Tag: Cyber Security News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability affecting F5 BIG-IP systems to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The vulnerability, tracked as…

Read more →

Cybersecurity stocks declined sharply on Friday following revelations that Anthropic has begun testing “Mythos,” an extraordinarily powerful new AI model with advanced vulnerability-discovery capabilities. Anthropic is actively trialing a new tier of artificial intelligence models codenamed “Capybara,” with the flagship…

Read more →

The European Commission has officially confirmed a cyberattack following a targeted cyberattack that compromised its Amazon Web Services (AWS) account. Discovered on March 24, the intrusion specifically affected the external cloud environment that hosts the Commission’s public web presence on…

Read more →

CISA has officially added a critical vulnerability affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this alarming security flaw poses a severe risk to software development pipelines. By exploiting this vulnerability, threat actors can…

Read more →

Microsoft is taking a major step to harden the Windows operating system against kernel-level threats by removing trust for drivers signed by the deprecated cross-signed root program. Starting with the April 2026 update, Windows 11 and Windows Server 2025 will…

Read more →

Iran-linked hackers have claimed responsibility for breaching FBI Director Kash Patel’s personal Gmail inbox, leaking photographs, documents, and email correspondence online. The hacker group Handala Hack Team announced the breach on their website, declaring that Patel “will now find his…

Read more →

Japan’s tax season has become a hunting ground for a well-organized threat actor known as Silver Fox. As Japanese companies enter their annual cycle of tax filing, salary reviews, and personnel changes, this group is taking full advantage of the…

Read more →

A highly coordinated cyberespionage campaign has been uncovered targeting a government organization in Southeast Asia, with threat actors deploying a mix of USB-propagated malware, remote access trojans (RATs), and data stealers to secure long-term access to sensitive government systems. The…

Read more →

A South Asian financial institution has become the latest target of a focused cyberattack involving two custom-built malware tools — BRUSHWORM, a modular backdoor, and BRUSHLOGGER, a keylogger disguised as a trusted system file. The attack combined file theft, persistent…

Read more →

Red Hat has issued a critical security warning regarding malicious code discovered in recent versions of the “xz” compression tools and libraries. Tracked as CVE-2024-3094, this highly sophisticated supply chain compromise could allow threat actors to bypass authentication and gain…

Read more →

The official Telnyx Python SDK on PyPI was compromised this morning as part of an escalating, weeks-long supply chain campaign orchestrated by the threat actor group TeamPCP. Malicious versions 4.87.1 and 4.87.2 of the telnyx package were uploaded to PyPI…

Read more →

A new wave of cyberattacks is putting financial institutions on high alert, as threat actors ramp up the use of PXA Stealer — a powerful information-stealing malware — against organizations worldwide. The surge follows law enforcement’s successful dismantling of major…

Read more →

Cloud Software Group has issued a critical security bulletin detailing two newly discovered vulnerabilities affecting customer-managed NetScaler ADC and NetScaler Gateway appliances. These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow remote attackers to leak sensitive information or cause user…

Read more →

The Internet Systems Consortium (ISC) has released a critical security advisory warning network administrators of a high-severity vulnerability affecting the Kea DHCP server. Tracked as CVE-2026-3608, this flaw allows unauthenticated remote attackers to trigger a stack overflow error. When successfully…

Read more →

A newly analyzed local privilege escalation vulnerability in the Windows Error Reporting (WER) service allows attackers to easily gain full SYSTEM access. The flaw, tracked as CVE-2026-20817, was considered so structurally dangerous that Microsoft completely removed the vulnerable feature rather…

Read more →

A new macOS malware that was undocumented previously, is quietly tricking users through fake Cloudflare human verification pages. Called Infiniti Stealer, this threat uses a well-known social engineering trick called ClickFix to convince Mac users into running dangerous commands directly…

Read more →

Anthropic has inadvertently exposed highly sensitive internal documents, revealing the existence of a powerful, unreleased AI model dubbed “Claude Mythos.” The leak, which stems from an unsecured and publicly searchable data cache, has raised immediate alarms within the cybersecurity community,…

Read more →

Critical March 2026 security updates have been released to fix multiple vulnerabilities across enterprise and AI software systems. The latest advisories highlight severe flaws that could enable attackers to execute arbitrary code, trigger denial-of-service (DoS) conditions, or escalate privileges within compromised…

Read more →

A critical zero-click vulnerability in Anthropic’s Claude Chrome Extension exposed over 3 million users to silent prompt-injection attacks, allowing malicious websites to hijack the AI assistant without user interaction. The flaw, now patched, could have enabled attackers to steal Gmail…

Read more →

A new and technically advanced rootkit called VoidLink has emerged as a serious threat to Linux systems, blending Loadable Kernel Modules (LKMs) with extended Berkeley Packet Filter (eBPF) programs to hide deep inside the operating system’s core. First documented by…

Read more →