Tag: Cyber Security News

Cybersecurity giant Trellix has disclosed a significant security incident involving unauthorized access to a portion of its source code repository. The company confirmed the breach in an official statement published on its website, stating it immediately engaged leading forensic experts…

Read more →

The Exim development team has released version 4.99.2 to address four newly discovered security vulnerabilities affecting their mail server software. These flaws allow attackers to potentially crash servers, corrupt memory, or leak sensitive information. Because Exim is one of the…

Read more →

A sophisticated cybercriminal operation dubbed “AccountDumpling” has compromised approximately 30,000 Facebook accounts worldwide. Discovered by Guardio Labs, this Vietnamese-linked campaign abuses Google’s AppSheet platform to bypass traditional email security filters. By routing fully authenticated phishing lures through legitimate channels, the…

Read more →

Threat actors are rapidly shifting their intrusion tradecraft toward high-speed, SaaS-centric attacks that completely bypass traditional endpoint security. Since October 2025, security researchers have tracked two distinct adversaries, identified as CORDIAL SPIDER and SNARKY SPIDER, conducting aggressive data theft campaigns.…

Read more →

A weaponized proof-of-concept (PoC) exploit framework dubbed “cPanelSniper” has been publicly released for CVE-2026-41940, a maximum-severity authentication bypass in cPanel & WHM that has already led to the compromise of tens of thousands of servers worldwide with attack activity traced…

Read more →

A new and well-planned malware campaign has been actively targeting enterprise administrators, DevOps engineers, and security analysts by hijacking their everyday search habits. Rather than using mass phishing or broad spam waves, threat actors behind this operation have carefully crafted…

Read more →

A newly discovered DDoS botnet is exploiting exposed Jenkins servers to launch powerful attacks against Valve Source Engine game infrastructure. Security researchers at Darktrace identified the threat after capturing it on one of their honeypot systems. What makes this malware…

Read more →

Cybercriminals are no longer relying on simple email tricks alone. Across the first quarter of 2026, attackers have been sharpening their approach by using CAPTCHA pages and ClickFix techniques to supercharge credential theft operations at an alarming scale. During Q1…

Read more →

A new Android spyware tool is being sold openly on the internet, and it comes with something far more dangerous than its surveillance features alone. For a fee, anyone can buy it, put their own name and logo on it,…

Read more →

Canonical, the company behind the Ubuntu Linux distribution, is currently experiencing widespread service disruptions across its core web infrastructure following a coordinated Distributed Denial-of-Service (DDoS) attack. The hacktivist group identifying itself as “The Islamic Cyber Resistance in Iraq – 313…

Read more →

A newly identified Python-based malware known as DEEP#DOOR has surfaced as a serious threat to Windows users, combining a fully-featured backdoor with a powerful credential-stealing engine. What makes this threat especially concerning is how quietly it operates, embedding itself deep…

Read more →

The ransomware threat has reached a new and alarming level. According to Fortinet’s newly released 2026 Global Threat Landscape Report, the number of confirmed ransomware victims worldwide jumped to 7,831 in 2025, up from roughly 1,600 victims recorded in the…

Read more →

A newly documented scam campaign is using fake CAPTCHA pages to silently trigger dozens of international SMS messages from victims’ mobile phones, leaving them with unexpected charges on their phone bills. What looks like a routine “prove you’re human” step…

Read more →

A China-aligned threat group has been carrying out a carefully planned espionage campaign against government agencies and critical infrastructure across Asia. The group, tracked under the temporary designation SHADOW-EARTH-053, has been active since at least December 2024, quietly targeting organizations…

Read more →

Wireshark, the world’s most widely used open-source network protocol analyzer, has released a major security update addressing over 40 vulnerabilities, several of which enable arbitrary code execution through malformed packet injection or malicious capture files. Organizations and individuals relying on…

Read more →

Anthropic has opened Claude Security to public beta for Claude Enterprise customers, bringing AI-powered vulnerability detection directly into production codebases without the need for custom tooling or API integrations. Claude Security leverages the Opus 4.7 model to perform end-to-end security…

Read more →

Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software, triggering an MS-DEFCON level 3 advisory from security patch analyst Susan Bradley at AskWoody. The problematic update, KB5083769, applies to…

Read more →

The widely used PyTorch Lightning framework, which automatically executes credential-stealing malware on import, has also compromised GitHub maintainer accounts. The popular PyPI package lightning — the deep learning framework used to train, deploy, and ship AI products has been compromised…

Read more →

The FBI and CISA, the Department of Energy (DOE), and defense partners published a joint intelligence document. Titled “Adapting Zero Trust Principles to Operational Technology,” this guide provides critical infrastructure operators with a strategic roadmap to secure industrial systems against…

Read more →

A dangerous new phishing platform called Phoenix is quietly spreading across the globe, targeting people through fake SMS messages designed to look like they come from trusted banks, telecom providers, and delivery companies. This platform works on a subscription basis,…

Read more →