Tag: Cyber Security News

A sophisticated malware loader known as CastleLoader has emerged as a critical threat to US government agencies and critical infrastructure organizations. First identified in early 2025, this stealthy malware has been used as the initial access point in coordinated attacks…

Read more →

A novel single-click attack targeting Microsoft Copilot Personal that enables attackers to silently exfiltrate sensitive user data. The vulnerability, now patched, allowed threat actors to hijack sessions via a phishing link without further interaction.​ Attackers initiate Reprompt by sending a…

Read more →

DragonForce is the latest ransomware brand to move from noisy forum posts to full RaaS operations, targeting both Windows and VMware ESXi environments. First seen in December 2023 on BreachForums, the group advertises stolen data and uses a dark web…

Read more →

North Korean threat actors have launched a sophisticated social engineering campaign targeting software developers through fake recruitment offers. The campaign, known as Contagious Interview, uses malicious repositories disguised as technical assessment projects to deploy a dual-layer malware system. Victims are…

Read more →

Discord users are facing a growing threat from VVS Stealer, a Python-based information-stealing malware that targets sensitive account data, including credentials and tokens. This stealer was actively marketed on Telegram as early as April 2025, promoting its ability to steal…

Read more →

Microsoft has addressed a critical security feature bypass vulnerability in Windows Secure Boot certificates, tracked as CVE-2026-21265, through its January 2026 Patch Tuesday updates. The flaw stems from expiring 2011-era certificates that underpin Secure Boot’s trust chain, potentially allowing attackers…

Read more →

Threat actors have launched a sophisticated malware campaign against members of Ukraine’s Defense Forces, exploiting charity operations as a cover for their attacks. Operating between October and December 2025, the attackers distributed PLUGGYAPE, a Python-based backdoor designed to compromise military…

Read more →

A leading digital wealth management platform disclosed on January 9, 2026, that an unauthorized individual obtained access to its internal systems through a sophisticated social engineering attack. Enabling them to impersonate the company and distribute fraudulent cryptocurrency-related messages to a…

Read more →

Fortinet disclosed a critical OS command injection vulnerability in FortiSIEM on January 13, 2026, warning users of a high-risk flaw that lets unauthenticated attackers execute arbitrary code. Tracked as CVE-2025-64155, the issue stems from improper neutralization of special elements in…

Read more →

Researchers from Alias Robotics and Johannes Kepler University Linz have unveiled a groundbreaking approach to automated penetration testing that combines artificial intelligence with game theory. Led by Víctor Mayoral-Vilches, Mara Sanz-Gómez, Francesco Balassone, Stefan Rass, and their collaborators, the team…

Read more →

Mandiant has released AuraInspector, an open-source command-line tool that helps security defenders identify and audit access-control misconfigurations in the Salesforce Aura framework. The tool addresses a critical security gap in Salesforce Experience Cloud deployments, where misconfigurations frequently expose sensitive data,…

Read more →

Elastic has released critical security updates addressing four significant vulnerabilities across its stack, including a high-severity flaw that permits arbitrary file disclosure through compromised connector configurations. The patches resolve issues affecting file handling, input validation, and resource allocation mechanisms in…

Read more →

A command injection vulnerability in the Spring CLI VSCode extension poses a security risk to developers still using the outdated tool. The flaw, tracked as CVE-2026-22718, enables attackers to execute arbitrary commands on affected machines, resulting in a medium-severity impact.…

Read more →

Google has identified a critical bug affecting Android devices where the volume buttons malfunction when the Select to Speak accessibility feature is enabled. The issue causes volume keys to adjust accessibility volume rather than media volume. It prevents photo capture…

Read more →

A sophisticated web-skimming campaign targeting online shoppers has emerged with renewed intensity in 2026, compromising e-commerce websites and extracting sensitive payment information during checkout processes. The attack, identified as part of the broader Magecart family of threats, represents an evolving…

Read more →

DNS the Domain Name System faces relentless threats, with no slowdown in sight as tactics evolve. Operating primarily over connectionless UDP (and sometimes TCP), it proves vulnerable to manipulation, making it a prime vector for DDoS abuse. Think of DNS…

Read more →

Bug bounty platforms form a cornerstone of modern cybersecurity, empowering organizations to crowdsource vulnerability discovery from skilled external researchers. These programs reward private individuals for uncovering flaws in web apps, vulnerability management systems, and more through effective crowdsourced testing. White-hat…

Read more →

Since you are in the industry, especially in the network and admin team, you need to know a few vulnerabilities, such as injection attacks to stay alert from them. Each attack or vulnerability has a different method, most importantly injection-type…

Read more →

Before diving into DNS filtering solutions, it’s essential to understand the concept of DNS filtering and its significance in cybersecurity. In today’s digital landscape, cybersecurity has become a critical priority as cyberattacks are increasingly prevalent worldwide. Organizations must protect not…

Read more →

We all know very well that getting or gathering any information by using various tools becomes really easy. In this article, we have discussed various OSINT tools, as if we search over the internet, then there will be many different…

Read more →