Category: Cyber Security News

A critical security bulletin highlights multiple vulnerabilities in Verify Identity Access and Security Verify Access products. If left unpatched, these widespread security flaws could allow malicious actors to access sensitive information, escalate their system privileges, or cause a complete denial-of-service…

Read more →

Two significant threat campaigns from March 2026, one abusing Microsoft’s OAuth authentication flow to silently hijack enterprise accounts, and another deploying the AMOS infostealer against macOS users who work with AI development tools like Claude Code. The EvilTokens campaign represents…

Read more →

As cyber threats evolve at an unprecedented pace, Amazon Web Services (AWS) and Anthropic have teamed up to introduce the next generation of artificial intelligence for cybersecurity. Announced as part of Anthropic’s new Project Glasswing, a specialized AI model named…

Read more →

A newly discovered high-severity vulnerability in Docker Engine could allow attackers to bypass authorization plugins and potentially gain unauthorized access to the underlying host system. Tracked as CVE-2026-34040, this security flaw stems from an incomplete patch for a previously known…

Read more →

Amazon Web Services (AWS) has introduced a major update to its cloud storage infrastructure with the launch of Amazon S3 Files. This new feature allows organizations to access their Amazon S3 buckets directly as fully functional shared file systems, eliminating…

Read more →

Google is bringing a major performance enhancement to its browser by expanding native lazy loading capabilities to include video and audio elements. By adding the loading=”lazy” attribute directly to <video> and <audio> HTML tags now allow developers to defer the download of heavy media resources until…

Read more →

Microsoft has acknowledged a server-side issue that disrupted Start Menu search functionality for a subset of Windows 11 23H2 users, and has since deployed a fix to address the problem without requiring users to install any additional updates. The issue,…

Read more →

A critical remote code execution (RCE) vulnerability has been disclosed in Apache ActiveMQ Classic, a flaw that sat undetected for over a decade and was ultimately discovered not by a human researcher manually combing through code, but by Anthropic’s Claude…

Read more →

The U.S. Justice Department and the FBI have successfully dismantled a massive cyberespionage network in a court-authorized takedown dubbed “Operation Masquerade.” Announced on April 7, 2026, the technical operation neutralized thousands of compromised small office/home office (SOHO) routers that were…

Read more →

OpenSSL has released a broad April 2026 security update that fixes seven vulnerabilities across supported branches, led by CVE-2026-31790, a moderate-severity flaw in RSA KEM RSASVE encapsulation that can expose uninitialized memory to a malicious peer. The advisory directs users…

Read more →

Indian Bank has issued an urgent cybersecurity advisory warning its customers about a rapidly spreading wave of fraudulent LPG payment and KYC update messages that are being used to steal banking credentials and drain accounts. Cybercriminals are exploiting growing public…

Read more →

A critical vulnerability chain in the Common Unix Printing System (CUPS) that allows unauthenticated remote attackers to execute arbitrary malicious code with root system privileges. Security researcher Asim Viladi Oglu Manizada and his team discovered two zero-day flaws, officially tracked…

Read more →

A critical remote code execution (RCE) vulnerability has been disclosed in Apache ActiveMQ Classic, a flaw that sat undetected for over a decade and was ultimately discovered not by a human researcher manually combing through code, but by Anthropic’s Claude…

Read more →

Researchers at NDSS 2026 demonstrate a covert acoustic eavesdropping attack that transforms standard FTTH telecom fiber cables into passive, undetectable listening devices invisible to RF scanners and immune to ultrasonic jammers. Security researchers from The Hong Kong Polytechnic University, The…

Read more →

A new supply chain attack has surfaced targeting software developers who work with AI coding tools. On March 20, 2026, a threat actor published a malicious npm package named gemini-ai-checker under the account gemini-check, presenting it as a simple utility to verify Google…

Read more →

Kubernetes has become one of the most widely used platforms for managing containerized applications in enterprise environments. But as its adoption has grown, so has the attention it draws from malicious actors. Threat actors are now exploiting misconfigurations within Kubernetes…

Read more →

A dangerous Linux backdoor called BPFDoor has returned in a more powerful form, with researchers uncovering new variants built to stay invisible inside critical network infrastructure. Linked to a China-nexus threat actor group known as Red Menshen, these updated versions…

Read more →

A dangerous cyberattack campaign is actively hitting web applications across the internet at a frightening speed. Hackers are exploiting a critical security flaw called React2Shell, targeting websites built on the widely used Next.js framework. In just 24 hours, attackers broke…

Read more →

A large-scale campaign by Forest Blizzard, a Russian military-linked threat actor, targeting home and small-office routers to hijack DNS traffic and intercept encrypted communications with over 200 organizations and 5,000 consumer devices already compromised. Forest Blizzard (also tracked as APT28…

Read more →

A fresh wave of cyberattacks is targeting Windows users through a deceptive social engineering technique called ClickFix. Attackers use a fake browser verification page to trick users into running a hidden command that quietly drops a Node.js-based Remote Access Trojan…

Read more →