A critical vulnerability in Windows SMB client authentication that enables attackers to compromise Active Directory environments through NTLM reflection exploitation. Classified as an improper access control vulnerability, this vulnerability allows authorized attackers to escalate privileges via carefully orchestrated authentication relay…
Category: Cyber Security News
17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data
Cybercriminals have distributed 17 malicious browser extensions across Chrome, Firefox, and Edge platforms, collectively downloading over 840,000 times and compromising user security for years. The GhostPoster campaign, which emerged as early as 2020, used deceptive extension names like “Google Translate…
Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes
Security researchers have uncovered significant vulnerabilities in the firmware of Xiaomi’s popular Redmi Buds series, specifically affecting models ranging from the Redmi Buds 3 Pro up to the latest Redmi Buds 6 Pro. The discovery highlights critical flaws in the…
BodySnatcher – New Vulnerability Allows Attacker to Impersonate Any ServiceNow User
A critical vulnerability in ServiceNow’s Virtual Agent API and the Now Assist AI Agents application has been discovered, allowing unauthenticated attackers to impersonate any user and execute privileged AI agents remotely. Security researcher Aaron Costello from AppOmni disclosed the flaw,…
New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released
A critical flaw in Windows Kerberos authentication that significantly expands the attack surface for credential relay attacks in Active Directory environments. By abusing how Windows clients handle DNS CNAME responses during Kerberos service ticket requests, attackers can coerce systems into…
Microsoft January 2026 Security Update Causes Credential Prompt Failures in Remote Desktop Connections
Microsoft has released an out-of-band emergency update to resolve a critical issue affecting Remote Desktop connections on Windows client devices. The problem emerged immediately following the installation of the January 2026 security update, identified as KB5074109. Administrators and users reported…
Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking
Google-owned Mandiant has publicly released a comprehensive dataset of Net-NTLMv1 rainbow tables, marking a significant escalation in demonstrating the security risks of legacy authentication protocols. The release underscores an urgent message: organizations must immediately migrate away from Net-NTLMv1, a deprecated…
Let’s Encrypt has made 6-day IP-based TLS certificates Generally Available
Let’s Encrypt, a key provider of free TLS certificates, has rolled out short-lived and IP address-based certificates for general use. These new options became available starting in early 2026, addressing long-standing issues in certificate security. Short-lived certificates last just 160…
Google’s Vertex AI Vulnerability Enables Low-Privileged Users to Gain Service Agent Roles
Google’s Vertex AI contains default configurations that allow low-privileged users to escalate privileges by hijacking Service Agent roles. XM Cyber researchers identified two attack vectors in the Vertex AI Agent Engine and Ray on Vertex AI, which Google deemed “working…
Argus – Python-powered Toolkit for Information Gathering and Reconnaissance
Argus is a comprehensive Python-based toolkit designed for reconnaissance tasks in cybersecurity. The developers recently released version 2.0, expanding it to include 135 modules. This tool consolidates network analysis, web app scanning, and threat intelligence into one interface. Users access…
Researchers Gain Access to StealC Malware Command-and-Control Systems
Security researchers successfully exploited vulnerabilities in the StealC malware infrastructure, gaining access to operator control panels and exposing a threat actor’s identity through their own stolen session cookies. The breach highlights critical security failures in criminal operations built around credential…
Windows 11 PCs Fail to Shut Down After January Security Update
Microsoft’s January 13, 2026, security update for Windows 11 has triggered a frustrating bug: affected PCs refuse to shut down or hibernate, instead restarting. The issue is caused by KB5073455, which targets OS Build 22621.6491 on Windows 11 version 23H2.…
Cloudflare Acquired Open-source Web Framework Astro to Supercharge Development
Cloudflare has acquired the team behind Astro, the popular open-source web framework for building fast, content-driven sites. Announced on January 16, 2026, the deal brings The Astro Technology Company’s full-time employees under Cloudflare’s umbrella to accelerate Astro’s development. Cloudflare positions…
Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild
Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw allows unauthenticated attackers to execute arbitrary root-level commands via crafted…
Google Rolls Out Long-Awaited @gmail.com Email Change Feature for Users
Google is gradually rolling out the ability to change the @gmail.com email address associated with a Google Account to a new @gmail.com address. This feature, previously unavailable, addresses a common pain point for users who regret their original username choice…
New AWS Console Supply Chain Attack Lets Attackers Hijack AWS GitHub Repositories
A critical misconfiguration in AWS CodeBuild enabled unauthenticated attackers to seize control of key AWS-owned GitHub repositories, including the widely used AWS JavaScript SDK powering the AWS Console itself. This supply chain vulnerability threatened platform-wide compromise, potentially injecting malicious code…
Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks
The Go programming language team has rolled out emergency point releases, Go 1.25.6 and 1.24.12, to address six high-impact security flaws. These updates fix denial-of-service (DoS) vectors, arbitrary code execution risks, and TLS mishandlings that could expose developers to remote…
Promptware Kill Chain – Five-Step Kill Chain Model for Analyzing Cyberthreats
Large language models have become deeply integrated into everyday business operations, from customer service chatbots to autonomous agents managing calendars, executing code, and handling financial transactions. This rapid expansion has created a critical security blind spot. Researchers have identified that…
Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits
Threat actors are increasingly using trusted cloud and content delivery network platforms to host phishing kits, creating major detection challenges for security teams. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks use legitimate infrastructure from…
Fortinet FortiSIEM Vulnerability CVE-2025-64155 Actively Exploited in Attacks
Fortinet FortiSIEM vulnerability CVE-2025-64155 is under active exploitation, as confirmed by Defused through their honeypot deployments. This critical OS command injection flaw enables unauthenticated remote code execution, posing severe risks to enterprise security monitoring systems. CVE-2025-64155 stems from improper neutralization…