 17-year-old accused of aiding the 2023 MGM and Caesars cyberattacks faces six felony charges. Linked to Scattered Spider, prosecutors allege he holds $1.8M in ...
Cybersecurity
AI-Driven Zero-Day Attacks: Preparing for the Autonomous Cyber Threat Era
Autonomous AI agents are fueling a new wave of cyber threats, creating adaptive zero-day exploits and deepening risks for enterprises. Emerging defenses like AI Detection ...
Cybersecurity
Black Arrow Cyber Threat Intelligence Briefing: Analyzing Emerging Attack Vectors
Black Arrow’s 2025 Cyber Threat Intelligence Briefing highlights rising cyber threats, including AI-driven phishing, deepfake social engineering, ransomware, and nation-state exploits. CFOs, executives, and critical ...
Cybersecurity
Congress Struggles to Renew Cyber Threat Sharing Act Amid Rising Cybersecurity Concerns
The Cybersecurity Information Sharing Act (CISA) of 2015 is set to expire on September 30, 2025, with Congress divided on renewal. Political gridlock threatens critical ...
Cybersecurity
Brickstorm Backdoor Used Espionage Campaign Against U.S. Tech
Google reports Chinese hackers used Brickstorm malware to infiltrate U.S. tech and legal sectors for over a year, exfiltrating data while bypassing traditional security defenses.
Cybersecurity
GitHub Notifications Abused to Impersonate Y Combinator for Crypto Theft
Attackers abused GitHub issue notifications to impersonate YC, trick developers into EIP-712 signatures and drain wallets—inspect signed JSON, revoke approvals, and move assets now.
Application Security
Klue OAuth Breach Hits Huntress, Recorded Future via Salesforce
TOP CYBERSECURITY HEADLINES
Application Security
Crypto Clipper Abuses AI Reviews and VirusTotal to Fake Legitimacy
CVE Vulnerability Alerts
Defender Zero-Day CVE-2026-50656 Under Active Exploit, No Patch
This Week’s Security Spotlight
Application Security
Anthropic’s Mythos AI Found Flaws in Classified US Government Systems
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
ClayRat Spyware Tricks Android Users by Masquerading as WhatsApp, TikTok and YouTube
ClayRat Android spyware poses as WhatsApp, TikTok, and YouTube apps, stealing data, intercepting messages, and spreading automatically via SMS links sent to user contacts.
FBI Seizes BreachForums Infrastructure Used in Salesforce Extortion Scheme
The FBI and French authorities seized BreachForums’ domain infrastructure, disrupting ShinyHunters’ Salesforce extortion campaign and signaling a major shift in international cybercrime disruption strategies.
Discord Confirms Potential Age-Verification Vendor Breach Impacting About 70,000 Users
Discord has disclosed a potential data breach tied to a third-party age-verification provider that may have exposed official identification photos and other personal data for ...
Unisys Selected by EU Commission to Provide Cybersecurity Services to EU Public Entities
Unisys has announced that it has been selected by the European Commission to deliver cybersecurity services to public-sector organizations across the European Union. The agreement, ...
TwoNet Hacktivists Breach Decoy Water Treatment Plant, Alter PLC Setpoints and Disable Alarms Within 26 Hours
TwoNet breached a decoy water-treatment HMI in September, altering PLC setpoints and disabling alarms within about 26 hours after exploiting a known XSS vulnerability.
AI Companion Apps Expose Millions of Intimate Messages after Unprotected Kafka Instances
Two AI companion apps exposed 43 million messages and 600,000 media files after an unprotected Kafka Broker leaked data for over 400,000 users; instance now ...
Salesforce Refuses to Pay Ransom After Widespread CRM Data-Theft Campaigns
Salesforce refused extortion demands after attackers stole large CRM datasets via OAuth social engineering and stolen SalesLoft tokens; companies are revoking tokens and investigating scope.
Avnet Confirms EMEA Data Breach, Says Stolen Information Is Mostly Unreadable Without Internal Tools
Avnet confirmed a cyberattack on an EMEA cloud storage system. The company said stolen data was largely unreadable without its proprietary tools and global operations ...
Doctors Imaging Group Data Breach Exposes 171,000 Patients’ Medical and Financial Records
A November 2024 breach at Doctors Imaging Group exposed PHI and PII for 171,000 patients; forensics concluded in August 2025 and patient notifications followed.
DraftKings Says Credential Reuse Behind Targeted Account Intrusions, Not Internal Breach
DraftKings confirmed credential stuffing attacks targeting customer accounts, exposing limited personal data. The company ordered password resets, mandated multifactor authentication, and confirmed no internal breach ...
BK Technologies Cyberattack Contained as Employee Data Accessed by Threat Actors
BK Technologies confirmed a late-September cyberattack compromising internal systems and employee data, but swift containment and forensic analysis prevented further escalation or operational disruption.
Oracle E-Business Suite Zero-Day Exploited, Authorities Urge Immediate Patching
Oracle E-Business Suite zero-day CVE-2025-61882 is under active exploitation; emergency patches are available and organizations must patch and investigate potential compromise immediately.
RediShell Zero-Day in Redis Permits Remote Code Execution on Exposed Instances
Critical RediShell zero-day (CVE-2025-49844) enables Lua-based remote code execution on Redis; administrators must patch, disable Lua where possible and secure exposed instances immediately.
Red Hat Data Breach Escalates as ShinyHunters Joins Extortion
Red Hat faces escalated extortion as ShinyHunters lists sampled Customer Engagement Reports from the breach; samples name major clients and set an October 10 ransom ...
NIST Flags DeepSeek Adoption Over Security, Censorship and Cost Concerns
NIST analysis finds DeepSeek models lag U.S. counterparts, cost more, are easier to hijack, and exhibit CCP-aligned censorship, prompting security and policy warnings for adopters.
Unity Engine Flaw Permits Code Execution on Android and Escalation on Windows
A Unity runtime flaw (CVE-2025-59489) allows malicious apps or inputs to load attacker libraries, enabling code execution on Android and privilege escalation on Windows; developers ...
Discord Confirms Data Breach Linked to Third-Party Support Vendor
Discord has confirmed a significant data breach affecting users who interacted with its customer support teams, after hackers compromised a third-party service provider on September ...
ParkMobile Data Breach Ends in $32.8M Settlement — and a $1 Payout
The final chapter in the ParkMobile data breach saga has arrived—nearly four years after the 2021 cyberattack that compromised the personal information of 22 million ...
Oneleet Secures $33M Series A to Revolutionize Integrated Cybersecurity
Amsterdam-based cybersecurity startup Oneleet has raised $33 million in Series A funding, bringing its total capital to $35 million and positioning itself as one of ...
Weather Station Gateway Exploited: CISA Adds Meteobridge Bug to KEV List
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning following confirmation that a command injection vulnerability in Meteobridge weather station devices is ...