Category: Cyber Security News

On February 28, 2026, a joint US-Israeli military operation launched strikes inside Iran, opening a conflict that rapidly extended into cyberspace. Iran responded with ballistic missiles and drone strikes across Bahrain, Kuwait, Iraq, Saudi Arabia, the UAE, Israel, and Qatar.…

Read more →

A new malware campaign tracked as ForceMemo is quietly compromising hundreds of GitHub accounts and injecting hidden malicious code into Python repositories, leaving almost no visible trace. The earliest confirmed infections date back to March 8, 2026, and the campaign…

Read more →

A critical buffer overflow vulnerability in the GNU Inetutils telnetd daemon. Tracked as CVE-2026-32746, this flaw allows an unauthenticated remote attacker to execute arbitrary code and gain root access to affected systems. The vulnerability requires zero user interaction and possesses…

Read more →

A fake Telegram download website is actively pushing dangerous malware onto unsuspecting users by disguising a malicious installer as a legitimate setup file. The site, hosted at the domain telegrgam[.]com — just one letter off from the real Telegram address…

Read more →

A newly updated version of the Vidar infostealer, dubbed Vidar 2.0, is actively spreading through hundreds of fake game cheat repositories on GitHub and targeted posts on Reddit. The malware disguises itself as free cheating software for popular online games,…

Read more →

A new wave of targeted attacks is quietly hitting Argentina’s judicial system, using fake court documents to lure legal professionals into installing a dangerous piece of malware. The campaign, formally called Operation Covert Access, deploys a Rust-built Remote Access Trojan…

Read more →

A well-resourced Iranian nation-state group known as Boggy Serpens — also tracked as MuddyWater — has sharply escalated its cyberespionage operations, running sustained and targeted campaigns against diplomatic missions, energy companies, maritime operators, and financial institutions. Attributed to Iran’s Ministry…

Read more →

A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue…

Read more →

A high-severity Windows vulnerability dubbed “RegPwn” (CVE-2026-24291) is an elevation-of-privilege flaw that allows low-privileged users to gain full SYSTEM access. The MDSec red team discovered the vulnerability and successfully used it in internal engagements since January 2025, before it was…

Read more →

Microsoft has temporarily halted the automatic installation of the Microsoft 365 Copilot app on Windows devices. According to a recent update in the Microsoft 365 Message Center on March 16, 2026, the company paused the mandatory rollout, originally scheduled to…

Read more →

A Local Privilege Escalation (LPE) vulnerability in default installations of Ubuntu Desktop 24.04 and later allows an unprivileged local attacker to gain full root access. Tracked as CVE-2026-3888, uncovered by The Qualys Threat Research Unit, the flaw exploits an unintended…

Read more →

Microsoft Detection and Response Team details a sophisticated voice phishing (vishing) campaign that successfully compromised a corporate environment in November 2025. Unlike conventional intrusions that rely on software exploits, this attack weaponized trust, collaboration platforms, and built-in Windows tooling to…

Read more →

Iran’s cyber operations took a sharp turn in early 2026, with state-linked threat actors quietly embedding themselves inside US and Canadian networks while also targeting internet-connected surveillance cameras across the Middle East for battlefield intelligence. The Iranian APT group MuddyWater,…

Read more →

A novel attack technique that exploits a fundamental blind spot in AI web assistants the gap between what a browser renders for a user and what an AI tool actually reads from the underlying HTML. Using nothing more than a…

Read more →

A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 —…

Read more →

The ransomware threat landscape entered a new phase in 2025. Once a highly reliable criminal business model built on encrypting victim files and collecting ransom payments, it is now under significant financial pressure. Ransom payment rates have hit historic lows,…

Read more →

A financially motivated threat actor known as Storm-2561 has been running a credential theft campaign since May 2025, manipulating search engine rankings to push fake VPN software toward enterprise users. The campaign targets employees searching for tools such as Pulse…

Read more →

At first glance, false positives in cybersecurity seem almost comforting.  An alert fires. A SOC analyst investigates. It turns out to be nothing malicious. Case closed. Systems are safe, detection works, and the organization moves on.  In theory, this looks like a healthy process. Better safe than sorry, right?  But every false…

Read more →

A significant security flaw in AWS Bedrock AgentCore Code Interpreter’s “Sandbox” network mode, a feature advertised by AWS as providing complete network isolation that allows outbound DNS queries, enabling threat actors to establish covert command-and-control (C2) channels and exfiltrate sensitive…

Read more →

With the rapid growth of e-commerce and mobile payments, online shopping has become an essential part of everyday life for many people. Consumers now purchase everything from electronics and household products to digital services through online platforms. While this convenience…

Read more →