Category: Cyber Security News

The React2Shell vulnerability (CVE-2025-55182) continues to face a relentless exploitation campaign, with threat actors launching more than 8.1 million attack sessions since its initial disclosure. According to GreyNoise Observation Grid data, daily attack volumes have stabilized at 300,000–400,000 sessions since…

Read more →

OpenAI has launched ChatGPT Health, a specialized platform that helps users securely manage their health information and receive intelligent support for wellness-related questions. With over 230 million people using ChatGPT weekly for health inquiries, the company recognized the need for a…

Read more →

A dangerous hacking group known as UAT-7290 has been actively attacking important telecommunications companies and critical infrastructure targets across South Asia since at least 2022. This advanced threat actor operates with clear signs of Chinese government connections and poses a…

Read more →

Microsoft has launched a native Slack-to-Teams migration tool in the Microsoft 365 admin center, simplifying the transition for organizations migrating collaboration workloads. This feature supports transferring public and private channel content directly into Teams equivalents, preserving messages and continuity.​ The…

Read more →

Caracas went dark just as U.S. forces moved to seize Venezuelan leader Nicolás Maduro on Saturday. The blackout did more than hide troops; it showed how malware can shape modern battles. U.S. Cyber Command and allied units are believed to…

Read more →

Critical vulnerabilities in ChatGPT allow attackers to exfiltrate sensitive data from connected services like Gmail, Outlook, and GitHub without user interaction. Dubbed ShadowLeak and ZombieAgent, these flaws exploit the AI’s Connectors and Memory features for zero-click attacks, persistence, and even…

Read more →

Two critical vulnerabilities have been identified in Cisco’s Snort 3 detection engine, posing significant risks to network security infrastructure across multiple Cisco products. These weaknesses stem from improper handling of Distributed Computing Environment and Remote Procedure Call (DCE/RPC) requests, allowing…

Read more →

A critical code injection flaw in Hewlett Packard Enterprise OneView, tracked as CVE-2025-37164, has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. The vulnerability has been confirmed to be actively exploited by threat actors, triggering urgent remediation timelines for…

Read more →

The security landscape faced a significant challenge just before the year’s end with the emergence of ConsentFix, an ingenious OAuth-based attack that exploits legitimate authentication flows to extract authorization codes from Microsoft Entra systems. This attack represents an evolution of…

Read more →

A new technique discovered in 2026 reveals that attackers can manipulate Windows kernel structures to conceal running processes from detection systems, even while modern security layers like PatchGuard protect the system. Outflank analysts identified a method that exploits the timing…

Read more →

CISA issued a critical alert regarding a code-injection vulnerability in Microsoft PowerPoint that poses a significant risk to organizations worldwide. The vulnerability, tracked as CVE-2009-0556, allows remote attackers to execute arbitrary code by crafting malicious PowerPoint files. Potentially compromising system…

Read more →

AuraStealer has emerged as a dangerous malware-as-a-service targeting Windows systems from Windows 7 to Windows 11. This infostealer spreads primarily through Scam-Yourself campaigns on platforms like TikTok, where victims encounter tutorial videos promoting free activation of paid software. The malware…

Read more →

Cisco has patched a critical flaw in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that lets authenticated administrators snoop on sensitive server files. Dubbed CVE-2026-20029, the vulnerability stems from a flaw in XML parsing in the…

Read more →

A sophisticated Chinese hacking group has breached email systems accessed by staffers on critical U.S. House committees, exposing sensitive communications amid escalating cyber tensions between Washington and Beijing. The Financial Times revealed on Wednesday that the intruders, tracked as Salt…

Read more →

A critical security vulnerability has been discovered in TLP, a widely used Linux laptop battery optimization utility, allowing local attackers to bypass authentication controls and manipulate system power settings without authorization. Security researchers from openSUSE identified a severe authentication bypass…

Read more →

GitLab has released emergency security patches for multiple versions of its platform, addressing eight vulnerabilities that could enable arbitrary code execution and unauthorized access in self-managed installations. The updated versions 18.7.1, 18.6.3, and 18.5.5 were deployed to GitLab.com on January…

Read more →

March 2026 delivered a surge in cyber threats targeting users and organizations alike from banking apps hijacked to siphon personal data, to trusted domains exploited for phishing redirects. Cybercriminals unleashed increasingly cunning and perilous tactics. Here’s a breakdown of the…

Read more →

IT asset management (ITAM) software has become indispensable for businesses seeking to track, manage, and optimize their hardware, software, and cloud resources efficiently. As 2026 approaches, ITAM tools are evolving rapidly with cutting-edge features that cut costs, bolster security, ensure…

Read more →

Server monitoring tools keep IT infrastructure running smoothly by delivering real-time visibility into key metrics like CPU load, memory usage, disk capacity, and network throughput. Standouts include Zabbix for its scalability and customization, Nagios with vast plugin ecosystems for tailored…

Read more →

Securing websites demands top-tier web vulnerability scanners. These powerful tools pinpoint critical flaws like SQL injection, cross-site scripting (XSS), and command injection, keeping your site fortified against attacks. Elite scanners emulate attacker strategies, delivering concrete proof and precise fix instructions.…

Read more →