Tag: Cyber Security News

A newly identified malware called SLOTAGENT has drawn attention in the cybersecurity community for its strong ability to resist analysis and avoid detection. The malware does not rely on brute force tactics. Instead, it uses two precise techniques, API hashing…

Read more →

A high-severity vulnerability in Cursor, one of the most widely used AI-powered coding environments today, has put developers at direct risk of remote code execution. Tracked as CVE-2026-26268, the flaw allows an attacker to run arbitrary code on a developer’s…

Read more →

Google has released a critical security update for its Chrome desktop browser to address 30 security vulnerabilities, including four severe flaws that could enable Remote Code Execution (RCE) attacks. The Stable channel has been updated to version 147.0.7727.137/138 for Windows…

Read more →

A critical, currently unpatched remote code execution (RCE) vulnerability has been disclosed in LeRobot, Hugging Face’s popular open-source machine learning framework for real-world robotics. Tracked as CVE-2026-25874 with a critical CVSS score of 9.3, the flaw allows unauthenticated attackers to…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Microsoft Windows. On April 28, 2026, the agency officially added this security flaw to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability…

Read more →

Video hosting platform Vimeo has confirmed a data breach resulting in unauthorized access to its user database. The security incident stems from a compromise at Anodot, a third-party analytics vendor utilized by Vimeo and several other major organizations. This event…

Read more →

A dangerous infostealer malware called LofyStealer is actively targeting Minecraft players by disguising itself as a game cheat tool named “Slinky.” The malware runs a two-stage attack that quietly steals sensitive data from popular web browsers while staying largely hidden…

Read more →

A newly documented ransomware strain called VECT 2.0 has drawn serious attention from the cybersecurity community for a deeply damaging flaw in its design. Unlike typical ransomware that locks files and demands payment for decryption, VECT 2.0 permanently destroys any…

Read more →

A new ransomware group known as Vect 2.0 has entered the global cyberthreat landscape, operating as a full Ransomware-as-a-Service (RaaS) platform that targets Windows, Linux, and VMware ESXi systems. The group first appeared in December 2025 and rapidly scaled its…

Read more →

Web hosting control panel giant cPanel has issued an emergency security update to address a critical vulnerability affecting its core software. The security flaw directly impacts multiple authentication paths within the cPanel and Web Host Manager (WHM) ecosystem. System administrators…

Read more →

A dangerous new cyber campaign from North Korea’s Lazarus Group is targeting cryptocurrency and Web3 professionals using fake Zoom meeting interfaces, fileless PowerShell scripts, and AI-generated deepfake content. The group behind this activity is BlueNoroff, a financially motivated subgroup known…

Read more →

Microsoft has officially acknowledged a known issue in its April 2026 Windows 11 cumulative update: Remote Desktop Protocol (RDP) security warning dialogs may render incorrectly on certain system configurations, a significant usability concern given that the warnings are designed to…

Read more →

A critical remote code execution (RCE) vulnerability tracked as CVE-2026-3854 in GitHub’s internal git infrastructure that could have allowed any authenticated user to compromise backend servers, access millions of private repositories, and, in the case of GitHub Enterprise Server (GHES),…

Read more →

A sophisticated, memory-resident phishing campaign called BlobPhish, active since October 2024, that exploits browser Blob URL APIs to silently steal credentials from Microsoft 365 users, major U.S. banks, and financial platforms while remaining almost completely invisible to traditional security tools.…

Read more →

Application security testing firm Checkmarx has confirmed a significant escalation in its ongoing security incident. Cybercriminals have officially published company data on the dark web. This new development directly ties back to a supply chain attack that initially compromised the…

Read more →

Microsoft has officially acknowledged a known issue in its April 2026 Windows 11 cumulative update: Remote Desktop Protocol (RDP) security warning dialogs may render incorrectly on certain system configurations, a significant usability concern given that the warnings are designed to…

Read more →

A critical pre-authentication SQL injection vulnerability in LiteLLM, a widely used open-source AI gateway with over 22,000 GitHub stars, is actively being exploited in the wild. Tracked as CVE-2026-42208, this severe flaw allows unauthorized attackers to extract highly sensitive cloud…

Read more →

Silver Fox, a China-based threat group has launched a new wave of attacks targeting businesses and individuals across Asia, using fake tax audit notifications and counterfeit software update alerts to install dangerous malware on victim systems. The campaign reflects a…

Read more →

A critical zero-click authentication coercion vulnerability, tracked as CVE-2026-32202, stemming from an incomplete patch for a Windows Shell security feature bypass actively weaponized by the Russian APT28 threat group. Microsoft confirmed active exploitation of the flaw and released a fix as…

Read more →

WhatsApp is currently developing an independent cloud backup system designed to give users more direct control over their chat histories. This upcoming feature will allow users to store their backups securely on WhatsApp’s native servers. The update aims to reduce…

Read more →