Tag: Cyber Security News

The Google Threat Intelligence Group (GTIG) released its annual analysis, confirming that 90 zero-day vulnerabilities were actively exploited in the wild throughout 2025. While this marks a slight decrease from the record 100 zero-days in 2023, it represents a noticeable…

Read more →

Artificial intelligence tools are now a core part of everyday workflows — from browsers that summarize web pages to automated agents that help users make decisions online. As these tools become more capable, attackers are learning how to turn them…

Read more →

A public proof-of-concept (PoC) exploit has been released for CVE-2026-20127, a maximum-severity zero-day vulnerability in Cisco Catalyst SD-WAN Controller and SD-WAN Manager that has been actively exploited in the wild since at least 2023. Cisco Talos is tracking the threat activity…

Read more →

OpenAI on March 5, 2026, released GPT-5.4, its most capable and efficient frontier model to date, combining advanced reasoning, coding, and agentic workflows into a single unified system. The model is rolling out across ChatGPT (as GPT-5.4 Thinking), the API,…

Read more →

A coordinated campaign targeting cryptocurrency organizations has drawn attention from the security community, with evidence pointing to threat actors potentially linked to North Korea’s state-sponsored hacking operations. The attackers moved systematically across multiple tiers of the crypto supply chain —…

Read more →

A cybercriminal group known as Funnull — previously sanctioned by the U.S. Treasury — has returned with a dangerous new toolkit called RingH23, silently compromising CDN nodes and poisoning the MacCMS content management system to redirect millions of users to…

Read more →

Cybercriminals have found a new way to target developers and IT professionals by setting up fake download pages that impersonate Claude Code, a legitimate AI coding assistant. These deceptive pages trick users into downloading what appears to be an official…

Read more →

A coordinated malware campaign is targeting cryptocurrency and Web3 professionals through a carefully built chain of social engineering, fake venture capital identities, and spoofed video conferencing links. First tracked in early 2026, the operation uses a technique called ClickFix to…

Read more →

A high-severity vulnerability, CVE-2026-25611 (CVSS 7.5), has been discovered in MongoDB, allowing unauthenticated attackers to crash exposed servers using minimal bandwidth. According to Cato CTRL, it affects all MongoDB versions where compression is enabled (v3.4+, on by default since v3.6),…

Read more →

War zones have always been hunting grounds for opportunistic attackers, but the RedAlert mobile espionage campaign marks one of the most calculated examples of weaponizing civilian fear. Against the backdrop of the ongoing Israel-Iran kinetic conflict, threat actors crafted a…

Read more →

Cyberattacks linked to Iranian threat actors are taking on a new and alarming form in the ongoing Middle East conflict. Since late February 2026, a coordinated campaign to compromise internet-connected IP cameras has been underway across multiple countries in the…

Read more →

A series of drone strikes on Amazon Web Services data center facilities in the United Arab Emirates and Bahrain triggered one of the most severe cloud outages in AWS history, knocking out or degrading more than 109 services across the…

Read more →

Cisco has issued an urgent security advisory for a critical vulnerability affecting its Secure Firewall Management Center (FMC) software. This flaw, rated with the maximum possible CVSS score of 10.0, allows remote, unauthenticated attackers to execute arbitrary code and gain…

Read more →

A new and carefully crafted phishing campaign is currently targeting LastPass users, with attackers sending fake support emails designed to steal vault master passwords. The campaign, which began on or around March 1, 2026, relies on social engineering tactics to…

Read more →

Cisco has released a critical security advisory warning of a severe vulnerability in its Secure Firewall Management Center (FMC) Software. This flaw allows an unauthenticated, remote attacker to bypass authentication and execute script files, thereby gaining full root access to…

Read more →

Google has released a critical security update for Chrome, pushing the Stable channel to version 145.0.7632.159/160 for Windows and Mac, and 145.0.7632.159 for Linux. The update addresses 10 security vulnerabilities, including three rated Critical, and is rolling out to users…

Read more →

Microsoft’s October 2025 Windows Recovery Environment update for Windows 10 introduced a critical boot failure issue, rendering WinRE inaccessible on affected systems, with a fix confirmed only in March 2026. Released on October 14, 2025, KB5068164 was designed to automatically…

Read more →

Microsoft, Europol, and partners have dismantled the Tycoon 2FA phishing-as-a-service (PhaaS) platform, seizing 330 domains used for credential theft and MFA bypass. This coordinated action disrupts a service active since 2023 that powered tens of millions of phishing emails monthly.…

Read more →

The FBI, in coordination with multiple international law enforcement agencies, has officially seized LeakBase, a prominent cybercriminal forum notorious for hosting and trading stolen databases, under a coordinated global operation dubbed “Operation Leak.” Both primary domains, leakbase[.]ws and leakbase[.]la, now redirect visitors to…

Read more →

The gap between human-led attacks and machine-driven intrusions is closing faster than most organizations expected. Cloudforce One, Cloudflare’s dedicated threat intelligence team, released the inaugural 2026 Cloudflare Threat Report on March 3, 2026, issuing a clear warning: artificial intelligence has…

Read more →