Tag: Cyber Security News

A relatively unknown ransomware group called Payouts King has emerged as a serious cybersecurity threat, carrying the torch of the now-defunct BlackBasta operation. Since its appearance in April 2025, the group has quietly carried out targeted attacks while remaining largely…

Read more →

Windows Admin Center is a locally deployed, browser-based management tool used by IT administrators to manage Windows servers, clients, and clusters from a centralized graphical interface. This newly discovered critical flaw, identified by Cymulate Research Labs, allows attackers to achieve…

Read more →

Microsoft has addressed a moderate-severity security flaw in the Windows Snipping Tool that could allow malicious actors to steal user credentials. Tracked as CVE-2026-33829, this spoofing vulnerability was officially patched during the April 14, 2026, security updates. Discovered and reported…

Read more →

Microsoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers following the deployment of the April 2026 Patch Tuesday cumulative update, KB5082063, where affected servers are entering repeated reboot loops after installation. Released on April 14, 2026,…

Read more →

A newly discovered piece of malware called ZionSiphon has raised serious concerns about the security of critical water infrastructure in Israel. The malware was built with a clear focus: to infiltrate and potentially sabotage Israeli water treatment and desalination systems,…

Read more →

A newly disclosed zero-day vulnerability in Microsoft Defender, dubbed “RedSun,” allows an unprivileged user to escalate privileges to full SYSTEM-level access on fully patched Windows 10, Windows 11, and Windows Server 2019 and later systems, and as of now, remains…

Read more →

Microsoft has officially acknowledged a known issue affecting Windows 11 users following the release of its April 2026 Patch Tuesday cumulative updates. Devices running certain BitLocker Group Policy configurations may unexpectedly prompt users to enter their BitLocker recovery key after…

Read more →

A new wave of cyber attacks is hitting trucking carriers and freight brokers, and the goal is not just data theft. Criminals are breaking into logistics companies digitally to steal physical cargo shipments worth millions of dollars in the real…

Read more →

The European Commission’s newly launched Digital Age Verification App, unveiled on April 14, 2026, to protect minors from harmful online content, has already been compromised, with UK-based security consultant Paul Moore demonstrating a full authentication bypass in under two minutes.…

Read more →

A newly identified two-component Remote Access Trojan (RAT) toolkit built in Rust, dubbed SpankRAT, is being used by threat actors to abuse legitimate Windows processes, bypass reputation-based security controls, and maintain persistent access to compromised environments while largely evading detection…

Read more →

Education publishing giant McGraw-Hill has confirmed a data breach following an extortion attempt, with more than 100GB of stolen data now publicly distributed online, exposing the personal information of approximately 13.5 million users. The breach, disclosed in April 2026, stems…

Read more →

Cisco has issued an urgent security advisory warning of multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). According to the official Cisco security advisory published on April 15, 2026, these flaws could allow an…

Read more →

A threat cluster tracked as UAC-0247 has been running an active campaign since early 2026, targeting local governments and municipal healthcare institutions across Ukraine, including clinical hospitals and emergency ambulance services. The attackers are not only stealing sensitive data from…

Read more →

Two American nationals have been sentenced to federal prison for operating a sophisticated “laptop farm” scheme. The operation successfully infiltrated over 100 U.S. companies, generating more than $5 million in illicit revenue to fund the Democratic People’s Republic of Korea…

Read more →

Microsoft is actively investigating a widespread authentication issue affecting users attempting to access Microsoft 365 web-based services through Google Chrome version 147. The problem, first reported on April 16, 2026, has left a significant number of users unable to properly…

Read more →

March 2026 turned out to be one of the more active months for vulnerability exploitation this year. Security researchers tracked 31 high-impact vulnerabilities that were actively used against real-world systems, touching products from more than 20 major vendors including Cisco,…

Read more →

A critical authentication bypass vulnerability in Nginx UI, tracked as CVE-2026-33032 with a maximum CVSS score of 9.8, is currently being actively exploited in the wild. This flaw allows unauthenticated remote attackers to gain complete control over affected Nginx web…

Read more →

Cisco has issued a critical security advisory warning of a severe vulnerability in its cloud-based Webex Services. Tracked as CVE-2026-20184, this flaw carries a maximum Common Vulnerability Scoring System (CVSS) base score of 9.8 out of 10 According to the…

Read more →

Cybercriminals have found a new way to sneak malware past traditional security filters by hijacking a legitimate AI workflow automation tool called n8n. Rather than building their own infrastructure from scratch, these threat actors are turning a productivity platform into…

Read more →

A newly identified information-stealing malware called NWHStealer is quietly making its way onto Windows systems through a well-disguised campaign that uses fake VPN websites, gaming mods, and hardware utility tools as bait. The attackers are not relying on spam emails…

Read more →