Category: Cyber Security News

A dangerous new piece of malware called Remus has surfaced, quietly picking up where one of the most feared information stealers left off. Designed to steal browser passwords, cookies, and cryptocurrency wallets, Remus carries the DNA of Lumma Stealer, one…

Read more →

A sophisticated cyber operation linked to an Iranian-nexus threat actor has quietly worked through at least 12 Omani government ministries, stealing tens of thousands of citizen records and leaving persistent backdoors behind. The attackers used webshells, SQL server escalation, and…

Read more →

A cleverly disguised malware campaign is targeting developers and AI-driven systems by hiding inside what looks like a legitimate plugin for an open-source AI framework. Security researchers have uncovered a threat that takes full advantage of how modern AI agents…

Read more →

A significant set of security vulnerabilities in Salesforce Marketing Cloud (SFMC) could have allowed attackers to read and expose private email data belonging to millions of users across hundreds of organizations. The flaws, now patched, were rooted in the platform’s…

Read more →

In a significant supply chain security incident, the popular video hosting platform Vimeo has confirmed a data breach that exposed user information. Discovered in April 2026, the breach exposed 119,000 unique email addresses and other metadata. The incident highlights the…

Read more →

A severe zero-authorization vulnerability in Schemata’s API, an AI-powered virtual training platform holding active Department of Defense (DoD) contracts, recently exposed highly sensitive military training materials and U.S. service member records. Discovered by the open-source AI hacking agent Strix, the…

Read more →

Cloud identity security relies heavily on Microsoft Entra ID (formerly Azure AD) Conditional Access. It acts as the primary digital gatekeeper, checking user locations, calculating risk scores, and verifying device health before granting access. However, an authorized red team engagement…

Read more →

The aviation and aerospace sector has become one of the most actively targeted industries by ransomware operators and data extortion groups in 2025 and 2026. From passenger-processing platforms to satellite-dependent navigation systems, attackers are finding that disrupting even a single…

Read more →

Palo Alto Networks has disclosed a critical buffer overflow vulnerability in PAN-OS software, tracked as CVE-2026-0300, that is already being actively exploited in the wild. The flaw carries a CVSS 4.0 score of 9.3 (CRITICAL) and allows unauthenticated attackers to…

Read more →

Robust defense systems are built on a clear understanding of current threats and the ability to translate it into consistent decisions and measurable outcomes at optimal cost.  High-performing SOCs achieve this by eliminating unnecessary work and operationalizing threat data. At the core of this model lies threat intelligence that is:   Not all threat data sources meet these criteria. The…

Read more →

A North Korea-aligned threat group known as ScarCruft has been caught running a supply chain attack against a video gaming platform serving ethnic Koreans in China’s Yanbian region. The attackers planted backdoors in both Windows and Android versions of the…

Read more →

Qualcomm Technologies has released a critical security bulletin addressing multiple severe vulnerabilities in its proprietary and open-source software. These security updates are essential for protecting devices from severe flaws that threaten a vast ecosystem of hardware powered by Snapdragon processors.…

Read more →

A critical unauthenticated remote code execution vulnerability in the Weaver E-cology platform is currently being actively exploited in the wild. CVE-2026-22679 carries a maximum CVSS score of 9.8 and affects Weaver E-cology 10.0 builds released before 20260312. The security flaw…

Read more →

Cisco has announced its intent to acquire Astrix Security Ltd., an industry leader in Non-Human Identity (NHI) security. This strategic acquisition aims to protect enterprise environments from the expanding attack surface created by the rapid deployment of AI agents. The…

Read more →

GnuTLS version 3.8.13 has been officially released to patch a dozen security vulnerabilities, including critical flaws affecting secure network communications. The update is highly recommended for all systems using GnuTLS, as it addresses memory corruption, authentication bypasses, and certificate validation…

Read more →

In a sophisticated supply chain attack discovered in early May 2026, the popular disk image mounting software DAEMON Tools has been compromised to deliver malicious payloads to users globally. Kaspersky security researchers identified that official installers distributed from the legitimate…

Read more →

Schools, universities, and research institutions across the globe are facing a growing wave of cyber threats in 2026, with state-backed espionage groups, spear-phishing campaigns, and supply chain attacks placing the entire education sector on high alert. Data from Q1 2026…

Read more →

Threat actors are increasingly turning to Amazon’s own cloud email infrastructure to deliver phishing messages that look completely genuine, passing every standard security check along the way. Phishing has always been about deception. Attackers craft emails designed to look real,…

Read more →

A large-scale phishing campaign has been caught using fake “code of conduct” emails to trick employees into giving up their account credentials. The attackers did not just steal passwords. They went a step further by hijacking active authentication sessions through…

Read more →

Meta has announced that Instagram will officially discontinue its optional end-to-end encrypted direct message feature on May 8, 2026. The feature was initially rolled out for testing in 2021 to provide users with a secure communication channel accessible only by…

Read more →