Tag: Cyber Security News

In a significant supply chain security incident, the popular video hosting platform Vimeo has confirmed a data breach that exposed user information. Discovered in April 2026, the breach exposed 119,000 unique email addresses and other metadata. The incident highlights the…

Read more →

A severe zero-authorization vulnerability in Schemata’s API, an AI-powered virtual training platform holding active Department of Defense (DoD) contracts, recently exposed highly sensitive military training materials and U.S. service member records. Discovered by the open-source AI hacking agent Strix, the…

Read more →

Cloud identity security relies heavily on Microsoft Entra ID (formerly Azure AD) Conditional Access. It acts as the primary digital gatekeeper, checking user locations, calculating risk scores, and verifying device health before granting access. However, an authorized red team engagement…

Read more →

The aviation and aerospace sector has become one of the most actively targeted industries by ransomware operators and data extortion groups in 2025 and 2026. From passenger-processing platforms to satellite-dependent navigation systems, attackers are finding that disrupting even a single…

Read more →

Palo Alto Networks has disclosed a critical buffer overflow vulnerability in PAN-OS software, tracked as CVE-2026-0300, that is already being actively exploited in the wild. The flaw carries a CVSS 4.0 score of 9.3 (CRITICAL) and allows unauthenticated attackers to…

Read more →

Robust defense systems are built on a clear understanding of current threats and the ability to translate it into consistent decisions and measurable outcomes at optimal cost.  High-performing SOCs achieve this by eliminating unnecessary work and operationalizing threat data. At the core of this model lies threat intelligence that is:   Not all threat data sources meet these criteria. The…

Read more →

A North Korea-aligned threat group known as ScarCruft has been caught running a supply chain attack against a video gaming platform serving ethnic Koreans in China’s Yanbian region. The attackers planted backdoors in both Windows and Android versions of the…

Read more →

Qualcomm Technologies has released a critical security bulletin addressing multiple severe vulnerabilities in its proprietary and open-source software. These security updates are essential for protecting devices from severe flaws that threaten a vast ecosystem of hardware powered by Snapdragon processors.…

Read more →

A critical unauthenticated remote code execution vulnerability in the Weaver E-cology platform is currently being actively exploited in the wild. CVE-2026-22679 carries a maximum CVSS score of 9.8 and affects Weaver E-cology 10.0 builds released before 20260312. The security flaw…

Read more →

Cisco has announced its intent to acquire Astrix Security Ltd., an industry leader in Non-Human Identity (NHI) security. This strategic acquisition aims to protect enterprise environments from the expanding attack surface created by the rapid deployment of AI agents. The…

Read more →

GnuTLS version 3.8.13 has been officially released to patch a dozen security vulnerabilities, including critical flaws affecting secure network communications. The update is highly recommended for all systems using GnuTLS, as it addresses memory corruption, authentication bypasses, and certificate validation…

Read more →

In a sophisticated supply chain attack discovered in early May 2026, the popular disk image mounting software DAEMON Tools has been compromised to deliver malicious payloads to users globally. Kaspersky security researchers identified that official installers distributed from the legitimate…

Read more →

Schools, universities, and research institutions across the globe are facing a growing wave of cyber threats in 2026, with state-backed espionage groups, spear-phishing campaigns, and supply chain attacks placing the entire education sector on high alert. Data from Q1 2026…

Read more →

Threat actors are increasingly turning to Amazon’s own cloud email infrastructure to deliver phishing messages that look completely genuine, passing every standard security check along the way. Phishing has always been about deception. Attackers craft emails designed to look real,…

Read more →

A large-scale phishing campaign has been caught using fake “code of conduct” emails to trick employees into giving up their account credentials. The attackers did not just steal passwords. They went a step further by hijacking active authentication sessions through…

Read more →

Meta has announced that Instagram will officially discontinue its optional end-to-end encrypted direct message feature on May 8, 2026. The feature was initially rolled out for testing in 2021 to provide users with a secure communication channel accessible only by…

Read more →

Meta has disclosed a medium-severity security vulnerability in WhatsApp that could allow threat actors to exploit Instagram Reels integration to trigger arbitrary URL processing on victim devices, potentially invoking OS-level custom URL scheme handlers without user consent. WhatsApp Vulnerabilities The…

Read more →

Tracking Advanced Persistent Threat (APT) groups has never been a simple task. For years, security organizations have relied on identifying consistent behaviors, tools, and infrastructure to pin activity to a known threat actor. But that approach is showing serious cracks,…

Read more →

A fake website claiming to offer an official macOS version of the popular text editor Notepad++ has been making rounds online, raising serious cybersecurity concerns across the tech community. The site, operating under the domain notepad-plus-plus-mac.org, falsely presents itself as…

Read more →

Google has published the May 2026 Android Security Bulletin, alerting the ecosystem to a highly severe remote code execution (RCE) flaw. Tracked as CVE-2026-0073, this critical vulnerability resides deep within the core Android System component. It allows an attacker to…

Read more →