Category: Cyber Security News

Meta has disclosed a medium-severity security vulnerability in WhatsApp that could allow threat actors to exploit Instagram Reels integration to trigger arbitrary URL processing on victim devices, potentially invoking OS-level custom URL scheme handlers without user consent. WhatsApp Vulnerabilities The…

Read more →

Tracking Advanced Persistent Threat (APT) groups has never been a simple task. For years, security organizations have relied on identifying consistent behaviors, tools, and infrastructure to pin activity to a known threat actor. But that approach is showing serious cracks,…

Read more →

A fake website claiming to offer an official macOS version of the popular text editor Notepad++ has been making rounds online, raising serious cybersecurity concerns across the tech community. The site, operating under the domain notepad-plus-plus-mac.org, falsely presents itself as…

Read more →

Google has published the May 2026 Android Security Bulletin, alerting the ecosystem to a highly severe remote code execution (RCE) flaw. Tracked as CVE-2026-0073, this critical vulnerability resides deep within the core Android System component. It allows an attacker to…

Read more →

The npm ecosystem has long been a target for supply chain attacks, where threat actors exploit the open nature of public package registries to push malicious code into developer environments. With pnpm 11, the package manager takes a direct step…

Read more →

The Apache Software Foundation has released a critical security update for Apache HTTP Server, patching five vulnerabilities, including a dangerous double-free flaw capable of enabling Remote Code Execution (RCE) in version 2.4.67, released on May 4, 2026. All users running…

Read more →

A security researcher has discovered that Microsoft Edge decrypts every stored password into process memory the moment the browser launches and keeps them there as cleartext, regardless of whether the user ever visits those sites. The finding, disclosed on April…

Read more →

The Apache Software Foundation has released a critical security update for Apache HTTP Server, patching five vulnerabilities, including a dangerous double-free flaw capable of enabling Remote Code Execution (RCE) in version 2.4.67, released on May 4, 2026. All users running…

Read more →

A sophisticated threat actor breached DigiCert’s internal support environment in early April 2026 by tricking support analysts into executing a disguised malicious screensaver file, ultimately obtaining stolen EV Code Signing certificates used to distribute the “Zhong Stealer” malware family. On…

Read more →

A newly identified phishing kit called Bluekit is changing how cybercriminals carry out phishing attacks by packing multiple attack capabilities into a single, easy-to-use operator panel. Rather than relying on separate tools stitched together from different sources, Bluekit gives attackers…

Read more →

A new infostealer malware called MicroStealer has quietly entered the threat landscape and is already showing a worrying reach. First spotted in December 2025, the malware has picked up speed fast, showing up across sandbox environments within weeks of its…

Read more →

A newly identified botnet called xlabs_v1 has been found targeting Minecraft game servers by exploiting Android devices with the Android Debug Bridge (ADB) port left open and exposed to the internet. The botnet is a modified version of the well-known…

Read more →

A malicious npm package impersonating the widely trusted TanStack project was discovered on April 29, 2026, silently stealing developer environment files the moment it was installed. The attacker registered the unscoped “tanstack” package name on npm, dressed it up as…

Read more →

The Apache MINA project has issued urgent security updates to address two critical vulnerabilities that could allow attackers to execute arbitrary code on affected systems. Developers relying on this network application framework are strongly urged to update their software immediately…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Linux kernel zero-day vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning federal agencies and organizations worldwide to patch immediately or discontinue use of affected systems. Tracked as…

Read more →

A new supply chain attack is targeting the SAP developer ecosystem through poisoned npm packages. The campaign uses a malicious worm called “Mini Shai-Hulud,” which runs silently before any npm install completes and steals credentials from developer machines, cloud platforms,…

Read more →

Two American cybersecurity professionals were sentenced to four years each in federal prison on April 30, 2026, for carrying out ransomware attacks against multiple U.S. businesses using the ALPHV BlackCat ransomware. The U.S. Department of Justice confirmed the sentencing of…

Read more →

Progress Software has issued a critical security bulletin for its MOVEit Automation platform. This April 2026 alert warns of two highly severe vulnerabilities that could allow attackers to bypass security checkpoints and gain full system control. MOVEit Automation is widely…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw affecting widely used web hosting management platforms. CISA recently added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat…

Read more →

A new wave of cyberattacks is targeting employees through a combination of inbox flooding and fake IT support contacts on Microsoft Teams, tricking users into handing over remote access to their own devices. These attacks have been growing steadily since…

Read more →