Category: Cyber Security News

One of the most widely used JavaScript libraries in the world was turned into a weapon on March 30, 2026, when attackers poisoned the Axios npm package and silently deployed malware on developer machines running Windows, macOS, and Linux. With…

Read more →

A new supply chain attack targeting developers after threat actors compromised the official WordPress domain for ILSpy on April 6, 2026. Instead of providing the legitimate software, the hijacked website began redirecting visitors to a malicious webpage to deliver malware.…

Read more →

A maximum-severity vulnerability in Dgraph, a popular open-source graph database. Tracked as CVE-2026-34976, this critical flaw carries a perfect CVSS score of 10.0. It allows unauthenticated remote attackers to bypass all security controls, overwrite entire databases, read sensitive server files,…

Read more →

The Apache Software Foundation has released emergency security updates to address two severe vulnerabilities in the Apache Traffic Server (ATS). ATS operates as a high-performance web proxy cache that improves network efficiency and handles massive volumes of enterprise web traffic.…

Read more →

Google’s Vulnerability Reward Program (VRP) celebrated its 15th anniversary in 2025 by breaking every payout record in its history. The tech giant awarded a staggering $17 million to external security researchers worldwide, representing a massive 40% surge compared to 2024.…

Read more →

Cybercriminals are launching a sophisticated new wave of attacks using fake Microsoft Teams domains. According to recent threat intelligence shared by SEAL Org, hackers are actively tricking corporate users into downloading malicious payloads by mimicking the widely used communication platform. As…

Read more →

A high-severity security bypass vulnerability in Anthropic’s Claude Code AI coding agent allows malicious actors to silently evade user-configured deny rules through a simple command-padding technique, exposing hundreds of thousands of developers to credential theft and supply chain compromise. According…

Read more →

A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment. Built for Parrot OS and other Debian-based Linux distributions, METATRON combines automated reconnaissance tooling with…

Read more →

A new Remote Access Trojan (RAT) called ResokerRAT has been found targeting Windows systems by abusing Telegram’s widely used Bot API to receive commands and send stolen data back to attackers. Unlike traditional malware that relies on custom command-and-control servers,…

Read more →

A coordinated supply chain attack has been uncovered targeting developers who build applications on Strapi, a widely used open-source content management system. Thirty-six malicious npm packages disguised as legitimate Strapi plugins were published to the npm registry, carrying payloads designed…

Read more →

Researchers at Google DeepMind have published a comprehensive study revealing that autonomous AI agents browsing the web are deeply vulnerable to a new class of attacks called “AI Agent Traps,” which are adversarial content engineered into websites and digital resources…

Read more →

The Shadowserver Foundation has issued an urgent warning to FortiClient Enterprise Management Server (EMS) administrators after identifying over 2,000 publicly accessible instances globally, two of which are now confirmed to be actively exploited through critical unauthenticated remote code execution (RCE)…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting TrueConf software to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-3502, this security flaw is currently facing active exploitation in the wild. The discovery has…

Read more →

Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors. Tracked as CVE-2026-35616 and carrying a CVSSv3 score of 9.1 (Critical), the flaw enables…

Read more →

A highly coordinated social engineering campaign is actively targeting top open-source developers in the Node.js and npm ecosystem. Following the recent compromise of the popular package Axios, which sees over 100 million weekly downloads, several high-impact software maintainers have reported…

Read more →

The cybersecurity community is on high alert following a massive source code leak from Anthropic. On March 31, 2026, the company accidentally exposed the complete source code for Claude Code, its flagship terminal-based coding assistant. The leak occurred due to…

Read more →

A dangerous attack chain in Progress ShareFile that can allow attackers to take over exposed on-premises servers without first logging in. The issues affect customer-managed ShareFile Storage Zones Controller 5.x deployments, and Progress says customers should upgrade to version 5.12.4…

Read more →

In ever-changing technology and networks, privacy is becoming increasingly difficult to achieve. People are so used to using the Internet and IoT devices that the sensitive data they share on the web has become a prime target for hackers or…

Read more →

User Access Management tools centralize control over user permissions and access, providing a unified platform to enforce consistent security policies across diverse systems and applications. They enhance security by implementing role-based access controls, monitoring user activity, preventing unauthorized access, mitigating…

Read more →

Every time you open LinkedIn in a Chrome-based browser, hidden JavaScript silently scans your computer for installed software without your knowledge, without your consent, and without a single word in LinkedIn’s privacy policy. A revealing investigation conducted by the European…

Read more →