GitLab has released urgent security updates (versions 18.10.3, 18.9.5, and 18.8.9) for its Community Edition (CE) and Enterprise Edition (EE) to address high-severity flaws that enable Denial-of-Service (DoS) and code-injection attacks. GitLab strongly advises all administrators of self-managed systems to…
Tag: Cyber Security News
CISA Warns of Critical Ivanti EPMM Code Injection Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Ivanti Endpoint Manager Mobile (EPMM). The agency recently added this flaw, tracked as CVE-2026-1340, to its Known Exploited Vulnerabilities (KEV) catalog after…
Hackers Impersonate Linux Foundation Leader in Slack to Target Open Source Developers
Open source developers are facing a growing and sophisticated threat — one that does not rely on complex exploits or hidden vulnerabilities but instead uses something far simpler: trust. A social engineering campaign is actively targeting developers through Slack, where…
Hackers Use Fake Security Software to Deliver LucidRook Malware in Taiwan Attacks
A newly identified malware called LucidRook has been spotted targeting organizations across Taiwan, hiding inside what appears to be legitimate security software. The attackers went out of their way to make it look convincingly real, forging the icon and application…
Hackers Claim to Have Stolen 10 Petabytes of Data from China’s Tianjin Supercomputer Center
Hackers are claiming that one of China’s most strategically important computing facilities suffered a massive cyber intrusion, with more than 10 petabytes of sensitive information allegedly taken from a state-run supercomputing environment that experts suspect is the National Supercomputing Center…
New Silver Fox Campaign Hides ValleyRAT Inside Fake Telegram Chinese Language Pack Installer
A new malware campaign linked to the Silver Fox APT group has been discovered, using a fake Telegram Chinese language pack installer to secretly deliver ValleyRAT — a powerful remote access trojan — onto targeted machines. The malicious file, disguised…
Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code
Google has released Chrome 147 to the stable channel for Windows, Mac, and Linux, patching a sweeping set of security vulnerabilities — including two critical-severity flaws that could allow remote attackers to execute arbitrary code on targeted systems. The most…
New RoningLoader Campaign Uses DLL Side-Loading and Code Injection to Evade Detection
A threat actor known as DragonBreath has launched a stealthy campaign using a multi-stage malware loader called RoningLoader. The malware targets Chinese-speaking users by disguising itself as trusted software such as Google Chrome and Microsoft Teams. Its core strength lies…
Microsoft Suspends Developer Accounts of High-Profile Open-Source Projects
Microsoft has suspended the Windows Hardware Program developer accounts of two critical open-source security projects, VeraCrypt and WireGuard, blocking their ability to sign drivers and push updates to millions of Windows users, with no prior warning or explanation provided to…
Hackers Abuse Legitimate Meta Business Manager Notifications to Deliver Phishing Emails
A new phishing campaign is actively targeting businesses worldwide by exploiting one of the most trusted tools in digital marketing — Meta’s Business Manager platform. Cybercriminals have found a clever way to send deceptive emails that look exactly like genuine…
Microsoft 365 Network-Level Disruption Affecting Exchange Online, Teams, and Core Suite Services
A network-level disruption struck multiple Microsoft 365 services on Wednesday evening, knocking out or degrading access to Exchange Online, Microsoft Teams, and the broader Microsoft 365 suite for users across affected regions. The incident, tracked under issue ID MO1274150, began…
Anthropic Unveils Claude Mythos Preview With Powerful Zero-Day Detection Capabilities
Anthropic has introduced Claude Mythos Preview, an advanced language model with extraordinary capabilities for discovering and autonomously exploiting undiscovered zero-day vulnerabilities. To ensure these powerful tools are used defensively, the company has launched Project Glasswing to collaborate with industry partners and…
Hackers Actively Attacking Adobe Reader Users Using Sophisticated 0-Day Exploit
A highly sophisticated, unpatched zero-day exploit is actively targeting users of Adobe Reader. Detected by the EXPMON threat-hunting system, this malicious PDF file is designed to steal sensitive local data and perform advanced system fingerprinting. The exploit functions flawlessly on…
IBM Identity and Verify Access Vulnerabilities Allow Remote Attacker to Access Sensitive Data
A critical security bulletin highlights multiple vulnerabilities in Verify Identity Access and Security Verify Access products. If left unpatched, these widespread security flaws could allow malicious actors to access sensitive information, escalate their system privileges, or cause a complete denial-of-service…
Hackers Used EvilTokens, ClickFix Campaign to Attack Claude Code Users with AMOS Stealer
Two significant threat campaigns from March 2026, one abusing Microsoft’s OAuth authentication flow to silently hijack enterprise accounts, and another deploying the AMOS infostealer against macOS users who work with AI development tools like Claude Code. The EvilTokens campaign represents…
AWS and Anthropic Advancing AI-powered Cybersecurity With Claude Mythos
As cyber threats evolve at an unprecedented pace, Amazon Web Services (AWS) and Anthropic have teamed up to introduce the next generation of artificial intelligence for cybersecurity. Announced as part of Anthropic’s new Project Glasswing, a specialized AI model named…
Docker Vulnerability Let Attackers Bypass Authorization and Gain Host Access
A newly discovered high-severity vulnerability in Docker Engine could allow attackers to bypass authorization plugins and potentially gain unauthorized access to the underlying host system. Tracked as CVE-2026-34040, this security flaw stems from an incomplete patch for a previously known…
Amazon S3 Files, Turns S3 Buckets as File System to Access Your Data
Amazon Web Services (AWS) has introduced a major update to its cloud storage infrastructure with the launch of Amazon S3 Files. This new feature allows organizations to access their Amazon S3 buckets directly as fully functional shared file systems, eliminating…
Google Expands Chrome Lazy Loading to Video and Audio in New Browser Update
Google is bringing a major performance enhancement to its browser by expanding native lazy loading capabilities to include video and audio elements. By adding the loading=”lazy” attribute directly to <video> and <audio> HTML tags now allow developers to defer the download of heavy media resources until…
Microsoft Confirms Recent Windows 11 Update Breaks Start Menu Search Function
Microsoft has acknowledged a server-side issue that disrupted Start Menu search functionality for a subset of Windows 11 23H2 users, and has since deployed a fix to address the problem without requiring users to install any additional updates. The issue,…