Tag: Cyber Security News

A suspicious executable named Vibing.exe on the Microsoft Store has sparked major privacy and security alarms among cybersecurity researchers. Marketed as an interface to the “AI-native world” by the elusive Vibing-Team, the application reportedly harvests sensitive user data without explicit…

Read more →

Microsoft has officially released a new Group Policy setting that allows IT administrators to silently uninstall the Microsoft Copilot app from managed Windows 11 devices, a move that signals a broader enterprise shift away from bundled AI bloat and toward…

Read more →

Microsoft has acknowledged a service degradation affecting Outlook.com, with users reporting difficulties accessing the platform as of Monday, April 27, 2026. The company’s official Microsoft 365 Status account on X confirmed the incident, noting the last status update at 10:15…

Read more →

A new and more capable version of the ClickFix attack has been spotted in the wild, and it works a little differently from what security teams have seen before. Instead of relying on PowerShell, attackers are now chaining native Windows…

Read more →

The fast16 malware is a recently exposed sabotage‑capable threat designed to target extremely high‑value environments and ultra‑expensive systems with precision. It does not behave like common commodity malware that aims for broad infections, but instead focuses on select victims where…

Read more →

In the modern enterprise, the network is the ultimate source of ground truth. As organizations accelerate their digital transformation and adopt complex, cloud-native security architectures, the traditional perimeter has dissolved. Threat actors routinely bypass endpoint defenses using compromised credentials, living-off-the-land…

Read more →

Multiple vulnerabilities in the CODESYS Control runtime, one of the world’s most widely adopted software-based programmable logic controller (Soft PLC) platforms. According to Nozomi Networks Labs researchers, by chaining these security flaws, an authenticated attacker can replace a legitimate industrial…

Read more →

Vidar, one of the most active information-stealing malware families, has taken on a new shape in 2026. Researchers have found that its latest version now conceals second-stage payloads inside JPEG image files and TXT documents, making it much harder for…

Read more →

A newly disclosed security vulnerability in Tenable’s Nessus Agent for Windows could allow attackers to execute malicious code with the highest level of system privileges, raising serious concerns for enterprise security teams relying on the widely-deployed vulnerability assessment platform. The…

Read more →

A new open-source toolkit called pentest-ai-agents is redefining how security professionals leverage AI in penetration testing workflows, transforming Anthropic’s Claude Code into a fully specialized offensive security research assistant powered by 28 domain-specific subagents. Released by security researcher 0xSteph on…

Read more →

A critical zero-day vulnerability in the Litecoin network was actively exploited to launch a denial-of-service (DoS) attack, temporarily disrupting operations across major mining pools before developers issued a full patch. Security researchers confirmed the flaw allowed threat actors to inject…

Read more →

The GlassWorm supply chain attack targeting the Open VSX marketplace has escalated with the discovery of 73 new “sleeper” extensions. Identified in April 2026, this cluster marks a dangerous shift in how threat actors distribute malware to software developers. This…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding two actively exploited vulnerabilities in SimpleHelp remote support software. Remote access tools are highly valued targets for cybercriminals because they provide direct pathways into corporate networks. When…

Read more →

PhantomRPC, a newly identified architectural vulnerability in Windows Remote Procedure Call (RPC) that enables local privilege escalation to SYSTEM-level access, potentially affecting every version of Windows. The research was presented by Kaspersky application security specialist Haidar Kabibo at Black Hat…

Read more →

Anthropic’s “Project Deal” has demonstrated that AI agents can autonomously negotiate and close real-world transactions, but the experiment also surfaced a quiet, troubling asymmetry: not all AI representations are created equal. In December 2025, Anthropic transformed its San Francisco office…

Read more →

OpenAI has announced a new Bio Bug Bounty program for GPT-5.5 as part of its efforts to improve safety controls for advanced AI systems and to address misuse in biology. The initiative invites qualified researchers to test whether GPT-5.5 can…

Read more →

A critical scope overreach vulnerability was recently identified in the Microsoft Entra Agent Identity Platform. The newly introduced Agent ID Administrator role allowed accounts to hijack arbitrary service principals and escalate privileges across the entire tenant. Microsoft has fully patched…

Read more →

State-sponsored threat actors are actively targeting Cisco Firepower devices by chaining known vulnerabilities to deploy a highly customized backdoor. Cisco Talos recently discovered that the espionage-focused threat group UAT-4356 is exploiting two n-day vulnerabilities, tracked as CVE-2025-20333 and CVE-2025-20362, to…

Read more →

Home security giant ADT Inc. has confirmed a data breach after the notorious threat group ShinyHunters claimed to have stolen over 10 million records and issued a ransom ultimatum — “Pay or Leak.” ADT, headquartered in Boca Raton, Florida, disclosed…

Read more →

A recent technical audit by privacy researcher Alexander Hanff has revealed that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge into the directories of several Chromium-based browsers. This undocumented behavior occurs without user consent, raising significant…

Read more →