Microsoft is expanding interoperability in its mobile communication ecosystem by allowing Microsoft Teams users on Android devices to join third-party meetings via the Session Initiation Protocol (SIP). Recently detailed on the Microsoft 365 roadmap, this upcoming feature addresses a major…
Tag: Cyber Security News
Critical Ollama Memory Leak Vulnerability Exposes 300,000 Servers Globally
A major security flaw has placed Ollama, one of the most widely used platforms for running local AI models, at risk of a high-profile exposure event. The issue, dubbed “Bleeding Llama,” allows unauthenticated attackers to access the Ollama process and…
Hackers Used Claude AI to Attack on Water and Drainage Utility Systems
A new threat intelligence report has revealed that an unknown group of hackers used a commercial AI tool to target the systems of a municipal water and drainage utility in Monterrey, Mexico. The attack, which took place in January 2026,…
Google Chrome 148 Released with Fix for 127 Security Vulnerabilities – Update Now!
Google has officially promoted Chrome 148 to the stable channel for Windows, Mac, and Linux, rolling out version 148.0.7778.96 for Linux and 148.0.7778.96/97 for Windows and Mac, one of the most security-intensive releases in the browser’s recent history, packing 127…
Massive 2.45B-Request DDoS Attack Used 1.2 Million IPs to Evade Rate Limits
Distributed Denial of Service (DDoS) campaign targeted a large-scale user-generated content platform, unleashing over 2.45 billion malicious requests in just five hours. Rather than relying on brute-force methods, the attackers distributed traffic across 1.2 million unique IP addresses. This structural shift…
Darkhub Hacking-for-Hire Portal Advertises Crypto Fraud, Message Interception, and Monitoring
A dark web platform calling itself Darkhub has surfaced on the Tor network, openly advertising hacking-for-hire services to anyone willing to pay. The platform presents itself as a one-stop shop for illegal cyber activity, with offerings ranging from breaking into…
New FEMITBOT Network Uses Telegram Mini Apps to Push Crypto Fraud and Android Malware
A new and highly organized fraud network called FEMITBOT has emerged, exploiting Telegram’s Mini App feature to run large-scale cryptocurrency scams and push malicious Android software onto users worldwide. The campaign, which came to light in April 2026, operates through…
New Salat Malware Uses QUIC and WebSocket Channels for Stealthy Remote Control
A newly identified malware called Salat is raising serious alarms across the cybersecurity community for its sophisticated design and surprisingly wide range of capabilities. Built using the Go programming language, it operates as a full remote access trojan, giving attackers…
New Phishing Attack Weaponizing Event Invitations to Steal Login Credentials
A large-scale phishing campaign has been quietly targeting organizations across the United States, using fake event invitations as bait. Rather than sending a suspicious attachment or an obvious scam link, attackers lure victims with what appears to be a legitimate…
Taiwan High Speed Rail Hacked Using Radio Signal Spoofing Attack That Halted Three Trains
On the final night of the Qingming Festival holiday, three Taiwan High Speed Rail trains were forced into emergency stops due to a sophisticated radio signal spoofing attack. The malicious transmission triggered false alarms across the network, causing a nearly…
Argo CD’s ServerSideDiff Vulnerability Enables Kubernetes Secret Extraction
A critical cybersecurity vulnerability has been uncovered in Argo CD, a widely used declarative GitOps continuous delivery tool for Kubernetes environments. Tracked as CVE-2026-43824, this high-severity flaw allows low-privileged users to extract plaintext Kubernetes Secrets directly from a cluster. According…
Member of Prolific Russian Ransomware Group Sentenced to 102 Months in Prison
A Latvian national operating out of Moscow was sentenced to 102 months in federal prison for his central role in a sprawling Russian ransomware syndicate. Deniss Zolotarjovs, 35, served as a primary extortionist and negotiator for a highly organized cybercriminal…
QLNX Targets Developers With Credential Theft Designed for Supply Chain Compromise
A new and previously undocumented Linux threat has emerged, targeting software developers in a way that could put entire supply chains at risk. Named Quasar Linux, or QLNX, this malware operates as a full-featured remote access trojan built specifically for…
CloudZ RAT Abuses Microsoft Phone Link to Steal SMS OTPs and Mobile Notifications
A newly discovered threat is turning a built-in Microsoft feature into a powerful spying tool. Security researchers have found a remote access tool called CloudZ that works alongside a custom plugin named Pheno to silently intercept SMS messages and one-time…
Remus Infostealer Uses Lumma-Style Browser Key Theft and Application-Bound Encryption Bypass
A dangerous new piece of malware called Remus has surfaced, quietly picking up where one of the most feared information stealers left off. Designed to steal browser passwords, cookies, and cryptocurrency wallets, Remus carries the DNA of Lumma Stealer, one…
Iranian-Nexus Operation Targets Oman Ministries With Webshells, SQL Escalation, and Data Theft
A sophisticated cyber operation linked to an Iranian-nexus threat actor has quietly worked through at least 12 Omani government ministries, stealing tens of thousands of citizen records and leaving persistent backdoors behind. The attackers used webshells, SQL server escalation, and…
Malicious OpenClaw DeepSeek Skill Exploits Agentic AI Workflows to Deliver RAT and Stealer
A cleverly disguised malware campaign is targeting developers and AI-driven systems by hiding inside what looks like a legitimate plugin for an open-source AI framework. Security researchers have uncovered a threat that takes full advantage of how modern AI agents…
Salesforce Marketing Cloud Vulnerability Opened Door to Email Data Exposure
A significant set of security vulnerabilities in Salesforce Marketing Cloud (SFMC) could have allowed attackers to read and expose private email data belonging to millions of users across hundreds of organizations. The flaws, now patched, were rooted in the platform’s…
Vimeo Data Breach Exposes 119,000 Users Unique Email Addresses
In a significant supply chain security incident, the popular video hosting platform Vimeo has confirmed a data breach that exposed user information. Discovered in April 2026, the breach exposed 119,000 unique email addresses and other metadata. The incident highlights the…
Zero-Auth Flaw Exposes DoD Contractor to Cross-Tenant Data Access
A severe zero-authorization vulnerability in Schemata’s API, an AI-powered virtual training platform holding active Department of Defense (DoD) contracts, recently exposed highly sensitive military training materials and U.S. service member records. Discovered by the open-source AI hacking agent Strix, the…