A new and fast-growing phishing operation is making waves in the cybersecurity world, and it is moving far beyond its original targets. Kali365, a phishing-as-a-service (PhaaS) platform first spotted in April 2026, was initially built to steal Microsoft 365 login…
Tag: Cyber Security News
Weaponized ChatGPT Download Site Delivers Malware Via Sponsored Search Results
A new malvertising campaign is exploiting ChatGPT’s popularity by promoting a weaponized fake download site via sponsored search results, delivering malware to both Windows and macOS users. Security researchers from Evalian’s SOC team identified the operation, which leverages convincing OpenAI…
Proofpoint Warns TA4922 Deploys Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT
A sophisticated cybercrime group known as TA4922 is raising alarms across the global security community. The group has been deploying a growing arsenal of malware, including Atlas RAT, RomulusLoader, SilentRunLoader, and ValleyRAT, against organizations in Japan, the United Kingdom, Germany,…
Hackers Abusing Microsoft Teams and Google Drive to Deploy Remote Access Malware
Hackers are increasingly abusing trusted enterprise platforms such as Microsoft Teams and Google Drive to deploy stealthy remote access malware, with a newly observed campaign leveraging social engineering and cloud-based command-and-control to evade detection. In early April 2026, eSentire’s Threat…
Hackers Actively Exploiting WordPress Plugin Vulnerability to Inject Malicious PHP Code
Hackers are actively exploiting a critical remote code execution (RCE) vulnerability in the Everest Forms Pro WordPress plugin, allowing unauthenticated attackers to inject and execute arbitrary PHP code on vulnerable websites. The flaw, tracked as CVE-2026-3300 with a CVSS score…
Hackers Use Fake Chrome Web Store Copyright Notices to Steal Google Credentials
A new phishing campaign is targeting Chrome extension developers using fake copyright removal notices that look like official messages from the Chrome Web Store. The scam tricks developers into entering their Google credentials on a counterfeit sign-in page, putting both…
CISA Warns of Android Framework Integer Overflow Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly identified Android Framework vulnerability, tracked as CVE-2025-48595, to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is actively exploited in the wild. The vulnerability affects the…
Cisco Unified Communications Manager Vulnerability Exposed Along With PoC Exploit Code
Cisco has disclosed a critical server-side request forgery (SSRF) vulnerability in its Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (SME). Tracked as CVE-2026-20230, with publicly available proof-of-concept (PoC) exploit code increasing the risk of real-world exploitation.…
Comodo Internet Security 0-Day Vulnerability Lets Attacker Crash the User’s Windows System
An unpatched zero-day vulnerability in Comodo Internet Security’s firewall driver, Inspect.sys, after receiving no response from the vendor following multiple disclosure attempts. The vulnerability, dubbed ComoDoS, uncovered by Marcus Hutchins, allows a remote attacker to crash a target Windows system…
Fake Claude Code Installer Via Google Sites Deliver Credential-Stealing Malware
Cybercriminals have found a new and clever way to exploit the growing popularity of AI developer tools. A recently identified campaign uses fake pages mimicking Claude Code and OpenAI Codex, hosted on trusted Google Sites infrastructure, to trick users into…
Acer Working to Patch Wave 7 Router 0-day Vulnerability
Acer is preparing a firmware update to address a critical zero-day vulnerability affecting its Wave 7 routers, following disclosure by independent security researcher Gergo Pap. The issue affects devices running firmware versions earlier than and poses a significant risk due…
Bots Surpass Humans in Global Web Traffic for the First Time in Internet History
For the first time ever, automated bots have officially overtaken human users in global internet traffic, and the shift is accelerating faster than even industry leaders predicted. Bots Surpass Humans in Web Traffic According to data from Cloudflare Radar, bots…
Microsoft Unveils Always-On AI Agent Scout to Integrate With Teams, Outlook, and More
Microsoft has officially introduced Microsoft Scout, its first-ever “Autopilot” AI agent, a persistent, always-on autonomous assistant designed to operate continuously across Microsoft 365 apps without waiting to be prompted. Unveiled at Microsoft Build 2026 on June 2, Scout represents a…
CISA and Partners Warns of Cyberattacks Targeting U.S.-based Automatic Tank Gauge Systems
A serious wave of cyberattacks is now targeting a piece of infrastructure that most people never think about. Automatic Tank Gauge systems, commonly known as ATG systems, are used across the United States to remotely monitor fuel levels, liquid volumes,…
Hackers Use Fake Purchase Orders to Deploy JS.MonoGlyphRAT Targeting US Enterprises
A stealthy new threat is quietly making its way through US businesses, and most traditional security tools are completely missing it. Researchers have uncovered a previously unknown piece of malware that disguises itself as an everyday business document — a…
The Gentlemen Ransomware Group Uses Fortinet Exploits, AI, and Custom C2 Frameworks
A Russian-speaking ransomware crew known as The Gentlemen has quickly risen to become one of the most active threats in 2026, ranking second only to Qilin in ransomware activity. Their toolkit combines Fortinet vulnerability exploitation, AI-assisted operations, and a fully…
HazyBeacon Camapign Weaponizes Amazon Web Services for Stealthy Communications
A new malware campaign is turning trusted cloud infrastructure against the organizations that rely on it. Known as HazyBeacon and tracked under cluster identifier CL-STA-1020, the campaign targets government networks across Southeast Asia. Rather than using easily blocked servers, the…
New Google Gemini Vulnerability Exploited via Prompt Injections from WhatsApp, Slack, and SMS
A new class of indirect prompt injection (IPI) attacks targets Google Gemini’s voice assistant, allowing attackers to silently hijack the AI through malicious payloads delivered via everyday messaging apps, including WhatsApp, Slack, Signal, SMS, Instagram, and Messenger. The research, led…
Hackers Use YouTube and SEO Poisoning to Spread WeedHack Minecraft Malware
Hackers are hiding dangerous malware inside what look like popular Minecraft mods and game clients, using YouTube videos and search engine tricks to pull unsuspecting players into their trap. The campaign, known as WeedHack, has been quietly running since January…
Laravel CRLF Injection Vulnerability Enables an Attacker to Interfere with Outbound Email Processing
A high-severity CRLF injection vulnerability in the Laravel framework, tracked as CVE-2026-48019, could allow attackers to interfere with outbound email processing in affected applications. The issue impacts Laravel versions up to 13.9.0 and versions before 12.60.0, and has been patched…