The Internet Systems Consortium (ISC) has released a critical security advisory warning network administrators of a high-severity vulnerability affecting the Kea DHCP server. Tracked as CVE-2026-3608, this flaw allows unauthenticated remote attackers to trigger a stack overflow error. When successfully…
Category: Cyber Security News
New Windows Error Reporting Vulnerability Lets Attackers Escalate to Gain SYSTEM Access
A newly analyzed local privilege escalation vulnerability in the Windows Error Reporting (WER) service allows attackers to easily gain full SYSTEM access. The flaw, tracked as CVE-2026-20817, was considered so structurally dangerous that Microsoft completely removed the vulnerable feature rather…
Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer Malware on macOS Systems
A new macOS malware that was undocumented previously, is quietly tricking users through fake Cloudflare human verification pages. Called Infiniti Stealer, this threat uses a well-known social engineering trick called ClickFix to convince Mac users into running dangerous commands directly…
Anthropic’s Leaked Drafts Expose Powerful New AI Model “Claude Mythos”
Anthropic has inadvertently exposed highly sensitive internal documents, revealing the existence of a powerful, unreleased AI model dubbed “Claude Mythos.” The leak, which stems from an unsecured and publicly searchable data cache, has raised immediate alarms within the cybersecurity community,…
Critical NVIDIA Vulnerabilities Enables RCE and DoS Attacks
Critical March 2026 security updates have been released to fix multiple vulnerabilities across enterprise and AI software systems. The latest advisories highlight severe flaws that could enable attackers to execute arbitrary code, trigger denial-of-service (DoS) conditions, or escalate privileges within compromised…
Claude Chrome Extension 0-Click Vulnerability Enables Silent Prompt Injection Attacks
A critical zero-click vulnerability in Anthropic’s Claude Chrome Extension exposed over 3 million users to silent prompt-injection attacks, allowing malicious websites to hijack the AI assistant without user interaction. The flaw, now patched, could have enabled attackers to steal Gmail…
VoidLink Rootkit Uses eBPF and Kernel Modules to Hide Deep Inside Linux Systems
A new and technically advanced rootkit called VoidLink has emerged as a serious threat to Linux systems, blending Loadable Kernel Modules (LKMs) with extended Berkeley Packet Filter (eBPF) programs to hide deep inside the operating system’s core. First documented by…
Leak Bazaar Turns Stolen Corporate Data Into a Structured Criminal Marketplace
A threat actor known as “Snow” from SnowTeam posted an advertisement on the Russian-speaking TierOne (T1) cybercrime forum on March 25, 2026, introducing a new criminal service called Leak Bazaar. The platform is not a traditional data leak site. Instead,…
New ClickFix Attack Leverage Windows Run Dialog Box and macOS Terminal to Deploy Malware
A social engineering technique called ClickFix has resurfaced with significant force, tricking users on both Windows and macOS into manually executing malicious commands that quietly install malware on their devices. First documented in late 2023, the method has rapidly grown…
Hackers Plant Stealthy BPFdoor Backdoors in Telecom Networks for Long-Term Access
A months-long investigation by Rapid7 Labs has exposed a sophisticated, state-sponsored espionage campaign by the China-nexus threat actor Red Menshen, which has embedded some of the most covert digital sleeper cells ever documented inside global telecommunications infrastructure. Released on March…
LeakBase Hacker Forum Admin Arrested in Russia by Law Enforcement Authorities
Russian law enforcement has arrested the suspected administrator of LeakBase, a prominent international hacker forum. The operation, coordinated by the Russian Ministry of Internal Affairs (MVD) alongside the Bureau of Special Technical Measures (BSTM), dismantled a platform that traded in…
GhostClaw AI Assisted Malware Attacking macOS Users to Deploy Credential-Stealing Payloads
A newly documented malware campaign called GhostClaw is actively targeting macOS users through fake GitHub repositories and AI-assisted development workflows. The campaign uses social engineering disguised as legitimate developer tools to steal user credentials and drop secondary payloads on infected…
IDrive for Windows Vulnerability Let Attackers Escalate Privileges
A critical local privilege escalation vulnerability has been identified in the IDrive Cloud Backup Client for Windows. Tracked as CVE-2026-1995, this local privilege escalation vulnerability affects the IDrive Cloud Backup Client for Windows, specifically targeting versions 7.0.0.63 and earlier. Security researchers…
CISA Warns of Langflow Code Injection Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the Langflow platform to its Known Exploited Vulnerabilities (KEV) catalog on March 25, 2026. The vulnerability, tracked as CVE-2026-33017, involves a highly dangerous code injection…
Fake Screenshot Lures Used to Infect Web3 Support Staff With Multi-Stage Malware
A threat group known as APT-Q-27 has been running an active campaign against Web3 customer support teams, using fake screenshot links in live chat windows to silently install a persistent backdoor on victim machines. The attack targets the most human…
New Torg Grabber Stealer Moves From Telegram Exfiltration to Encrypted REST API C2
A new Malware-as-a-Service (MaaS) credential stealer named Torg Grabber has surfaced, showing remarkable development pace over just three months. Starting with simple Telegram-based data exfiltration, it matured into a fully encrypted REST API command-and-control (C2) infrastructure. With 334 samples compiled…
Silver Fox Abuses Stolen EV Certificates in AtlasCross RAT Malware Campaign
The Chinese-nexus advanced persistent threat group Silver Fox, also tracked as Void Arachne and SwimSnake, is actively targeting Chinese-speaking users and professionals with a sophisticated AtlasCross RAT campaign. Security researcher Maurice Fielenbach of Hexastrike found that threat actors leveraging typosquatted…
Cisco Secure Firewall Vulnerability Allows Remote Code Execution as Root User
Cisco has released an urgent security advisory addressing a critical vulnerability in its Secure Firewall Management Center (FMC) software. This severe flaw allows unauthenticated remote attackers to execute arbitrary code with full root privileges. CVE-2026-20131 is a critical vulnerability with…
Synology DiskStation Manager Vulnerability Allow Remote Attackers to Execute Arbitrary Commands
A critical security advisory has been issued for a severe vulnerability in DiskStation Manager (DSM) that allows unauthenticated remote attackers to execute arbitrary commands. Given the widespread use of Synology network-attached storage (NAS) systems for enterprise backups and data management,…
New Kiss Loader Malware Uses Early Bird APC Injection in Emerging Attack Campaign
A newly discovered malware loader called Kiss Loader has emerged as a serious threat, using advanced code injection techniques to quietly infiltrate Windows systems without raising alarms. First spotted in early March 2026, it marks the beginning of a carefully…