Category: Cyber Security News

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released a joint cybersecurity advisory regarding a widespread phishing campaign. The alert warns that Russian Intelligence Services are actively targeting users of encrypted messaging…

Read more →

Oracle has issued an out-of-band Security Alert addressing a critical remote code execution (RCE) vulnerability, CVE-2026-21992, affecting two widely deployed Fusion Middleware components, Oracle Identity Manager and Oracle Web Services Manager. The vulnerability carries a CVSS 3.1 base score of…

Read more →

Google has released a substantial security update for its Chrome web browser, addressing 26 distinct vulnerabilities that could allow unauthenticated attackers to execute malicious code remotely. The latest Stable channel update rolls out versions 146.0.7680.153 and 146.0.7680.154 for Windows and…

Read more →

Anthropic is expanding Claude Cowork Desktop with a new Projects feature designed to keep files, instructions, and task context organized inside a single workspace. For paid users, the update makes it easier to start from scratch, import an existing chat,…

Read more →

A sweeping cyberattack campaign has compromised more than 7,500 Magento-powered e-commerce websites since late February 2026, with attackers uploading hidden malicious files into publicly accessible web directories across thousands of domains. The attack has spread to over 15,000 hostnames, affecting…

Read more →

Microsoft has acknowledged a significant bug introduced by its March 2026 cumulative update that is preventing users from signing into Microsoft Teams Free, OneDrive, and several other Microsoft applications on Windows 11 devices. The issue, tied to the KB5079473 update…

Read more →

The fraud rarely announces itself. It begins with a friendly message on social media, a wrong-number text that turns into a conversation, or a romantic connection that slowly builds over weeks. For tens of thousands of Americans, those innocent interactions…

Read more →

A new Android banking trojan named Perseus has emerged in the wild, representing the next step in the ongoing evolution of mobile malware. Built on the leaked source code of Cerberus and drawing directly from the Phoenix codebase, Perseus refines…

Read more →

A newly identified variant of the VoidStealer infostealer has drawn serious attention from the security community after it became the first malware known to bypass Google Chrome’s Application-Bound Encryption (ABE) without requiring code injection or elevated system privileges. The variant,…

Read more →

A prominent U.S. consumer-focused benefits administrator has disclosed a significant data breach exposing the sensitive personal and health information of approximately 2.7 million individuals.​ On January 23, 2026, Navia detected suspicious activity within its network environment. Following an immediate forensic…

Read more →

A critical security advisory addressing multiple high-severity vulnerabilities in Jenkins core and the LoadNinja plugin. Issued on March 18, 2026, the alert warns that these flaws could allow attackers to execute arbitrary code and fully compromise continuous integration and continuous…

Read more →

Ransomware attackers have widened their approach to defeating endpoint security, moving well past the technique of exploiting vulnerable drivers. For years, the Bring Your Own Vulnerable Driver (BYOVD) method was the primary way attackers disabled security tools before launching their…

Read more →

An urgent warning highlights a critical zero-day in Cisco products, now added to the CISA Known Exploited Vulnerabilities Catalog after active exploitation in ransomware campaigns. Network defenders and security administrators are urged to take immediate action. The rapid exploitation of…

Read more →

Microsoft has officially announced the general availability of new Microsoft Teams optimizations for the Windows App on both iOS and Android platforms. Released on March 18, 2026, this update introduces the WebRTC Redirector Service to mobile users connecting to Azure…

Read more →

A newly discovered infostealer malware named Speagle has emerged as a serious threat targeting organizations that run Cobra DocGuard, a document security and encryption platform developed by Chinese company EsafeNet. The malware is engineered to blend into its host environment,…

Read more →

A high-severity security flaw has been addressed in Bamboo Data Center, an enterprise platform widely used for software build and release management. Tracked as CVE-2026-21570, this Remote Code Execution (RCE) vulnerability allows authenticated threat actors to execute arbitrary malicious code…

Read more →

Apex is an autonomous, AI-powered penetration testing agent designed to operate in black-box mode against live applications. It does not require access to source code, hints, or predefined attack paths. This enables it to discover, chain, and verify real-world vulnerabilities…

Read more →

SILENTCONNECT is a newly discovered multi-stage malware loader that has been silently targeting Windows machines since at least March 2025. It uses VBScript, in-memory PowerShell execution, and PEB masquerading to install the ConnectWise ScreenConnect remote monitoring and management tool on…

Read more →

A Russian state-linked threat actor has launched a targeted cyberattack against a Ukrainian government agency, exploiting a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite to steal credentials and sensitive email data. Dubbed “Operation GhostMail,” the campaign stands out for…

Read more →

Authorities have successfully dismantled the command-and-control (C2) infrastructure powering four massive Internet of Things (IoT) botnets. The U.S. Justice Department, collaborating closely with Canadian and German agencies, targeted the administrators and architecture behind the Aisuru, KimWolf, JackSkid, and Mossad botnets.…

Read more →