Main Menu
Cyber Security
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Surf AI Raises $57 Million for Its Agentic Security Operations Platform
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Tech and Retail Giants Sign Global Pact to Combat Online Scams and Fraud
Tech Giants Invest $12.5 Million in Open Source Software Security
Ongoing Python Package Attack Uses Stolen GitHub Tokens
Stryker’s Internal Microsoft Environment Was Breached Last Week
DRILLAPP Backdoor Campaign Targets Ukrainian Organizations With Edge Debugging Abuse
New Malware Tactics Take Aim at Windows, iOS, and Linux Users
Companies House Restores WebFiling Service After Security Flaw Exposed Corporate Data
How AI Is Making Financial Fraud 4.5 Times More Profitable
Ongoing Exchange Online Outage Leaves Customers Without Mailbox Access
Signal Cyberattack in Germany Targets Politicians Through Impersonation
Silence from the Corporate Giants: Four Companies Yet to Comment on Oracle EBS Hack
FBI Seeks Gamer Help in Steam Malware Investigation
Shadow AI Is Quietly Spreading Across SaaS Environments
Microsoft Teams Is Adding Automatic Bot Tagging in Meeting Lobbies
Canadian Outsourcing Leader Telus Digital Faces a Severe Data Breach
VENON Banking Malware Targets Brazilian Users With Rust-Based Code
Apple Releases iOS and iPadOS Updates to Patch Coruna Exploits
Veeam Software Fixes Critical RCE Vulnerabilities in Backup & Replication Solution
England Hockey Investigates Possible Data Breach by AiLock Ransomware Group
International Operation Dismantles the Dangerous SocksEscort Proxy Service
Apple Patches Older iPhones and iPads Against Coruna Exploit Kit Attacks
Cybercriminals Target Airline Loyalty Programs: A New Threat to Travelers
Global Arrests Made in a Social Media Scam Targeting Thousands
SQL Injection Flaw in Ally WordPress Plugin Puts 400,000 Sites at Risk
Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks
News
Critical Cisco Smart Licensing Utility Flaws Exploited in Attacks
Mitchell Langley March 21, 2025
Cisco's Smart Licensing Utility vulnerabilities CVE-2024-20439 and CVE-2024-20440 are now exploited, allowing unauthorized access through a backdoor admin account.
HellCat Hacking Spree Targets Jira Servers Worldwide
News
HellCat Hacking Spree Targets Jira Servers Worldwide
Andrew Doyle March 21, 2025
HellCat hackers are exploiting compromised Jira credentials in a worldwide hacking spree, targeting companies like Ascom and Jaguar Land Rover, stealing sensitive data including source ...
RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks
News
RansomHub Ransomware Leverages New Betruger Backdoor for Enhanced Attacks
Andrew Doyle March 21, 2025
RansomHub ransomware uses a new multi-function backdoor, Betruger, for enhanced attacks, streamlining the deployment process and minimizing detection.
Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers
News
Critical MegaRAC Bug Lets Attackers Hijack and Brick Servers
Mitchell Langley March 21, 2025
MI MegaRAC BMC vulnerability (CVE-2024-54085) lets attackers remotely hijack and brick servers, impacting numerous vendors and potentially causing significant damage.
This Week In Cybersecurity: 17th March to 21st March, 2025
Cybersecurity Newsletter
This Week In Cybersecurity: 17th March to 21st March, 2025
Andrew Doyle March 21, 2025
This week in cybersecurity reports on a range of incidents, including a major data breach at California Cryobank and a supply chain attack affecting GitHub ...
Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code
News
Veeam Backup & Replication Flaw Allows Remote Execution of Malicious Code
Andrew Doyle March 20, 2025
A critical vulnerability in Veeam Backup & Replication allows remote code execution, affecting various versions and posing significant security risks.
Microsoft Exchange Online Outage Impacts Outlook Web Users
News
Microsoft Exchange Online Outage Impacts Outlook Web Users
Mitchell Langley March 20, 2025
A Microsoft Exchange Online outage severely impacted Outlook on the web users globally, causing login and access issues. Microsoft attributed the problem to a code ...
DollyWay Malware Campaign Compromises 20,000 WordPress Sites
News
DollyWay Malware Campaign Compromises 20,000 WordPress Sites
Mitchell Langley March 20, 2025
The DollyWay malware campaign, active since 2016, has compromised over 20,000 WordPress sites, redirecting users to malicious sites and generating millions of fraudulent impressions monthly.
WhatsApp Patches Zero-Day Flaw Exploited by Paragon Spyware
Cybersecurity
WhatsApp Patches Zero-Day Flaw Exploited by Paragon Spyware
Andrew Doyle March 20, 2025
WhatsApp has patched a zero-click vulnerability exploited by Paragon spyware, affecting journalists and activists globally, highlighting ongoing cybersecurity challenges.
Ukrainian Military Targeted in New Signal Spear-Phishing Attacks
News
Ukrainian Military Targeted in New Signal Spear-Phishing Attacks
Mitchell Langley March 20, 2025
krainian military personnel are facing sophisticated spear-phishing attacks using compromised Signal accounts to deliver Dark Crystal RAT malware. Urgent security updates are needed.
Arcane Infostealer Infects YouTube and Discord Users Through Game Cheats
News
Arcane Infostealer Infects YouTube and Discord Users Through Game Cheats
Andrew Doyle March 20, 2025
The Arcane infostealer, a new malware, is stealing data from YouTube and Discord users via game cheats, targeting VPNs, messengers, and cryptocurrency wallets. Its sophisticated ...
Pennsylvania Education Union Data Breach Impacts 500,000 Individuals
News
Pennsylvania Education Union Data Breach Impacts 500,000 Individuals
Andrew Doyle March 20, 2025
he Pennsylvania State Education Association (PSEA) suffered a data breach exposing the personal information of over 500,000 individuals, including financial and health records. Rhysida ransomware ...
Ransomware Victims on Dark Web – 12th March, 2025
Ransomware Victims
Ransomware Victims on Dark Web – 12th March, 2025
Andrew Doyle March 20, 2025
This report summarizes recent ransomware attacks across various sectors, detailing the victims, threat actors, and available information on the incidents. Due to the nature of ...
Ransomware Victims on Dark Web - 3rd March, 2025
Ransomware
Ransomware Victims on Dark Web – 3rd March, 2025
Andrew Doyle March 20, 2025
This report summarizes recent ransomware attacks across various sectors, detailing the victims, threat actors, and available information on the incidents. Due to the nature of ...
Qilin/Agenda Ransomware: The Credential Stealers
Resources
Qilin/Agenda Ransomware: The Credential Stealers
Andrew Doyle March 20, 2025
Overview The Qilin ransomware group, also known as Agenda, is a Russia-based ransomware-as-a-service (RaaS) operation active since at least July ...
California Cryobank Data Breach Exposes Sensitive Customer Information
News
California Cryobank Data Breach Exposes Sensitive Customer Information
Mitchell Langley March 19, 2025
California Cryobank, a major US sperm bank, suffered a data breach exposing customer names, bank details, Social Security numbers, and more. The company is offering ...
GitHub Action Hack May Cause Another Supply Chain Attack
News
GitHub Action Hack May Cause Another Supply Chain Attack
Andrew Doyle March 19, 2025
A cascading supply chain attack, starting with a GitHub Action hack, exposed CI/CD secrets across 23,000 repositories, highlighting vulnerabilities in third-party code reliance.
Western Alliance Bank Data Breach Impacts 21,899 Customers
News
Western Alliance Bank Data Breach Impacts 21,899 Customers
Mitchell Langley March 19, 2025
Western Alliance Bank suffered a data breach impacting 21,899 customers, exposing sensitive personal and financial information due to a third-party vendor's software vulnerability exploited by ...
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
News
11 State-Sponsored Hacking Groups Exploit Windows Zero-Day Exploit
Andrew Doyle March 19, 2025
A critical Windows zero-day exploit, ZDI-CAN-25373, has been exploited by 11 state-sponsored hacking groups since 2017, enabling data theft and espionage. Microsoft initially declined to ...
$6.1 Million Crypto Stolen in WEMIX Hack
News
$6.1 Million Crypto Stolen in WEMIX Hack
Andrew Doyle March 19, 2025
WEMIX, a blockchain gaming platform, suffered a $6.1 million crypto theft. Hackers stole authentication keys, planning the attack for two months before executing 13 successful ...
Software Supply Chains Are the New Frontline for Cyber Risk
Cybersecurity
Software Supply Chains Are the New Frontline for Cyber Risk
Gabby Lee March 19, 2026
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
Cybersecurity
Companies House Confirmed a Vulnerability That Put Millions of Business Records at Risk
Andrew Doyle March 18, 2026
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
News
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
Andrew Doyle March 18, 2026
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Cybersecurity
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Mitchell Langley March 18, 2026

TOP CYBERSECURITY HEADLINES

New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
Cybersecurity
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Cybersecurity
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Cybersecurity
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Application Security
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages

This Week’s Security Spotlight

Canadian Outsourcing Leader Telus Digital Faces a Severe Data Breach
Cybersecurity
Canadian Outsourcing Leader Telus Digital Faces a Severe Data Breach
Andrew Doyle March 13, 2026
Senate Confirms Joshua Rudd to Lead the NSA and US Cyber Command
Cybersecurity
Senate Confirms Joshua Rudd to Lead the NSA and US Cyber Command
Andrew Doyle March 12, 2026
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
CVE Vulnerability Alerts
Critical Security Vulnerabilities Patched in n8n Workflow Automation Platform
Mitchell Langley March 12, 2026
OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Cybersecurity
OpenClaw Security Issues Persist as SecureClaw Open Source Tool Debuts
Andrew Doyle February 19, 2026
More In News
Trending
Targeted Phishing Attack Breaches Security Firm Executive
Russian Campaign Targets Ukraine with BadPaw and MeowMeow Malware
Underground Sale of Compromised cPanel Credentials Fuels Phishing Infrastructure
Phishing Warnings as LastPass Users Get Targeted by Fake Alerts

Daily Briefing Newsletter

Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Featured Videos​

Podcasts

Podcasts
TeamFiltration and Token Theft: The Cyber Campaign Microsoft Never Saw Coming
June 16, 2025
Podcasts
Three CVEs, One Risk: Arbitrary Code Execution in Nessus Agent for Windows
June 16, 2025
Podcasts
WestJet Cyberattack: Cracks in Aviation’s Digital Armor
June 16, 2025

Cyber Security News

FTC Targets EdTech Giant Illuminate After Data Breach Exposes 10 Million Students
Cybersecurity
FTC Targets EdTech Giant Illuminate After Data Breach Exposes 10 Million Students
December 3, 2025
Cybersecurity Incident at Three-Council Data Breach Adds Complexity
Cybersecurity
Cybersecurity Incident at Three-Council: Data Breach Adds Complexity
December 3, 2025
GlassWorm Supply Chain Attack Compromises Developer Tools
Cybersecurity
GlassWorm Supply Chain Attack Compromises Developer Tools
December 3, 2025
Shai-Hulud Strikes Again Massive Data Exposure from NPM Attack
Cybersecurity
Shai-Hulud Strikes Again: Massive Data Exposure from NPM Attack
December 3, 2025
Application Security
Microsoft Investigates Defender XDR Portal Access Disruptions
December 3, 2025
University of Pennsylvania Data Breach Clop's Zero-Day Exploit Targets Oracle's E-Business Suite
Cybersecurity
University of Pennsylvania Data Breach: Clop’s Zero-Day Exploit Targets Oracle’s E-Business Suite
December 3, 2025
  • All
  • Application Security
  • Blog
  • CVE Vulnerability Alerts
  • Cybersecurity
  • Cybersecurity Newsletter
  • Data Security
  • Endpoint Security
  • Identity and Access Management
  • Information Security
  • Network Security
  • News
  • Phishing
  • Podcasts
  • Product Reviews
  • Ransomware
  • Ransomware Victims
  • Resources
  • Security Spotlight
  • Sponsored
  • Threat Actors
  • Threat Actors
  • Threat Detection Tools
UNFI Breach: How One Cyberattack Shook the North American Food Supply
June 10, 2025
On June 5, 2025, United Natural Foods Inc. (UNFI)—North America’s largest publicly traded wholesale food distributor and primary supplier for Whole Foods—was struck by a ...
Ticketmaster Data from Snowflake Attack Appears Briefly on Arkana Security Extortion Site
June 10, 2025
Old Ticketmaster data stolen in the 2024 Snowflake attack was briefly relisted for sale by Arkana Security, sparking confusion over a possible new breach.
Ransomware Attack on Sensata Technologies Leads to Data Breach Impacting Employee Information
June 10, 2025
Sensata Technologies confirms employee data was stolen in a ransomware breach that impacted operations and exposed sensitive personal and financial details from current and former ...
United Natural Foods Cyberattack Disrupts Operations Across North America
June 10, 2025
United Natural Foods, a key supplier to Whole Foods, suffered a cyberattack that disrupted customer orders and forced systems offline as investigations and recovery efforts ...
Over 84,000 Roundcube Webmail Servers Exposed to Actively Exploited Remote Code Flaw
June 10, 2025
Over 84,000 Roundcube webmail servers remain exposed to a critical RCE flaw (CVE-2025-49113) despite a June 2025 patch fixing the vulnerability.
SentinelOne Targeted in Sophisticated China-Linked Supply Chain Attack Attempt
June 10, 2025
Chinese threat actors linked to APT15 and APT41 attempted to compromise SentinelOne through a third-party logistics provider using ShadowPad and GOREshell malware in a global ...
Scattered Spider: A Web of Social Engineering
June 9, 2025
Scattered Spider, also known as UNC3944, is a financially motivated cybercriminal group known for its sophisticated social engineering tactics and ability to navigate cloud environments.
Malware-as-Code: The Rise of DaaS on GitHub and the Collapse of Open-Source Trust
June 6, 2025
In this episode, we dissect one of the most sophisticated ongoing cybercrime trends—malware campaigns weaponizing GitHub repositories to compromise developers, gamers, and even rival hackers. ...
Hacker Claims Massive Claro, Movistar Data Breach — Companies Dispute Authenticity
June 6, 2025
A hacker claims to sell data from Claro and Movistar, affecting over 35 million users, but telecom companies dispute the breach or question its legitimacy. ...
The New Era of AI in Cybersecurity: How AI-Generated Malware is Shaping Threats
June 6, 2025
The integration of artificial intelligence (AI) into both cybercrime and cybersecurity has created a pivotal shift. This blog delves into the dangers of AI-generated malware, ...
ClickFix: How Fake Browser Errors Became the Internet’s Most Dangerous Trap
June 5, 2025
In this episode, we dive deep into ClickFix, also tracked as ClearFix or ClearFake—a highly effective and deceptive malware delivery tactic that emerged in early ...
Exposed and Extorted: The ViLE Hackers and the Legal Gaps Enabling Doxing
June 5, 2025
Cybercrime is rapidly evolving—and so are its tactics. In this episode, we dissect the findings of SoSafe’s Cybercrime Trends 2025 report and explore the six ...
APT40: Chinese State Sponsored APT
June 5, 2025
APT40, also known as ATK29, BRONZE MOHAWK, G0065, GADOLINIUM, Gingham Typhoon, ISLANDDREAMS, ITG09, KRYPTONITE PANDA, Leviathan, MUDCARP, Red Ladon, TA423, TEMP.Jumper, and TEMP.Periscope, is an ...
The North Face Confirms Credential Stuffing Attack, Customer Accounts Exposed
June 5, 2025
The North Face warns customers of a credential stuffing attack in April that compromised account information but left payment card data untouched, thanks to tokenized ...
Cyprus Airways Data Breach: Hackers Claim Access to Real-Time Systems and Passenger Records
June 5, 2025
Hackers claim to have breached Cyprus Airways, stealing 41GB of passenger and staff data and maintaining real-time access to flight systems and travel information.
Gunra Ransomware Group Claims Massive Breach at American Hospital Dubai
June 5, 2025
Gunra ransomware claims to have stolen 450 million records from American Hospital Dubai, threatening to leak the data if ransom demands are not met by ...
Cartier Cyberattack Exposes Customer Data as Retail Sector Faces Ongoing Threats
June 5, 2025
Cartier confirms a cyberattack exposed customer data as cyber threats rise across the retail sector, affecting brands like Marks & Spencer, Victoria’s Secret, and Harrods. ...
Chrome Under Fire: Three Zero-Days, One Month, and Nation-State Exploits
June 4, 2025
In this episode, we dive deep into three actively exploited zero-day vulnerabilities discovered in Google Chrome in 2025, each of which was patched in rapid ...
Medical Data Breach Affected Dental Service Infrastructure
June 4, 2025
An exposed MongoDB database revealed 2.7 million patient records and 8.8 million appointments, likely linked to Gargle, a dental marketing provider, prompting HIPAA scrutiny.
Australia Forces Transparency: The World’s First Mandatory Ransomware Payment Reporting Law
June 4, 2025
Australia just made cyber history. On May 30, 2025, the nation became the first in the world to enforce mandatory ransomware payment reporting under the ...
New Threat Vector Exploits DNS Queries for Data Exfiltration in AI Environments
EU Council Sanctions Three Entities and Two Individuals for Cyberattacks on Critical Infrastructure
Identity-Based Access Control for AI Agents Is Now a Security Necessity
Hidden Commands in Font Rendering Are Being Used to Manipulate AI Assistants Through Webpages
Surf AI Raises $57 Million for Its Agentic Security Operations Platform
LeakNet Ransomware Adopts ClickFix to Trick Users Into Compromising Themselves
RondoDox Botnet Ramps Up Attacks, Hitting 15,000 Daily Exploitation Attempts
Tech and Retail Giants Sign Global Pact to Combat Online Scams and Fraud
Tech Giants Invest $12.5 Million in Open Source Software Security
Ongoing Python Package Attack Uses Stolen GitHub Tokens
Stryker’s Internal Microsoft Environment Was Breached Last Week
Payload Ransomware Group Claims Breach of Royal Bahrain Hospital
Phishing Attack Hits Intuitive’s Internal IT Business Systems
DRILLAPP Backdoor Campaign Targets Ukrainian Organizations With Edge Debugging Abuse
New Malware Tactics Take Aim at Windows, iOS, and Linux Users
Companies House Restores WebFiling Service After Security Flaw Exposed Corporate Data
How AI Is Making Financial Fraud 4.5 Times More Profitable
Ongoing Exchange Online Outage Leaves Customers Without Mailbox Access
Signal Cyberattack in Germany Targets Politicians Through Impersonation
Targeted Phishing Attack Breaches Security Firm Executive