Main Menu
Cyber Security
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack
Hola Browser for Windows Bundled Monero Miner in Supply Chain Hit
Russia Seeks Extremist Label for Cyber Partisans and Silent Crow
Play Ransomware Hits Law Firm, Food Tech, Church, and Factory
Akira Threatens to Publish 53 GB from US Parts Maker and Ohio MLS
Qilin Ransomware Hits Avcon Jet, Slovenian Food Group, and Trican
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
WorldLeaks Targets Thai Infrastructure Giant CH Karnchang
Supreme Court Upholds $200M FCC Fines on AT&T and Verizon
FTC Seeks Public Comment on X Corp Bid to Void Twitter Settlement
CISA Orders Patch for Linux Container Escape CVE-2022-0492
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Cybersecurity
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Gabby Lee May 22, 2026
Group-IB identified five dark web brokers posting 500–1,000 fake corporate breach ads monthly using recycled Facebook 2021, Eatigo, and Truecaller leak data.
Cybersecurity
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Gabby Lee May 21, 2026
Hackers spent 77 days inside NYC Health + Hospitals via a vendor breach, stealing fingerprints, medical records, and SSNs from 1.8 million patients.
Cybersecurity
Poland Drops Signal After Russian APTs Compromise Officials’ Accounts
Andrew Doyle May 21, 2026
Poland abandoned Signal after Russian APTs compromised officials' accounts via fake support calls and malicious QR codes that bypassed its encryption.
Cybersecurity
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
Gabby Lee May 21, 2026
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead of passwords.
Cybersecurity
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
Gabby Lee May 21, 2026
Webworm, a China-aligned APT, deployed EchoCreep and GraphWorm backdoors that abuse Discord and Microsoft OneDrive as C2 channels against government targets.
Cybersecurity
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
Gabby Lee May 21, 2026
V12 security team released a working PinTheft exploit for an Arch Linux kernel double-free, enabling local root escalation on unpatched systems with RDS loaded.
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Gabby Lee May 21, 2026
A null-byte sandbox bypass in Claude Code allowed credential exfiltration via prompt injection, present from October 2025 until Anthropic's silent March patch.
Cybersecurity
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
Gabby Lee May 21, 2026
A zero-day in Huawei routers crashed Luxembourg's national telecom in July 2025 for three hours, cutting emergency services, with no CVE and no confirmed patch.
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Andrew Doyle May 21, 2026
CVE-2026-3102 in ExifTool's SetMacOSTags lets a crafted image execute shell commands on macOS; the flaw is patched in ExifTool 13.50 after Kaspersky disclosure.
Application Security
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
Mitchell Langley May 21, 2026
A Go module typosquatting shopspring/decimal deployed a DNS-based backdoor polling for OS commands every five minutes, targeting financial app developers.
Application Security
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
Mitchell Langley May 21, 2026
CVE-2026-46376 in FreePBX hardcodes setup credentials in the User Control Panel, letting unauthenticated attackers access phone systems and commit toll fraud.
Cybersecurity
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
Gabby Lee May 21, 2026
A three-vulnerability chain in Pardus Linux's pardus-update package lets any local user gain root on Turkish government systems; no patch is available yet.
CVE Vulnerability Alerts
CVE-2026-46333: Linux Kernel Flaw Grants Root via ssh-keysign
Gabby Lee May 21, 2026
Qualys disclosed CVE-2026-46333, a nine-year-old Linux privilege escalation flaw that gives local users a reliable path to root on Debian, Fedora, and Ubuntu.
CVE Vulnerability Alerts
CISA Adds Two Exploited Microsoft Defender Zero-Days to KEV
Andrew Doyle May 21, 2026
Microsoft Defender is actively being exploited via two zero-days, CVE-2026-41091 and CVE-2026-45498, which CISA added to its KEV catalog on May 20, 2026.
Cybersecurity
Ukraine IDs 18-Year-Old Who Stole 28,000 Accounts, $721K
Gabby Lee May 21, 2026
Ukrainian cyberpolice and U.S. law enforcement identified an 18-year-old from Odesa behind 28,000 stolen accounts and $721,000 in fraudulent purchases.
CVE Vulnerability Alerts
SonicWall Gen6 MFA Bypass CVE-2024-12802 Left Open by Incomplete Patch
Mitchell Langley May 21, 2026
SonicWall's patch for CVE-2024-12802 needed a manual LDAP reconfiguration most admins skipped, leaving Gen6 VPN open to MFA bypass and ransomware access.
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
Cybersecurity
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
Mitchell Langley May 20, 2026
The hacker group TeamPCP claims unauthorized access to ~4,000 GitHub private repositories and is demanding a $50,000 ransom for the stolen source code.
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
CVE Vulnerability Alerts
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
Mitchell Langley May 20, 2026
Microsoft disclosed CVE-2026-45585, a Windows zero-day that allows attackers with physical access to bypass BitLocker encryption without the decryption key.
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
Application Security
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
Andrew Doyle May 20, 2026
CVE-2026-45829 is a maximum-severity pre-auth flaw in ChromaDB allowing server hijacking; about 73% of internet-exposed instances run a vulnerable version.
Microsoft Disrupts Fox Tempest Malware-Signing Service
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
Andrew Doyle May 20, 2026
Microsoft seized Fox Tempest's signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
Application Security
Microsoft Patches Exploited Exchange XSS as Secure Boot Deadline Looms
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026
CVE Vulnerability Alerts
Check Point VPN CVE-2026-50751 Exploited by Qilin Before Patch Release
Andrew Doyle June 9, 2026
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Mitchell Langley June 9, 2026

TOP CYBERSECURITY HEADLINES

TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Cybersecurity
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Application Security
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Cybersecurity
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
Cybersecurity
TVING Data Breach Triggers South Korean Government Probe

This Week’s Security Spotlight

Application Security
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
Gabby Lee June 8, 2026
CVE Vulnerability Alerts
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
Andrew Doyle June 8, 2026
CVE Vulnerability Alerts
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Gabby Lee June 5, 2026
Cybersecurity
TheGentlemen Hits Saudi Arabia, India, Thailand, and Portugal
Gabby Lee June 5, 2026
More In News
Trending
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
PSNI Phone Number Spoofed in Gift Card Vishing Campaign
5,000 Election Phishing Domains Pre-Stage US Midterm Attacks

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Pwn2Own Automotive 2026: $3 Million Bounty Targets Tesla and EV Infrastructure Flaws
October 20, 2025
Podcasts
China Claims NSA Breached National Time Network, Threatening Finance and Defense Stability
October 20, 2025
Podcasts
Cl0p Ransomware Targets Oracle E-Business Suite in Global Data Extortion Spree
October 20, 2025

Cyber Security News

Cybersecurity
KillSec Ransomware Hits Indian Teaching Hospital and Mexican Insurer
June 3, 2026
Cybersecurity
Nova Ransomware Apologizes for CIS Rule Violation, Bans Affiliate
June 3, 2026
Cybersecurity
Trump Signs Executive Order for National Security Review of AI Models
June 3, 2026
Application Security
Huntress Discloses Windows Search URI Flaw That Leaks NTLMv2 Hashes
June 3, 2026
Cybersecurity
Qilin Ransomware Claims Six Victims Across Five Countries in Two Days
June 3, 2026
Cybersecurity
APT73 Bashe Ransomware Claims Armenia’s Ministry of Internal Affairs
June 3, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
EvilTokens Service Breaches 340 Microsoft 365 Orgs via OAuth Tokens
May 21, 2026
EvilTokens, a phishing service launched in February 2026, bypassed MFA in 340 Microsoft 365 organizations by stealing OAuth tokens instead of passwords.
Webworm APT Uses Discord and OneDrive as C2 in Government Espionage
May 21, 2026
Webworm, a China-aligned APT, deployed EchoCreep and GraphWorm backdoors that abuse Discord and Microsoft OneDrive as C2 channels against government targets.
PinTheft PoC Goes Public, Narrowing Arch Linux Exploit Window
May 21, 2026
V12 security team released a working PinTheft exploit for an Arch Linux kernel double-free, enabling local root escalation on unpatched systems with RDS loaded.
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
May 21, 2026
A null-byte sandbox bypass in Claude Code allowed credential exfiltration via prompt injection, present from October 2025 until Anthropic's silent March patch.
Huawei Zero-Day Caused Luxembourg’s 3-Hour National Telecom Blackout
May 21, 2026
A zero-day in Huawei routers crashed Luxembourg's national telecom in July 2025 for three hours, cutting emergency services, with no CVE and no confirmed patch.
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
May 21, 2026
CVE-2026-3102 in ExifTool's SetMacOSTags lets a crafted image execute shell commands on macOS; the flaw is patched in ExifTool 13.50 after Kaspersky disclosure.
Single-Letter Go Typosquat Backdoors Financial and Crypto Developers
May 21, 2026
A Go module typosquatting shopspring/decimal deployed a DNS-based backdoor polling for OS commands every five minutes, targeting financial app developers.
CVE-2026-46376: FreePBX Hard-Coded Credentials Open VoIP Portals
May 21, 2026
CVE-2026-46376 in FreePBX hardcodes setup credentials in the User Control Panel, letting unauthenticated attackers access phone systems and commit toll fraud.
Pardus Linux CVSS 9.3 Flaw Exposes Turkish Government Systems to Root
May 21, 2026
A three-vulnerability chain in Pardus Linux's pardus-update package lets any local user gain root on Turkish government systems; no patch is available yet.
CVE-2026-46333: Linux Kernel Flaw Grants Root via ssh-keysign
May 21, 2026
Qualys disclosed CVE-2026-46333, a nine-year-old Linux privilege escalation flaw that gives local users a reliable path to root on Debian, Fedora, and Ubuntu.
CISA Adds Two Exploited Microsoft Defender Zero-Days to KEV
May 21, 2026
Microsoft Defender is actively being exploited via two zero-days, CVE-2026-41091 and CVE-2026-45498, which CISA added to its KEV catalog on May 20, 2026.
Ukraine IDs 18-Year-Old Who Stole 28,000 Accounts, $721K
May 21, 2026
Ukrainian cyberpolice and U.S. law enforcement identified an 18-year-old from Odesa behind 28,000 stolen accounts and $721,000 in fraudulent purchases.
SonicWall Gen6 MFA Bypass CVE-2024-12802 Left Open by Incomplete Patch
May 21, 2026
SonicWall's patch for CVE-2024-12802 needed a manual LDAP reconfiguration most admins skipped, leaving Gen6 VPN open to MFA bypass and ransomware access.
TeamPCP Claims Breach of 4,000 GitHub Private Repositories
May 20, 2026
The hacker group TeamPCP claims unauthorized access to ~4,000 GitHub private repositories and is demanding a $50,000 ransom for the stolen source code.
CVE-2026-45585: Windows Zero-Day Bypasses BitLocker
May 20, 2026
Microsoft disclosed CVE-2026-45585, a Windows zero-day that allows attackers with physical access to bypass BitLocker encryption without the decryption key.
CVE-2026-45829: Max-Severity Flaw Lets Attackers Hijack ChromaDB
May 20, 2026
CVE-2026-45829 is a maximum-severity pre-auth flaw in ChromaDB allowing server hijacking; about 73% of internet-exposed instances run a vulnerable version.
Microsoft Disrupts Fox Tempest Malware-Signing Service
May 20, 2026
Microsoft seized Fox Tempest's signspace.cloud domain and revoked over 1,000 fraudulent code-signing certificates used by ransomware groups and infostealers.
B1ack’s Stash Releases 4.6M Stolen Credit Cards Free
May 20, 2026
B1ack's Stash dark-web marketplace released 4.6 million stolen card records for free, with 4.3 million actionable, after resellers violated its terms.
Trapdoor Android Ad Fraud Scheme Generated 659M Fake Bids
May 20, 2026
HUMAN's Satori team disclosed Trapdoor, 455 malicious Android apps generating 659 million fake ad bids daily, with more than 24 million total downloads.
Nx Console VS Code Extension Poisoned to Steal 1Password, AWS Keys
May 20, 2026
Version 18.95.0 of the Nx Console VS Code extension was weaponized for 11 minutes to steal 1Password vaults, AWS credentials, and Claude Code secrets.
TheGentlemen Ransomware Posts 12 Victims in One Day Across 8 Countries
Gogs 0.14.3 Patches Critical RCE Zero-Day After 10 Days Without Fix
Akira, Qilin, and Nightspire Post 4 Victims on Ransomware Leak Sites
What Is Dropper Malware and How Does It Evade Detection
TVING Data Breach Triggers South Korean Government Probe
AI Agent Finds 21 FFmpeg Zero-Days Including Unauthenticated RCE
Anthropic Engineers Deploy Inside NSA to Run Mythos Cyber AI
Claude Opus Finds 4-Year Zcash Flaw Enabling Silent Coin Forgery
C0XMO Botnet Exploits DD-WRT CVE-2021-27137, Evicts Rival Malware
ShinyHunters Publishes 234 GB of DentaQuest Records for 2.6M
Six Ransomware Groups Post Cross-Sector Victims in Single Day
Payload Ransomware Hits Retailer, Textile Firm, and Hotel Group
CISA Orders Serv-U CVE-2026-28318 Patch After Active Exploitation
VerdantBamboo PLENET Backdoor Sustained 18-Month M365 Intrusion
CoinbaseCartel Ransomware Targets Cambridge Mobile Telematics
Anubis Ransomware Wiper Mode Targets US Law Firm and UK Contractor
DNS Tunneling: How Attacks Work, Detection, and Prevention
Cisco SD-WAN Manager Hit by 7th Zero-Day of 2026, No Patch
Five Eyes Warn Chinese Spies Use Fake Jobs to Target Clearances
IronWorm Rust Malware Hits 36 npm Packages in Supply Chain Attack