Tag: Cyber Security News

A significant security vulnerability has been discovered in Livewire Filemanager, a widely used file management component embedded in Laravel web applications. Tracked as CVE-2025-14894 and assigned vulnerability note VU#650657, the flaw enables unauthenticated attackers to execute arbitrary code on vulnerable…

Read more →

Ukrainian and German law enforcement have disrupted a Russian‑affiliated hacker group that has been carrying out high‑impact ransomware attacks against organizations worldwide, causing losses estimated in the hundreds of millions of euros. According to Ukraine’s Cyber Police and the Main…

Read more →

A recent investigation into a deceptive push-notification network shows how a simple DNS mistake can open a window into criminal infrastructure. The campaign abused browser notifications to flood Android users with fake security alerts, gambling lures, and adult offers. Random-looking…

Read more →

PDFSIDER is a newly exposed backdoor that gives attackers long term control of Windows systems while slipping past many antivirus and endpoint detection and response tools. It uses trusted software and strong encryption to hide its presence, letting intruders run…

Read more →

Cybersecurity researchers have discovered a sophisticated malware campaign using an unusual but effective tactic: deliberately crashing users’ browsers. The threat, named CrashFix, operates through a malicious Chrome extension disguised as the legitimate ad blocker NexShield. When users search for privacy…

Read more →

A critical vulnerability in Windows SMB client authentication that enables attackers to compromise Active Directory environments through NTLM reflection exploitation. Classified as an improper access control vulnerability, this vulnerability allows authorized attackers to escalate privileges via carefully orchestrated authentication relay…

Read more →

Cybercriminals have distributed 17 malicious browser extensions across Chrome, Firefox, and Edge platforms, collectively downloading over 840,000 times and compromising user security for years. The GhostPoster campaign, which emerged as early as 2020, used deceptive extension names like “Google Translate…

Read more →

Security researchers have uncovered significant vulnerabilities in the firmware of Xiaomi’s popular Redmi Buds series, specifically affecting models ranging from the Redmi Buds 3 Pro up to the latest Redmi Buds 6 Pro. The discovery highlights critical flaws in the…

Read more →

A critical vulnerability in ServiceNow’s Virtual Agent API and the Now Assist AI Agents application has been discovered, allowing unauthenticated attackers to impersonate any user and execute privileged AI agents remotely. Security researcher Aaron Costello from AppOmni disclosed the flaw,…

Read more →

A critical flaw in Windows Kerberos authentication that significantly expands the attack surface for credential relay attacks in Active Directory environments. By abusing how Windows clients handle DNS CNAME responses during Kerberos service ticket requests, attackers can coerce systems into…

Read more →

Microsoft has released an out-of-band emergency update to resolve a critical issue affecting Remote Desktop connections on Windows client devices. The problem emerged immediately following the installation of the January 2026 security update, identified as KB5074109. Administrators and users reported…

Read more →

Google-owned Mandiant has publicly released a comprehensive dataset of Net-NTLMv1 rainbow tables, marking a significant escalation in demonstrating the security risks of legacy authentication protocols. The release underscores an urgent message: organizations must immediately migrate away from Net-NTLMv1, a deprecated…

Read more →

Let’s Encrypt, a key provider of free TLS certificates, has rolled out short-lived and IP address-based certificates for general use. These new options became available starting in early 2026, addressing long-standing issues in certificate security. Short-lived certificates last just 160…

Read more →

Google’s Vertex AI contains default configurations that allow low-privileged users to escalate privileges by hijacking Service Agent roles. XM Cyber researchers identified two attack vectors in the Vertex AI Agent Engine and Ray on Vertex AI, which Google deemed “working…

Read more →

Argus is a comprehensive Python-based toolkit designed for reconnaissance tasks in cybersecurity. The developers recently released version 2.0, expanding it to include 135 modules. This tool consolidates network analysis, web app scanning, and threat intelligence into one interface. Users access…

Read more →

Security researchers successfully exploited vulnerabilities in the StealC malware infrastructure, gaining access to operator control panels and exposing a threat actor’s identity through their own stolen session cookies. The breach highlights critical security failures in criminal operations built around credential…

Read more →

Microsoft’s January 13, 2026, security update for Windows 11 has triggered a frustrating bug: affected PCs refuse to shut down or hibernate, instead restarting. The issue is caused by KB5073455, which targets OS Build 22621.6491 on Windows 11 version 23H2.…

Read more →

Cloudflare has acquired the team behind Astro, the popular open-source web framework for building fast, content-driven sites. Announced on January 16, 2026, the deal brings The Astro Technology Company’s full-time employees under Cloudflare’s umbrella to accelerate Astro’s development. Cloudflare positions…

Read more →

Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw allows unauthenticated attackers to execute arbitrary root-level commands via crafted…

Read more →

Google is gradually rolling out the ability to change the @gmail.com email address associated with a Google Account to a new @gmail.com address. This feature, previously unavailable, addresses a common pain point for users who regret their original username choice…

Read more →