Category: Cyber Security News

OpenAI has announced the launch of a public Safety Bug Bounty program to identify AI abuse and safety risks across its products. Hosted on Bugcrowd, the new initiative marks a significant step in the company’s efforts to address vulnerabilities that…

Read more →

Multifactor authentication operates as a critical defense mechanism for securing user identities against targeted cyber attacks. Microsoft reports that implementing MFA effectively reduces the risk of account compromise by more than 99%. To expand these protections, Microsoft has announced the…

Read more →

A new and carefully crafted software supply chain campaign is targeting developers through the npm package registry, using fake installation messages to hide malicious activity. The campaign, which security researchers have named the “Ghost campaign,” began in early February 2026…

Read more →

A large-scale phishing campaign is targeting software developers on GitHub, using fake Visual Studio Code security alerts posted in GitHub Discussions to trick users into downloading malicious software. The attacks are designed to look like legitimate security advisories, warning developers…

Read more →

A sophisticated evolution of Kerberoasting dubbed the “Ghost SPN” attack that allows adversaries to extract Active Directory credentials while erasing all traces of their activity, rendering traditional detection models effectively blind to the intrusion. The attack revealed by Trellix security…

Read more →

The internet has seen a sharp rise in botnet-driven threats over the past year, with much of the activity tracing back to one of the most influential malware families in modern history — Mirai. First discovered in 2016, Mirai was…

Read more →

A sophisticated multi-stage malware campaign has surfaced, deploying obfuscated Visual Basic Script (VBS) files, PNG-embedded loaders, and remote access trojans (RATs) to target systems without leaving a trace on disk. What began as a routine endpoint detection in early 2026…

Read more →

A sophisticated and long-running cyber espionage campaign, tracked as CL-STA-1087, has been quietly targeting military organizations across Southeast Asia since at least 2020. The operation, assessed with moderate confidence to be linked to a China-aligned threat actor, focuses on collecting strategic…

Read more →

Linux has long been considered a more secure operating system than Windows, but that reputation is being tested. A ransomware group known as Pay2Key, attributed to Iranian threat actors, has developed a Linux variant that is actively targeting organizational servers,…

Read more →

A threat campaign known as SmartApeSG — also tracked under the names ZPHP and HANEYMANEY — has been observed pushing multiple strains of malware through a social engineering technique called ClickFix. The campaign, active as recently as March 24, 2026,…

Read more →

macOS has become a standard part of modern business environments, especially across engineering, product, and leadership teams. That makes it a growing security concern: when a Mac used by a high-access employee is compromised, it can lead to stolen credentials,…

Read more →

The Node.js project released a critical security update on March 24, 2026, for the Long-Term Support (LTS) branch, designating version 20.20.2 ‘Iron’ as a security release. The update resolves seven tracked vulnerabilities spanning TLS error handling, HTTP/2 flow control, cryptographic…

Read more →

Mozilla has officially rolled out Firefox 149.0 to the Release channel on March 24, 2026, delivering a massive update focused heavily on user privacy and security hardening. The standout addition in this release is a free built-in VPN offering 50 GB of protected…

Read more →

OpenAI is pulling the plug on its Sora video generation platform, a high-profile product launched to widespread attention last year that has since quietly faded from the spotlight. The shutdown is part of a broader strategic realignment as the company…

Read more →

Mozilla released Firefox 149 on March 24, 2026, delivering one of the largest security advisories in the browser’s recent history, addressing 37 vulnerabilities spanning memory corruption, sandbox escapes, use-after-free flaws, and remote code execution risks across multiple browser components. Published…

Read more →

A high-severity vulnerability has been disclosed affecting both NGINX Open Source and NGINX Plus. Tracked formally as CVE-2026-32647, this security flaw carries a CVSS v4.0 base score of 8.5 and a CVSS v3.1 score of 7.8. It allows local, authenticated…

Read more →

The cryptocurrency development community is facing a serious supply chain threat after five malicious npm packages were discovered stealing private wallet keys and forwarding them directly to a Telegram bot. Published under the npm account “galedonovan,” these packages were crafted…

Read more →

Aleksei Volkov, a 26-year-old Russian national, has been sentenced to 81 months in federal prison for operating as an Initial Access Broker (IAB). His illicit activities directly enabled major cybercrime syndicates, including the notorious Yanluowang ransomware group, to compromise numerous…

Read more →

TP-Link has recently issued a critical security advisory addressing multiple high-severity vulnerabilities impacting its Archer NX series routers. These flaws, which affect the Archer NX200, NX210, NX500, and NX600 models, expose devices to severe risks. If exploited, threat actors could…

Read more →

A critical unrestricted file upload vulnerability, dubbed “PolyShell,” is actively being exploited in Magento and Adobe Commerce stores. Discovered by the Sansec Forensics Team, this flaw allows unauthenticated attackers to execute remote code (RCE) and completely take over accounts. With…

Read more →