Tag: Cyber Security News

ODINI is a sophisticated proof-of-concept malware capable of extracting sensitive information from air-gapped computers protected by Faraday cages. By modulating the targeted computer’s CPU workload to generate low-frequency magnetic fields, this covert channel successfully transmits data through advanced physical isolation…

Read more →

As we navigate through 2026, the cybersecurity landscape has never been more complex. Threat actors are actively leveraging advanced AI, highly evasive techniques, and fileless architectures to bypass traditional security controls. For security operation centers (SOCs), incident responders, and threat…

Read more →

Full Disk Encryption (FDE) is a security feature that encrypts the entire contents of a disk drive, ensuring that all data stored on the drive is protected from unauthorized access, even if the device is physically stolen. FDE uses robust…

Read more →

cPanel has disclosed three critical security vulnerabilities tracked as CVE-2026-29201, CVE-2026-29202, and CVE-2026-29203 affecting its widely deployed cPanel & WHM web hosting control panel and WP Squared (WP2) platform. The flaws, patched on May 8, 2026, expose servers to arbitrary…

Read more →

A highly sophisticated Brazilian banking trojan named TCLBANKER, tracked under the campaign REF3076, this malware represents a major update to the older Maverick and SORVEPOTEL families. It stands out because it uses a fake, signed Logitech installer to infect systems…

Read more →

A data breach at GFN.AM, an authorized NVIDIA GeForce NOW cloud gaming service provider operating under “GFN CLOUD INTERNET SERVICES” LLC, has exposed personal information belonging to registered users. The company disclosed the incident on May 5, 2026, revealing that…

Read more →

Microsoft has disclosed and fully remediated three critical information disclosure vulnerabilities affecting Microsoft 365 Copilot and Copilot Chat in Microsoft Edge, all released on May 7, 2026, requiring no action from end users or administrators. Microsoft’s Security Response Center published…

Read more →

Let’s Encrypt temporarily suspended all certificate issuance on May 8, 2026, after engineers identified a critical issue involving a cross-signed certificate linking the organization’s Generation X root to its upcoming Generation Y root infrastructure. The incident triggered a complete shutdown…

Read more →

A newly identified malware campaign is targeting senior executives and government investigators across Southeast Asia, using a modular Remote Access Trojan capable of stealing credentials, capturing screenshots, and maintaining deep persistence on infected systems. The operation, dubbed Operation GriefLure, is…

Read more →

A new backdoor called PamDOORa has emerged as a serious and growing threat to Linux systems, targeting one of the most trusted components of the operating system to silently steal SSH credentials. The malware was advertised for sale on a…

Read more →

A dangerous new infostealer campaign is targeting some of the most sensitive data people store on their computers. Disguised as a legitimate installer for OpenClaw, a popular open-source personal AI assistant, the malware silently takes over systems and goes after…

Read more →

Škoda Auto has disclosed a significant IT security incident affecting its official online shop, revealing that unauthorized individuals exploited a vulnerability in the platform’s standard shop software to gain temporary unauthorized access to customer data. During routine technical security monitoring,…

Read more →

A new banking trojan known as TCLBANKER has been quietly making rounds, and its delivery method is as clever as it is concerning. Attackers are using a trojanized version of a legitimate, digitally signed installer to slip malware onto victims’…

Read more →

A newly discovered cyberespionage campaign is using a deceptively simple tactic to slip past security defenses: disguising malware as a humanitarian aid request while hiding the real payload on GitHub. Researchers have named this operation “HumanitarianBait,” and it is far…

Read more →

A 12-year-old boy grabbed an eyebrow pencil, drew a moustache on his face, held it up to his screen, and was verified as 15 years old. That single moment, shared by a parent in a UK survey, says more about…

Read more →

An active malware distribution campaign abusing two prominent AI platforms Hugging Face and ClawHub to deliver trojans, cryptominers, and infostealers disguised as legitimate AI tools and agent extensions. The campaign marks a significant evolution in supply chain attacks, shifting from…

Read more →

A newly discovered malware called ZiChatBot has been found quietly using the REST APIs of a legitimate team chat application called Zulip to receive and carry out commands from its operators. This approach is unusual because the malware never communicates…

Read more →

Trellix, the global cybersecurity firm formed from the merger of McAfee Enterprise and FireEye, has confirmed unauthorized access to a portion of its source code repository, with the RansomHouse ransomware group formally claiming responsibility for the attack. Trellix reported a…

Read more →

A new open-source cybersecurity platform called DarkMoon has emerged as a significant advancement in autonomous penetration testing. It provides security teams and DevSecOps professionals with a fully AI-powered vulnerability assessment system. DarkMoon integrates over 50 specialized offensive security tools, all…

Read more →

Mozilla has fixed a total of 423 Firefox security bugs in April 2026 alone, a figure nearly 20 times higher than its monthly average of about 21 bugs throughout 2025, driven by a groundbreaking agentic AI pipeline built around Anthropic’s…

Read more →