Cyber Security
News
Cybercriminals Turn to PDFs to Impersonate Microsoft, PayPal, and DocuSign
Cybercriminals are increasingly using PDFs to impersonate trusted brands like Microsoft, PayPal, and DocuSign in phishing campaigns designed to steal credentials or deploy malware.
News
IdeaLab Confirms Data Stolen in Ransomware Attack Linked to Hunters International
IdeaLab confirms ransomware attackers stole sensitive employee and contractor data in a 2024 breach. Hunters International claimed responsibility and leaked 137,000 files on the dark ...
News
Kelly Benefits Data Breach Exposes Personal Information of Over 550,000 Individuals
Kelly Benefits confirms 2024 breach exposed personal data of 553,660 individuals, affecting 46 organizations. Stolen info includes SSNs, medical records, and financial data.
News
Esse Health Data Breach Impacts Over 263,000 Patients in Prolonged Cyber Incident
Esse Health confirms cyberattack exposed data of 263,601 patients, including medical record and insurance info, after system disruptions in April. Investigation suggests possible ransomware involvement. ...
News
Spain Arrests Hackers Behind Data Breach Targeting Politicians and Journalists
Spanish police arrest two hackers behind cyberattacks on government and media figures, seizing devices in a national security case tied to stolen state data.
News
Citrix Patch for Critical NetScaler Vulnerabilities Causes Login Issues for Some Customers
Citrix warns that patches for critical NetScaler flaws may cause broken logins due to CSP conflicts. Admins must disable headers and clear cache to restore ...
News
Forminator Plugin Flaw Leaves 600,000+ WordPress Sites at Risk of Full Takeover
A critical vulnerability in Forminator exposes over 600,000 WordPress sites to takeover attacks. Enterprises are urged to patch immediately and review recovery strategies.
News
Grafana Issues Critical Security Fixes for Image Renderer Plugin and Synthetic Monitoring Agent
Grafana Labs patched critical Chromium-based vulnerabilities in its Image Renderer and Monitoring Agent. Enterprises using self-hosted deployments must update immediately to prevent remote code execution ...
News
Hunters International Ransomware Group Shuts Down, Offers Free Decryptors Amid Exit
Hunters International ransomware gang shuts down and releases free decryptors for victims. The group may be rebranding as an extortion-only operation under World Leaks.
News
Spanish Authorities Dismantle €10 Million Investment Scam Network With Fake Advisors and Crypto Portals
Spanish police arrested 21 individuals linked to a €10 million investment scam that used fake crypto platforms, call centers, and social media to defraud victims. ...
News
Cisco Removes Hardcoded Root Account from Unified CM to Prevent Remote Takeover
Cisco warns of critical backdoor vulnerability in Unified Communications Manager allowing root access. No workaround exists—organizations must patch immediately to prevent remote system takeover.
News
Fake Crypto Wallet Add-ons Flood Firefox Store in Ongoing Credential Theft Campaign
Over 40 fake Firefox extensions posing as crypto wallets are stealing seed phrases. Victims unknowingly lose funds in attacks that mimic trusted browser plugins.
News
Qantas Confirms Data Breach Following Cyberattack on Third-Party Platform
Qantas confirmed a cyberattack impacting six million customers. Linked to aviation-targeting threat actors, the breach highlights growing risks to identity systems and third-party platforms.
Blog
Stormous Ransomware: The Pro-Russian Cyber Gang Targeting Global Networks
Stormous ransomware is a pro-Russian ransomware gang using double extortion and RaaS tools to target global enterprises, especially in the U.S., Ukraine, and Europe.
Blog
The Rising Tide of Cybersecurity Threats in Hospitality: How Hotels Can Stay Secure this Summer
Explore how hospitality businesses can defend against hotel cyber attacks, summer cyber threats, and guest data breaches with smart cybersecurity strategies tailored for the industry. ...
News
International Criminal Court Investigates Another Sophisticated Cyberattack
The International Criminal Court confirms a second cyberattack in two years, citing a sophisticated breach and ongoing threats targeting its global judicial infrastructure.
News
Aeza Group Sanctioned by U.S. Treasury for Enabling Cybercriminal Infrastructure
The U.S. Treasury sanctioned Aeza Group for hosting ransomware and malware infrastructure used by threat groups like BianLian, RedLine, and darknet marketplace BlackSprut.
News
Europol Busts $540 Million Crypto Fraud Ring Operating Across Multiple Countries
Europol dismantles a $540 million crypto investment fraud ring targeting thousands across borders. The syndicate used AI tools, shell companies, and crypto wallets for laundering. ...
News
FBI Issues Alert as Cybercriminals Impersonate Health Fraud Investigators to Steal Patient Data
FBI warns of cybercriminals impersonating health fraud investigators to steal sensitive medical data. Fraudulent emails and texts are targeting patients and providers nationwide.
News
Johnson Controls Begins Notifying Individuals Impacted by 2023 Ransomware Attack
Johnson Controls is notifying individuals impacted by a 2023 ransomware attack that exposed data and disrupted global operations. Dark Angels ransomware group is believed responsible. ...
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
TOP CYBERSECURITY HEADLINES
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
This Week’s Security Spotlight
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Cybersecurity
When Amazon Sends the Phishing Email
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
Ransomware-as-a-Service (RaaS) Fuels Record Cyberattack Surge in 2025
Ransomware-as-a-Service is driving a surge in cyberattacks, making sophisticated ransomware accessible to low-skilled criminals. With incidents up 149% in early 2025, experts warn that RaaS ...
Pacific HealthWorks Hit By Everest Ransomware; Patient Data From 50+ Practices Published
Everest ransomware posted hundreds of Pacific HealthWorks files, exposing patient and billing records from 50+ medical groups; leaked samples show SSNs, claims and medical IDs. ...
Kimsuky Data Leak Exposes 8.9GB of Alleged North Korean APT Tooling and Stolen Records
Two hackers leaked an 8.9GB dump they say came from North Korea’s Kimsuky APT, exposing phishing logs, toolkits, source code and possible campaign data today. ...
U.S. Judiciary Confirms Breach Of Federal Court Electronic Records System
The U.S. Federal Judiciary confirmed a cyberattack on its case management systems, prompting heightened security for sealed court filings amid escalating, sophisticated cyber threats targeting ...
MuddyWater’s DarkBit Ransomware Cracked, Allowing Free Data Recovery
Profero cracked DarkBit ransomware’s encryption, exploiting weak key generation to recover a victim’s ESXi server data for free, disrupting a politically driven MuddyWater-linked cyberattack.
Germany’s Top Court Limits Police Spyware to Serious Crimes Only
Germany’s Federal Constitutional Court has issued a landmark ruling sharply restricting the use of state spyware by law enforcement. The decision directly addresses 2017 regulations ...
Security Firms Warn GPT-5 Is Wide Open to Jailbreaks and Prompt Attacks
Two independent security assessments have revealed serious vulnerabilities in GPT-5, the latest large language model release. NeuralTrust’s red team demonstrated a “storytelling” jailbreak, a multi-turn ...
Global Cybersecurity Spending Projected to Reach $213 Billion in 2025
Global cybersecurity spending is projected to hit $213 billion in 2025, driven by rising ransomware threats, cloud adoption, and generative AI risks. Gartner forecasts sustained ...
Senate Committee Advances Nominee to Lead Cybersecurity Agency
Amid heightened scrutiny over election security and foreign cyber threats, the U.S. Senate Homeland Security Committee has advanced the nomination of Sean Plankey to lead ...
BadCam: Lenovo Webcam Flaw Turns Everyday Cameras into Remote BadUSB Attack Tools
A new hardware security warning has emerged with the discovery of BadCam, a set of vulnerabilities in certain Lenovo webcams that could allow attackers to ...
Google Calendar Invites Let Researchers Hijack Gemini in Stealthy Prompt-Injection Attack
Researchers used poisoned Google Calendar invites to exploit a Gemini vulnerability, enabling email exfiltration, smart-home control and other actions; Google says the bug is fixed. ...
Google Confirms Salesforce CRM Breach Exposed Google Ads Customers
Google confirms a Salesforce CRM breach exposed business contact information for prospective Google Ads customers; ShinyHunters claim roughly 2.55 million records were stolen in total. ...
WinRAR Zero-Day (CVE-2025-8088) Exploited in Phishing Attacks to Drop RomCom Backdoors
WinRAR zero-day CVE-2025-8088 let attackers craft RARs that extract executables into autorun folders, enabling RomCom backdoors via spearphishing; the bug is fixed in WinRAR 7.13. ...
Ivy League University Hack Exposed Personal, Financial and Health Records of 868,969 People
Columbia University says a May 16, 2025 network intrusion exposed personal, financial and health data for 868,969 people; the university offers two years of credit ...
U.S. Judiciary Confirms Cyberattack on Court Electronic Records Service, Tightens Access to Sealed Filings
The U.S. Judiciary confirmed a cyberattack on its electronic case systems, tightening access to sealed filings after reports suggested confidential informant identities were exposed publicly. ...
Cisco ISE Vulnerability Exposes Critical Remote Code Execution Risk Across Enterprise Networks
A critical Cisco ISE vulnerability (CVE-2025-20337) exposes systems to remote code execution and root access. Enterprises must upgrade to Patch 7 or Patch 2 immediately. ...
Free Wi-Fi Loophole Lets Hackers Breach Smart Bus Control Systems
A new cybersecurity investigation has revealed that the same free passenger Wi-Fi offered on many smart buses is directly connected to critical onboard systems — ...
RiteCheck Notifies Nearly 70,000 After Year-Old Cyberattack Exposed Sensitive Customer Data
Nearly 70,000 customers and employees of RiteCheck had personal and payment data exposed in a 2024 breach. Notification letters were only sent out this week. ...
BlackSuit Ransomware and Royal Operations Breached 450+ U.S. Companies
DHS reports BlackSuit and Royal ransomware gangs hit over 450 U.S. victims, collected $370 million, and saw infrastructure seized in international Operation Checkmate last month. ...
Pandora Confirms Third-Party Data Breach, Advises Customers to Stay Alert
Pandora confirms a third-party data breach exposing customer names and emails, warns users of potential phishing risks as attackers exploit basic contact details without breaching ...