Main Menu
Cyber Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited
Instagram’s Privacy Controls Data Exposure: Review of Recent Findings
Former Google Engineer Found Guilty of Stealing AI Data for Chinese Firms
eScan Antivirus Compromised: Supply Chain Security Breach Uncovered
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Android Malware Incident: Hugging Face Repository Misuse
Chrome Extensions Prove Malicious with Data Hijacking Tricks
White House Revokes Software Security Rules But Keeps Key Resources
Microsoft Sets Retirement for NTLM Protocol in Windows for Enhanced Security
Startup Aisy Secures $2.3 Million Seed Fund to Enhance Vulnerability Management
Surge in Illegal Cryptocurrency Flows Reaches $158 Billion by 2025
Legal Repercussions Mount for Cognizant After TriZetto Incident
Global Crackdown Disrupts Illegal IPTV Services and Sends Strong Message
More Than 175,000 Exposed Hosts Pose Risks for Ollama LLM Misuse
Australia Sanctions Russian Entity and Individuals Over Medibank Cyberattack
News
Australia Sanctions Russian Entity and Individuals Over Medibank Cyberattack
Andrew Doyle February 13, 2025
Australia imposed sanctions on a Russian entity, ZServers, and five individuals for their alleged involvement in the 2022 Medibank cyberattack, impacting 9.7 million customers.
Rhysida Ransomware: The Silent Serpent
Resources
Rhysida Ransomware: The Silent Serpent
Mitchell Langley February 13, 2025
Rhysida Ransomware Threat Actor Profile
Top Cyber Threats Facing Enterprise Businesses in 2025 A Comprehensive Guide
Blog
Top Cyber Threats Facing Enterprise Businesses in 2025: A Comprehensive Guide
Mitchell Langley February 13, 2025
While consumers grapple with phishing emails and social media scams, the scale and sophistication of cyberattacks targeting critical sectors are ...
North Korean Hackers Leverage PowerShell Exploit in Sophisticated Cyber Attack
News
North Korean Hackers Leverage PowerShell Exploit in Sophisticated Cyber Attack
Mitchell Langley February 12, 2025
North Korean hackers use a PowerShell exploit in a new cyberattack, tricking victims into installing malware. A related scheme involved a woman facilitating North Korean ...
LockBit Sanctioned as US, UK, and Australia Join Hands Against the Russian Cybercrime Network
News
LockBit Sanctioned as US, UK, and Australia Join Hands Against the Russian Cybercrime Network
Andrew Doyle February 12, 2025
The US, UK, and Australia have sanctioned Zservers, a Russian-based service provider aiding the LockBit ransomware group, and two key administrators, Alexander Mishin and Aleksandr ...
OmniGPT Breach Exposes Data of 30,000 Users
News
OmniGPT Breach Exposes Data of 30,000 Users
Mitchell Langley February 12, 2025
OmniGPT data breach exposes over 30,000 users' data, including emails, API keys, and potentially crypto keys, now being sold on the dark web.
Cyber Attack Targets 2.8 Million IPs on VPN Devices
News
Cyber Attack Targets 2.8 Million IPs on VPN Devices
Andrew Doyle February 12, 2025
A massive cyber attack using 2.8 million IPs targets VPN devices and other network appliances via brute-force attacks, primarily impacting Brazil.
Critical Windows Zero-Day Vulnerabilities Actively Exploited: CISA Issues Warning to 'Test and deploy quickly'
News
Critical Windows Zero-Day Vulnerabilities Actively Exploited: CISA Issues Warning to ‘Test and deploy quickly’
Andrew Doyle February 12, 2025
Critical Windows zero-days (CVE-2025-21418, CVE-2025-21391) are actively exploited. CISA urges immediate patching to prevent data loss and system compromise. Federal agencies have until March 4th.
Black Basta Ransomware: The Black Hand of Dark Web
Resources
Black Basta Ransomware: The Black Hand of Dark Web
Mitchell Langley February 12, 2025
Black Basta is a prolific ransomware-as-a-service (RaaS) group employing double-extortion tactics (data encryption and exfiltration).
Sault Tribe, Kewadin Casinos Hit by Cyber Attack
News
Sault Tribe, Kewadin Casinos Hit by Cyber Attack
Mitchell Langley February 11, 2025
A ransomware cyber attack crippled the Sault Tribe and Kewadin Casinos, halting gaming operations and disrupting numerous tribal services. The Sault Tribe cyber attack is ...
Hackers Target Valentine's Day Domains in Cyber Attacks
News
Hackers Target Valentine’s Day Domains in Cyber Attacks
Mitchell Langley February 11, 2025
Hackers are exploiting Valentine's Day with malicious domains and phishing scams. Stay vigilant and verify links to avoid becoming a victim of these cyber attacks. ...
Sophisticated Gmail Attacks Target Users: FBI Issues "Do Not Click" Alert
News
Sophisticated Gmail Attacks Target Users: FBI Issues “Do Not Click” Alert
Andrew Doyle February 11, 2025
FBI warns of sophisticated AI-powered Gmail attacks, urging users not to click suspicious links to avoid email fraud and online scams. These email security threats ...
Cisco Rejects Claims of Kraken Data Breach, Says Data From 2022 Incident
News
Cisco Rejects Claims of Kraken Data Breach, Says Data From 2022 Incident
Mitchell Langley February 11, 2025
Cisco denies a new Kraken data breach, linking leaked data to a 2022 incident where attackers gained access via vishing and compromised employee credentials. The ...
Asheville Eye Associates, PLLC Data Breached: Levi & Korsinsky, LLP Launches Investigation
News
Asheville Eye Associates, PLLC Data Breached: Levi & Korsinsky, LLP Launches Investigation
Andrew Doyle February 11, 2025
Asheville Eye Associates, a PLLC, experienced a significant data breach. Patient information was compromised, prompting legal action from Levi & Korsinsky. The breach highlights the ...
Play Ransomware: The Shadow Syndicate
Resources
Play Ransomware: The Shadow Syndicate
Mitchell Langley February 11, 2025
Play is a highly capable ransomware group demonstrating advanced technical skills and operational sophistication.
City of Hayward Data Breach: Lawsuit Launched by Levi & Korsinsky
News
City of Hayward Data Breach: Lawsuit Launched by Levi & Korsinsky
Mitchell Langley February 10, 2025
The City of Hayward suffered a data breach, exposing sensitive personal information. Levi & Korsinsky, LLP is pursuing a class-action lawsuit for affected individuals seeking ...
Paragon Spyware Used in WhatsApp Hacking Scandal
News
Paragon Spyware Used in WhatsApp Hacking Scandal
Mitchell Langley February 10, 2025
Paragon Solutions, maker of Paragon spyware, terminated its contract with Italy following allegations its software was used in a WhatsApp spyware attack targeting journalists and ...
HPE Notifies Employees of Breach Stealing Data in Office 365 Hack
News
HPE Notifies Employees of Breach Stealing Data in Office 365 Hack
Mitchell Langley February 10, 2025
HPE confirms a May 2023 Office 365 hack by Russian state-sponsored hackers, Cozy Bear, resulting in a data breach affecting employee data including driver's licenses ...
Cyberattack on Lee Enterprises Causes Disruption Across US Newspapers
News
Cyberattack on Lee Enterprises Causes Disruption Across US Newspapers
Mitchell Langley February 10, 2025
Cyberattack on Lee Enterprises disrupted numerous US newspapers, halting printing, affecting websites, and causing subscriber access issues. The Lee Cyberattack investigation is ongoing.
Cisco Data Breach: Kraken Ransomware Group Leaks Sensitive Credentials
News
Cisco Data Breach: Kraken Ransomware Group Leaks Sensitive Credentials
Mitchell Langley February 10, 2025
Cisco data breach exposed sensitive credentials, allegedly leaked by the Kraken ransomware group. The leaked data includes NTLM hashes and privileged accounts, highlighting the threat ...
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
CVE Vulnerability Alerts
SolarWinds Vulnerability Exploitation Prompts Immediate Response from Federal Agencies
Andrew Doyle February 4, 2026
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
Mitchell Langley February 4, 2026
Everest Extortion Group and Iron Mountain Data Incident Key Insights
News
Everest Extortion Group and Iron Mountain Data Incident: Key Insights
Mitchell Langley February 4, 2026
Osiris Ransomware Disables Security Tools in Novel Attack
News
Osiris Ransomware Disables Security Tools in Novel Attack
Andrew Doyle January 28, 2026

TOP CYBERSECURITY HEADLINES

RapidFort Secures $42 Million to Enhance Software Security Automation
Cybersecurity
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X's Grok AI for Generating Inappropriate Images
Cybersecurity
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability Understanding Its Impact on Docker Desktop and CLI
Application Security
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA's Vulnerability Notice Revisions Spark Concerns
Cybersecurity
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns

This Week’s Security Spotlight

Revelations from Epstein Files Allegations of a Personal Hacker
Cybersecurity
Revelations from Epstein Files: Allegations of a “Personal Hacker”
Andrew Doyle February 4, 2026
Nike Investigates Breach as Hackers Threaten Data Disclosure
Cybersecurity
Nike Investigates Breach as Hackers Threaten Data Disclosure
Andrew Doyle January 28, 2026
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Application Security
Microsoft Investigates Outlook Crashing on iPad Devices due to Coding Error
Andrew Doyle January 28, 2026
TP-Link's Vulnerability Critical Patch for VIGI Cameras
Network Security
TP-Link’s Vulnerability: Critical Patch for VIGI Cameras
Gabby Lee January 20, 2026
More In News
Trending
Multi-Stage Phishing Campaign Targets Russia With Ransomware and Amnesia RAT
ShinyHunters Claims Responsibility for Recent Okta Phishing Attack
LastPass Users Targeted by Deceptive Phishing Campaign
Cybercriminals Exploit Social Media Messages for Malicious Payloads

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Citrix NetScaler Flaws Expose Enterprise Networks: CVE-2025-5349 & CVE-2025-5777
June 19, 2025
Podcasts
GerriScary: How CVE-2025-1568 Threatened Google’s Open-Source Supply Chain
June 19, 2025
Podcasts
Cisco & Atlassian Under Fire: High-Severity Flaws and What’s at Risk
June 19, 2025

Cyber Security News

AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
Application Security
AI-Generated Malicious VS Code Extension Raises Concerns Over Marketplace Security
November 7, 2025
ClickFix Malware Evolves New Tactics Use Video Guides and Timers to Increase Infection Rates
Cybersecurity
ClickFix Malware Evolves: New Tactics Use Video Guides and Timers to Increase Infection Rates
November 6, 2025
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
Cybersecurity
Nevada Completes Full Recovery from Devastating Statewide Ransomware Attack
November 6, 2025
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
Application Security
Truffle Security Secures $25 Million to Expand Secrets Scanning Capabilities
November 6, 2025
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
Cybersecurity
U.S. Congressional Budget Office Hit by Suspected Foreign Cyberattack
November 6, 2025
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
Application Security
Tenable Researchers Uncover Vulnerabilities in GPT-4o’s Memory and Search Capabilities
November 6, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
Memphis-Shelby County Schools Joins Growing Lawsuit Against PowerSchool After Data Breach
May 15, 2025
Tennessee’s largest school district has filed a federal lawsuit against PowerSchool, citing breach of contract and security failures linked to a December 2023 data breach. ...
Exploited in the Wild: SAP NetWeaver Zero-Days Hit Fortune 500
May 14, 2025
In this episode, we dive into the active exploitation of two critical zero-day vulnerabilities in SAP NetWeaver—CVE-2025-31324 and CVE-2025-42999. Threat actors have been leveraging these ...
Checkout Chaos: Inside the £3.5 Million-a-Day M&S Cyber-Shutdown
May 14, 2025
The recent ransomware attack on Marks & Spencer (M&S) is a sobering example of the evolving cyber threat landscape confronting the retail industry. In this ...
Targeted iOS Attacks: The Zero-Days Apple Had to Patch Fast
May 14, 2025
In this episode, we break down Apple’s massive May 2025 security update blitz—a sweeping patch release that spanned iOS, macOS, iPadOS, tvOS, visionOS, and watchOS. ...
DragonForce Hackers Disrupt UK Retail Giant Co-op in Geopolitically Charged Cyberattack
May 14, 2025
Russian-aligned ransomware group DragonForce hit UK retailer Co-op, exposing customer data and disrupting operations, in a hybrid cyberattack blending financial and geopolitical motives.
EU Launches European Vulnerability Database (EUVD) Amid CVE Funding Crisis
May 14, 2025
The EU launches its own vulnerability database (EUVD) to strengthen cybersecurity, reduce reliance on CVE, and ensure greater digital sovereignty across European infrastructure.
Twilio Denies Breach After Leak Claims to Expose Steam 2FA Codes
May 14, 2025
Twilio denies breach after leaked Steam 2FA codes appear online. Experts suspect a third-party SMS provider may be the source of the data exposure.
Texas vs Google: The $1.4 Billion Wake-Up Call for Data Privacy Violations
May 13, 2025
In this episode, we unpack the groundbreaking $1.4 billion privacy settlement between Google and the state of Texas—now the largest of its kind in U.S. ...
Marbled Dust’s Zero-Day Exploit: Unveiling a Türkiye-linked Espionage Campaign Against Kurdish Forces
May 13, 2025
In April 2024, a sophisticated cyber espionage campaign orchestrated by the Türkiye-linked hacker group, Marbled Dust, began exploiting a previously unknown zero-day vulnerability in the ...
M&S Confirms Customer Data Breach Following Cyberattack
May 13, 2025
M&S confirms a customer data breach exposing contact details and order history after a cyberattack, but reassures no payment data or passwords were compromised.
TeleMessage Exploit: Inside the Messaging Flaw That Hit Coinbase and CBP
May 13, 2025
In this episode, we dissect CVE-2025-47729, a critical vulnerability in TeleMessage, a message archiving app recently thrust into the spotlight due to its use by ...
VMware Tools Vulnerability Lets Attackers Tamper with Virtual Machines
May 13, 2025
Broadcom patches a critical VMware Tools vulnerability that allows attackers with limited VM access to tamper with files. Affects Windows, Linux, and open-vm-tools versions.
Thousands of Node Developers Compromised by Malware in Popular npm Packages
May 13, 2025
A sophisticated supply chain attack on npm injected malware into widely used packages, exposing thousands of developers to remote access trojans, data theft, and backdoors. ...
Türkiye-Backed Group Exploits Output Messenger Zero-Day in Cyberespionage Attack on Kurdish Targets
May 13, 2025
A Türkiye-linked cyberespionage group exploited a zero-day in Output Messenger, enabling access to sensitive data and communications in targeted attacks on Kurdish-aligned users.
Moldovan Authorities Arrest Suspect Tied to DoppelPaymer Ransomware Attacks
May 13, 2025
A Moldovan suspect has been arrested for a 2021 DoppelPaymer ransomware attack that crippled Dutch research systems and caused €4.5 million in damages.
rand-user-agent: The NPM Package That Opened a Backdoor
May 12, 2025
In this episode, we break down the recent compromise of the rand-user-agent NPM package—an attack that quietly turned a once-trusted JavaScript library into a delivery ...
160,000 Victims Later: The Aspire USA Breach Under Valsoft’s Watch
May 12, 2025
In this episode, we break down the February 2025 data breach that hit Valsoft Corporation, operating under the name AllTrust, through its subsidiary Aspire USA. ...
Backdoored by ‘Cheap’ AI: How Fake npm Packages Compromised Cursor IDE
May 12, 2025
A new supply chain attack has emerged—this time targeting macOS users of the Cursor AI code editor through rogue npm packages. In this episode, we ...
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
May 12, 2025
Chinese threat group Chaya_004 exploited a zero-day flaw in SAP NetWeaver servers, compromising hundreds of systems using remote code execution and web shell deployments.
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
May 12, 2025
The iClicker website was hacked between April 12–16, 2025, using a fake CAPTCHA to deploy malware via a ClickFix attack targeting students and faculty.
RapidFort Secures $42 Million to Enhance Software Security Automation
UK Data Protection Authority Probes X’s Grok AI for Generating Inappropriate Images
The DockerDash Vulnerability: Understanding Its Impact on Docker Desktop and CLI
U.S. CISA’s Vulnerability Notice Revisions Spark Concerns
React Native’s Metro Server Vulnerability: A Growing Cyber Threat
Reconnaissance Attack On Citrix NetScaler Targets Login Panels with Proxy Networks
State-Sponsored Cyber Espionage: Notepad++ Update Traffic Hijacked
Cybercriminals Exploit Weak Security in 1,400 MongoDB Servers
Malicious VS Code Extensions Spread GlassWorm Loader
Surge in Fake Investment Platforms Exploiting Social Media
Fast Food Giant McDonald Calls for Creative Passwords to Enhance Security
Identity Challenges in User Data Storage and Security Maintenance
Russian Hackers Exploit Vulnerability in Microsoft Office to Target Ukraine
Microsoft’s Strategy to Eliminate NTLM in Favor of Kerberos
ClawHub’s Third-Party Skills Security Risks: User Data at Stake
Firefox Introduces Options to Control AI Features
Microsoft Acknowledges Shutdown Issue in Windows 10 and 11 Systems
Increasing Threats from Automated Data Extortion Targeting MongoDB
Apple Enhances Location Privacy With New Feature for iPhone and iPad
Zero-Day Vulnerabilities in Ivanti EPMM Exploited