In a massive international crackdown on cybercrime, law enforcement agencies from 72 countries have successfully dismantled over 45,000 malicious IP addresses and servers. Coordinated by INTERPOL, “Operation Synergia III” targeted the critical infrastructure behind devastating ransomware, malware, and phishing campaigns…
Category: Cyber Security News
Critical LangSmith Account Takeover Vulnerability Puts Users at Risk
Miggo Security researchers have identified a critical vulnerability in LangSmith, tracked as CVE-2026-25750, that exposes users to potential token theft and complete account takeover. As a central hub for debugging and monitoring large language model data, LangSmith processes billions of…
Microsoft Confirms Windows 11 24H2/25H2 Bug Blocks Access to the System Drive C
Microsoft has officially acknowledged a critical bug affecting Windows 11 users on certain Samsung devices, in which the system drive (C:) becomes completely inaccessible after installing the February 2026 security update. The company is now actively investigating the issue in…
Authorities Dismantle Malicious Proxy Service Used to Deploy Malware Attacking Thousands of Users
An international law enforcement operation led by the U.S. Justice Department has successfully dismantled SocksEscort, a massive residential proxy network. The malicious service compromised thousands of home and small business routers worldwide, enabling cybercriminals to mask their identities while executing…
Loblaw Data Breach – Hackers Accessed IT Network and Customer Information
Canada’s largest food and pharmacy retailer has announced an ongoing investigation into a recent corporate data breach.On March 10, 2026, the company notified its customers that unauthorized threat actors successfully infiltrated a segment of its IT network. The security incident…
Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna’ Exploit Kit
Apple has rolled out an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect older devices from a severe threat known as the ‘Coruna’ exploit kit. Released on March 11, 2026, this critical patch backports fixes from newer iOS…
Starbucks Data Breach – Hundreds of Users’ Personal Data Exposed
Starbucks Corporation has confirmed a data breach affecting an undisclosed number of its employees, exposing highly sensitive personal and financial information after unauthorized actors gained access to internal partner accounts through a sophisticated phishing scheme. On or about February 6,…
Metasploit Pro 5.0.0 Released With Powerful New Modules and Critical Enhancements
As cybercriminals continue to weaponize new vulnerabilities, the demand for continuous red-teaming and proactive security assessments has never been higher. Annual penetration tests are no longer enough to secure modern, complex environments. To help security teams stay ahead of advanced…
Veeam Patches Multiple Critical RCE Vulnerabilities on Backup Server
A critical security update has been released for Backup & Replication software to fix severe vulnerabilities that could allow attackers to execute remote code and escalate privileges. Released on March 12, 2026, the latest security patch (Build 12.3.2.4465) is an…
Salesforce Warns of ShinyHunters Group Exploiting Experience Cloud Sites
A critical warning has been issued about an active threat campaign targeting misconfigured Experience Cloud sites. The notorious threat actor group ShinyHunters has claimed responsibility for a massive data theft operation exploiting overly permissive guest user configurations, reportedly impacting hundreds…
Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code
Google has released an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are being actively exploited in the wild. The stable channel has been updated to version 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75…
OpenSSH GSSAPI Vulnerability Allow an Attacker to Crash SSH Child Processes
A significant vulnerability in the GSSAPI Key Exchange patch was applied by numerous Linux distributions on top of their OpenSSH packages. The flaw, tracked as CVE-2026-3497, was uncovered by security researcher Jeremy Brown. It allows an attacker to crash SSH…
Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover
Nine critical vulnerabilities have been discovered in AppArmor, which is a widely used mandatory access control framework for Linux. These vulnerabilities, collectively referred to as “CrackArmor,” enable unprivileged local users to escalate their privileges to root, break container isolation, and…
Meta Launches New Anti-Scam Tools on WhatsApp, Facebook and Messenger
Meta has launched a suite of advanced anti-scam tools across WhatsApp, Facebook, and Messenger to combat the growing industrialization of online fraud. These new defenses combine artificial intelligence, behavioral alerts, and global law enforcement partnerships to protect users proactively. To…
Attackers Hijack Microsoft 365 Accounts Through OAuth Device Code Abuse Without Stealing Passwords
Analysts at ANY.RUN has identified a sharp spike in phishing campaigns exploiting Microsoft’s OAuth Device Authorization Grant flow, with more than 180 malicious URLs detected within a single week. Unlike conventional credential harvesting, this technique routes victims through legitimate Microsoft…
Critical MediaTek Vulnerability Lets Attackers Steal Android Phone PINs in 45 Seconds
A critical vulnerability in the MediaTek Dimensity 7300 chipset allows a physical attacker to extract device PINs, decrypt on-device storage, and steal cryptocurrency wallet seed phrases in approximately 45 seconds, raising serious alarms for the roughly 25% of Android users…
Microsoft Copilot Email and Teams Summarization Vulnerability Enables Phishing Attacks
AI assistants have rapidly transformed daily operations, streamlining tasks for teams managing overloaded inboxes, client communications, and incident response. Tools like Microsoft Copilot integrate directly into daily workflows, summarizing emails and meetings while pulling context from across the Microsoft 365…
Ericsson US Discloses Data Breach – Hackers Stolen Employees and Customers Data
The U.S. subsidiary of a Swedish telecommunications multinational has disclosed a data breach exposing the personal information of employees and customers. The incident did not occur on Ericsson’s internal network, but rather targeted one of the company’s third-party service providers.…
Paloalto Cortex XDR Broker Vulnerability Attackers to Obtain and Modify Sensitive Information
A security advisory has been issued for a newly discovered vulnerability affecting the Cortex XDR Broker Virtual Machine (VM). This flaw could allow a highly privileged, authenticated attacker to access and alter sensitive system information. Fortunately, the issue was discovered…
SolarWinds Web Help Desk Deserialization Vulnerability Enables Command Execution
Cybersecurity authorities have flagged a severe security flaw in SolarWinds Web Help Desk that requires immediate attention from system administrators. Tracked as CVE-2025-26399, this vulnerability allows malicious actors to execute unauthorized commands directly on the host machine. Because of its…