Category: Cyber Security News

A critical flaw in how antivirus and Endpoint Detection and Response (EDR) systems process archive files. Tracked as CVE-2026-0866, this weakness allows attackers to use intentionally malformed ZIP headers to sneak malicious payloads past standard security scanners entirely undetected. ZIP…

Read more →

Cloudflare has released version 0.8.0 of its open-source Pingora framework to patch three critical vulnerabilities: CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836. These flaws allow HTTP request smuggling and cache poisoning, posing a severe threat to standalone Pingora deployments exposed directly to the…

Read more →

Microsoft released its March 2026 Patch Tuesday security update on March 10, 2026, addressing 78 vulnerabilities across a wide range of products, including Windows, Microsoft Office, Azure, SQL Server, and .NET. The update includes one actively exploited zero-day vulnerability and…

Read more →

A serious security flaw in Ivanti Endpoint Manager has caught federal attention after the Cybersecurity and Infrastructure Security Agency (CISA) added it to the Known Exploited Vulnerabilities (KEV) catalog on March 9, 2026. Tracked as CVE-2026-1603, this authentication bypass vulnerability…

Read more →

The Kali Linux team has published a new entry in its growing LLM-driven security series, this time eliminating all reliance on third-party cloud services by running large language models entirely on local hardware. The guide demonstrates how security professionals can…

Read more →

SAP released 15 new security notes on its March 2026 Patch Day, addressing a range of vulnerabilities across its product portfolio, including two critical-rated flaws that could enable remote code execution and complete system compromise. SAP strongly urges all customers…

Read more →

A powerful iPhone exploit kit named “Coruna,” initially created for Western intelligence by U.S. contractor L3Harris, has fallen into the hands of Russian spies and Chinese cybercriminals.​ The Coruna toolkit features 23 different hacking components designed to compromise Apple iPhones.…

Read more →

Two “Important” severity vulnerabilities have been disclosed in Apache ZooKeeper, a widely used service for configuration management and naming in distributed applications, making timely security updates critical. These newly discovered flaws could allow attackers to access sensitive configuration data or…

Read more →

Artificial intelligence leader Anthropic has filed an unprecedented lawsuit against the United States government after being designated a “supply chain risk”. The legal action, filed in a California federal court on Monday, targets the executive office of President Donald Trump,…

Read more →

A Chinese-linked advanced persistent threat group known as Camaro Dragon launched a targeted cyberespionage campaign against entities in Qatar just one day after the outbreak of new hostilities in the Middle East on March 1, 2026. The group used war-themed…

Read more →

A newly uncovered phishing campaign is actively targeting enterprise users by disguising malware as widely used workplace applications, including Microsoft Teams, Zoom, and Adobe Acrobat Reader. What makes this threat stand out is that the malicious files carry legitimate-looking digital…

Read more →

A dangerous malware campaign targeting software developers has surfaced, with a rogue npm package posing as a trusted developer tool to silently drain credentials, crypto wallets, SSH keys, browser sessions, and even iMessage conversations. The package, published under the name @openclaw-ai/openclawai,…

Read more →

A social-engineering campaign abusing Microsoft Teams and Windows Quick Assist is evolving again, with BlueVoyant warning that the attackers are now deploying a newly identified malware family called A0Backdoor after convincing employees to hand over remote access. The activity overlaps…

Read more →

ScamAgent is an autonomous, multi-turn AI framework developed by researcher Sanket Badhe at Rutgers University that demonstrates how large language models (LLMs) can be weaponized to conduct fully automated scam calls. By integrating goal-driven planning, contextual memory, and real-time text-to-speech…

Read more →

A new data-stealing malware called BoryptGrab has been quietly spreading across Windows systems through a network of fake GitHub repositories, tricking users into downloading what appear to be popular free software tools. The campaign, which has been active since at…

Read more →

A convincing fake website posing as the popular Mac utility CleanMyMac is actively pushing dangerous macOS malware called SHub Stealer onto unsuspecting users. The site, hosted at cleanmymacos[.]org, has no connection to the real CleanMyMac software or its developers, MacPaw.…

Read more →

A sophisticated credential-stealing campaign built around a tool called VIP Keylogger has emerged as a serious threat to organizations and individuals. Unlike conventional malware that drops files onto a victim’s hard drive, this keylogger runs entirely in memory, making it…

Read more →

The Iranian advanced persistent threat group known as Seedworm — also tracked as MuddyWater, Temp Zagros, and Static Kitten — has been found actively operating inside the networks of multiple U.S. organizations since early February 2026, raising serious alarms across…

Read more →

A sprawling cybercrime ecosystem rooted in Vietnam has been linked to large-scale fraudulent account registration campaigns targeting service providers and online platforms worldwide. Researchers traced this activity to an infrastructure cluster internally designated O-UNC-036, which uses disposable email addresses and…

Read more →

Signal has officially confirmed an ongoing wave of targeted phishing campaigns resulting in successful account takeovers for high-profile users, including journalists and government officials. The encrypted messaging service explicitly stated that its core infrastructure and end-to-end encryption protocols remain intact…

Read more →