A polished, fully functional npm package has been caught secretly stealing OpenAI Codex authentication tokens from developers who trusted it. The package, named codexui-android, presented itself as a remote web UI for OpenAI Codex with no obvious signs of being…
Tag: Cyber Security News
Hackers Use Fake Adobe Document Cloud Pages to Deliver ScreenConnect Malware
A sophisticated phishing campaign is actively targeting financial organizations by using fake Adobe Document Cloud pages to silently install ScreenConnect remote access malware on victim machines. The operation is well-structured, deceptive, and difficult to detect because it blends into everyday…
MicrosoftSystem64 Malware Uses HuggingFace Datasets for Stealthy Data Exfiltration
A newly discovered malware called MicrosoftSystem64 has been quietly stealing data from infected computers by routing stolen files through HuggingFace, the popular AI platform used by researchers and developers worldwide. The malware disguises itself as a legitimate Microsoft process, making…
Google Patches 151 Vulnerabilities in Chrome, Including 22 Critical Ones
Google has pushed a major Chrome Stable update that fixes 151 security flaws, including 22 critical vulnerabilities affecting core graphics, networking, media, and UI components across Windows, macOS, and Linux. The Stable channel has been updated to version 148.0.7778.216/217 for…
Critical Samba Vulnerability Enables Remote Code Execution Attacks
A critical vulnerability in the Samba printing subsystem, tracked as CVE-2026-4480, has been disclosed, allowing unauthenticated attackers to achieve remote code execution (RCE) on affected systems. The flaw carries a maximum CVSS v3.1 score of 10.0, highlighting its severe impact…
Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings
A trusted tool for VMware administrators has been weaponized. Attackers built a fake version of RVTools, a widely used utility for managing virtual infrastructure, and disguised it with a real digital certificate to slip past Windows security warnings without raising…
Hackers Exploit Microsoft Teams’ Collaboration Features to Impersonate IT Helpdesk Staff
A growing wave of vishing (voice phishing) campaigns in which threat actors abuse Microsoft Teams’ external collaboration features to impersonate IT helpdesk personnel and investigators is now turning to the Microsoft 365 Unified Audit Log (UAL) as a critical forensic…
VS Code Remote-SSH RCE Lets Attackers Pivot From Developer Machines to Cloud Servers
A newly disclosed vulnerability in Visual Studio Code’s Remote-SSH extension exposes a critical post-compromise attack path that allows threat actors to pivot from infected developer machines into cloud and production environments. Given the extension’s widespread adoption across modern development workflows,…
Google Employee Charged for Making $1.2 Million With Confidential Information
A Google software engineer has been charged in the United States for allegedly using confidential internal data to generate more than $1.2 million in profits through prediction market trading. The case highlights growing concerns around insider threats and misuse of…
Malicious Websites Track Visitors by Analyzing their SSD Timing Activity
Malicious websites can track visitors by measuring tiny changes in SSD access times, turning normal browser activity into a privacy leak. Researchers showed that a JavaScript attack can use the browser’s Origin Private File System (OPFS) to generate disk activity.…
New Linux CIFSwitch Kernel Vulnerability Allows Attackers to Gain Root Access
A newly disclosed Linux local privilege escalation (LPE) vulnerability dubbed “CIFSwitch” enables low-privileged users to gain root access by abusing a logic flaw between the Linux kernel CIFS client and the userspace cifs-utils package. The bug was discovered by security researcher Asim Manizada,…
ClearFake Uses BSC Testnet Smart Contracts for Takedown-Resistant Command and Control
A new and dangerously clever malware campaign called ClearFake has been caught using blockchain smart contracts to run its operations, making it nearly impossible for security teams to shut it down. Instead of relying on traditional servers that can be…
Hackers Deploy VIP Keylogger Through Phishing Emails Masquerading as Business Documents
Hackers are using deceptive phishing emails dressed up as routine business documents to spread a dangerous malware strain known as VIP Keylogger. The campaign has been active for months, with attackers showing absolutely no signs of slowing down. VIP Keylogger…
Critical OpenVPN Connect for macOS Vulnerability Let Attackers Execute Arbitrary Commands
A critical privilege escalation vulnerability has been discovered in OpenVPN Connect for macOS, enabling local attackers to execute arbitrary commands with elevated privileges through the application’s background service component. Tracked as CVE-2026-9560, the flaw affects all versions from 3.5.1 through…
Critical Roundcube Webmail Vulnerability Let Attackers Inject SQL Queries
Roundcube Webmail users are being urged to apply urgent updates after developers patched multiple security flaws. Including a critical pre-authentication SQL injection vulnerability that could allow attackers to manipulate backend databases without logging in. The issues affect Roundcube versions 1.6.…
New PureLogs Variant Uses MsBuild.exe Process Hollowing to Evade Detection
A new and dangerous version of the PureLogs information-stealing malware has emerged, raising serious concerns across the cybersecurity community. This variant takes a more evasive approach than its predecessors, using a carefully crafted chain of stages to reach victims without…
Gitea Container Vulnerability Exposes Private Container Images to Attackers
A critical security vulnerability in Gitea’s built-in container registry exposes private container images to unauthenticated attackers, raising significant concerns for organizations that rely on self-hosted Git and CI/CD environments. The flaw, tracked as CVE-2026-27771, allows remote attackers to access and…
Hackers Use GHOSTYNETWORKS and OMEGATECH to Host JS Malware Infrastructure
In March 2026, a wave of malicious spam emails began hitting inboxes across multiple countries and industries. Threat actors were quietly distributing a JavaScript-coded backdoor, targeting organizations in sectors as critical as energy, automotive, and government finance. The scale of…
Carnival Cruise Data Breach Exposes Millions of Customers’ Personal Information
Carnival Corporation, the world’s largest cruise company and parent of Carnival Cruise Line, has begun notifying customers of a significant cybersecurity breach that exposed sensitive personal data after a threat actor successfully used social engineering to compromise an employee account.…
Critical Notepad++ Vulnerabilities Allow Attackers to Execute Arbitrary Code
Notepad++, one of the most widely used open-source text editors for Windows, has released an urgent security update addressing three vulnerabilities, including two arbitrary code execution flaws that could allow attackers to silently run malicious programs on a victim’s machine.…