Category: Cyber Security News

A high-severity vulnerability, CVE-2026-25611 (CVSS 7.5), has been discovered in MongoDB, allowing unauthenticated attackers to crash exposed servers using minimal bandwidth. According to Cato CTRL, it affects all MongoDB versions where compression is enabled (v3.4+, on by default since v3.6),…

Read more →

War zones have always been hunting grounds for opportunistic attackers, but the RedAlert mobile espionage campaign marks one of the most calculated examples of weaponizing civilian fear. Against the backdrop of the ongoing Israel-Iran kinetic conflict, threat actors crafted a…

Read more →

Cyberattacks linked to Iranian threat actors are taking on a new and alarming form in the ongoing Middle East conflict. Since late February 2026, a coordinated campaign to compromise internet-connected IP cameras has been underway across multiple countries in the…

Read more →

A series of drone strikes on Amazon Web Services data center facilities in the United Arab Emirates and Bahrain triggered one of the most severe cloud outages in AWS history, knocking out or degrading more than 109 services across the…

Read more →

Cisco has issued an urgent security advisory for a critical vulnerability affecting its Secure Firewall Management Center (FMC) software. This flaw, rated with the maximum possible CVSS score of 10.0, allows remote, unauthenticated attackers to execute arbitrary code and gain…

Read more →

A new and carefully crafted phishing campaign is currently targeting LastPass users, with attackers sending fake support emails designed to steal vault master passwords. The campaign, which began on or around March 1, 2026, relies on social engineering tactics to…

Read more →

Cisco has released a critical security advisory warning of a severe vulnerability in its Secure Firewall Management Center (FMC) Software. This flaw allows an unauthenticated, remote attacker to bypass authentication and execute script files, thereby gaining full root access to…

Read more →

Google has released a critical security update for Chrome, pushing the Stable channel to version 145.0.7632.159/160 for Windows and Mac, and 145.0.7632.159 for Linux. The update addresses 10 security vulnerabilities, including three rated Critical, and is rolling out to users…

Read more →

Microsoft’s October 2025 Windows Recovery Environment update for Windows 10 introduced a critical boot failure issue, rendering WinRE inaccessible on affected systems, with a fix confirmed only in March 2026. Released on October 14, 2025, KB5068164 was designed to automatically…

Read more →

Microsoft, Europol, and partners have dismantled the Tycoon 2FA phishing-as-a-service (PhaaS) platform, seizing 330 domains used for credential theft and MFA bypass. This coordinated action disrupts a service active since 2023 that powered tens of millions of phishing emails monthly.…

Read more →

The FBI, in coordination with multiple international law enforcement agencies, has officially seized LeakBase, a prominent cybercriminal forum notorious for hosting and trading stolen databases, under a coordinated global operation dubbed “Operation Leak.” Both primary domains, leakbase[.]ws and leakbase[.]la, now redirect visitors to…

Read more →

The gap between human-led attacks and machine-driven intrusions is closing faster than most organizations expected. Cloudforce One, Cloudflare’s dedicated threat intelligence team, released the inaugural 2026 Cloudflare Threat Report on March 3, 2026, issuing a clear warning: artificial intelligence has…

Read more →

In modern SOCs, it all boils down to two things: time and impact. How quickly are incidents contained? How accurate are the decisions? These questions define not only operational efficiency, but overall business resilience.  Yet many organizations tend to invest heavily in tooling while overlooking structural weaknesses. The missing link is…

Read more →

In January 2026, a targeted cyberattack emerged against government officials in Iraq. The threat group, tracked as Dust Specter, impersonated Iraq’s Ministry of Foreign Affairs to trick high-value targets into downloading malicious files. The campaign introduced four previously undocumented malware…

Read more →

CISA has warned that a memory corruption flaw in Qualcomm chipsets is being exploited in attacks, urging organizations to promptly apply vendor-provided mitigations. The issue, tracked as CVE-2026-21385, impacts multiple Qualcomm chipsets and was added to CISA’s catalog on 2026-03-03 with…

Read more →

The cybersecurity landscape has taken a sharp and dangerous turn. Ransomware operators, long associated with using suspicious tools to steal data, have begun turning to the same software IT teams rely on every day. Microsoft’s AzCopy, a legitimate command-line utility…

Read more →

A dangerous new chapter in Middle Eastern geopolitics has unfolded following the outbreak of open conflict between Iran, Israel, and the United States. Last week, U.S. and Israeli forces launched Operation Lion’s Roar, a coordinated military strike targeting Iranian military…

Read more →

A three-person development team in Mexico is facing bankruptcy after a stolen Google Cloud API key generated $82,314.44 in unauthorized charges over just 48 hours. Between February 11 and 12, attackers heavily abused the team’s credentials to access the “Gemini…

Read more →

In December 2025, Check Point Research disclosed one of the most carefully engineered cloud-native malware frameworks ever studied — VoidLink. Unlike most threats that are ported from older Windows tools, VoidLink was built from scratch to target Linux-based cloud and…

Read more →

A poisoned Google Calendar invite is all it takes to weaponize Perplexity’s Comet browser. Security researchers at Zenity Labs have discovered a critical vulnerability, dubbed PerplexedBrowser, that tricks Comet’s AI agent into reading local files and stealing credentials. This zero-click…

Read more →