Daily Security Review
Episodes
Palo Alto Networks Uncovers 194,000-Domain Smishing Campaign Linked to “Smishing Triad”
29 Oct 2025
Contributed by Lukas
A global smishing campaign of unprecedented scale has been uncovered by Palo Alto Networks, revealing the vast operations of a Chinese-speaking threat...
Operation ForumTroll: Chrome Zero-Day Tied to Italian Spyware Developer Memento Labs
29 Oct 2025
Contributed by Lukas
A newly uncovered cyber-espionage operation known as Operation ForumTroll has revealed the resurgence of commercial spyware in state-sponsored surveil...
Coveware Reports Historic Drop in Ransomware Payments: Only 23% of Victims Paid in Q3 2025
28 Oct 2025
Contributed by Lukas
The global ransomware economy is collapsing under growing resistance from its targets. According to new data from cybersecurity firm Coveware, the thi...
Firefox Add-Ons Must Declare Data Collection—or Be Rejected
28 Oct 2025
Contributed by Lukas
Mozilla is taking a decisive step toward transparency and user control by requiring all Firefox extensions to disclose how they collect and handle per...
Chainguard’s $3.5 Billion Valuation Signals Massive Investor Confidence in Secure-by-Default Software
28 Oct 2025
Contributed by Lukas
Chainguard, the Kirkland, Washington-based cybersecurity company, has announced a landmark $280 million growth funding round led by General Catalyst’...
$1 Million WhatsApp Exploit Withdrawn—Researcher Silent, Meta Calls It “Low-Risk”
28 Oct 2025
Contributed by Lukas
The Pwn2Own Ireland 2025 hacking competition was set to feature one of its most anticipated moments — a $1 million zero-click remote code execution ...
OpenAI Atlas Omnibox Jailbreak Exposes New AI Security Flaw
27 Oct 2025
Contributed by Lukas
A serious vulnerability has been discovered in the OpenAI Atlas omnibox, a hybrid interface designed to handle both URLs and user prompts. Researchers...
Microsoft Rushes Emergency Fix for WSUS Remote Code Execution Flaw (CVE-2025-59287)
27 Oct 2025
Contributed by Lukas
A critical remote code execution (RCE) flaw, tracked as CVE-2025-59287, has put thousands of enterprise networks at risk by exposing the Windows Serve...
Perplexity Comet AI Browser Launch Exploited in Coordinated Impersonation Scam
27 Oct 2025
Contributed by Lukas
The launch of Perplexity’s Comet AI browser — a major step forward in AI-assisted browsing — was almost immediately hijacked by cybercriminals. ...
Lazarus Group Targets European UAV Firms in North Korea’s Drone Espionage Push
27 Oct 2025
Contributed by Lukas
A new wave of cyber-espionage attacks reveals North Korea’s deepening effort to steal critical defense technologies from Europe. In a sophisticated ...
Toys “R” Us Canada Confirms Customer Data Breach After Dark Web Leak
25 Oct 2025
Contributed by Lukas
Toys “R” Us Canada has confirmed a customer data breach after records from its database appeared on the dark web on July 30, 2025, prompting a ful...
Kyocera’s Motex Lanscope Hit by Active Attacks: Critical 9.8 Exploit Enables Remote Code Execution
24 Oct 2025
Contributed by Lukas
A dangerous zero-day vulnerability in Kyocera Communications subsidiary Motex’s Lanscope Endpoint Manager has triggered a global cybersecurity alert...
BIND 9 Emergency Patches: ISC Fixes High-Severity Cache Poisoning and DoS Flaws
24 Oct 2025
Contributed by Lukas
The Internet Systems Consortium (ISC) has released a series of critical BIND 9 updates to fix multiple high-severity vulnerabilities affecting DNS res...
Adobe Confirms Active Exploitation of SessionReaper Vulnerability in Commerce Platforms
24 Oct 2025
Contributed by Lukas
A critical new vulnerability is wreaking havoc across the global e-commerce ecosystem. Tracked as CVE-2025-54236 and dubbed SessionReaper, this flaw a...
AI Sidebar Spoofing: How Malicious Extensions Hijack ChatGPT and Perplexity Interfaces
24 Oct 2025
Contributed by Lukas
Cybersecurity firm SquareX has unveiled a new and alarming threat to users of AI-enabled browsers — a technique called AI Sidebar Spoofing. This sop...
Jewett-Cameron Reports Ransomware Breach Involving Encryption and Data Theft
24 Oct 2025
Contributed by Lukas
Oregon-based Jewett-Cameron Company, a manufacturer of fencing, kennels, and specialty wood products, has confirmed that it was the victim of a double...
Star Blizzard’s Malware Makeover: From LostKeys to MaybeRobot
23 Oct 2025
Contributed by Lukas
The Russian state-sponsored hacking group Star Blizzard — also tracked as ColdRiver, Seaborgium, and UNC4057 — has undergone a major transformatio...
Keycard Emerges from Stealth with $38M to Secure the Identity of AI Agents
23 Oct 2025
Contributed by Lukas
San Francisco-based Keycard has officially emerged from stealth mode, announcing $38 million in funding across seed and Series A rounds to build what ...
Critical TP-Link Omada Vulnerabilities Expose Networks to Remote Takeover
23 Oct 2025
Contributed by Lukas
Security researchers are urging immediate action after TP-Link disclosed multiple critical vulnerabilities in its Omada gateway line, affecting a wide...
TARmageddon: The Rust Library Flaw Exposing Supply Chains to Remote Code Execution
23 Oct 2025
Contributed by Lukas
A critical new vulnerability known as TARmageddon (CVE-2025-62518) has sent shockwaves through the Rust developer community and the broader cybersecur...
Vidar 2.0: The C-Rewritten Stealer Poised to Dominate the Cybercrime Market
23 Oct 2025
Contributed by Lukas
A new evolution in information-stealing malware has arrived — and it’s already drawing serious attention from researchers and defenders alike. The...
Dataminr Acquires ThreatConnect for $290M to Create the Next Generation of Tailored Threat Intelligence
22 Oct 2025
Contributed by Lukas
Dataminr, the AI powerhouse known for its real-time risk and event detection platform, has announced plans to acquire ThreatConnect, a cybersecurity f...
Veeam Acquires Securiti AI for $1.725 Billion to Unite Data Resilience, Security, and AI
22 Oct 2025
Contributed by Lukas
In one of the largest cybersecurity acquisitions of 2025, Veeam Software has announced plans to acquire Securiti AI for $1.725 billion in cash and sto...
Defakto Raises $30.75 Million to Redefine Machine Identity Security
22 Oct 2025
Contributed by Lukas
California-based cybersecurity firm Defakto has raised $30.75 million in Series B funding, led by XYZ Venture Capital, bringing its total investment t...
Dr. Allan Friedman Joins NetRise: The Father of SBOMs Goes Private to Fuse AI and Supply Chain Security
22 Oct 2025
Contributed by Lukas
In a landmark move for the cybersecurity industry, Dr. Allan Friedman — often called the Father of SBOMs — has joined supply chain security firm N...
Pwn2Own Automotive 2026: $3 Million Bounty Targets Tesla and EV Infrastructure Flaws
21 Oct 2025
Contributed by Lukas
The upcoming Pwn2Own Automotive 2026 hacking contest, hosted by Trend Micro’s Zero Day Initiative (ZDI), is set to redefine the economics of automot...
China Claims NSA Breached National Time Network, Threatening Finance and Defense Stability
20 Oct 2025
Contributed by Lukas
China’s Ministry of State Security (MSS) has publicly accused the U.S. National Security Agency (NSA) of conducting a multi-year cyber espionage cam...
Cl0p Ransomware Targets Oracle E-Business Suite in Global Data Extortion Spree
20 Oct 2025
Contributed by Lukas
A new wave of Cl0p ransomware attacks has struck organizations worldwide by exploiting vulnerabilities in Oracle’s E-Business Suite (EBS) — a miss...
WhatsApp Wins Landmark Case Against NSO Group Over Spyware Attacks
20 Oct 2025
Contributed by Lukas
After six years of intense litigation, WhatsApp has secured a decisive legal victory against the NSO Group, the controversial spyware maker accused of...
Google Project Zero Exposes Dolby Decoder Flaw Enabling Zero-Click Android Exploits
20 Oct 2025
Contributed by Lukas
A newly discovered vulnerability in Dolby’s Unified Decoder has sent shockwaves through the cybersecurity world. Tracked as CVE-2025-54957, the flaw...
AISLE Launches AI Cyber Reasoning System to Shrink Patch Times from Weeks to Minute
17 Oct 2025
Contributed by Lukas
AISLE has entered the cybersecurity arena with an AI-native Cyber Reasoning System (CRS) built to do what most tools don’t: fix vulnerabilities—fa...
Microsoft Blunts “Vanilla Tempest”: 200 Malicious Certificates Revoked
17 Oct 2025
Contributed by Lukas
In early October 2025, Microsoft executed a targeted disruption against Vanilla Tempest—the threat actor also tracked as Vice Society—after uncove...
The “Shotgun” Botnet: How RondoDox Hijacks Routers, Cameras, and Servers Worldwide
14 Oct 2025
Contributed by Lukas
A new and fast-growing botnet dubbed RondoDox is shaking up the global cybersecurity landscape with its “shotgun” exploitation strategy, targeting...
“Inflation Refund” Scam: How Fraudsters Are Stealing Identities Through Texts
13 Oct 2025
Contributed by Lukas
A widespread smishing campaign is sweeping across New York, luring residents with fraudulent text messages about an “Inflation Refund” from the De...
Juniper Networks Patches 220 Vulnerabilities in Massive October Security Update
13 Oct 2025
Contributed by Lukas
In one of the year’s most extensive patch cycles, Juniper Networks has released its October 2025 security advisories, addressing a staggering 220 vu...
Linked Exploitation Campaigns Target Cisco, Fortinet, and Palo Alto Networks Devices
13 Oct 2025
Contributed by Lukas
Cyber intelligence firm GreyNoise has uncovered what appears to be a coordinated exploitation effort targeting network edge appliances from three majo...
Salesforce Refuses Ransom as Scattered LAPSUS$ Hunters Leak Millions of Records
13 Oct 2025
Contributed by Lukas
A new wave of cyber extortion has rocked the enterprise world as the Scattered LAPSUS$ Hunters—a coalition formed from the notorious Lapsus$, Scatte...
Oneleet Secures $33M Series A to Revolutionize Integrated Cybersecurity
07 Oct 2025
Contributed by Lukas
Amsterdam-based cybersecurity startup Oneleet has raised $33 million in Series A funding, bringing its total capital to $35 million and positioning it...
ParkMobile Data Breach Ends in $32.8M Settlement — and a $1 Payout
06 Oct 2025
Contributed by Lukas
The final chapter in the ParkMobile data breach saga has arrived—nearly four years after the 2021 cyberattack that compromised the personal informat...
Discord Confirms Data Breach Linked to Third-Party Support Vendor
06 Oct 2025
Contributed by Lukas
Discord has confirmed a significant data breach affecting users who interacted with its customer support teams, after hackers compromised a third-part...
Weather Station Gateway Exploited: CISA Adds Meteobridge Bug to KEV List
06 Oct 2025
Contributed by Lukas
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a stark warning following confirmation that a command injection vulnerability i...
DrayTek Issues Critical Patch for Router RCE Flaw (CVE-2025-10547)
06 Oct 2025
Contributed by Lukas
A serious unauthenticated remote code execution (RCE) flaw, identified as CVE-2025-10547, has been uncovered in DrayTek’s DrayOS routers. This vulne...
FTC vs. Sendit: Lawsuit Alleges Data Theft, Fake Messages, and Subscription Traps
02 Oct 2025
Contributed by Lukas
The Federal Trade Commission (FTC) has filed a high-profile lawsuit against Sendit, a social media companion app popular among teenagers, and its CEO....
Broadcom Patches VMware Zero-Day: CVE-2025-41244 Exploited by China-Linked UNC5174
01 Oct 2025
Contributed by Lukas
Broadcom has released a critical security update addressing six vulnerabilities across VMware products, including four rated high-severity. At the cen...
Seven Years, £5.5 Billion, 128,000 Victims – The Case of Yadi Zhang
01 Oct 2025
Contributed by Lukas
In a historic case that has captured global attention, UK authorities have secured a conviction against Zhimin Qian (also known as Yadi Zhang), the Ch...
Cisco ASA/FTD Flaws Under Siege: 50,000 Devices at Risk from Active Exploits
01 Oct 2025
Contributed by Lukas
Two newly disclosed critical vulnerabilities—CVE-2025-20333 and CVE-2025-20362—are wreaking havoc across the global cybersecurity landscape, with ...
MatrixPDF: The New Phishing Toolkit That Turns Safe PDFs into Cyber Weapons
01 Oct 2025
Contributed by Lukas
A new cybercrime toolkit called MatrixPDF is changing the phishing landscape by weaponizing one of the most trusted file formats: PDFs. Marketed on cy...
Asahi Brewery Cyberattack Halts Domestic Operations Across Japan
01 Oct 2025
Contributed by Lukas
Asahi Group Holdings, Ltd.—the brewer behind some of the world’s most iconic beers, including Peroni and Grolsch—has been hit by a crippling cyb...
Akira Ransomware Exploits SonicWall Flaw with Record-Breaking Speed
30 Sep 2025
Contributed by Lukas
The Akira ransomware group has once again raised the stakes in cybercrime by exploiting a critical SonicWall vulnerability—CVE-2024-40766—to infil...
Ex-Hacktivist “Sabu” Backs SafeHill’s $2.6M Bet on Continuous Threat Management
30 Sep 2025
Contributed by Lukas
A new cybersecurity startup with an infamous name attached is making headlines. SafeHill—formerly known as Tacticly—has secured $2.6 million in pr...
Jaguar Land Rover Cyberattack Fallout: £1.5B UK Bailout Sparks Fears of More Attacks
30 Sep 2025
Contributed by Lukas
Jaguar Land Rover (JLR), one of the UK’s largest exporters and a key anchor of the nation’s automotive supply chain, has been brought to the brink...
CISA’s Sunset Clause: What Happens if America’s Cyber Threat Shield Expires?
30 Sep 2025
Contributed by Lukas
The Cybersecurity Information Sharing Act (CISA), first enacted in 2015, is facing a critical expiration deadline in September 2025. Without reauthori...
Crypto Theft on macOS: XCSSET Malware Swaps Wallet Addresses in Real Time
30 Sep 2025
Contributed by Lukas
A new and more dangerous variant of the XCSSET macOS malware has been uncovered by Microsoft, revealing an expanded arsenal of capabilities aimed at f...
Nine High-Severity Vulnerabilities Expose Cognex Legacy Cameras to Cyber Threats
29 Sep 2025
Contributed by Lukas
Cybersecurity researchers at Nozomi Networks have uncovered nine high-severity vulnerabilities in several older models of Cognex industrial cameras, i...
Microsoft Cuts Services to Israeli Military Unit After Surveillance Revelations
29 Sep 2025
Contributed by Lukas
Microsoft has taken the unprecedented step of cutting off services to an Israeli military unit after internal and external investigations revealed its...
Ghana, Senegal, Ivory Coast at the Center of Interpol’s Multi-Nation Cybercrime Takedown
29 Sep 2025
Contributed by Lukas
Interpol has announced the results of a sweeping cybercrime operation across 14 African nations, leading to the arrest of 260 individuals behind roman...
Harrods Data Breach Exposes Customer Details in Third-Party Hack
29 Sep 2025
Contributed by Lukas
Britain is facing a troubling wave of cyberattacks that has shaken some of its most high-profile organizations. Harrods, the world-renowned luxury ret...
Steam Game BlockBlasters Turns Malicious, Drains $150K in Crypto
24 Sep 2025
Contributed by Lukas
What happens when a trusted gaming platform becomes a weapon for cybercriminals? That’s exactly what unfolded with BlockBlasters, a free-to-play pla...
Beyond the Inbox: The Rising Threat of Non-Email Phishing Attacks
23 Sep 2025
Contributed by Lukas
Phishing is no longer just an email problem. A new wave of non-email phishing attacks is targeting employees through social media, instant messaging a...
Stellantis Data Breach Exposes Contact Info in Third-Party Provider Attack
23 Sep 2025
Contributed by Lukas
Automotive giant Stellantis, the world’s fifth-largest automaker, has confirmed a data breach affecting its North American customers after attackers...
HoundBytes Launches WorkHorse to Eliminate SOC Tier 1 Bottlenecks
23 Sep 2025
Contributed by Lukas
Cybersecurity firm HoundBytes has officially launched WorkHorse, an automated security analyst designed to solve one of the biggest pain points in mod...
Toronto’s Mycroft Raises $3.5M to Bring AI Security Officers to Startups
23 Sep 2025
Contributed by Lukas
Toronto-based cybersecurity startup Mycroft has stepped out of stealth with a bold promise: to give startups and small-to-midsize businesses (SMBs) th...
FBI Issues Guidance as Fraudsters Pose as IC3 to Extort Victims
23 Sep 2025
Contributed by Lukas
The FBI has issued a warning to the public about a cyber campaign impersonating the Internet Crime Complaint Center (IC3), using spoofed websites to t...
Fraudulent GitHub Repos Spread Atomic Stealer Malware Targeting macOS Users
22 Sep 2025
Contributed by Lukas
A new cyber campaign is actively targeting macOS users with the Atomic Stealer (AMOS) malware, leveraging fake GitHub repositories disguised as legiti...
Netskope’s IPO Raises $908M: SASE Leader Surges 18% on First Trading Day
22 Sep 2025
Contributed by Lukas
Netskope, a California-based cybersecurity firm specializing in secure access service edge (SASE) solutions, has officially gone public in one of the ...
SPLX Exposes AI Exploit: Prompt Injection Tricks ChatGPT Into Solving CAPTCHAs
22 Sep 2025
Contributed by Lukas
A startling new report from AI security platform SPLX reveals how attackers can bypass the built-in guardrails of AI agents like ChatGPT through a sop...
Brussels, Berlin, London Hit Hard as Cyber Disruption Sparks Flight Chaos
22 Sep 2025
Contributed by Lukas
A cyberattack on Collins Aerospace, a U.S.-based provider of passenger check-in and baggage handling software, plunged major European airports into ch...
Novakon Ignored Security Reports on ICS Weaknesses, Leaving 40,000+ Devices Exposed
20 Sep 2025
Contributed by Lukas
A new security report has revealed serious, unpatched vulnerabilities in industrial control system (ICS) products manufactured by Novakon, a Taiwan-ba...
RevengeHotels Cybercrime Group Adopts AI and VenomRAT in Hotel Credit Card Theft Campaign
19 Sep 2025
Contributed by Lukas
The cybercrime group known as RevengeHotels, also tracked as TA558, has launched a new wave of attacks against the hospitality sector, evolving its ta...
ShadowLeak: Server-Side Data Theft Attack Discovered Against ChatGPT Deep Research
19 Sep 2025
Contributed by Lukas
A groundbreaking new cyberattack dubbed ShadowLeak has been uncovered targeting ChatGPT’s Deep Research capability, marking a dangerous escalation i...
WatchGuard Firebox Vulnerability Could Let Hackers Take Over Networks
19 Sep 2025
Contributed by Lukas
A new critical vulnerability, CVE-2025-9242, has been discovered in WatchGuard Firebox firewalls, putting thousands of networks worldwide at risk. The...
How SystemBC’s 1,500 Infected VPS Servers Fuel Ransomware and Fraud
19 Sep 2025
Contributed by Lukas
The SystemBC proxy botnet has quietly become one of the most persistent pillars of the cybercrime ecosystem. First detected in 2019, SystemBC is less ...
Tiffany & Co. Data Breach Exposes Gift Card Details of 2,500+ Customers
18 Sep 2025
Contributed by Lukas
Tiffany and Company, the iconic luxury jeweler under the LVMH umbrella, has confirmed a serious data breach impacting over 2,500 customers across the ...
Lakera’s Gandalf Network Joins Check Point in $300M AI Security Deal
18 Sep 2025
Contributed by Lukas
In a major strategic move, Check Point Software Technologies has announced the acquisition of Lakera, a Zurich and San Francisco–based AI security f...
Shai-Hulud Exposes Fragility of the Open-Source Software Supply Chain
17 Sep 2025
Contributed by Lukas
A major supply chain attack is underway in the npm ecosystem. Dubbed Shai-Hulud, this worm-style campaign began with the compromise of the popular @ct...
ChatGPT Calendar Vulnerability Exposes User Emails in New AI Attack
17 Sep 2025
Contributed by Lukas
A critical vulnerability has been uncovered in ChatGPT’s new calendar integration, exposing how attackers could exfiltrate sensitive user data—par...
CrowdStrike Acquires Pangea to Launch AI Detection and Response (AIDR)
17 Sep 2025
Contributed by Lukas
At Fal.Con 2025, CrowdStrike announced one of its boldest moves yet: the acquisition of AI security startup Pangea. The deal signals CrowdStrike’s i...
RaccoonO365: $100K Phishing-as-a-Service Scheme Taken Down
17 Sep 2025
Contributed by Lukas
Microsoft and Cloudflare have successfully dismantled RaccoonO365, a global phishing-as-a-service (PhaaS) operation that had been running for over a y...
AI-Generated Phishing and Deepfakes Supercharge Social Engineering Attacks
17 Sep 2025
Contributed by Lukas
Social engineering has reclaimed center stage as today’s most reliable intrusion vector—and it’s not just email anymore. Recent warnings from la...
Phoenix Attack Breaks DDR5 Rowhammer Defenses: Root in 109 Seconds
16 Sep 2025
Contributed by Lukas
The infamous Rowhammer vulnerability, long thought to be contained by new DRAM protections, has resurfaced with devastating force. Academic researcher...
Silent Push Raises $10M Series B to Expand Threat Intelligence Platform
16 Sep 2025
Contributed by Lukas
Cybercriminals aren’t just breaking in—they’re borrowing your brand to do it. This episode dives into the critical intersection of brand protect...
Google Accused of Shadow Lobbying Against California Privacy Opt-Out Law
16 Sep 2025
Contributed by Lukas
California’s Assembly Bill 566 (AB 566) has become one of the most hotly contested pieces of privacy legislation in the country. The bill would requ...
FinWise Bank Data Breach Exposes 700K Customers Amid Predatory Lending Allegations
16 Sep 2025
Contributed by Lukas
FinWise Bank is facing a double crisis—one of data security and another of public trust. Nearly 700,000 customers of American First Finance (AFF), a...
The “s1ngularity” Attack: How Hackers Hijacked Nx and Leaked Thousands of Repositories
09 Sep 2025
Contributed by Lukas
In late August 2025, the open-source software ecosystem was rocked by a sophisticated two-phase supply chain attack, now known as “s1ngularity.” T...
Canadian Investment Giant Wealthsimple Hit by Vendor Compromise
08 Sep 2025
Contributed by Lukas
Wealthsimple, one of Canada’s largest online investment platforms, has confirmed a data breach that exposed the sensitive information of fewer than ...
FireCompass Raises $20M to Scale AI-Powered Offensive Security
08 Sep 2025
Contributed by Lukas
In a year when cybercrime is projected to cost the world over $10.5 trillion, FireCompass has emerged as one of the most closely watched AI-driven cyb...
CVE-2025-42957: Active Exploits Target SAP S/4HANA Systems
08 Sep 2025
Contributed by Lukas
A newly uncovered critical vulnerability, tracked as CVE-2025-42957, is sending shockwaves through the enterprise technology world. Affecting all SAP ...
Fake Job Interviews, Real Hacks: How North Korean Spies Steal Billions in Crypto
08 Sep 2025
Contributed by Lukas
North Korean cybercriminals have escalated their social engineering operations, deploying a wave of sophisticated campaigns designed to infiltrate cry...
Cato Networks Acquires Aim Security to Bolster AI Defense in SASE
05 Sep 2025
Contributed by Lukas
Cato Networks, a leader in Secure Access Service Edge (SASE), has made its first acquisition, purchasing Aim Security, an AI security startup founded ...
Tidal Cyber Secures $10M to Advance Threat-Informed Defense
04 Sep 2025
Contributed by Lukas
Cybersecurity startup Tidal Cyber, founded in 2022 by three former MITRE experts, has raised $10 million in Series A funding, bringing its total capit...
Disney Fined $10M for COPPA Violations Over Mislabeling Kids’ Content on YouTube
04 Sep 2025
Contributed by Lukas
Disney has reached a $10 million settlement with the U.S. Federal Trade Commission (FTC) after being found in violation of the Children’s Online Pri...
Google Patches 111 Android Flaws in September 2025, Including Two Zero-Days Under Attack
04 Sep 2025
Contributed by Lukas
Google has released its September 2025 Android security patches, addressing a staggering 111 unique vulnerabilities, including two actively exploited ...
Google Warns of Sitecore Zero-Day: ViewState Deserialization Under Fire
04 Sep 2025
Contributed by Lukas
A critical zero-day vulnerability, CVE-2025-53690, is being actively exploited in the wild, targeting Sitecore Experience Manager (XM) and Experience ...
Brokewell Malware Targets Android Users via Fake TradingView Ads on Meta
03 Sep 2025
Contributed by Lukas
A new and highly sophisticated Android malware campaign, dubbed Brokewell, has emerged as one of the most dangerous mobile threats of 2024–2025. Fir...
Von der Leyen and Shapps Flights Hit by Suspected Russian Electronic Warfare
02 Sep 2025
Contributed by Lukas
Aviation safety and geopolitics collided when multiple flights carrying high-ranking European and UK officials were hit by suspected Russian GPS jammi...
Salesforce and Google Workspace Compromised in Largest SaaS Breach
02 Sep 2025
Contributed by Lukas
In August 2025, the largest SaaS breach of the year shook the enterprise world when a newly identified threat actor, UNC6395, orchestrated a supply-ch...
Chained Zero-Days: WhatsApp and Apple Exploits Used in Sophisticated Spyware Attacks
02 Sep 2025
Contributed by Lukas
A pair of newly discovered zero-day vulnerabilities—CVE-2025-43300 in Apple’s ImageIO framework and CVE-2025-55177 in WhatsApp—have been confirm...
Miljödata Cyberattack: 80% of Swedish Municipalities Hit in Extortion Strike
29 Aug 2025
Contributed by Lukas
Sweden is reeling from one of the largest public sector cyber incidents in its history. A ransomware attack on Miljödata, an IT services provider sup...
PromptLock Ransomware: How AI is Lowering the Bar for Cybercrime
29 Aug 2025
Contributed by Lukas
The cybersecurity world has entered a new era: AI-powered ransomware. Researchers recently uncovered PromptLock, a proof-of-concept malware that uses ...
Hybrid AD at Risk: Storm-0501 Exploits Entra ID for Cloud-Native Ransomware
28 Aug 2025
Contributed by Lukas
The 2025 Purple Knight Report paints a stark picture of enterprise identity security: the average security assessment score for hybrid Active Director...