
iRhythm Confirms PHI Exfiltration via Social Engineering
iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they

iRhythm Technologies confirmed in an SEC 8-K that social engineering gave hackers access to patient cardiac monitoring data, which they

A three-CVE attack chain disclosed by Obsidian Security in LiteLLM AI Gateway lets low-privilege users escalate to root and steal

Two Chrome ad blocker extensions captured conversations from 90,000 users across ChatGPT, Claude, Gemini, and five other AI platforms, researchers

Anthropic released Claude Mythos 5 with safety guardrails intentionally removed to vetted security researchers alongside the public Claude Fable 5

SAP’s June 2026 Patch Day addressed 15 security notes including CVE-2026-44748, a CVSS 9.9 XML Signature Wrapping flaw in NetWeaver

Veeam patched CVE-2026-44963, a CVSS 9.4 RCE flaw letting any domain user execute code on backup servers across its 550,000-customer

Researcher Taylor Hornby used Claude Opus 4.8 to uncover a four-year-old Zcash Orchard flaw that could have enabled undetectable counterfeit

SolarWinds patches actively exploited Serv-U DoS bug CVE-2026-28318 while CISA adds it to the KEV catalog and orders remediation at

Cisco disclosed CVE-2026-20245, a command injection zero-day in Catalyst SD-WAN Manager enabling root access via file upload, with no patch

TheGentlemen ransomware struck Saudi Arabia, India, Thailand, and Portugal in one day, including a first GCC target, as the group
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.