Tag: Cyber Security News

A new ransomware family called JanaWare has begun targeting computer users in Turkey, relying on a customized version of the Adwind remote access trojan (RAT) to gain a foothold on victims’ systems. This campaign stands out because it combines a…

Read more →

What started as a routine adware alert quickly turned into something far more serious. On the morning of March 22, 2026, security alerts began firing across multiple managed environments, all linked to software signed by a company called Dragon Boss…

Read more →

OpenAI has unveiled GPT-5.4-Cyber, a specialized variant of its flagship GPT-5.4 model fine-tuned for advanced defensive cybersecurity workflows, granting vetted security professionals expanded access to capabilities such as binary reverse engineering, vulnerability scanning, and malware analysis, with fewer restrictions than…

Read more →

A critical zero-day spoofing vulnerability in Microsoft SharePoint Server is being actively exploited in the wild, Microsoft confirmed on April 14, 2026, as part of its monthly security update cycle. Tracked as CVE-2026-32201, the flaw affects multiple versions of SharePoint…

Read more →

Synology reveals two severe SSL VPN Client flaws that could let remote attackers steal sensitive files and intercept network traffic. The vulnerabilities affect users running older versions of the software and require immediate patching to prevent potential network compromise. Virtual…

Read more →

Threat actors are actively exploiting a critical vulnerability in ShowDoc, a popular online document-sharing and collaboration tool used by IT teams worldwide. Tracked under the identifier CNVD-2020-26585, this severe security flaw allows unauthenticated remote attackers to upload malicious files and execute…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to organizations regarding two severe Microsoft vulnerabilities. On April 13, 2026, the agency officially added flaws affecting Microsoft Exchange Server and the Windows Common Log File System (CLFS)…

Read more →

Ivanti has released security updates addressing two medium-severity vulnerabilities in Ivanti Neurons for ITSM (N-ITSM), its on-premise IT service management platform. The flaws, if exploited, could allow remote authenticated attackers to retain unauthorized access or harvest session data from other…

Read more →

A critical authentication bypass vulnerability has emerged in etcd, the foundational distributed key-value store that supports countless cloud-native systems and Kubernetes clusters globally. Tracked as CVE-2026-33413, this high-severity flaw carries a CVSS score of 8.8. It enables attackers to access…

Read more →

A newly discovered Android malware called Mirax has been quietly circulating in underground criminal forums since late 2025, posing a growing threat to mobile users across Europe and beyond. What sets it apart from typical banking trojans is its dual…

Read more →

A new malware campaign involving a Remote Access Trojan called Janela RAT has been actively targeting financial institutions and cryptocurrency platforms across Latin America. The threat actors behind this attack are using fake MSI installer files and malicious browser extensions…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Fortinet products. On April 13, 2026, the agency added a severe SQL injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This…

Read more →

OpenAI’s Codex AI model successfully escalated privileges to root on a real Samsung Smart TV by exploiting world-writable kernel driver interfaces — a finding that raises serious questions about how hardware vendors handle device security on consumer electronics. The experiment,…

Read more →

A live credential stuffing botnet targeting Twitter/X accounts has been found completely exposed to the internet, with no password required to access its control panel, worker server credentials, or real-time attack data. The exposed system, running under the name “Twitter…

Read more →

A newly discovered variant of the PlugX worm is silently crossing borders by hiding inside USB drives, and it has already been detected on multiple continents spanning nearly ten time zones. First spotted in Papua New Guinea in August 2022,…

Read more →

Cybercriminals are changing the way they break into organizations. Instead of sending malicious emails and waiting for someone to click a link, attackers are now picking up the phone and calling their way into corporate systems. This shift is one…

Read more →

Threat actors have found a clever way to abuse a trusted productivity tool to deliver malware. By weaponizing Obsidian’s Shell Commands community plugin, attackers are quietly executing malicious code on victims’ machines — all without exploiting a single software vulnerability.…

Read more →

A widespread cyber espionage campaign leveraging 108 malicious Google Chrome extensions. According to a recent report by Socket, these extensions are explicitly designed to steal sensitive user data and hijack active web sessions. The attackers manage this extensive operation through…

Read more →

A cybersecurity researcher has uncovered a new Bring Your Own Vulnerable Driver (BYOVD) attack that can turn off top-tier endpoint security solutions, including CrowdStrike Falcon. By reverse-engineering a previously unknown zero-day kernel driver, the researcher revealed how threat actors use…

Read more →

The FBI Atlanta Field Office, working in a historic joint operation with Indonesian law enforcement, has successfully dismantled a massive global phishing network. The investigation targeted the notorious W3LL phishing kit, a sophisticated toolset that enabled cybercriminals to bypass multi-factor…

Read more →