Main Menu
Cyber Security
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67
China-Linked UAT-8302 Targets Governments in South America and Europe
Karakurt Negotiator Gets 8.5 Years in First U.S. Conviction
Microsoft: AiTM Phishing Hit 35,000 Users in 26 Countries
Palo Alto CVE-2026-0300 Under Active Attack — Patch Due May 13
cPanel CVE-2026-41940 Exploited Within 24 Hours, Ransomware Deployed
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
ShinyHunters Claims 280 Million Canvas Records Lifted from Instructure
MOVEit Is Back in the Crosshairs: CVSS 9.8 Flaw in Automation
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
SimpleHelp and ScreenConnect: The IT Tools That Became a Backdoor
Alleged AT&T Data Breach Exposes 31 Million Records
News
Alleged AT&T Data Breach Exposes 31 Million Records
Andrew Doyle May 28, 2025
Hackers claim to have leaked 31 million AT&T user records, including tax IDs and IPs, though researchers cannot confirm the breach due to limited data ...
Russian Espionage Group ‘Laundry Bear’ Hacks Dutch Police and NATO-Aligned Targets
News
Russian Espionage Group ‘Laundry Bear’ Hacks Dutch Police and NATO-Aligned Targets
Andrew Doyle May 28, 2025
Dutch intelligence links a new Russian cyber espionage group, Laundry Bear, to attacks on NATO entities and the Dutch police targeting sensitive military and diplomatic ...
Firmware and Bootloaders Under Attack as Hackers Target Pre-OS Environments
News
Firmware and Bootloaders Under Attack as Hackers Target Pre-OS Environments
Mitchell Langley May 28, 2025
Hackers are escalating attacks on BIOS and bootloaders, exploiting pre-OS vulnerabilities to maintain persistence, evade detection, and bypass Secure Boot protections.
Everest Ransomware Gang Targets $5.4B Global Hospital Group Mediclinic
News
Everest Ransomware Gang Targets $5.4B Global Hospital Group Mediclinic
Andrew Doyle May 28, 2025
Everest ransomware gang claims cyberattack on global hospital group Mediclinic, stealing employee data and 4GB of internal files. Ransom deadline set for five days.
Rhysida Ransomware Gang Claims Cyberattack on Brazilian Chevrolet Retailer
News
Rhysida Ransomware Gang Claims Cyberattack on Brazilian Chevrolet Retailer
Mitchell Langley May 28, 2025
Rhysida ransomware gang claims to have breached Carrera, a leading Brazilian Chevrolet dealership, demanding $1 million and threatening to leak passports and contracts.
Coca-Cola Data Breach: Employee Details Leaked After Ignored Ransom Demand
News
Coca-Cola Data Breach: Employee Details Leaked After Ignored Ransom Demand
Mitchell Langley May 28, 2025
Hackers leaked Coca-Cola employee data after the company ignored Everest ransomware’s ransom demand. The breach exposed passport scans, visa documents, and personal IDs online.
Coinbase Faces Investor Lawsuit After Data Breach Exposes 69,000+ Customers
News
Coinbase Faces Investor Lawsuit After Data Breach Exposes 69,000+ Customers
Mitchell Langley May 27, 2025
Coinbase faces a class action lawsuit after a breach exposed data of over 69,000 users. Insider involvement and financial impact raise enterprise security concerns.
Global Data Breach Exposes 184 Million Credentials from Major Tech and Government Platforms
News
Global Data Breach Exposes 184 Million Credentials from Major Tech and Government Platforms
Andrew Doyle May 27, 2025
A global data breach exposed 184 million credentials from tech, government, and banking platforms, highlighting serious risks of credential stuffing, phishing, and ransomware attacks.
Healthcare Data Breaches Hit Providers in Four U.S. States, Impacting Over 60,000 Individuals
News
Healthcare Data Breaches Hit Providers in Four U.S. States, Impacting Over 60,000 Individuals
Andrew Doyle May 27, 2025
Healthcare data breaches in NJ, PA, IA, and LA compromise sensitive information of over 60,000 individuals, including Social Security numbers and health records.
U.S. and Allies Release Security Guidance to Protect AI Models from Tampering and Exploitation
News
U.S. and Allies Release Security Guidance to Protect AI Models from Tampering and Exploitation
Mitchell Langley May 27, 2025
The U.S. and allies urge stronger protections for AI systems, warning that data tampering and system vulnerabilities pose rising risks to critical infrastructure.
Adidas Confirms Third-Party Data Breach Exposing Global Customer Information
News
Adidas Confirms Third-Party Data Breach Exposing Global Customer Information
Mitchell Langley May 27, 2025
Adidas confirms a third-party data breach involving customer service data. No payment information was leaked, but global exposure is possible due to Adidas' vast reach. ...
Cetus Protocol Hit by $223 Million Cryptocurrency Heist, $5M Bounty Offered
News
Cetus Protocol Hit by $223 Million Cryptocurrency Heist, $5M Bounty Offered
Mitchell Langley May 26, 2025
Hackers stole $223 million from Cetus Protocol via a blockchain exploit. The platform offers a whitehat deal and $5 million bounty to recover stolen funds. ...
Qilin Ransomware Gang Targets Luxury Jet Firm Elit Avia, Leaks Staff Documents
News
Qilin Ransomware Gang Targets Luxury Jet Firm Elit Avia, Leaks Staff Documents
Andrew Doyle May 26, 2025
Ransomware group Qilin posts alleged staff data from Elit Avia, including passport photos, raising security concerns for employees at the luxury private jet operator.
Operation Endgame Dismantles 300 Servers in Global Ransomware Infrastructure Crackdown
News
Operation Endgame Dismantles 300 Servers in Global Ransomware Infrastructure Crackdown
Mitchell Langley May 26, 2025
Operation Endgame dismantled 300 servers and 650 domains supporting ransomware campaigns, while U.S. authorities indicted 16 cybercriminals tied to DanaBot malware and botnet operations.
Stormous Ransomware Gang Posts French Government Credentials on Dark Web
News
Stormous Ransomware Gang Posts French Government Credentials on Dark Web
Andrew Doyle May 26, 2025
Stormous ransomware gang published email and password data allegedly tied to French government bodies, raising concerns over outdated security practices and ongoing exposure risks.
Ransomware Attack on Kettering Health Forces Mass Procedure Cancellations and Exposes Patient Safety Risks
News
Ransomware Attack on Kettering Health Forces Mass Procedure Cancellations and Exposes Patient Safety Risks
Gabby Lee May 26, 2025
A ransomware attack on Kettering Health forced mass cancellations across 120+ medical sites, exposing patient safety risks and prompting scam attempts targeting sensitive patient data. ...
This Week In Cybersecurity: 19th to 23rd May, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 19th to 23rd May, 2025
Andrew Doyle May 23, 2025
This week, significant cybersecurity incidents include ransomware attacks, data breaches affecting major organizations, and ongoing threats from state-sponsored groups, highlighting vulnerabilities across various sectors.
BlackLock Ransomware Group Claims Breach of Toho, But Evidence Falls Short
News
BlackLock Ransomware Group Claims Breach of Toho, But Evidence Falls Short
Andrew Doyle May 23, 2025
Cybercriminal group BlackLock claims to have breached Japanese film giant Toho, but researchers found no credible data, casting doubt on the authenticity of the attack. ...
Coca-Cola Investigates Alleged Data Breach Tied to Everest Ransomware Group
News
Coca-Cola Investigates Alleged Data Breach Tied to Everest Ransomware Group
Andrew Doyle May 23, 2025
Hackers from the Everest group claim to have leaked Coca-Cola employee and HR data, including PII and internal documents, potentially tied to a Middle East ...
Chinese Hackers Exploit Ivanti EPMM Zero-Day to Breach Government Agencies
News
Chinese Hackers Exploit Ivanti EPMM Zero-Day to Breach Government Agencies
Mitchell Langley May 23, 2025
Chinese hackers exploited a zero-day flaw in Ivanti EPMM to breach global government systems. Immediate patching and security monitoring are strongly advised.
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Application Security
Twelve Critical vm2 Vulnerabilities Allow Node.js Sandbox Escape
Andrew Doyle May 8, 2026
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Mitchell Langley May 8, 2026
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Cybersecurity
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Andrew Doyle May 6, 2026
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Cybersecurity
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Andrew Doyle May 6, 2026

TOP CYBERSECURITY HEADLINES

Dirty Frag Zero-Day Grants Root Access on Most Linux Distributions
Cybersecurity
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Cybersecurity
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
CVE Vulnerability Alerts
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
Application Security
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV

This Week’s Security Spotlight

Kaspersky DAEMON Tools Backdoored in Supply Chain Attack
Cybersecurity
Kaspersky: DAEMON Tools Backdoored in Supply Chain Attack
Mitchell Langley May 6, 2026
Signed, Sealed, Stolen Hackers Used DigiCert to Certify Malware
Application Security
Signed, Sealed, Stolen: Hackers Used DigiCert to Certify Malware
Gabby Lee May 5, 2026
When Amazon Sends the Phishing Email
Cybersecurity
When Amazon Sends the Phishing Email
Andrew Doyle May 5, 2026
Application Security
Anthropic’s Claude Desktop Unauthorized Installations Raise EU Law Compliance Concerns
Mitchell Langley April 21, 2026
More In News
Trending
HR Emails Are the New Phishing Bait — And MFA Won’t Save You
Tax Season Never Really Ends for Hackers
When Amazon Sends the Phishing Email
Phishing Scams Are Now Exploiting Apple’s Trusted Email Servers

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
Double Extortion, Biometric Data, and Donuts: How Play Ransomware Hit Krispy Kreme
June 19, 2025
Podcasts
Archetyp Market Seized: €250M Drug Empire Toppled by Operation Deep Sentinel
June 17, 2025
Podcasts
KillSec Exploits Zero-Day to Breach Ocuco: 241K Patients Exposed
June 17, 2025

Cyber Security News

OwnCloud Urges Users to Implement Multi-factor Authentication for Enhanced Security
Identity and Access Management
OwnCloud Urges Users to Implement Multi-factor Authentication for Enhanced Security
January 7, 2026
Navigating the Challenges of Fileless Malware in Cybersecurity
Blog
Navigating the Challenges of Fileless Malware in Cybersecurity
January 7, 2026
Microsoft Acknowledges Issues With Outlook Encryption Feature
Application Security
Microsoft Acknowledges Issues With Outlook Encryption Feature
January 7, 2026
Stalkerware Vendor's Guilty Plea A Rare Legal Victory in Consumer Spyware Prosecution
Cybersecurity
Stalkerware Vendor’s Guilty Plea: A Rare Legal Victory in Consumer Spyware Prosecution
January 7, 2026
The Influence of Security Advice and Accountability in Cybersecurity
Blog
The Influence of Security Advice and Accountability in Cybersecurity
January 7, 2026
Chrome Extensions Masquerading as AITOPIA Pose Risk
Application Security
Chrome Extensions Masquerading as AITOPIA Pose Risk
January 7, 2026
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
LameHug Malware Uses AI-Powered Language Model to Launch Dynamic Windows Data Theft
July 18, 2025
LameHug malware uses an AI language model to craft system commands on the fly, targeting Windows machines in attacks linked to Russian-backed APT28.
Louis Vuitton Confirms Multi-Country Data Breaches Linked to Single Cyberattack
July 18, 2025
Luxury fashion house Louis Vuitton confirmed that recent customer data breaches in the UK, South Korea, and Turkey all trace back to a single cyberattack ...
Cisco ISE Vulnerability Exposes Critical Remote Code Execution Risk Across Enterprise Networks
July 18, 2025
A critical Cisco ISE vulnerability (CVE-2025-20337) exposes systems to remote code execution and root access. Enterprises must upgrade to Patch 7 or Patch 2 immediately. ...
Chinese APT Group Salt Typhoon Breaches U.S. National Guard Network, Steals Critical Configuration Files
July 18, 2025
Salt Typhoon, a Chinese state-backed hacking group, quietly breached a U.S. Army National Guard network for nine months, stealing sensitive configuration files and credentials.
The UNFI Cyberattack: How Hackers Disrupted the U.S. Food Supply Chain
July 17, 2025
In June 2025, United Natural Foods, Inc. (UNFI)—the primary distributor for Whole Foods and tens of thousands of retailers across North America—suffered a major cyberattack ...
Zuckerberg on Trial: The $8 Billion Data Privacy Reckoning
July 17, 2025
More than five years after the Cambridge Analytica scandal, the legal and financial consequences are still playing out—this time in Delaware’s Chancery Court, where Mark ...
Chinese Cyber-Espionage Group Infiltrates Army National Guard Network Across the US
July 17, 2025
Salt Typhoon, a Chinese cyber-espionage group, infiltrated a US state's Army National Guard network, exfiltrating sensitive data and threatening nationwide cybersecurity coordination efforts.
Phishing Scam Costs Nebraska School District $1.8 Million in Construction Funds
July 17, 2025
A phishing email targeting a real construction project led Broken Bow Public Schools in Nebraska to mistakenly transfer $1.8 million to cybercriminals.
Chinese State-Backed Hackers Breach U.S. Army National Guard Network in Espionage Campaign
July 17, 2025
Chinese hackers known as Salt Typhoon infiltrated a U.S. state’s Army National Guard network, accessing sensitive data tied to every other state and four territories. ...
Scattered Spider-Attack Hits Co-op, Exposes Data of 6.5 Million Members
July 17, 2025
UK retailer Co-op confirms a cyberattack in April stole personal data of 6.5 million members. Threat actors linked to Scattered Spider used social engineering tactics. ...
Active-Duty U.S. Soldier Pleads Guilty to Hacking and Extortion of Telecom Giants
July 17, 2025
A 21-year-old U.S. Army soldier pleaded guilty to hacking and extorting major telecom firms using stolen credentials, SSH brute tools, SIM-swapping, and cybercrime forums.
Operation Eastwood: Inside the Takedown of NoName057(16)
July 17, 2025
A major Europol-led crackdown—Operation Eastwood—has disrupted one of the most active pro-Russian hacktivist collectives in Europe: NoName057(16). Known for a relentless barrage of DDoS attacks ...
Phished and Exposed: What the Co-op Hack Reveals About Retail Cybersecurity
July 17, 2025
In April 2025, The Co-op—one of the UK’s largest retailers—confirmed a data breach that exposed the personal information of 6.5 million members. No financial data ...
FileFix Attacks Are Here: How Interlock’s Ransomware is Skipping Your Defenses
July 16, 2025
In this episode, we break down how Interlock, a fast-moving ransomware group launched in late 2024, has evolved from using web injectors and clipboard tricks ...
Ontinue Uncovers SVG-Based Phishing: Why Your Browser Could Be the Weak Link
July 16, 2025
Ontinue has uncovered a stealthy new phishing campaign that’s flipping conventional defenses on their head—weaponizing SVG image files to silently redirect victims to malicious websites, ...
Episource Data Breach Hits Over 5 Million Patients, Sensitive Medical and Insurance Data Potentially Exposed
July 16, 2025
A cyberattack on Episource, a UnitedHealth subsidiary, compromised the personal and medical data of over five million patients, including Social Security and health insurance details. ...
Exein Raises €70M: Defending the IoT-AI Frontier with Embedded Security
July 16, 2025
Exein, the Italian cybersecurity company specializing in embedded IoT defense, has raised €70 million in Series C funding, marking a significant milestone in the race ...
Salt Typhoon Strikes Again: National Guard, Telecoms, and a Crisis in U.S. Cyber Defense
July 16, 2025
Salt Typhoon, a sophisticated Chinese state-sponsored cyber threat actor, is conducting one of the most aggressive and sustained espionage campaigns ever uncovered against U.S. critical ...
Abacus Market Disappears in Suspected Exit Scam After Handling $300 Million in Darknet Transactions
July 16, 2025
Abacus Market, a major darknet platform for drug trade, has abruptly gone offline, sparking suspicions of a large-scale exit scam involving millions in crypto.
“Dirty Frag” Zero-Day Grants Root Access on Most Linux Distributions
Zara Data Breach Exposes Personal Data of More Than 197,000 Customers
Nation-State Actors Exploited PAN-OS CVE-2026-0300 for Nearly a Month
Actively Exploited Ivanti EPMM CVE-2026-6973 Added to CISA KEV
ZiChatBot Backdoor Uses Zulip API as C2 in PyPI Supply Chain Attack
TCLBanker Trojan Spread via Fake Logitech Installers Hits 59 Platforms
Quasar Linux RAT Hijacks Developer Systems to Compromise Supply Chains
PCPJack Malware Exploits Five CVEs to Worm Across Cloud Environments
Virginia Contractor Convicted for Destroying Federal Databases
ACSC Warns of Active ClickFix Campaigns Delivering Vidar Stealer
Two Americans Jailed for Running North Korean IT Worker Laptop Farms
GothFerrari Gets 6.5 Years for $250M Crypto Home-Invasion Theft Ring
DAEMON Tools Build Breach Spread Three-Stage Backdoor for 27 Days
PamDOORa Linux PAM Backdoor Sold for $1,600, Grants Covert SSH Access
Sygnia Responder, DigitalMint Negotiator Sentenced for BlackCat Role
Nefilim Affiliate Stryzhak Sentenced in U.S. for Ransomware Campaign
Trend Micro: QLNX Implant Targets Developers for Supply Chain Attacks
MetInfo CVE-2026-29014 Exploited – Unauthenticated PHP Code Injection
FTC Bans Data Broker Kochava from Selling Americans Location Data
Apache CVE-2026-23918 Enables DoS and RCE in HTTP/2 — Patch to 2.4.67