In modern SOCs, it all boils down to two things: time and impact. How quickly are incidents contained? How accurate are the decisions? These questions define not only operational efficiency, but overall business resilience. Yet many organizations tend to invest heavily in tooling while overlooking structural weaknesses. The missing link is…
Tag: Cyber Security News
Iran‑Nexus APT ‘Dust Specter’ Hits Iraqi Officials with AI‑Assisted Malware and Novel RATs
In January 2026, a targeted cyberattack emerged against government officials in Iraq. The threat group, tracked as Dust Specter, impersonated Iraq’s Ministry of Foreign Affairs to trick high-value targets into downloading malicious files. The campaign introduced four previously undocumented malware…
CISA warns of Qualcomm Chipsets Memory Corruption Vulnerability Exploited in Attacks
CISA has warned that a memory corruption flaw in Qualcomm chipsets is being exploited in attacks, urging organizations to promptly apply vendor-provided mitigations. The issue, tracked as CVE-2026-21385, impacts multiple Qualcomm chipsets and was added to CISA’s catalog on 2026-03-03 with…
Trusted Azure Utility AzCopy Turned into Data Exfiltration Tool in Active Ransomware Campaigns
The cybersecurity landscape has taken a sharp and dangerous turn. Ransomware operators, long associated with using suspicious tools to steal data, have begun turning to the same software IT teams rely on every day. Microsoft’s AzCopy, a legitimate command-line utility…
Escalating Iranian APT Threats Against Critical Infrastructure Amid Geopolitical Conflict
A dangerous new chapter in Middle Eastern geopolitics has unfolded following the outbreak of open conflict between Iran, Israel, and the United States. Last week, U.S. and Israeli forces launched Operation Lion’s Roar, a coordinated military strike targeting Iranian military…
Stolen Gemini API Key Turned $180 Bill to $82000 in Two Days
A three-person development team in Mexico is facing bankruptcy after a stolen Google Cloud API key generated $82,314.44 in unauthorized charges over just 48 hours. Between February 11 and 12, attackers heavily abused the team’s credentials to access the “Gemini…
VoidLink Malware Framework Attacking Kubernetes and AI Workloads
In December 2025, Check Point Research disclosed one of the most carefully engineered cloud-native malware frameworks ever studied — VoidLink. Unlike most threats that are ported from older Windows tools, VoidLink was built from scratch to target Linux-based cloud and…
Perplexity’s Comet Browser Hijacked Using Calendar Invite to Exfiltrate Sensitive Data
A poisoned Google Calendar invite is all it takes to weaponize Perplexity’s Comet browser. Security researchers at Zenity Labs have discovered a critical vulnerability, dubbed PerplexedBrowser, that tricks Comet’s AI agent into reading local files and stealing credentials. This zero-click…
Silver Dragon APT Group Targets Europe, Asia Using Google Drive for Covert Communication
A China-linked threat group called Silver Dragon has been targeting government and high-profile organizations across Southeast Asia and Europe since at least mid-2024. Operating under the umbrella of APT41, the group breaks into networks by exploiting public-facing internet servers and…
HPE AutoPass Vulnerability Let Attackers Bypass Authentication Remotely
A security bulletin has been issued regarding a vulnerability in the AutoPass License Server (APLS) that could allow attackers to remotely bypass authentication controls. The issue is tracked as CVE-2026-23600 and is rated important with a CVSS base score of…
MS-Agent Vulnerability Let Attackers Hijack AI Agent to Gain Full System Control
A critical security vulnerability has been discovered in a lightweight framework designed to enable AI agents to perform autonomous tasks. According to a vulnerability note published by the CERT/CC, this flaw allows attackers to trick the AI into executing malicious commands,…
Critical XSS Vulnerability in Angular i18n Enables Malicious Code Execution
A high-severity Cross-Site Scripting (XSS) vulnerability, designated as CVE-2026-27970, has been discovered in Angular’s internationalization (i18n) pipeline. The vulnerability allows attackers to execute malicious JavaScript if they can compromise an application’s translation files. Angular’s i18n process allows developers to extract…
IPVanish VPN for macOS Vulnerability Let Attackers Escalate Privilege and Execute Arbitrary Code
A critical privilege escalation vulnerability has been discovered in the IPVanish VPN application for macOS. This flaw allows any unprivileged local user to execute arbitrary code as root without requiring user interaction. The security failure completely bypasses macOS security features,…
Malicious Packages Disguised as Laravel Utilities Deploy PHP RAT and Enables Remote Access
A supply chain attack targeting the PHP developer community has surfaced through Packagist, the official package repository for PHP and Laravel projects. Threat actor nhattuanbl published several packages that disguised a fully functional remote access trojan (RAT) inside what looked like standard…
CISA Warns of VMware Aria Operations Vulnerability Exploited in Attacks
A critical vulnerability affecting VMware Aria Operations has been added to the Known Exploited Vulnerabilities (KEV) catalog. Broadcom recently issued a security advisory detailing a flaw that allows unauthenticated attackers to execute arbitrary commands. Organizations are urged to implement mitigations…
Windows 11 23H2 to 25H2 Upgrade Allegedly Breaking Internet Connectivity
A persistent bug in Windows 11 in-place upgrades is reportedly wiping critical 802.1X wired authentication configurations, leaving enterprise workstations completely offline until manual intervention is performed. System administrators across Reddit’s r/sysadmin community are raising alarms as the issue originally observed…
Coruna Exploit Kit With 23 Exploits Hacked Thousands of iPhones
Google’s Threat Intelligence Group (GTIG) has uncovered Coruna, a sophisticated iOS exploit kit containing 23 exploits across five full exploit chains that compromised thousands of iPhones running iOS 13.0 through 17.2.1 throughout 2025. The Coruna exploit kit is an advanced,…
SloppyLemming Espionage Campaign Uses BurrowShell Backdoor and Rust RAT to Hit Pakistan and Bangladesh Targets
A suspected India-aligned threat group known as SloppyLemming has been conducting a sustained espionage campaign against government agencies, defense organizations, nuclear oversight bodies, and critical infrastructure operators in Pakistan and Bangladesh. Active since 2021 and also tracked as Outrider Tiger…
Zerobot Malware Exploiting Tenda Command Injection Vulnerabilities to Deploy Malware
A Mirai-based botnet campaign known as Zerobot has resurfaced with renewed force, this time targeting critical flaws in Tenda AC1206 routers and the n8n workflow automation platform. The campaign, now operating on its ninth known iteration — dubbed zerobotv9 —…
Microsoft Warns of New Phishing Attack Exploiting OAuth in Entra ID to Evade Detection
A new active phishing attack that exploits OAuth’s legitimate redirection behavior, allowing it to bypass traditional email and browser defenses without stealing any tokens. According to Microsoft Defender researchers, the campaigns primarily target government and public-sector organizations, using trusted identity…