Main Menu
Cyber Security
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
French Authorities Arrest BreachForums v2 Operators Behind Global Data Theft Campaigns
News
French Authorities Arrest BreachForums v2 Operators Behind Global Data Theft Campaigns
Andrew Doyle June 26, 2025
French police arrest BreachForums v2 operators, including ShinyHunters and IntelBroker, tied to major global and national data breaches affecting millions of users and enterprises.
Scattered Spider: What You Know About It and What You Don’t
Blog
Scattered Spider: The Threat You Think You Know
Gabby Lee June 25, 2025
Scattered Spider isn’t a single group but a sprawling web of identity-based attackers exploiting help desks, MFA gaps, and cloud admin tools to breach enterprises. ...
New FileFix Attack Exploits Windows File Explorer to Deliver Stealthy Commands
News
New FileFix Attack Exploits Windows File Explorer to Deliver Stealthy Commands
Andrew Doyle June 25, 2025
A researcher has revealed a new FileFix attack that abuses Windows File Explorer’s address bar to stealthily execute commands, expanding on previous ClickFix phishing techniques. ...
Trojanized SonicWall NetExtender Client Targets VPN Credentials via Spoofed Sites
News
Trojanized SonicWall NetExtender Client Targets VPN Credentials via Spoofed Sites
Mitchell Langley June 25, 2025
SonicWall and Microsoft have discovered a trojanized version of the NetExtender VPN client being distributed via spoofed websites, stealing remote access credentials from unsuspecting users. ...
New Spear Phishing Campaign Targets Financial Executives Using Legitimate Remote Access Tools
News
New Spear Phishing Campaign Targets Financial Executives Using Legitimate Remote Access Tools
Mitchell Langley June 25, 2025
A sophisticated spear phishing campaign is targeting CFOs and finance leaders worldwide, using legitimate tools like NetBird and OpenSSH to quietly breach enterprise networks.
Two Healthcare Data Breaches Expose Over 220,000 Records at Mainline Health and Select Medical
News
Two Healthcare Data Breaches Expose Over 220,000 Records at Mainline Health and Select Medical
Mitchell Langley June 25, 2025
Mainline Health and Select Medical Holdings have disclosed separate data breaches impacting more than 220,000 individuals, with ransomware and third-party compromise behind the incidents.
UK Government Warns of £1.6 Million in Ticket Scams Ahead of Glastonbury Festival
News
UK Government Warns of £1.6 Million in Ticket Scams Ahead of Glastonbury Festival
Andrew Doyle June 25, 2025
Concertgoers in the UK have lost over £1.6 million to ticket fraud in 2024, prompting urgent warnings from the government as festival season begins.
170K-Record Database Exposes Unencrypted PII from Real Estate Sector
News
170K-Record Database Exposes Unencrypted PII from Real Estate Sector
Andrew Doyle June 24, 2025
A misconfigured database tied to a U.S. real estate firm exposed 170,000 records of sensitive personal and internal data, including Social Security numbers and employment ...
Anubis Ransomware: A Destructive, Cross-Platform Threat
Resources
Anubis Ransomware: A Destructive, Cross-Platform Threat
Mitchell Langley June 24, 2025
Anubis ransomware combines encryption and file-wiping capabilities, targeting Windows, Linux, and NAS systems with stealthy command-line execution and affiliate-driven campaigns across multiple industries.
Steel Giant Nucor Confirms Data Theft in Recent Cybersecurity Breach
News
Steel Giant Nucor Confirms Data Theft in Recent Cybersecurity Breach
Mitchell Langley June 24, 2025
Nucor, North America’s largest steel producer, has confirmed data theft following a cybersecurity breach that temporarily disrupted operations and forced system shutdowns.
Chinese APT Group ‘Salt Typhoon’ Breaches Canadian Telecom Firm Using Cisco IOS XE Vulnerability
News
Chinese APT Group ‘Salt Typhoon’ Breaches Canadian Telecom Firm Using Cisco IOS XE Vulnerability
Mitchell Langley June 24, 2025
Canada confirms a state-sponsored breach in its telecom sector, where Salt Typhoon exploited an unpatched Cisco vulnerability to compromise devices and reroute sensitive network traffic. ...
Russia-Linked Hackers Deploy Sophisticated Social Engineering Attack and Evade MFA
News
Russia-Linked Hackers Deploy Sophisticated Social Engineering Attack and Evade MFA
Mitchell Langley June 24, 2025
Russian state-sponsored hackers targeted a critic of the Kremlin using a novel social engineering tactic that tricked the victim into bypassing multi-factor authentication protections.
16 Billion Passwords Exposed in Record-Breaking Breach: A Deep Dive into the Data Leak That Affects Everyone
News
16 Billion Passwords Exposed in Record-Breaking Breach: A Deep Dive into the Data Leak That Affects Everyone
Andrew Doyle June 24, 2025
A massive breach has exposed 16 billion login credentials, potentially affecting services like Facebook, Google, and Apple. This fresh infostealer data opens the door to ...
APT28 Hackers Use Signal to Target Ukraine with New Malware Families BeardShell and SlimAgent
News
APT28 Hackers Use Signal to Target Ukraine with New Malware Families BeardShell and SlimAgent
Andrew Doyle June 24, 2025
Russian threat group APT28 is using Signal messages to deliver new malware—BeardShell and SlimAgent—targeting Ukrainian government entities through sophisticated phishing and loader tactics.
Anubis Ransomware Gang Claims 64GB Disneyland Paris Leak in Alleged Construction Data Breach
News
Anubis Ransomware Gang Claims 64GB Disneyland Paris Leak in Alleged Construction Data Breach
Mitchell Langley June 24, 2025
Anubis ransomware group claims to hold 64GB of Disneyland Paris data, including engineering plans and behind-the-scenes content, though the source and sensitivity remain unclear.
McLaren Health Care Data Breach Exposes Personal Information of 743,000 Individuals
News
McLaren Health Care Data Breach Exposes Personal Information of 743,000 Individuals
Mitchell Langley June 24, 2025
McLaren Health Care has suffered a major data breach, exposing sensitive personal and medical data of 743,000 individuals, following a history of ransomware incidents.
Oxford City Council Cyberattack Exposes Two Decades of Election Worker Data
News
Oxford City Council Cyberattack Exposes Two Decades of Election Worker Data
Andrew Doyle June 24, 2025
Oxford City Council has confirmed a cybersecurity breach involving legacy systems, exposing election worker data from 2001 to 2022 after detecting unauthorized access to its ...
Aflac Confirms Data Breach Amid Rising Wave of Scattered Spider Attacks on U.S. Insurance Industry
News
Aflac Confirms Data Breach Amid Rising Wave of Scattered Spider Attacks on U.S. Insurance Industry
Andrew Doyle June 24, 2025
Insurance giant Aflac has confirmed a breach involving sensitive personal and health data, part of a broader wave of attacks linked to the Scattered Spider ...
BitoPro Exchange Ties $11 Million Crypto Theft to North Korea’s Lazarus Group
News
BitoPro Exchange Ties $11 Million Crypto Theft to North Korea’s Lazarus Group
Mitchell Langley June 24, 2025
Taiwan-based crypto exchange BitoPro has linked the $11 million theft from its platform to the North Korean Lazarus Group, citing attack similarities and forensic evidence. ...
Ryuk Ransomware Operator Extradited to the U.S. After FBI-Led Global Investigation
News
Ryuk Ransomware Operator Extradited to the U.S. After FBI-Led Global Investigation
Andrew Doyle June 19, 2025
A key figure behind Ryuk ransomware’s initial network intrusions has been extradited to the U.S., marking a major step in global efforts against ransomware operations. ...
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Andrew Doyle May 8, 2026
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Mitchell Langley May 8, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

Dirty Frag Zero-Day Grants Root Access on Most Linux Distributions
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV

This Week’s Security Spotlight

Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
Signed, Sealed, Stolen Hackers Used DigiCert to Certify Malware
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Gabby Lee May 5, 2026
When Amazon Sends the Phishing Email
Cybersecurity
When Amazon Sends the Phishing Email
Andrew Doyle May 5, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Mitchell Langley April 21, 2026
More In News
Trending
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Tax Season Never Really Ends for Hackers
When Amazon Sends the Phishing Email
Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
From Malware to Court: Qilin Ransomware’s ‘Call a Lawyer’ Tactic
June 23, 2025
Podcasts
Zero-Click, Zero-Warning: The FreeType Flaw Behind a Spyware Surge
June 23, 2025
Podcasts
The Insurance Industry Under Fire: Anatomy of the Aflac Cyber Incident
June 23, 2025

Cyber Security News

CISO Strategies for 2026 Navigating Future Cybersecurity Challenges
Cybersecurity
CISO Strategies for 2026: Navigating Future Cybersecurity Challenges
January 13, 2026
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
Cybersecurity
University of Hawaii Ransomware Attack Leads to Data Breach at Cancer Center
January 13, 2026
Implementing Access Reviews to Enhance Security in Microsoft 365
Application Security
Implementing Access Reviews to Enhance Security in Microsoft 365
January 13, 2026
Telegram's Proxy Link Vulnerability Exposes IP Addresses
Application Security
Telegram’s Proxy Link Vulnerability Exposes IP Addresses
January 13, 2026
Endesa Cyberattack Results in Customer Data Exposure
Data Security
Endesa Cyberattack Results in Customer Data Exposure
January 13, 2026
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
Application Security
CISA Directs Agencies to Secure Systems After Exploitation of Zero-Day Gogs Vulnerability
January 13, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Meta Deletes 6.8 Million Scam Accounts as AI-Powered Fraud Rings Exploit WhatsApp
August 6, 2025
Meta has removed 6.8 million accounts tied to criminal scam centers in the first half of 2025, marking one of the most aggressive crackdowns on ...
APT28 / Fancy Bear: Russian State Sponsored APT
August 6, 2025
APT28, aka Fancy Bear, a Russian GRU-linked group, conducts sophisticated espionage and information theft campaigns globally, targeting governments and critical infrastructure.
Meta Found Liable: Jury Rules Against Tech Giant in Flo Health Privacy Case
August 5, 2025
In a landmark decision, a California jury has ruled Meta guilty of violating user privacy laws in a class-action lawsuit tied to the popular Flo ...
TSMC Insider Threat: Six Arrested in Taiwan Over 2nm Chip Trade Secrets
August 5, 2025
In a stunning development, Taiwanese authorities have arrested six individuals suspected of stealing trade secrets from Taiwan Semiconductor Manufacturing Co. (TSMC), the world’s most advanced ...
Approov Secures £5M to Fortify Mobile App and API Security Against AI-Driven Threats
August 5, 2025
In a major step for mobile and API cybersecurity, Approov, the Edinburgh-based security firm specializing in real-time mobile attestation and API protection, has raised £5 ...
Pwn2Own Ireland 2025: $1M WhatsApp Exploit Bounty Raises the Stakes
August 5, 2025
This October, Pwn2Own Ireland 2025 will take over Cork with one of the most ambitious cybersecurity competitions yet. Co-sponsored by Meta and organized by Trend ...
FraudOnTok Malware Campaign Targets TikTok Shop Users Through Fake Apps and Phishing Tactics
August 5, 2025
CTM360 exposes the FraudOnTok campaign targeting TikTok Shop users through fake apps and phishing, using SparkKitty spyware to steal crypto wallet data and drain funds. ...
Palo Alto Networks to Acquire CyberArk in $25 Billion Deal to Strengthen Identity Security
August 5, 2025
Palo Alto Networks will acquire CyberArk for $25 billion to combine AI-powered security with identity and privilege controls, targeting evolving enterprise threats.
Chanel Confirms US Customer Data Breach Linked to Salesforce Social Engineering Attacks
August 5, 2025
Chanel confirms a U.S.-based data breach from Salesforce social engineering attacks, exposing contact details amid a broader extortion campaign targeting global enterprise brands.
CurXecute Prompt-Injection Flaw in Cursor IDE Enables Remote Code Execution
August 5, 2025
Cursor IDE’s CurXecute flaw lets malicious prompts escalate to remote code execution; Pi-hole donor emails leaked via GiveWP plugin misconfiguration. Patches released.
Ransomware Gangs Exploit Microsoft SharePoint Flaws in Widespread Attack Campaign
August 5, 2025
Ransomware groups are exploiting Microsoft SharePoint flaws in a global attack campaign, affecting over 148 organizations and linking to Chinese state-backed threat actors.
348,000 Patients Impacted in Mt. Baker Imaging Data Breach
August 5, 2025
A cyberattack on Mt. Baker Imaging exposed sensitive data for 348,000 Washington patients, including medical and financial records, triggering a class action lawsuit.
Everest Ransomware Group Claims Mailchimp but Experts Say Leak Is Minor and Unproven
August 5, 2025
Everest claims Mailchimp data breach, citing a small internal dataset; security insiders and Intuit report no evidence of systemic compromise.
Akira Ransomware Surges on SonicWall Devices Using Zero-Day and Credential Abuse
August 5, 2025
A sharp uptick in Akira ransomware activity is exploiting SonicWall remote access infrastructure, potentially via an unpatched zero-day. Akira Ransomware Campaign Intensifies Against SonicWall SSL ...
Attackers Abuse Link-Wrapping Services to Steal Microsoft 365 Credentials
August 5, 2025
Attackers hijack Proofpoint and Intermedia link-wrapping to hide Microsoft 365 phishing pages, using compromised protected accounts to harvest login credentials.
Nvidia Triton Inference Server Vulnerabilities Expose AI Infrastructure to Attack
August 4, 2025
A major warning has hit the AI community: Nvidia’s Triton Inference Server — one of the most widely used open-source platforms for deploying and scaling ...
CISA & FEMA Release $100M in Cybersecurity Grants to Strengthen State, Local, and Tribal Defenses
August 4, 2025
The U.S. Department of Homeland Security, through CISA and FEMA, has announced over $100 million in new cybersecurity grant funding for Fiscal Year 2025 — ...
350,000 Patient Records Exposed: Inside the Northwest Radiologists Data Breach
August 4, 2025
In this episode, we investigate the Northwest Radiologists data breach, a devastating cyberattack that compromised the personal and medical information of approximately 350,000 patients in ...
AI Jailbreaks on the Rise: How Hackers Are Extracting Training Data from LLMs
August 4, 2025
In this episode, we examine the rapidly growing threat of AI jailbreaks — a cybersecurity challenge reshaping the landscape of large language models (LLMs) and ...
DragonForce Ransomware – Hacktivist Turned Cybercriminal Enterprise
August 4, 2025
DragonForce is a ransomware and data extortion group that evolved from a pro-Palestinian hacktivist collective into a financially motivated cybercriminal enterprise.
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67