Following the recent Echo Chamber Multi-Turn Jailbreak, NeuralTrust researchers have disclosed Semantic Chaining, a potent vulnerability in the safety mechanisms of multimodal AI models like Grok 4 and Gemini Nano Banana Pro. This multi-stage prompting technique evades filters to produce…
Category: Cyber Security News
Swarmer Tool Evading EDR With a Stealthy Modification on Windows Registry for Persistence
Praetorian Inc. has publicly released Swarmer, a tool enabling low-privilege attackers to achieve stealthy Windows registry persistence by sidestepping Endpoint Detection and Response (EDR) monitoring. Deployed operationally since February 2025, Swarmer exploits mandatory user profiles and the obscure Offline Registry…
Top 10 Best Data Removal Services In 2026
In 2026, personal data is no longer just a privacy concern, it is a security vector. With the rise of AI-driven scraping and synthetic identity theft, your digital footprint is being harvested at an unprecedented scale. Data removal services have evolved from simple “opt-out” tools into…
CISA Chief Uploaded Sensitive Documents into Public ChatGPT
The acting director of the Cybersecurity and Infrastructure Security Agency (CISA) uploaded sensitive contracting documents marked “for official use only” into the public version of ChatGPT last summer, triggering multiple automated security alerts designed to prevent data exfiltration from federal…
Threat Actors Leverage Real Enterprise Email Threads to Deliver Phishing Links
In a sophisticated supply chain phishing attack, threat actors hijacked an ongoing email thread among C-suite executives discussing a document awaiting final approval. The intruder, posing as a legitimate participant, replied directly with a phishing link mimicking a Microsoft authentication…
Check Point Harmony SASE Windows Client Vulnerability Enables Privilege Escalation
A critical privilege-escalation vulnerability has been discovered in Check Point’s Harmony SASE (Secure Access Service Edge) Windows client software, affecting versions prior to 12.2. Tracked as CVE-2025-9142, the flaw allows local attackers to write or delete files outside the intended certificate working…
ZAP JavaScript Engine Memory Leak Issue Impacts Active Scan Usage
The ZAP (Zed Attack Proxy) project, a widely used open-source web application security scanner, has disclosed a critical memory leak in its JavaScript engine. This flaw, likely present for some time, now disrupts active scanning workflows following the introduction of…
Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication. Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, the flaw carries a maximum CVSS v3.1 score of 9.8, reflecting its ease…
TP-Link Archer Vulnerability Let Attackers Take Control Over the Router
A critical security advisory has been released for a command injection vulnerability affecting the Archer MR600 v5 router. The flaw, tracked as CVE-2025-14756, enables authenticated attackers to execute arbitrary system commands through the device’s admin interface, potentially leading to complete…
SoundCloud Data Breach Exposes 29.8 Million Personal users Details
In December 2025, music streaming platform SoundCloud disclosed a significant data breach affecting approximately 29.8 million user accounts. The unauthorized access compromised personally identifiable information (PII), including email addresses, usernames, display names, avatars, follower statistics, and geographic location data. The…
Nike Investigating Data Breach Following WorldLeaks Ransomware Group Claim
Sportswear giant Nike is actively investigating a potential cybersecurity incident after WorldLeaks, a financially motivated ransomware group, claimed responsibility for a significant data breach affecting the company. The group announced the breach on its darknet leak site on January 22,…
Fortinet Confirms Critical FortiCloud SSO Vulnerability(CVE-2026-24858) Actively Exploited in the Wild
Fortinet has confirmed a critical authentication bypass vulnerability in its FortiCloud SSO feature, actively exploited in the wild under CVE-2026-24858. According to an advisory published on January 27, 2026, the flaw affects FortiOS, FortiManager, FortiAnalyzer, and FortiProxy. With a CVSSv3…
Chrome Security Update Patches Background Fetch API Vulnerability
Chrome versions 144.0.7559.109 and 144.0.7559.110 have been released to the stable channel, addressing a critical security vulnerability in the Background Fetch API. The update is rolling out across Windows, Mac, and Linux systems over the coming days and weeks, making…
Fake CAPTCHA Attack Leverages Microsoft Application Virtualization (App-V) to Deploy Malware
A newly discovered campaign demonstrates a sophisticated approach to delivering information-stealing malware through a combination of social engineering and legitimate Windows components. The attack begins with a deceptive CAPTCHA prompt that tricks users into executing commands manually through the Windows…
Chinese National Jailed to 46 Months for Laundering Millions of Dollars Stolen from American Investors
A Chinese national named Jingliang Su has been sentenced to 46 months in prison for his involvement in a major cryptocurrency fraud scheme targeting American investors. On January 27, 2026, federal courts ordered Su to serve his sentence and pay…
WhatsApp Denies Lawsuit Claim and Confirms Messages are Device-encrypted and Private
WhatsApp has strongly denied a new class-action lawsuit accusing Meta of secretly accessing users’ end-to-end encrypted messages, labeling the claims as false and baseless. The messaging giant reiterated that messages remain private through device-based encryption via the open-source Signal protocol.…
Critical OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code
OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues cause denial-of-service attacks but highlight risks in parsing untrusted data. The most serious issue, CVE-2025-15467, hits CMS AuthEnvelopedData parsing…
Fortinet Disables FortiCloud SSO Following 0-day Vulnerability Exploited in the Wild
Fortinet temporarily disabled its FortiCloud Single Sign-On (SSO) service after confirming active exploitation of a zero-day authentication bypass vulnerability in multiple products. The issue, tracked as FG-IR-26-060, allows attackers with a malicious FortiCloud account to log into devices registered to…
16 Malicious Chrome Extensions as ChatGPT Enhancements Steals ChatGPT Logins
Researchers have uncovered a significant security threat targeting ChatGPT users through deceptive browser extensions. A coordinated campaign involving 16 malicious Chrome extensions has been discovered, all designed to appear as legitimate productivity tools and ChatGPT enhancement applications. These malware extensions…
HoneyMyte Hacker Group Updates CoolClient Malware to Deploy Browser Login Data Stealer
The HoneyMyte threat group, also known as Mustang Panda or Bronze President, continues to pose a significant risk to government organizations across Asia and Europe. Recent security research has revealed that this advanced hacker collective is actively upgrading its digital…