Category: Cyber Security News

Two employee devices at OpenAI were compromised in a sweeping software supply chain attack targeting TanStack npm, but the AI company confirmed no user data, production systems, or intellectual property were affected. On May 11, 2026 UTC, threat actors launched…

Read more →

A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchange server to plant multiple backdoors inside the network. The attack ran from late December 2025 through late February…

Read more →

A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology systems that control physical infrastructure. The campaign is alarming because it does not rely on cutting-edge exploits. Instead,…

Read more →

Enterprise email infrastructure remains one of the most critical and vulnerable targets for cybercriminals. A highly severe security flaw has just been discovered in Canon’s GUARDIANWALL MailSuite, exposing corporate networks to devastating Remote Code Execution (RCE) attacks. Threat actors can…

Read more →

A sprawling supply chain attack has put software developers worldwide on high alert after hackers compromised more than 170 npm packages and two PyPI packages in a coordinated credential theft campaign. The infected packages are collectively downloaded over 200 million…

Read more →

Security researchers at Calif, a Palo Alto-based cybersecurity firm, have used techniques derived from an early version of Anthropic’s secretive Mythos AI model to uncover two previously undocumented vulnerabilities in Apple’s macOS. The bugs were chained together into a privilege…

Read more →

A widely used JavaScript inter-process communication library has been weaponized again. Socket and Stepsecurity have confirmed that three newly published versions of node-ipc, a package with over 822,000 weekly downloads, contain obfuscated stealer and backdoor payloads, marking the second major…

Read more →

A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have identified a previously unknown implant called TencShell, a sophisticated tool capable of giving attackers full remote control over a compromised system. The discovery highlights how…

Read more →

A faulty update to Dell’s SupportAssist Remediation service is sending thousands of Dell and Alienware laptop users into endless Blue Screen of Death (BSOD) loops, with systems crashing every 30 minutes and displaying the dreaded CRITICAL_PROCESS_DIED stop error. Dell Engineering…

Read more →

A critical vulnerability in the widely used Exim mail server allows unauthenticated attackers to execute arbitrary code and fully compromise exposed servers. Federico Kirschbaum, head of the Security Lab at XBOW, discovered and reported the issue, which has been dubbed…

Read more →

Imagine locking your organization’s sensitive data behind a heavy vault door, only to realize the locking mechanism is entirely missing. Security researchers at Fog Security recently uncovered a severe authorization bypass in Amazon Quick’s AI Chat Agents. This vulnerability allowed…

Read more →

Artificial intelligence is now capable of generating attack telemetry that looks and behaves like the real thing, and that is changing how security teams think about testing their defenses. In new work, Microsoft researchers show that large language models can…

Read more →

A critical vulnerability in Palo Alto Networks PAN-OS is putting enterprise firewalls at risk, allowing unauthenticated attackers to execute arbitrary code with root privileges. Tracked as CVE-2026-0300, the flaw affects the User-ID Authentication Portal (Captive Portal) and has already seen…

Read more →

Hackers are once again turning familiar tools against the very users who trust them. A new attack campaign has been discovered in which threat actors weaponized HWMonitor, a widely used hardware monitoring utility developed by CPUID, to silently deliver a…

Read more →

Threat actors are constantly hunting for infrastructure weaknesses, and a newly discovered batch of vulnerabilities in GitLab just handed them a dangerous roadmap. On May 13, 2026, GitLab rolled out emergency security updates to address multiple high-severity flaws. These bugs…

Read more →

OpenAI Global LLC is facing a new class‑action complaint in the Southern District of California that accuses the company of quietly wiring its ChatGPT web interface with Meta’s Facebook Pixel and Google Analytics, turning highly sensitive chatbot conversations into monetizable…

Read more →

DUBAI, UAE — May 11, 2026 — As the internet transitions from a playground of chatbots to a workforce of autonomous agents, the question isn’t just what AI can do—it’s who the AI is. Today, OTT Cybersecurity LLC officially launched the Agent Trust Protocol…

Read more →

A critical heap buffer overflow vulnerability has been discovered in the source code of NGINX, present since 2008. This vulnerability has been publicly disclosed, along with a working proof-of-concept exploit that can enable unauthenticated remote code execution (RCE) against one…

Read more →

A newly disclosed vulnerability in the Microsoft Windows DNS Client could let attackers silently execute malicious code across enterprise networks, exposing a massive attack surface. Officially designated as CVE-2026-41096, this critical security flaw carries a severe CVSS score of 9.8…

Read more →

Iran-linked hackers have been quietly breaking into networks around the world, and their latest campaign is more calculated than anything we have seen from them before. The group known as Seedworm, also tracked as MuddyWater, spent the first quarter of…

Read more →