Cyber Security
News
BlackSuit Ransomware and Royal Operations Breached 450+ U.S. Companies
DHS reports BlackSuit and Royal ransomware gangs hit over 450 U.S. victims, collected $370 million, and saw infrastructure seized in international Operation Checkmate last month. ...
News
Pandora Confirms Third-Party Data Breach, Advises Customers to Stay Alert
Pandora confirms a third-party data breach exposing customer names and emails, warns users of potential phishing risks as attackers exploit basic contact details without breaching ...
News
CISA Orders Federal Agencies to Patch Critical Exchange Hybrid Vulnerability by Monday Morning
CISA orders federal agencies to fix a critical Exchange hybrid vulnerability (CVE-2025-53786) by Monday; migration to a dedicated hybrid app is required to prevent tenant ...
News
Bouygues Telecom Data Breach Exposes 6.4 Million Customers’ Information
Bouygues Telecom confirms cyberattack exposed personal data for 6.4 million customers, including contact details and IBANs; investigation ongoing and authorities notified; customers informed via SMS. ...
News
Technical Glitch Briefly Erases Sections of U.S. Constitution from Congress.gov, Restored Quickly
Critical sections of the Constitution briefly vanished from Congress.gov due to a software glitch; the Library of Congress restored them within hours and is implementing ...
News
Air France and KLM Confirm Third-Party Data Breach Impacting Customer Information
Air France and KLM have confirmed a data breach via a third-party vendor, exposing personal information of loyalty members and airline customers to potential cyber ...
News
Akira Ransomware Disables Microsoft Defender Using Intel Driver Exploit in New Wave of Attacks
Akira ransomware disables Microsoft Defender using Intel’s driver in BYOVD attacks. Researchers warn of new techniques, SonicWall VPN exploits, and trojanized IT tool installers.
News
MagentaTV Data Leak Exposes Over 324 Million Logs Linked to Deutsche Telekom’s Streaming Platform
A data leak tied to Deutsche Telekom’s MagentaTV platform exposed over 324 million logs, including user IPs, MAC addresses, and session details.
News
Meta Blocks 6.8 Million WhatsApp Accounts Amid Rising Scam Group Abuse
Meta has blocked 6.8 million WhatsApp accounts tied to scam operations, rolling out new security features to prevent abuse of group invites and direct messaging. ...
News
Google Confirms Data Breach as Part of Ongoing Salesforce CRM Attacks by ShinyHunters
Google confirms a Salesforce data breach linked to ShinyHunters, who are targeting enterprise CRM systems in a widespread extortion campaign affecting major global brands.
News
Cisco Reports Data Breach Following Vishing Attack on Employee
Cisco disclosed a data breach impacting Cisco.com user accounts after a vishing attack on an employee, exposing basic user details but no passwords or sensitive ...
News
Rhysida Ransomware Group Claims Attack on Cookeville Regional Medical Center
Rhysida ransomware gang has claimed the attack on Cookeville Regional Medical Center, threatening to leak sensitive patient and financial data unless the hospital pays a ...
News
Pandora Confirms Data Breach Linked to Salesforce Credential Theft Campaign
Pandora confirms a data breach linked to Salesforce credential theft campaigns, exposing customer data while attackers continue to target global enterprises through phishing and OAuth ...
News
PBS Confirms Data Breach After Employee Information Circulates on Discord
PBS confirmed a data breach after corporate contact details for nearly 4,000 employees were leaked and shared on Discord communities, raising concerns over unauthorized exposure ...
News
New Linux Backdoor “Plague” Evades Detection for Months
A stealthy Linux backdoor named Plague has evaded antivirus detection for months, exploiting PAM authentication modules to provide attackers with persistent SSH access and near-total ...
Threat Actors
APT28 / Fancy Bear: Russian State Sponsored APT
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical infrastructure.
News
CurXecute Prompt-Injection Flaw in Cursor IDE Enables Remote Code Execution
Cursor IDE’s CurXecute flaw lets malicious prompts escalate to remote code execution; Pi-hole donor emails leaked via GiveWP plugin misconfiguration. Patches released.
News
Chanel Confirms US Customer Data Breach Linked to Salesforce Social Engineering Attacks
Chanel confirms a U.S.-based data breach from Salesforce social engineering attacks, exposing contact details amid a broader extortion campaign targeting global enterprise brands.
News
Palo Alto Networks to Acquire CyberArk in $25 Billion Deal to Strengthen Identity Security
Palo Alto Networks will acquire CyberArk for $25 billion to combine AI-powered security with identity and privilege controls, targeting evolving enterprise threats.
News
FraudOnTok Malware Campaign Targets TikTok Shop Users Through Fake Apps and Phishing Tactics
CTM360 exposes the FraudOnTok campaign targeting TikTok Shop users through fake apps and phishing, using SparkKitty spyware to steal crypto wallet data and drain funds. ...
Application Security
Ghost CMS CVE-2026-26980 Exploited in ClickFix Campaign
TOP CYBERSECURITY HEADLINES
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
LiteSpeed cPanel Plugin CVE-2026-48172 CVSS 10.0 Exploited
This Week’s Security Spotlight
Application Security
Anthropic’s Project Glasswing Finds 10,000+ CVEs in One Month
Application Security
Trump Mobile Exposes 27,000 Customer Records via Insecure API
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Australia Faces Rising Wave of AI-Driven Cyber Threats in 2025
Australia is facing a surge in AI-driven cyberattacks, from deepfake phishing and malware development to supply chain compromises. With over 70 major incidents in 2025 ...
CISA Expands Known Exploited Vulnerabilities Catalog: 47 New Threats Identified
CISA has added 47 new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, including flaws in SharePoint, Google Chromium, and Cisco devices. The ...
Arizona Seeks $10M to Bolster Election Cybersecurity: Post-Attack Response Plan
A cyberattack on Arizona’s election portal, linked to Iranian-affiliated actors, has spurred calls for $10 million in cybersecurity funding and $3.5 million annually. Secretary of ...
Microsoft Patches Teams Vulnerability: Critical Fix Against Remote Code Risks
Microsoft has patched CVE-2025-53783, a heap-based buffer overflow in Teams that enables remote code execution across desktop, mobile, and hardware devices. Though exploitation requires social ...
Apple Patches Zero-Day Exploit: Immediate Fix for CVE-2025-43300 Threat
Apple has released emergency patches for CVE-2025-43300, a zero-day flaw in the Image I/O framework enabling remote code execution via malicious images. Actively exploited in ...
APT36 Hackers Abuse Linux to Deliver Malware in Espionage Attacks
APT36 (Transparent Tribe) is exploiting Linux .desktop files in a new espionage campaign against Indian defense and government targets. Disguised as PDFs, these droppers fetch ...
Silk Typhoon’s Fake Adobe Update: How China-Backed Hackers Target Diplomats
A new and highly sophisticated cyber espionage campaign attributed to Silk Typhoon—also known as Mustang Panda, TEMP.Hex, or UNC6384—has been uncovered, targeting diplomats and government ...
FTC Warns Tech Giants: Don’t Weaken Encryption for Foreign Governments
The fight over encryption has entered a new phase. The Federal Trade Commission (FTC), led by Chairman Andrew Ferguson, has issued a strong warning to ...
Invisible Prompts: How Image Scaling Attacks Break AI Security
Researchers have uncovered a new form of indirect prompt injection that leverages a simple but powerful trick: image scaling. This novel attack involves hiding malicious ...
Google to Verify Android Developers: A New Era in App Security Emerges
Google is rolling out its Developer Verification program, requiring all Android developers—inside and outside the Play Store—to verify their identity by 2027. The policy aims ...
Healthcare Services Group Breach Exposes 624,000 Individuals’ Sensitive Data
The healthcare sector has been rocked yet again by a massive cybersecurity incident. Healthcare Services Group (HCSG), a provider of dining and laundry services to ...
Okta Raises Annual Forecasts Amid Surging Demand for Cybersecurity Tools
Okta has lifted its fiscal 2026 revenue forecast after reporting strong Q2 results, driven by soaring demand for identity verification tools. As AI-powered impersonation attacks ...
Auchan Data Breach: Hundreds of Thousands of Loyalty Accounts Compromised
French retail giant Auchan has confirmed a massive data breach that compromised the personal details of hundreds of thousands of customers. The stolen data includes ...
Docker Desktop Vulnerability: Why Containers Aren’t as Safe as You Think
A critical vulnerability in Docker Desktop, CVE-2025-9074, has shaken the container security world. Scoring 9.3 on the CVSS scale, this flaw exposed an unauthenticated Docker ...
Arch Linux Website, Forums, and AUR Targeted in Sustained Cyber Assault
The Arch Linux community has just endured more than a week of turbulence as a massive distributed denial-of-service (DDoS) attack disrupted its most critical services, ...
Data I/O Ransomware Attack: Supply Chain Cybersecurity in Crisis
Cyberattacks against supply chains are no longer isolated disruptions—they are systemic threats with the power to cascade across industries and nations. The recent ransomware attack ...
BianLian Ransomware Strikes Aspire Rural Health: 138,000 Patients Exposed
The U.S. healthcare sector continues to face relentless cyberattacks, and rural hospitals are increasingly at the center of this crisis. The recent Aspire Rural Health ...
OneFlip: How a Single Bit-Flip Can Hack AI Models
Artificial Intelligence (AI) models are shaping the future of industries from healthcare and finance to autonomous vehicles and national infrastructure. But with this rise comes ...
The Dual Role of AI in Cybersecurity: Weapon and Shield
AI hacking has moved from speculation to reality, enabling deepfake phishing, automated malware, and large-scale social engineering. While defenders deploy AI for detection and response, ...
FraudGPT, WormGPT, and Dark AI Models Fuel Surge in Cybercrime
Malicious AI models like FraudGPT, WormGPT, and PoisonGPT are reshaping cybercrime, enabling scalable phishing, malware generation, and disinformation. Unlike mainstream LLMs, these blackhat tools strip ...