Category: Cyber Security News

A critical pre-authentication SQL injection vulnerability in LiteLLM, a widely used open-source AI gateway with over 22,000 GitHub stars, is actively being exploited in the wild. Tracked as CVE-2026-42208, this severe flaw allows unauthorized attackers to extract highly sensitive cloud…

Read more →

Silver Fox, a China-based threat group has launched a new wave of attacks targeting businesses and individuals across Asia, using fake tax audit notifications and counterfeit software update alerts to install dangerous malware on victim systems. The campaign reflects a…

Read more →

A critical zero-click authentication coercion vulnerability, tracked as CVE-2026-32202, stemming from an incomplete patch for a Windows Shell security feature bypass actively weaponized by the Russian APT28 threat group. Microsoft confirmed active exploitation of the flaw and released a fix as…

Read more →

WhatsApp is currently developing an independent cloud backup system designed to give users more direct control over their chat histories. This upcoming feature will allow users to store their backups securely on WhatsApp’s native servers. The update aims to reduce…

Read more →

A Chinese national tied to one of the most damaging state-sponsored hacking campaigns in recent history has been extradited to the United States from Italy. Xu Zewei, 34, a citizen of the People’s Republic of China, landed on U.S. soil…

Read more →

A state-sponsored threat group, Sandworm (also tracked as APT-C-13 and FROZENBARENTS), has launched a targeted cyberattack campaign using a combined SSH and Tor tunneling technique to maintain long-term hidden access inside victim networks. This campaign marks a clear upgrade from…

Read more →

Microsoft has officially launched its new “agentic” capabilities for Copilot in Outlook, transforming the AI from a basic drafting assistant into an autonomous digital agent. Announced on April 27, 2026, this major update enables Copilot to manage both your inbox…

Read more →

A wave of large-scale phishing campaigns backed by Chinese-language services is quietly targeting people around the world, using everyday messaging apps to steal personal and financial credentials. These operations have grown well beyond regional limits, making them one of the…

Read more →

Cybersecurity researchers have recently disclosed three moderate-severity vulnerabilities in OpenClaw, an AI agent framework previously known as Clawdbot and Moltbot. Distributed as an npm package, these security flaws allow bypasses of policy enforcement, gateway configuration mutations, and host override attacks…

Read more →

Whenever someone uses Windows Remote Desktop, the operating system quietly saves visual fragments of the active session. As recently highlighted by SCYTHE Labs, attackers can easily extract these breadcrumbs and rebuild them into readable screenshots. This process requires no special…

Read more →

A major software supply chain attack has compromised the popular Python package elementary-data, exposing thousands of developers to massive credential theft. Threat actors successfully pushed a malicious version, 0.23.3, to the Python Package Index (PyPI) and poisoned the matching Docker images…

Read more →

A new fake document reader app found on the Google Play Store has been silently installing Anatsa, a powerful Android banking trojan, on thousands of user devices. The malicious application surpassed 10,000 downloads before Google removed it, putting a significant…

Read more →

A new Android banking malware, tracked as KYCShadow, was discovered targeting bank customers across India through a carefully designed fake Know Your Customer (KYC) verification workflow. Distributed via WhatsApp, it tricks victims into installing what appears to be an official…

Read more →

A well-known Iranian state-sponsored hacking group called OilRig, also tracked as APT34 and Helix Kitten, has been found hiding its command-and-control (C2) server configuration inside a regular-looking image file stored on Google Drive. The threat group used a technique called…

Read more →

A Cursor AI coding agent powered by Anthropic’s Claude Opus 4.6 deleted the entire production database and all volume-level backups of PocketOS, a SaaS platform serving car rental businesses nationwide, in a single unauthorized API call on Friday, April 25,…

Read more →

Google has fixed a critical security flaw in the Gemini CLI that could allow attackers to execute remote code in certain automated workflows. The issue affects the npm package @google/gemini-cli and the google-github-actions/run-gemini-cli GitHub Action, especially when they are used in headless environments such…

Read more →

A publicly accessible JavaScript file on ClickUp’s homepage has been silently leaking nearly a thousand corporate and government email addresses, including employees from Fortinet, Home Depot, Tenable, Mayo Clinic, and U.S. state government workers, through a hardcoded third-party API key…

Read more →

A security vulnerability has been identified in Notepad++, one of the most widely used open-source text editors among developers and IT professionals. The vulnerability CVE-2026-3008, which could allow a remote attacker to crash the application or extract sensitive memory address…

Read more →

A newly discovered malware campaign is targeting government employees in Pakistan using carefully crafted spear-phishing emails that combine obfuscation and staged payload delivery to stay hidden from security tools. The attack was directed at staff from the Punjab Safe Cities…

Read more →

A credential-stealing malware named Vidar has quietly emerged as one of the most active threats targeting corporate employees in early 2026. Threat actors are using fake software downloads promoted through YouTube videos to trick workers into installing it on their…

Read more →