Daily Security Review

In this episode, we investigate the massive data breach at VeriSource Services, Inc. (VSI), a Houston-based HR outsourcing and employee benefits administrator. Initially reported as affecting fewer t…

Three actively exploited vulnerabilities—CVE-2025-42599 (Qualitia Active! mail), CVE-2025-3928 (Commvault Web Server), and CVE-2025-1976 (Broadcom Brocade Fabric OS)—have been added to CISA’s KEV cat…

A wave of critical vulnerabilities in Planet Technology’s industrial switches and network management systems could let attackers hijack devices, steal data, and sabotage industrial networks—with no c…

A critical, actively exploited vulnerability (CVE-2025-32432) is wreaking havoc on Craft CMS—allowing attackers to execute arbitrary PHP code on unpatched servers with no authentication required.

In t…

Recent research by HiddenLayer has uncovered a shocking new AI vulnerability—dubbed the "Policy Puppetry Attack"—that can bypass safety guardrails in all major LLMs, including ChatGPT, Gemini, Claude…

In this episode, we break down the most urgent cybersecurity developments from late April 2025—including the Lazarus Group’s high-profile “Operation SyncHole” targeting South Korean industries. Disco…

In this episode, we dissect the real-world challenges of securing Microsoft 365 environments—especially for small and medium-sized businesses—amid rising threats and licensing limitations.

From Reddit…

Microsoft has acknowledged a serious issue affecting users of classic Outlook for Windows: CPU usage spikes up to 50% just from typing emails. First appearing in builds released since November 2024, …

A newly discovered Android spyware campaign is targeting Russian military personnel by weaponizing a popular mapping app. Disguised as a cracked version of Alpine Quest Pro, this trojanized app deliv…

Blue Shield of California has confirmed a data breach affecting 4.7 million members—caused not by hackers, but by a misconfigured Google Analytics setup. Sensitive health information was inadvertentl…

Cybercrime in the U.S. has reached new, record-breaking heights.

In this episode, we dive deep into the FBI's 2024 Internet Crime Complaint Center (IC3) report — a comprehensive look at the economic a…

The FBI has issued a stark warning about a growing scam targeting individuals who’ve already been victimized. In this episode, we unpack how fraudsters are impersonating employees of the FBI's Intern…

Cyberattacks are no longer rare shocks—they're a constant drumbeat in the background of our digital lives. In this episode, we take you on a deep dive into some of the most alarming recent data breac…

In this deep-dive episode, we untangle some of today’s most critical cybersecurity threats—from GitHub’s complex quadruple supply chain attack to the rising concerns over Kubernetes vulnerabilities a…

Is your web app truly secure? In this episode, we break down a critical NextJS vulnerability (CVE-2025-29927) that could allow attackers to bypass authentication and access sensitive data—impacting m…

From data breaches at major banks to ransomware crippling healthcare and tech companies, cyber threats are hitting harder than ever. In this episode, we break down the latest wave of attacks, the vul…

Cyber threats are inevitable, but a strong incident response plan can make all the difference. In this episode, we explore the essential steps for creating an effective incident response strategy, he…

The Department of Homeland Security (DHS) has abruptly shut down the Critical Infrastructure Partnership Advisory Council (CIPAC), the central hub for cybersecurity collaboration between the governme…

Over 517,000 individuals are now at risk after the Pennsylvania State Education Association (PSEA) suffered a massive data breach in July 2024—claimed by the Rhysida ransomware gang. Personal, financ…

For nearly a decade, a malware campaign dubbed DollyWay has silently compromised over 20,000 WordPress websites, evolving from a ransomware and banking trojan distributor to a sophisticated scam redi…