Cyber Security
How to Defend Your Organization Against Scattered Spider’s Service Desk Attacks
Ivanti Workspace Control Exposes SQL Credentials Through Hardcoded Key Flaws
The Exploding Threat of Cybercrime-as-a-Service (CaaS): How it’s Reshaping the Cybercrime Landscape
Quantum Hacking Is Coming: How to Prepare with Post-Quantum Security Today
Interlock Ransomware Suspected in Kettering Health System-Wide Outage
RVTools Supply Chain Attack Delivered Bumblebee Malware via Trojanized Installer
Chinese Hackers Exploiting SAP NetWeaver Servers via Zero-Day Vulnerability
iClicker Website Compromised in ClickFix Malware Attack Targeting Students and Faculty
The Truth About Identity Attacks: How to Protect Your Business and Data
CISA Warns of Ongoing Cyber Threats to U.S. Oil and Gas Infrastructure
Play Ransomware Exploited Windows Logging Vulnerability in Zero-Day Attacks
The Rising Tide of Supply Chain Cybersecurity Risks in 2025
Fighting AI with AI: Using Artificial Intelligence to Strengthen Enterprise Cybersecurity
27 Million Records Allegedly Leaked from French Retailer Boulanger
13 Cybersecurity Assumptions That Are Getting You Hacked (And What to Do Instead)
Navigating the Complex Intersection of AI and Data Privacy
Cookie-Bite Attack Uses Chrome Extension to Steal Microsoft Session Tokens and Bypass MFA
Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests
FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud
Remote Desktop Protocol (RDP): A Double-Edged Sword for IT Teams
Google Faces £5 Billion UK Antitrust Lawsuit Over Search Advertising Practices
Skyward Specialty Insurance Data Breach Exposes Sensitive Information
Hacker Forum ‘Cracked’ Resurfaces Online After FBI Seizure in Global Cybercrime Operation
Wolters Kluwer Data Breach Claim Raises Alarms Across Fortune 500 Network
Fall River Public Schools Responds to Cybersecurity Breach
COBIT 2019 vs. COBIT 5: What’s New and Why It Matters
The Soaring Cost of Data Breaches for Enterprise Businesses in 2024
ChatGPT is Down Worldwide Impacting Millions
Chinese Weaver Ant Hackers Spied on Telco Network for Four Years
10 Key Benefits of Cyber Tabletop Exercises
Mobile Carrier Cellcom Breached, Company Confirms Cyberattack Behind Extended Outages
News
Mobile Carrier Cellcom Breached, Company Confirms Cyberattack Behind Extended Outages
Cellcom confirms a cyberattack caused week-long service outages across Wisconsin and Michigan, impacting calls and SMS; personal data reportedly not compromised.
VanHelsing Ransomware Builder Leaked by Former Developer on Hacking Forum
News
VanHelsing Ransomware Builder Leaked by Former Developer on Hacking Forum
VanHelsing ransomware's builder and affiliate panel source code leaked after a former developer tried to sell it, prompting the gang to release it themselves.
Scattered Spider Breached M&S via Third-Party TCS Credentials, Sources Confirm
News
Scattered Spider Breached M&S via Third-Party TCS Credentials, Sources Confirm
Scattered Spider used third-party TCS employee credentials to breach M&S systems, exposing customer data and costing over £1 billion in market value and lost profits. ...
Trojanized KeePass Installer Leads to Ransomware on VMware ESXi Servers
News
Trojanized KeePass Installer Leads to Ransomware on VMware ESXi Servers
Fake KeePass installers promoted via Bing ads delivered Cobalt Strike and stole credentials, ultimately leading to ESXi ransomware attacks linked to Black Basta affiliates.
TeleMessage Breach Exposes U.S. Government Messaging Data, 410GB Archive Published by DDoSecrets
News
TeleMessage Breach Exposes U.S. Government Messaging Data, 410GB Archive Published by DDoSecrets
Hackers exploited a flaw in TeleMessage’s TM SGNL app, exposing U.S. official communications. DDoSecrets published 410GB of chat logs and metadata from the breach.
Arla Foods Cyberattack Disrupts German Production Site, Causes Delivery Delays
News
Arla Foods Cyberattack Disrupts German Production Site, Causes Delivery Delays
Arla Foods confirmed a cyberattack at its Upahl production site in Germany, disrupting operations and causing delivery delays. No data theft has been confirmed.
O2 Flaw Leaked Customer Geolocation Data to Any Caller
News
O2 Flaw Leaked Customer Geolocation Data to Any Caller
O2 exposed customers’ real-time locations via VoLTE call metadata. A researcher found SIP headers leaking geolocation and device data. The issue is now resolved.
Coinbase Insider Breach Exposes Customer Data and Government IDs; $20M Ransom Rejected
News
Coinbase Insider Breach Exposes Customer Data and Government IDs; $20M Ransom Rejected
Coinbase Insider Breach revealed that rogue support agents aided a cyberattack stealing customer data and government IDs. The attackers demanded $20 million, but Coinbase refused ...
Hackers Target VMware ESXi and Microsoft SharePoint Zero-Days at Pwn2Own Berlin 2025
News
Hackers Target VMware ESXi and Microsoft SharePoint Zero-Days at Pwn2Own Berlin 2025
Researchers at Pwn2Own Berlin 2025 earned $695,000 for exploiting zero-day flaws in VMware ESXi, Microsoft SharePoint, Firefox, and AI platforms.
Adidas and Dior Confirm Customer Data Breaches Following Targeted Cyberattacks
News
Adidas and Dior Confirm Customer Data Breaches Following Targeted Cyberattacks
Adidas and Dior confirmed data breaches affecting customer information in Korea and China. Both brands reported no financial data exposure and began notifying affected individuals. ...
Ransomware Gangs Adopt Skitnet Malware for Post-Exploitation Attacks in Enterprise Environments
News
Ransomware Gangs Adopt Skitnet Malware for Post-Exploitation Attacks in Enterprise Environments
Ransomware groups including BlackBasta and Cactus are using Skitnet malware for stealthy post-exploitation in enterprise networks, enabling persistence, data theft, and remote control.
Broadcom Employee Data Leaked After Supply Chain Breach at ADP Partner
News
Broadcom Employee Data Leaked After Supply Chain Breach at ADP Partner
Broadcom employee data leaked after a ransomware attack on ADP partner Business Systems House. Sensitive files appeared on the dark web, impacting global semiconductor workers. ...
SK Telecom Data Breach Exposes Nearly 27 Million SIM Records
News
SK Telecom Data Breach Exposes Nearly 27 Million SIM Records
SK Telecom suffered a data breach impacting nearly 27 million SIM records, with malware infections across 23 servers and critical personal data left unencrypted.
This Week In Cybersecurity: May 12th to 16th, 2025
News
This Week In Cybersecurity: May 12th to 16th, 2025
"This week in cybersecurity highlights significant data breaches, vulnerabilities, and emerging threats impacting various sectors, emphasizing the need for robust security measures."
Legal Aid Agency Data Breach Exposes Sensitive Information of Legal Aid Applicants
News
Legal Aid Agency Data Breach Exposes Sensitive Information of Legal Aid Applicants
A cyberattack on the UK’s Legal Aid Agency exposed personal, financial, and criminal data of applicants dating back to 2010, prompting a full shutdown of ...
Ransomware Gangs Exploit SAP NetWeaver Vulnerability in Ongoing Global Attacks
News
Ransomware Gangs Exploit SAP NetWeaver Vulnerability in Ongoing Global Attacks
Ransomware groups RansomEXX and BianLian have joined global threat actors exploiting a critical SAP NetWeaver vulnerability, risking full remote system compromise for unpatched servers.
RoundPress Cyberespionage Campaign Exploits XSS Flaws in Government Webmail
News
OpenAI Testing Model Context Protocol Integration for ChatGPT
OpenAI is testing Model Context Protocol support in ChatGPT, allowing secure access to third-party tools and enterprise platforms for more powerful, contextual task handling.
RoundPress Cyberespionage Campaign Exploits XSS Flaws in Government Webmail
News
RoundPress Cyberespionage Campaign Exploits XSS Flaws in Government Webmail
Russian-linked hackers exploited XSS flaws in Roundcube, Zimbra, and others to steal government emails globally through a no-click attack dubbed the RoundPress campaign.
North Korean Hackers TA406 Target Ukraine to Gauge Russia's Military Demands
News
North Korean Hackers TA406 Target Ukraine to Gauge Russia’s Military Demands
North Korean hackers TA406 target Ukrainian government entities to assess Russia’s war demands, using phishing, PowerShell malware, and credential theft to inform DPRK military strategy. ...
Bank Street College of Education Exposes Half a Million Files with Sensitive Personal Data
News
Bank Street College of Education Exposes Half a Million Files with Sensitive Personal Data
Bank Street College of Education exposed 500,000+ personal files via a misconfigured AWS bucket, including resumes and contact details. Risk of phishing and ID fraud ...

TOP CYBERSECURITY HEADLINES

SECURITYWEEK INDUSTRY EXPERTS

Trending

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Threat Actors
  • Threat Detection Tools
  • Uncategorized
FIN6 Hackers Target Recruiters with Fake Job Seekers and Malware-Loaded Resumes
FIN6 hackers are impersonating job seekers to infiltrate recruiter systems, delivering the More_Eggs malware via AWS-hosted resume sites and phishing tactics on LinkedIn and Indeed. ...
4,000+ Fake Sites Used in Scam Marketplace Ads on Facebook to Impersonate Top Retail Brands
A scam network using over 4,000 fake websites is impersonating Amazon, Birkenstock, and more, pushing fraudulent Facebook Marketplace ads and stealing user data.
Bert Ransomware Group Claims Data Theft from Global Port Agency S5
Ransomware gang Bert claims to have stolen 140GB of sensitive data from S5 Agency World, a maritime logistics firm with operations in 360+ ports globally. ...
Inside the React Native NPM Supply Chain Breach: 16 Packages, 1 Million+ Downloads, and a RAT in the Code
In this episode, we break down the massive supply chain attack that rocked the React Native ecosystem beginning on June 6, 2025. Over 16 NPM ...
INC Ransomware: Master of Double Extortion
INC Ransomware is a sophisticated and relatively new cybercriminal group known for its targeted ransomware attacks against corporate and organizational networks. They exhibit a high ...
Mirai Strikes Again: Spring4Shell, Wazuh, and TBK DVRs Exploited in Live Campaigns
In this episode, we dive into the latest wave of active Mirai botnet campaigns exploiting high-severity remote code execution (RCE) vulnerabilities in critical enterprise and ...
UNFI Breach: How One Cyberattack Shook the North American Food Supply
On June 5, 2025, United Natural Foods Inc. (UNFI)—North America’s largest publicly traded wholesale food distributor and primary supplier for Whole Foods—was struck by a ...
Ticketmaster Data from Snowflake Attack Appears Briefly on Arkana Security Extortion Site
Old Ticketmaster data stolen in the 2024 Snowflake attack was briefly relisted for sale by Arkana Security, sparking confusion over a possible new breach.
Ransomware Attack on Sensata Technologies Leads to Data Breach Impacting Employee Information
Sensata Technologies confirms employee data was stolen in a ransomware breach that impacted operations and exposed sensitive personal and financial details from current and former ...
United Natural Foods Cyberattack Disrupts Operations Across North America
United Natural Foods, a key supplier to Whole Foods, suffered a cyberattack that disrupted customer orders and forced systems offline as investigations and recovery efforts ...
Over 84,000 Roundcube Webmail Servers Exposed to Actively Exploited Remote Code Flaw
Over 84,000 Roundcube webmail servers remain exposed to a critical RCE flaw (CVE-2025-49113) despite a June 2025 patch fixing the vulnerability.
SentinelOne Targeted in Sophisticated China-Linked Supply Chain Attack Attempt
Chinese threat actors linked to APT15 and APT41 attempted to compromise SentinelOne through a third-party logistics provider using ShadowPad and GOREshell malware in a global ...
Scattered Spider: A Web of Social Engineering
Scattered Spider, also known as UNC3944, is a financially motivated cybercriminal group known for its sophisticated social engineering tactics and ability to navigate cloud environments.
Malware-as-Code: The Rise of DaaS on GitHub and the Collapse of Open-Source Trust
In this episode, we dissect one of the most sophisticated ongoing cybercrime trends—malware campaigns weaponizing GitHub repositories to compromise developers, gamers, and even rival hackers. ...
Hacker Claims Massive Claro, Movistar Data Breach — Companies Dispute Authenticity
A hacker claims to sell data from Claro and Movistar, affecting over 35 million users, but telecom companies dispute the breach or question its legitimacy. ...
The New Era of AI in Cybersecurity: How AI-Generated Malware is Shaping Threats
The integration of artificial intelligence (AI) into both cybercrime and cybersecurity has created a pivotal shift. This blog delves into the dangers of AI-generated malware, ...
ClickFix: How Fake Browser Errors Became the Internet’s Most Dangerous Trap
In this episode, we dive deep into ClickFix, also tracked as ClearFix or ClearFake—a highly effective and deceptive malware delivery tactic that emerged in early ...
Exposed and Extorted: The ViLE Hackers and the Legal Gaps Enabling Doxing
Cybercrime is rapidly evolving—and so are its tactics. In this episode, we dissect the findings of SoSafe’s Cybercrime Trends 2025 report and explore the six ...
APT40: Chinese State Sponsored APT
APT40, also known as ATK29, BRONZE MOHAWK, G0065, GADOLINIUM, Gingham Typhoon, ISLANDDREAMS, ITG09, KRYPTONITE PANDA, Leviathan, MUDCARP, Red Ladon, TA423, TEMP.Jumper, and TEMP.Periscope, is an ...
The North Face Confirms Credential Stuffing Attack, Customer Accounts Exposed
The North Face warns customers of a credential stuffing attack in April that compromised account information but left payment card data untouched, thanks to tokenized ...
IdeaLab Confirms Data Stolen in Ransomware Attack Linked to Hunters International
Kelly Benefits Data Breach Exposes Personal Information of Over 550,000 Individuals
Esse Health Data Breach Impacts Over 263,000 Patients in Prolonged Cyber Incident
Spain Arrests Hackers Behind Data Breach Targeting Politicians and Journalists
Citrix Patch for Critical NetScaler Vulnerabilities Causes Login Issues for Some Customers
Forminator Plugin Flaw Leaves 600,000+ WordPress Sites at Risk of Full Takeover
Grafana Issues Critical Security Fixes for Image Renderer Plugin and Synthetic Monitoring Agent
Hunters International Ransomware Group Shuts Down, Offers Free Decryptors Amid Exit
Spanish Authorities Dismantle €10 Million Investment Scam Network With Fake Advisors and Crypto Portals
Cisco Removes Hardcoded Root Account from Unified CM to Prevent Remote Takeover
Fake Crypto Wallet Add-ons Flood Firefox Store in Ongoing Credential Theft Campaign
Qantas Confirms Data Breach Following Cyberattack on Third-Party Platform
macOS Under Siege: NimDoor Malware Targets Telegram, Wallets, and Keychains
Cisco Unified CM Vulnerability: Root Access Risk for Enterprise VoIP Networks
Forminator Flaw Exposes WordPress Sites to Takeover Attacks: Vulnerability Threatens 600,000+ Sites
Stormous Ransomware: The Pro-Russian Cyber Gang Targeting Global Networks
Kelly Benefits Breach: Over 550,000 Victims and the Rising Identity Theft Crisis
The Rising Tide of Cybersecurity Threats in Hospitality: How Hotels Can Stay Secure this Summer
FileFix, HTA, and MotW Bypass—The Alarming Evolution of HTML-Based Attacks
Critical Flaws in Microsens NMP Web+ Threaten Industrial Network Security