Anthropic has launched Claude for Healthcare, a new set of tools designed to help doctors, insurance companies, and patients use artificial intelligence for medical purposes while meeting strict privacy regulations. The announcement represents a significant expansion of Claude’s capabilities in…
Category: Cyber Security News
Threat Actors Leveraging RMM Tools to Attack Users via Weaponized PDF Files
A new wave of cyberattacks has surfaced where threat actors are using weaponized PDF files to trick users into installing remote monitoring and management tools on their systems. These attacks exploit the trusted nature of RMM software like Syncro, SuperOps,…
5 SOC Challenges You Can Eliminate with a Single Improvement
Overcoming these five challenges commonly faced by SOC teams means taking a quantum leap in performance. The catalyst for this shift is simple: high quality threat intelligence, an essential component for modern security experts. With accurate, real time data on malicious indicators, organization can match, or even surpass results reported by ANY.RUN’s clients who adopted TI solutions: High-quality threat intelligence drives such…
Hackers Hijacked Apex Legends Game to Control the Inputs of Another Player Remotely
A significant security incident has emerged in Apex Legends, where attackers gained the ability to remotely control player inputs during active gameplay. The incident came to light when Respawn Entertainment disclosed the vulnerability through their official social media channels on…
Top 10 Best Insider Risk Management Platforms – 2026
Introduction : Insider Risk refers to the potential harm or negative impact that can arise from any illicit or unauthorized activity carried out by an individual within an organization who has legitimate access to sensitive data, systems, or resources, can…
Top 10 Best SaaS Security Tools – 2026
Introduction : Security management across multiple Software-as-a-Service (SaaS) clouds can present challenges, primarily stemming from the heightened prevalence of malware and ransomware attacks. In the present landscape, organizations encounter many challenges with Software-as-a-Service (SaaS). One of the main challenges businesses…
10 Best DevOps Tools to Shift Your Security in 2026
DevOps refers to a collection of processes and technologies used in software development and IT operations that reduce the system development life cycle and enable continuous delivery. However, when time and resources are limited, security measures tend to be minimized.…
Top 20 Most Exploited Vulnerabilities: Microsoft Products Draw Hackers
In today’s escalating threat landscape, spotting and patching open vulnerabilities ranks as a top priority for security teams. Pinpointing weaponized, high-risk CVEs exploited by threat actors and ransomware amid thousands of disclosures proves essential. Qualys researchers recently highlighted the top…
Top 10 Best Practices for Cybersecurity Professionals to Secure Your Database
In today’s digital world, databases act as fortified storehouses for an organization’s crown jewels its critical data. Yet these vaults face nonstop assaults from cyber threats. As a cybersecurity defender, you stand as the ever-watchful guardian, shielding these assets from…
DPRK’s Remote Workers Generating $600M Using Identity Theft to Gain Access to Sensitive Systems
The cybersecurity landscape has undergone a fundamental shift in recent years, as the definition of insider threats continues to evolve. For decades, organizations focused their security efforts on detecting disgruntled employees or negligent contractors who might compromise sensitive data. Today,…
CISA Warns of Gogs Path Traversal Vulnerability Exploited in Attacks
A critical warning about a path traversal vulnerability in Gogs, a self-hosted Git service, that is being actively exploited in the wild. The vulnerability, tracked as CVE-2025-8110, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on January 12, 2026,…
Critical ServiceNow Vulnerability Enables Privilege Escalation Via Unauthenticated User Impersonation
A critical security threat to ServiceNow AI Platform deployments, allowing unauthenticated attackers to impersonate legitimate users and execute unauthorized operations. The vulnerability, CVE-2025-12420, was discovered by AppOmni, a SaaS security firm, and disclosed to ServiceNow in October 2025, prompting immediate…
SAP Security Patch Day January 2026 – Patch for Critical Injection and RCE Vulnerabilities
SAP released 17 new security notes on January 13, 2026, as part of its monthly Security Patch Day, addressing critical injection flaws and remote code execution vulnerabilities across key products. No updates addressed prior notes, urging organizations to act swiftly…
AsyncRAT Leveraging Cloudflare’s Free-Tier Services to Mask Malicious Activities and Detection
A recent AsyncRAT campaign is using Cloudflare’s free tier services and TryCloudflare tunnels to hide remote access activity inside normal looking cloud traffic. In these attacks, threat actors send phishing emails that link to a Dropbox hosted ZIP archive named…
100,000+ n8n Instances Exposed to Internet Vulnerable to RCE Attacks
A critical vulnerability affecting the popular n8n workflow automation platform has put over 100,000 internet-exposed instances at severe risk. Security researchers from The Shadowserver Foundation discovered that 105,753 unique n8n instances are vulnerable to remote code execution (RCE) attacks through…
Hackers Leverage Browser-in-the-browser Tactic to Trick Facebook Users and Steal Logins
Facebook users are increasingly becoming targets of a sophisticated phishing technique that bypasses conventional security measures. With over three billion active users on the platform, Facebook represents an attractive target for attackers seeking to compromise accounts and harvest personal credentials.…
New Angular Vulnerability Enables an Attacker to Execute Malicious Payload
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in Angular’s Template Compiler, affecting multiple versions of both @angular/compiler and @angular/core packages. Tracked as CVE-2026-22610, this vulnerability allows attackers to bypass Angular’s built-in security protections and execute arbitrary JavaScript code…
Malicious Chrome Extension Steals Wallet Login Credentials and Enables Automated Trading
A malicious Chrome extension called MEXC API Automator is abusing trust in browser add-ons to steal cryptocurrency trading access from MEXC users. Posed as a tool that helps automate trading and API key creation, it quietly takes control of newly…
Multiple Hikvision Vulnerabilities Let Attackers Cause Device Malfunction Using Crafted Packets
Hikvision, a leading provider of surveillance and access control systems, faces serious security risks from two newly disclosed stack overflow vulnerabilities. These flaws, tracked as CVE-2025-66176 and CVE-2025-66177, allow attackers on the same local area network (LAN) to trigger device…
Telegram Exposes Real Users IP Addresses, Bypassing Proxies on Android and iOS in 1-click
A stealthy flaw in Telegram’s mobile clients that lets attackers unmask users’ real IP addresses with a single click, even those hiding behind proxies. Dubbed a “one-click IP leak,” the vulnerability turns seemingly innocuous username links into potent tracking weapons.…