A well-known open-source security framework called ROADtools has been turned against the organizations it was originally built to protect. Once a legitimate red-teaming tool, attackers are now actively weaponizing it to steal authentication tokens, register rogue devices, and bypass multi-factor…
Tag: Cyber Security News
Apple’s New Anti-Snatching Feature Will Auto-Lock iPhones When Stolen From Your Hand
Apple is reportedly developing a new iPhone security feature designed to automatically lock the device the moment it detects a theft-in-progress, a significant upgrade to the company’s existing anti-theft protections that could close one of the most dangerous gaps in…
New 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users
A new 0-Click WhatsApp Account Takeover Attack Targeting iOS 16 Users is raising serious concerns after multiple iPhone users reported their accounts being hijacked without any interaction, warnings, or visible linked devices. According to a recent forensic investigation by the…
Attackers Abuse Open RDP Ports to Gain Initial Access Into Business Networks
There is a decades-old misconfiguration sitting quietly inside countless business networks, and attackers are still making full use of it. Remote Desktop Protocol, or RDP, allows users to connect to and control a computer remotely over a network. When its…
Developer-Targeting Glassworm Malware Abuses npm, PyPI, OpenVSX, and GitHub
A dangerous malware campaign known as Glassworm has been spreading through the tools that software developers trust most every day. By abusing popular platforms like npm, PyPI, OpenVSX, and GitHub, the attackers have turned routine development workflows into entry points…
Anthropic Releases Free Security Plugin for Claude Code Terminal to Detect Vulnerabilities
Anthropic has launched a security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs, and commits in real time to catch vulnerabilities before they reach production. The plugin is free for all users and available…
India’s CERT-In Asks Organizations to Patch Vulnerabilities in Systems Within 12 hours
India’s national computer emergency response agency CERT-In has warned enterprises to patch high-risk vulnerabilities on internet-facing and critical systems within 12 hours of discovery or active exploitation. The directive comes as AI-assisted attacks continue to reduce exploitation timelines, increasing pressure…
BIND 9 Software Vulnerabilities Exposes Resolvers and Authoritative Servers to Remote Exploits
A series of newly documented vulnerabilities in ISC BIND 9 has raised significant security concerns for DNS infrastructure operators, with multiple flaws enabling denial-of-service (DoS) attacks, memory corruption, and potential remote exploitation. The latest entries in the BIND 9 Software…
GitLab Suspends Windows Exploit Researcher Nightmare-Eclipse After GitHub Ban
The anonymous researcher known as Nightmare-Eclipse has been blocked from two major code-hosting platforms in less than a week, as their disruptive public zero-day campaign against Microsoft draws serious real-world consequences. GitLab moved to suspend the account of security researcher…
Anthropic Releases Free Security Plugin for Claude Code Terminal to Catch Vulnerabilities in Real Time
Anthropic has launched a security-guidance plugin for its Claude Code terminal tool that autonomously reviews code edits, model outputs, and commits in real time to catch vulnerabilities before they reach production. The plugin is free for all users and available…
How Tier 1 Can Process Alerts 3x Faster with Threat Intelligence
You already know the feeling.The shift starts, and the queue is already full. Somewhere in that pile of hundreds of alerts is the one that actually matters — the lateral movement no one caught, the C2 beacon hiding behind a…
Multiple Angular Language Service Extension Vulnerabilities Enable RCE Attacks
A set of high-severity vulnerabilities has been identified in the Angular Language Service Visual Studio Code extension (Angular.ng-template), potentially exposing developers to remote code execution (RCE) attacks through multiple exploitation paths. The vulnerabilities arise from insecure handling of user-controlled input…
China-Linked Hackers Target Southeast Asian Edge Routers With Custom Linux Implant
A sophisticated China-linked hacking group has been caught targeting edge routers across Southeast Asia, deploying a custom-built Linux implant that gives them deep control over network traffic. The campaign has been rated critical in severity, and its reach extends well…
Quasar Linux RAT Targets Developers With Fileless Execution and eBPF Rootkit
A newly discovered Linux malware known as Quasar Linux, or QLNX, is actively targeting software developers and DevOps engineers with a level of sophistication rarely seen in Linux-focused threats. Unlike most malware that relies on files stored on disk, QLNX…
Microsoft Defender Now Automatically Isolates Compromised Devices to Stop Ransomware
Microsoft Defender for Endpoint has introduced automatic device isolation, a proactive containment capability that disconnects compromised workstations from the network the moment a high-confidence attack is detected without waiting for human intervention. Microsoft Defender for Endpoint can now automatically isolate…
NightSpire Ransomware Uses RDP Access and Remote Admin Tools for Stealthy Persistence
A new ransomware threat is making waves across dozens of industries and countries, using a surprisingly simple but effective approach to break into systems and lock victims out of their own data. NightSpire, first identified in early 2025, has already…
Microsoft SharePoint Server Vulnerability Enables Remote Code Execution Attacks
Microsoft has disclosed a critical security vulnerability in SharePoint Server that could allow authenticated attackers to execute arbitrary code remotely across multiple versions of the platform. Tracked as CVE-2026-45659 and released on May 21, 2026, the flaw poses a significant…
Microsoft Defender Now Automatically Isolates Compromised Devices to Stop Ransomware Spread
Microsoft Defender for Endpoint has introduced automatic device isolation, a proactive containment capability that disconnects compromised workstations from the network the moment a high-confidence attack is detected without waiting for human intervention. Microsoft Defender for Endpoint can now automatically isolate…
Hackers Use SEO Poisoning to Impersonate Gemini CLI and Claude Code Installers
Hackers are targeting software developers by creating fake installation pages for two popular AI coding tools, Gemini CLI and Claude Code. The attackers are using a technique called SEO poisoning to push their malicious websites above real ones in search…
Windows Server 2016 Domain Controller May Fail with 15-Character Hostname
Windows administrators are facing a disruptive bug in Windows Server 2016 following Microsoft’s May 12, 2026, security update KB5087537. The update introduced a critical flaw that caused domain controller discovery to completely fail on servers configured with hostnames exceeding the…