Oracle has disclosed a severe security vulnerability affecting its Fusion Middleware suite, specifically targeting the Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in. Assigned CVE-2026-21962, this flaw carries the maximum severity rating and poses an immediate threat to…
Tag: Cyber Security News
Attackers Leverages LinkedIn to Deliver Remote Access Trojan Targeting Corporate Environments
A sophisticated phishing campaign is actively exploiting LinkedIn’s trusted social media platform to distribute a dangerous remote access trojan to corporate employees. Attackers are leveraging the professional credibility of LinkedIn to craft convincing messages that appear legitimate, making employees more…
Critical GNU InetUtils Vulnerability Allows Unauthenticated Root Access Via “-f root”
A critical remote authentication bypass vulnerability has been disclosed in GNU InetUtils affecting the telnetd server component. The flaw, reported by a security researcher on January 19, 2026, allows unauthenticated attackers to gain root access by exploiting improper input sanitization…
Google Chrome 144 Update Patches High-Severity V8 Vulnerability
A new Stable-channel release of Chrome version 144 addresses a high-severity vulnerability in the V8 JavaScript engine. The update, version 144.0.7559.96/.97 for Windows and Mac and 144.0.7559.96 for Linux, began rolling out on January 21, 2026, and will reach all…
CISA Releases BRICKSTORM Malware Report with New YARA Rules for VMware vSphere
The Cybersecurity and Infrastructure Security Agency has issued a malware analysis report on BRICKSTORM, a sophisticated backdoor linked to Chinese state-sponsored cyber operations. Released in December 2025 and updated through January 2026, the report identifies this threat targeting VMware vSphere…
New Spear Phishing Attack Leveraging Argentine Federal Court Rulings to Covert RAT for Remote Access
A sophisticated spear-phishing campaign has emerged targeting Argentina’s judicial sector, exploiting trust in legitimate court communications to deliver a dangerous Remote Access Trojan. The campaign uses authentic-looking federal court documents about preventive detention reviews to trick legal professionals into downloading…
WPair – Scanner Tool to Detect WhisperPair Flaw in Google’s Fast Pair Protocol
WPair is an Android application designed to identify and demonstrate the CVE-2025-36911 vulnerability affecting millions of Bluetooth audio devices worldwide. The tool addresses a critical authentication bypass flaw discovered by KU Leuven researchers in Google’s Fast Pair protocol, commonly referred…
Hacker Pleads Guilty For Stealing Supreme Court Documents and Leaking via Instagram
Nicholas Moore, 24, from Springfield, Tennessee, pleaded guilty to unauthorized computer access and fraud, marking a significant case of government cybersecurity breach. Moore hacked multiple U.S. government systems and publicly disclosed sensitive information through social media, exposing critical vulnerabilities in…
Everest Ransomware Group Allegedly Claims to Have Breached McDonald’s India
The Everest ransomware group has claimed responsibility for a major cyberattack targeting McDonald’s India, allegedly exfiltrating 861 GB of sensitive data. The threat actors posted details of the breach on their dark web leak site on January 20, 2026, threatening…
Apache Airflow Vulnerabilities Enables Expose of Sensitive Data
Multiple vulnerabilities in Apache Airflow versions prior to 3.1.6 could reveal sensitive authentication credentials and secrets within logs and user interfaces. Both issues stem from inadequate masking of sensitive data during rendering and logging operations, potentially compromising proxy credentials and…
WordPress Plugin Vulnerability Exposes 100,000+ Sites to Privilege Escalation Attacks
A critical security flaw in the popular Advanced Custom Fields: Extended WordPress plugin has put more than 100,000 websites at risk of full takeover. The vulnerability, tracked as CVE-2025-14533, affects plugin versions up to and including 0.9.2.1 and carries a…
NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services
A critical alert issued on January 19, 2026, warned of rising cyber-attacks by Russian-aligned hacktivist groups targeting UK organisations. These state-aligned threat actors are conducting disruptive denial-of-service (DoS) operations against local government authorities. Critical national infrastructure operators are aiming to…
New Study Shows GPT-5.2 Can Reliably Develop Zero-Day Exploits at Scale
A groundbreaking experiment has revealed that advanced language models can now create working exploits for previously unknown security vulnerabilities. Security researcher Sean Heelan recently tested two sophisticated systems built on GPT-5.2 and Opus 4.5, challenging them to develop exploits for…
Raaga Data Breach Exposes 10.2 Million User Records
Indian music streaming platform Raaga suffered a significant data breach in December 2025, compromising the personal information of 10.2 million users. The stolen database was subsequently offered for sale on a prominent underground hacking forum, raising serious concerns about user…
Open Source Firewall OPNsense 25.7.11 Released With Host Discovery Service
The popular open-source firewall and routing platform built on FreeBSD, released version 25.7.11 on January 15, 2026, bringing significant improvements, including a new host discovery service designed to enhance network management capabilities. The release marks an essential incremental update that…
TP-Link Vulnerability Allows Authentication Bypass Via Password Recovery Feature
A critical authentication vulnerability affecting TP-Link’s VIGI surveillance camera lineup has been disclosed, enabling attackers on local networks to reset administrative credentials without authorization. Tracked as CVE-2026-0629, the flaw resides in the camera’s web interface password recovery function and carries…
VoidLink Rewrites Rootkit Playbook with Server-Side Kernel Compilation and AI-Assisted Code
VoidLink emerges as a significant threat to Linux cloud environments, representing a major shift in how rootkits are designed and deployed. This Chinese-developed malware framework was first discovered by Check Point Research on January 13, 2026, marking the beginning of…
Python-based Malware SolyxImmortal Leverages Discord to Silently Harvest Sensitive Data
SolyxImmortal represents a notable advancement in information-stealing malware targeting Windows systems. This Python-based threat combines multiple data theft capabilities into a single, persistent implant designed for long-term surveillance rather than destructive activity. The malware operates silently in the background, collecting…
Attackers Abuse Discord to Deliver Clipboard Hijacker That Steals Wallet Addresses on Paste
A new clipboard hijacker is quietly draining cryptocurrency from gamers and streamers by abusing trust inside Discord communities. The campaign centers on a malicious Windows program shared as a supposed streaming or security tool. Once installed, it silently watches the…
Threat Actors Leverage Google Ads to Weaponize PDF Editor with TamperedChef
A malvertising campaign identified in September 2025 has brought a significant threat to Windows users worldwide. Attackers created fake PDF editing applications and promoted them through Google Ads to distribute a dangerous information-stealing malware called TamperedChef. The malware targets users…