Category: Cyber Security News

Sportswear giant Nike is actively investigating a potential cybersecurity incident after WorldLeaks, a financially motivated ransomware group, claimed responsibility for a significant data breach affecting the company. The group announced the breach on its darknet leak site on January 22,…

Read more →

Fortinet has confirmed a critical authentication bypass vulnerability in its FortiCloud SSO feature, actively exploited in the wild under CVE-2026-24858. According to an advisory published on January 27, 2026, the flaw affects FortiOS, FortiManager, FortiAnalyzer, and FortiProxy. With a CVSSv3…

Read more →

Chrome versions 144.0.7559.109 and 144.0.7559.110 have been released to the stable channel, addressing a critical security vulnerability in the Background Fetch API. The update is rolling out across Windows, Mac, and Linux systems over the coming days and weeks, making…

Read more →

A newly discovered campaign demonstrates a sophisticated approach to delivering information-stealing malware through a combination of social engineering and legitimate Windows components. The attack begins with a deceptive CAPTCHA prompt that tricks users into executing commands manually through the Windows…

Read more →

A Chinese national named Jingliang Su has been sentenced to 46 months in prison for his involvement in a major cryptocurrency fraud scheme targeting American investors. On January 27, 2026, federal courts ordered Su to serve his sentence and pay…

Read more →

WhatsApp has strongly denied a new class-action lawsuit accusing Meta of secretly accessing users’ end-to-end encrypted messages, labeling the claims as false and baseless. The messaging giant reiterated that messages remain private through device-based encryption via the open-source Signal protocol.…

Read more →

OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues cause denial-of-service attacks but highlight risks in parsing untrusted data. The most serious issue, CVE-2025-15467, hits CMS AuthEnvelopedData parsing…

Read more →

Fortinet temporarily disabled its FortiCloud Single Sign-On (SSO) service after confirming active exploitation of a zero-day authentication bypass vulnerability in multiple products. The issue, tracked as FG-IR-26-060, allows attackers with a malicious FortiCloud account to log into devices registered to…

Read more →

Researchers have uncovered a significant security threat targeting ChatGPT users through deceptive browser extensions. A coordinated campaign involving 16 malicious Chrome extensions has been discovered, all designed to appear as legitimate productivity tools and ChatGPT enhancement applications. These malware extensions…

Read more →

The HoneyMyte threat group, also known as Mustang Panda or Bronze President, continues to pose a significant risk to government organizations across Asia and Europe. Recent security research has revealed that this advanced hacker collective is actively upgrading its digital…

Read more →

WhatsApp has introduced Strict Account Settings, a lockdown-style security feature designed to protect users from highly sophisticated cyber-attacks. The new privacy feature is specifically tailored for individuals who may be targets of advanced threats, including journalists, activists, and public figures…

Read more →

A critical security flaw in WinRAR, one of the most widely used file compression tools for Windows, has become a favorite weapon for attackers seeking unauthorized access to computer systems. The vulnerability, tracked as CVE-2025-8088, allows threat actors to place…

Read more →

OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues cause denial-of-service attacks but highlight risks in parsing untrusted data. The most serious issue, CVE-2025-15467, hits CMS AuthEnvelopedData parsing…

Read more →

A critical sandbox escape vulnerability has been identified in vm2. This widely used Node.js library provides sandbox isolation for executing untrusted code. The flaw, tracked as CVE-2026-22709 (GHSA-99p7-6v5w-7xg8), affects all versions up to and including 3.10.0 and carries a CVSS…

Read more →

A major identity-theft operation is now targeting over 100 high-value organizations across multiple industries. The threat comes from SLSH, a dangerous alliance combining the tactics of Scattered Spider, LAPSUS$, and ShinyHunters. Unlike typical automated attacks, this campaign uses real people…

Read more →

A sophisticated phishing campaign has been identified in which threat actors are abusing legitimate Microsoft Teams functionality to distribute malicious content that appears to originate from trusted Microsoft services. By leveraging the platform’s “Invite a Guest” feature and crafting deceptive…

Read more →

On January 23rd, 2026, security researchers discovered a dangerous npm package named ansi-universal-ui that disguised itself as a legitimate user interface component library. The deceptive package description claimed to offer a lightweight UI system for modern web applications. However, beneath…

Read more →

Meta is gearing up to roll out premium subscription tiers across its flagship apps, Instagram, Facebook, and WhatsApp, offering users exclusive features to boost productivity, creativity, and AI-driven interactions. The company confirmed the plans to emphasize that core app experiences…

Read more →

Cybercriminals have discovered a dangerous way to trick developers into downloading malware by exploiting how GitHub works. The attack involves creating fake versions of the GitHub Desktop installer and making them appear legitimate to unsuspecting users. Between September and October…

Read more →

Over 6,000 SmarterMail servers exposed on the internet are running vulnerable versions that are at risk of active remote code execution (RCE) attacks. Security researchers identified the flaws through daily HTTP vulnerability scans, and exploitation attempts have already been observed…

Read more →