Category: Cyber Security News

A high-severity Cross-Site Scripting (XSS) vulnerability has been discovered in the widely used Angular framework. Tracked as CVE-2026-32635 and categorized under CWE-79, this flaw affects both the @angular/compiler and @angular/core packages. Because Angular powers countless enterprise and consumer web applications worldwide, this vulnerability potentially…

Read more →

Microsoft has rolled out an out-of-band update for Windows 11 users to address a frustrating interface bug affecting Bluetooth device visibility. Released on March 16, 2026, this emergency patch resolves a software glitch in which connected wireless peripherals mysteriously disappeared…

Read more →

A path traversal vulnerability has been identified in the Kubernetes Container Storage Interface (CSI) Driver for NFS, potentially allowing attackers to delete or modify unintended directories on NFS servers. The flaw stems from insufficient validation of the subDir parameter in…

Read more →

Phishing attackers have found a way to turn a standard security feature against the very users it was built to protect. By abusing URL rewriting — a defensive mechanism embedded in most enterprise email gateways — threat actors are weaponizing…

Read more →

A newly identified ransomware strain called “Payload” has emerged as a serious threat to organizations across multiple sectors, combining strong encryption techniques with advanced anti-forensic capabilities. The group behind it has been active since at least February 17, 2026 —…

Read more →

A remote access trojan known as PylangGhost has appeared on the npm registry for the first time, concealed inside two malicious JavaScript packages. The malware, first publicly disclosed by Cisco Talos in June 2025 and attributed to the North Korean…

Read more →

A multi-vector phishing campaign using compromised WordPress sites to steal login credentials from Microsoft Teams and Xfinity users. By hijacking these trusted sites, attackers can bypass security filters and trick victims into disclosing sensitive information. The threat actors are not…

Read more →

An urgent warning regarding two highly critical zero-day vulnerabilities affecting Google Chrome and related products. These flaws have been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that malicious hackers are actively exploiting them in the wild. With…

Read more →

Cybersecurity researchers have uncovered a critical evasion flaw in Palo Alto Networks’ Cortex XDR agent that allowed attackers to bypass behavioral detections completely. By reverse-engineering these encrypted rules, the InfoGuard Labs team discovered hardcoded global whitelists that enabled threat actors…

Read more →

A newly identified phishing campaign is turning legitimate customer service software into a weapon for stealing sensitive user data. Attackers have been found abusing LiveChat, a widely used Software-as-a-Service (SaaS) platform that businesses rely on for real-time customer support, to…

Read more →

Network infrastructure has become one of the most targeted areas in today’s threat landscape. Over recent years, attackers ranging from nation-state groups to financially driven criminal actors have steadily shifted their focus toward routers, firewalls, and other network devices. These…

Read more →

A critical evasion flaw in Palo Alto Networks’ Cortex XDR agent that allowed attackers to bypass behavioral detections completely. By reverse-engineering these encrypted rules, the InfoGuard Labs team discovered hardcoded global whitelists that enabled threat actors to execute malicious actions…

Read more →

Medical technology giant Stryker Corporation confirmed on March 11, 2026, that it suffered a significant cyberattack that disrupted its global Microsoft environment, with Iran-linked threat actor Handala claiming responsibility for what appears to be a politically motivated, destructive operation. Unlike…

Read more →

A newly tracked botnet called RondoDox has quietly built itself into one of the more concerning threats observed in recent months, combining an unusually large collection of exploits with a calculated use of residential internet infrastructure. First detected in May…

Read more →

A sophisticated espionage campaign, tracked as Operation CamelClone, has been actively targeting government agencies, defense institutions, and diplomatic bodies across multiple countries, including Algeria, Mongolia, Ukraine, and Kuwait. The operation relies on spear-phishing emails carrying malicious ZIP archives disguised as…

Read more →

An Iranian threat actor known as Handala Hack has carried out a series of destructive cyberattacks against organizations in Israel, Albania, and the United States, using remote desktop access, network tunneling, and multiple simultaneous data-wiping tools. The group operates under…

Read more →

Every day, billions of people rely on postal and courier services to deliver everything from personal letters to online orders. This dependence has grown steadily alongside the global rise of e-commerce. The 2024 Universal Postal Union report found that postal…

Read more →

A new malware campaign has been discovered delivering a Remote Access Trojan through fake websites impersonating the official FileZilla download page. Attackers designed these fraudulent sites to closely mirror the real FileZilla page, tricking users into downloading malicious installer files.…

Read more →

China’s largest cybersecurity firm, Qihoo 360, has inadvertently exposed its own wildcard SSL private key by bundling it directly inside the public installer of its newly launched AI assistant, 360Qihoo (Security Claw). The flaw discovered on March 16, 2026, is…

Read more →

A concerning development has emerged in early 2026, as IBM X-Force uncovered a likely AI-generated malware strain they named “Slopoly,” deployed during a ransomware attack by the financially motivated threat group Hive0163. The group is primarily focused on large-scale data…

Read more →