Category: Cyber Security News

A high-severity access-control vulnerability (CVSS 8.2) in Cursor, a widely used AI-powered coding environment. The flaw uncovered by LayerX has allowed any installed extension to access a developer’s API keys and session tokens secretly. This results in total credential compromise…

Read more →

A critical zero-day vulnerability in the Linux kernel has been publicly disclosed, enabling any unprivileged local user to obtain root access on virtually every major Linux distribution shipped since 2017. Dubbed “Copy Fail” and tracked as CVE-2026-31431, the flaw was…

Read more →

North Korea’s state-sponsored Lazarus Group has unleashed a newly identified, modular macOS malware kit dubbed “Mach-O Man” a sophisticated, four-stage attack chain targeting fintech executives, crypto developers, and high-value enterprise users through fake meeting invitations and social engineering lures. Analyzed…

Read more →

A new supply chain attack dubbed “mini Shai Hulud” has compromised four SAP-related npm packages by injecting malicious preinstall scripts that silently execute during dependency installation, targeting developer environments and CI/CD pipelines to steal credentials across GitHub, npm, and major…

Read more →

A newly identified malware called SLOTAGENT has drawn attention in the cybersecurity community for its strong ability to resist analysis and avoid detection. The malware does not rely on brute force tactics. Instead, it uses two precise techniques, API hashing…

Read more →

A high-severity vulnerability in Cursor, one of the most widely used AI-powered coding environments today, has put developers at direct risk of remote code execution. Tracked as CVE-2026-26268, the flaw allows an attacker to run arbitrary code on a developer’s…

Read more →

Google has released a critical security update for its Chrome desktop browser to address 30 security vulnerabilities, including four severe flaws that could enable Remote Code Execution (RCE) attacks. The Stable channel has been updated to version 147.0.7727.137/138 for Windows…

Read more →

A critical, currently unpatched remote code execution (RCE) vulnerability has been disclosed in LeRobot, Hugging Face’s popular open-source machine learning framework for real-world robotics. Tracked as CVE-2026-25874 with a critical CVSS score of 9.3, the flaw allows unauthenticated attackers to…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Microsoft Windows. On April 28, 2026, the agency officially added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability…

Read more →

Video hosting platform Vimeo has confirmed a data breach resulting in unauthorized access to its user database. The security incident stems from a compromise at Anodot, a third-party analytics vendor utilized by Vimeo and several other major organizations. This event…

Read more →

A dangerous infostealer malware called LofyStealer is actively targeting Minecraft players by disguising itself as a game cheat tool named “Slinky.” The malware runs a two-stage attack that quietly steals sensitive data from popular web browsers while staying largely hidden…

Read more →

A newly documented ransomware strain called VECT 2.0 has drawn serious attention from the cybersecurity community for a deeply damaging flaw in its design. Unlike typical ransomware that locks files and demands payment for decryption, VECT 2.0 permanently destroys any…

Read more →

A new ransomware group known as Vect 2.0 has entered the global cyberthreat landscape, operating as a full Ransomware-as-a-Service (RaaS) platform that targets Windows, Linux, and VMware ESXi systems. The group first appeared in December 2025 and rapidly scaled its…

Read more →

Web hosting control panel giant cPanel has issued an emergency security update to address a critical vulnerability affecting its core software. The security flaw directly impacts multiple authentication paths within the cPanel and Web Host Manager (WHM) ecosystem. System administrators…

Read more →

A dangerous new cyber campaign from North Korea’s Lazarus Group is targeting cryptocurrency and Web3 professionals using fake Zoom meeting interfaces, fileless PowerShell scripts, and AI-generated deepfake content. The group behind this activity is BlueNoroff, a financially motivated subgroup known…

Read more →

Microsoft has officially acknowledged a known issue in its April 2026 Windows 11 cumulative update: Remote Desktop Protocol (RDP) security warning dialogs may render incorrectly on certain system configurations, a significant usability concern given that the warnings are designed to…

Read more →

A critical remote code execution (RCE) vulnerability tracked as CVE-2026-3854 in GitHub’s internal git infrastructure that could have allowed any authenticated user to compromise backend servers, access millions of private repositories, and, in the case of GitHub Enterprise Server (GHES),…

Read more →

A sophisticated, memory-resident phishing campaign called BlobPhish, active since October 2024, that exploits browser Blob URL APIs to silently steal credentials from Microsoft 365 users, major U.S. banks, and financial platforms while remaining almost completely invisible to traditional security tools.…

Read more →

Application security testing firm Checkmarx has confirmed a significant escalation in its ongoing security incident. Cybercriminals have officially published company data on the dark web. This new development directly ties back to a supply chain attack that initially compromised the…

Read more →

Microsoft has officially acknowledged a known issue in its April 2026 Windows 11 cumulative update: Remote Desktop Protocol (RDP) security warning dialogs may render incorrectly on certain system configurations, a significant usability concern given that the warnings are designed to…

Read more →