Category: Cyber Security News

A sophisticated phishing campaign active between November 2025 and January 2026 has been exploiting Vercel’s legitimate hosting platform to distribute remote access tools to unsuspecting victims. The attack chain combines social engineering with trusted domain exploitation, making it particularly effective…

Read more →

An out-of-band (OOB) cumulative update, KB5078127, to address critical file system compatibility issues affecting Windows 11 users. The update resolves widespread problems introduced by the January 13, 2026, security update (KB5074109) that caused application freezes and cloud storage failures across…

Read more →

A moderate-severity vulnerability in the Hadoop Distributed File System (HDFS) native client could allow attackers to trigger system crashes or corrupt critical data through maliciously crafted URI inputs. The vulnerability, tracked as CVE-2025-27821, affects Apache Hadoop versions 3.2.0 through 3.4.1.…

Read more →

Attackers are increasingly turning their attention to construction firms by abusing weaknesses in business software that runs on their job sites. One of the newest targets is the Mjobtime construction time-tracking application, which is often deployed on Microsoft IIS with…

Read more →

A massive database containing 149 million stolen login credentials was discovered exposed online without password protection or encryption. Posing serious security risks to users of Gmail, Instagram, Facebook, Netflix, and thousands of other platforms worldwide. The publicly accessible database contained…

Read more →

A new malware campaign is exploiting fake Blue Screen of Death warnings and trusted Microsoft build tools to deliver a dangerous remote access trojan. The operation, tracked as PHALT#BLYX, targets hospitality businesses with deceptive reservation cancellation emails that manipulate victims…

Read more →

Microsoft has launched an urgent investigation into severe stability issues plaguing the January 2026 security update for Windows 11, following reports that the patch is causing critical boot failures on physical devices. The update, identified as KB5074109, was intended to…

Read more →

A sophisticated “homoglyph” phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter “m” with the combination “rn” (r + n), creating fake websites that look nearly identical to the real ones. This…

Read more →

A sophisticated “homoglyph” phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter “m” with the combination “rn” (r + n), creating fake websites that look nearly identical to the real ones. This…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that active exploitation of CVE-2024-37079 has been detected in the wild, posing a…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that active exploitation of CVE-2024-37079 has been detected in the wild, posing a…

Read more →

Microsoft is preparing to deploy a significant, potentially controversial update to Microsoft Teams that automatically detects and displays a user’s physical work location based on the Wi-Fi network they connect to. According to the latest update on the Microsoft 365…

Read more →

Microsoft has unveiled the public preview of WinApp CLI (winapp), a new open-source command-line tool designed to simplify Windows app development for developers using diverse frameworks outside Visual Studio or MSBuild. Hosted on GitHub, the tool targets web devs with…

Read more →

Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations through SharePoint file-sharing abuse. The multi-stage attack compromised multiple user accounts and evolved into widespread business email compromise (BEC) operations across several organisations. Initial Compromise…

Read more →

Active exploitation of a critical authentication bypass vulnerability in the GNU InetUtils telnetd server (CVE-2026-24061) has been observed in the wild, allowing unauthenticated attackers to gain root access to Linux systems. The vulnerability, which affects GNU InetUtils versions 1.9.3 through…

Read more →

Microsoft gave U.S. federal agents the digital keys needed to unlock three encrypted laptops linked to a massive COVID unemployment scam in Guam. This case shows how cloud-stored encryption keys can help law enforcement, but also raises big privacy worries…

Read more →

A new malware campaign targeting Windows users has emerged, using deceptive LNK shortcut files to distribute MoonPeak, a dangerous remote access trojan. This malware, which appears to be a variant of XenoRAT, has been linked to threat actors affiliated with…

Read more →

A critical backdoor vulnerability has been discovered in the LA-Studio Element Kit for Elementor, a popular WordPress plugin used by more than 20,000 active sites. This security flaw allows attackers to create administrator accounts without any authentication, putting thousands of…

Read more →

A new wave of web-based malware campaigns is using fake verification pages to trick users into installing dangerous software. These attacks copy the look and feel of legitimate security checks that people see every day while browsing the internet. The…

Read more →

A sophisticated macOS malware called MacSync has emerged as a dangerous new threat targeting cryptocurrency users through deceptive social engineering tactics. The infostealer operates as an affordable Malware-as-a-Service tool designed to harvest sensitive data from macOS systems by convincing victims…

Read more →