A new open-source edge AI system called π RuView is turning ordinary WiFi infrastructure into a through-wall human-sensing platform detecting body pose, vital signs, and movement patterns without a single camera, raising urgent security and surveillance concerns. Researchers and developers…
Tag: Cyber Security News
Hackers Allegedly Selling Exploit for Windows Remote Desktop Services 0-Day Flaw
A threat actor is allegedly selling a zero-day exploit for a Windows Remote Desktop Services privilege escalation vulnerability, tracked as CVE-2026-21533, for a staggering $220,000 on a dark web forum. This highly priced exploit targets improper privilege management to grant…
Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking
A critical vulnerability in AVideo, a widely used open-source video hosting and streaming platform. Tracked as CVE-2026-29058, this zero-click flaw carries a maximum severity rating, allowing unauthenticated attackers to execute arbitrary operating system commands on the targeted server. Discovered by…
Cognizant TriZetto Data Breach Exposes Health Information of 3.4 Million Patients
TriZetto Provider Solutions, a healthcare technology subsidiary of the IT services giant Cognizant, has officially disclosed a massive cybersecurity data breach affecting the sensitive health information of 3,433,965 patients. The healthcare organization recently filed a formal data breach notification revealing…
Malicious imToken Chrome Extension Caught Stealing Mnemonics and Private Keys
Socket’s Threat Research Team has discovered a malicious Google Chrome extension named “lmΤoken Chromophore” that actively steals cryptocurrency wallet credentials. Masquerading as a harmless hex color visualizer, the extension actually impersonates the popular non-custodial wallet brand imToken. Since its launch…
OpenAI Launches Codex Security that Discover, Validate and Patch Vulnerabilities
OpenAI has announced the launch of Codex Security, an application security agent engineered to autonomously identify, validate, and remediate complex vulnerabilities within enterprise and open-source codebases. Formerly known as Aardvark, the tool leverages frontier AI models to provide context-aware security…
Linux Rootkits Using Advanced eBPF and io_uring Techniques
Linux rootkits have quietly grown into one of the most dangerous threats facing modern infrastructure. For years, attackers focused primarily on Windows-based systems, but the rise of Linux in cloud environments, container orchestration, IoT, and high-performance computing has shifted that…
Claude AI Uncovers 22 Firefox Vulnerabilities in Two Weeks
Artificial intelligence models are rapidly evolving from simple coding assistants into highly capable, autonomous vulnerability researchers. Recently, Anthropic’s Claude Opus 4.6 demonstrated this by uncovering over 500 zero-day vulnerabilities in heavily scrutinized open-source projects. During a two-week collaborative engagement with…
FBI Investigates Hack on its Wiretap and Critical Surveillance Systems
The Federal Bureau of Investigation has confirmed a cybersecurity incident targeting a sensitive internal network used to manage wiretapping operations and foreign intelligence surveillance warrants, raising serious concerns among national security officials about the potential exposure of classified law enforcement…
RMM Tools Essential for IT Operations but Increasingly Weaponized by Attackers
Remote Monitoring and Management (RMM) tools are the backbone of modern IT operations. Security professionals rely on them daily to patch systems, troubleshoot issues, and manage entire networks from anywhere. These tools deliver speed, control, and convenience — qualities every…
New ClickFix Attack leverages Windows Terminal for Payload Execution
Cybersecurity researchers have uncovered a new wave of ClickFix attacks that now exploit Windows Terminal to deliver malicious payloads directly onto victim machines. Unlike earlier iterations of this social engineering technique, which relied on the Windows Run dialog, this latest…
Microsoft 365 Outage Hits North America as CDN Misconfiguration Disrupts Multiple Services
Microsoft is actively investigating a service disruption affecting multiple Microsoft 365 products for users in the North American region, with engineers pointing to Content Delivery Network (CDN) configuration issues as the likely root cause. The incident, tracked in the Microsoft…
OpenAnt – AI Based vulnerability Scanner to Detect Vulnerabilities
OpenAnt is an open-source, LLM-based vulnerability discovery tool designed to help security teams and open-source maintainers proactively identify verified security flaws with minimal false positives and false negatives. Released under the Apache 2.0 license, OpenAnt is available on GitHub and…
China-Nexus Hackers Attacking Telecommunication Providers With New Malware
A China-linked advanced persistent threat actor has been actively targeting telecommunications providers across South America since 2024, deploying three new malware implants to gain deep access into critical network infrastructure. The group, tracked as UAT-9244, operates against both Windows and…
Apache ActiveMQ Allow Attackers to Trigger DoS Attacks With Malformed Packets
A medium-severity flaw in ActiveMQ (CVE-2025-66168, CVSS 5.4) allows authenticated attackers to trigger a Denial-of-Service (DoS) using malformed network packets. The issue was initially discovered by security researcher Gai Tanaka and confirmed on the Apache mailing list by maintainers Christopher…
WordPress Membership Plugin Vulnerability Let Attackers Create Admin Accounts
A critical security flaw, identified as CVE-2026-1492, has been found in the User Registration & Membership plugin for WordPress. This vulnerability allows unauthenticated attackers to bypass security controls and create administrator accounts, leading to a complete website takeover. The User Registration & Membership plugin helps website owners create…
New Android Mirax Bot Advertised on Cybercriminal Forums Claiming Advanced Capabilities
A new Android banking malware called Mirax Bot has surfaced on underground cybercriminal forums, with a threat actor actively promoting it as a powerful tool built specifically for financial fraud. Sold under a Malware-as-a-Service (MaaS) model, the bot is offered…
Amazon AWS-LC Vulnerabilities Allows Attackers to Bypass Certificate Chain Verification
A critical security bulletin addressing three distinct vulnerabilities in AWS-LC, its open-source, general-purpose cryptographic library. Published on March 2, 2026, the disclosure highlights a flaw that allows unauthenticated attackers to bypass certificate chain verification and exploit timing side-channels. If left…
FBI Arrested U.S. Government Contractor Who Allegedly Stole More than $46 Million
On March 4, 2026, a major international law enforcement operation led to the capture of John Daghita, a U.S. government contractor. Daghita is accused of a massive insider theft, allegedly stealing more than $46 million in cryptocurrency from the United…
Phishing Emails Push Fake ChatGPT and Gemini iOS Apps To Steal Logins
A sophisticated phishing campaign is targeting iPhone users by impersonating two of the world’s most trusted AI brands — OpenAI’s ChatGPT and Google’s Gemini. The attackers are sending out deceptive emails designed to lure recipients into downloading fake applications from…