A critical SQL injection flaw in Ghost CMS has been weaponized by at least two threat actor groups to silently poison over 700 websites with ClickFix malware, putting unsuspecting visitors at serious risk. The vulnerability, tracked as CVE-2026-26980, was publicly…
Tag: Cyber Security News
GitHub Down – Authentication Issues Denying Access to Actions
GitHub experienced a widespread service disruption on May 26, 2026, after authentication failures prevented developers from accessing critical automation services, including GitHub Actions and GitHub Pages. The outage significantly impacted CI/CD pipelines, blocking workflow execution and halting software delivery for…
ConnectWise Automate Vulnerability Let Attackers Bypass Security Checks
ConnectWise has disclosed a high-impact security vulnerability in its Automate platform that could allow attackers to bypass critical security checks and execute malicious code under specific conditions. The flaw, tracked as CVE-2026-9089, affects versions of ConnectWise Automate before 2026.5 and…
Apache CXF LDAP Injection Vulnerability Let Attacker Retrieve Arbitrary Certificates
A newly disclosed vulnerability in Apache CXF, tracked as CVE-2026-44930, is raising concerns among enterprise users relying on its XKMS (XML Key Management Specification) services. The flaw, classified as an important severity issue, affects the LDAP-based certificate repository component and…
Critical Memcached SASL Vulnerability Let Attackers Infer Valid Usernames
A newly disclosed security issue in Memcached has raised concerns after developers confirmed a timing side-channel vulnerability in its SASL authentication mechanism that could allow attackers to infer valid usernames, now tracked as CVE‑2026‑47783. The flaw was addressed in the…
EU Finalizes Record DMA Fine Against Google Over Search Self-Preferencing Abuse
The European Union is on the verge of issuing its largest-ever penalty under the Digital Markets Act, targeting Alphabet’s Google for allegedly manipulating search results to favor its own services over competitors, a move set to further strain transatlantic tech…
PuTTY 0.84 Released With Fix for SSH KEX Crashes and Telnet Prompt Spoofing Flaw
PuTTY 0.84 has been released with fixes for multiple minor security flaws, including issues that could trigger SSH key exchange crashes and a Telnet prompt spoofing weakness. While these vulnerabilities are considered low severity, they highlight how even small flaws…
Payload Ransomware Uses ChaCha20 and Curve25519 ECDH to Encrypt Windows Files
A dangerous new ransomware strain called Payload has been quietly building a global victim list since it first appeared in February 2026. The group launched its leak site with a high-profile target and has since expanded operations across Egypt, Mexico,…
Phishing Services Use RCS and iMessage to Bypass Traditional SMS Security Filters
A new wave of phishing operations is quietly changing the way cybercriminals steal financial data from everyday people. Rather than relying on traditional SMS messages that carriers can easily flag and block, threat actors are now using encrypted messaging channels…
New 7-Zip Vulnerabilities Let Attackers Execute Arbitrary Code and Compromise Systems
A critical heap buffer overflow vulnerability has been disclosed in 7-Zip version 26.00, enabling attackers to achieve arbitrary code execution via a vtable hijack by exploiting a defect in the tool’s NTFS archive handler. Tracked as CVE-2026-48095 and assigned advisory…
Anthropic’s Restricted Claude Mythos Moves Toward Public Release via Claude Code and Security
Anthropic appears to be loosening its grip on Claude Mythos, the company’s most powerful and previously restricted AI model, with new signals pointing to a commercially versioned release under the name Mythos 1 (claude-mythos-1-preview), integrated directly into Claude Code and…
Cloud Atlas APT Group Modifies termsrv.dll to Enable Multiple RDP Sessions on Victim Hosts
A well-known advanced persistent threat group called Cloud Atlas has been caught using a dangerous technique to hijack Windows systems without alerting anyone on the network. The group modifies a core Windows file called termsrv.dll to unlock multiple simultaneous Remote…
InvisibleFerret Malware Now Ships as .pyd and .so Files to Evade Script Detection
A North Korea-linked hacker group has quietly upgraded one of its most dangerous tools, making it harder for security software to detect. InvisibleFerret, an information-stealing malware tied to the threat actor known as Void Dokkaebi (also tracked as Famous Chollima),…
Cybercriminals Use Telegram Channels to Sell Verified Bank and Fintech Mule Accounts
Cybercriminals are openly selling verified bank accounts, fintech wallets, and cryptocurrency exchange accounts through Telegram channels, turning money laundering into a structured, on-demand criminal service. This underground market has grown far beyond informal recruitment and now operates like a professional…
Hackers Abuse Shared CDN Infrastructure to Bypass Domain Reputation Security Controls
Hackers are actively abusing a flaw in shared Content Delivery Network (CDN) infrastructure to hide malicious traffic behind trusted, high-reputation domains, effectively slipping past the security tools that organizations rely on every day. The technique, now tracked under the name…
Russian Hacker Used Jailbroken Gemini to Steal Admin Credentials and Drain Crypto Wallets
A solo Russian-speaking threat actor leveraged a jailbroken instance of Google Gemini to run a five-year MAGA-themed influence operation, crack WordPress administrator credentials, and empty at least one victim’s cryptocurrency wallet, all at near-zero cost using stolen API keys. In…
Hackers Hide Linux Payload Under SSH-Like Filename During Package Installation
A new supply chain attack campaign is quietly targeting developers through a method most would never think to look for. Hidden inside software packages on GitHub, a malicious script downloads a Linux binary during installation and disguises it using a…
Iranian APT Uses SEO Poisoning to Deliver Fake SQL Developer Malware Installer
A well-known Iranian threat group has found a new way to push malware onto people’s machines. Instead of sending phishing emails, the group built a fake website that impersonated a real database software download page and used search engine tricks…
KnowledgeDeliver LMS Zero-Day Exploited to Deploy BLUEBEAM Web Shell
A newly disclosed zero-day vulnerability in the KnowledgeDeliver Learning Management System (LMS) has been actively exploited in the wild to deploy the BLUEBEAM in-memory web shell, according to Mandiant’s incident response findings. The flaw, now tracked as CVE-2026-5426, enables unauthenticated…
Kazuar Malware Evolves Into Modular Espionage Ecosystem for Secret Blizzard Operations
A Russian state-sponsored threat group has quietly upgraded one of its most powerful cyber weapons, and the result is a spying tool that is harder to detect, harder to kill, and more capable than ever before. Security researchers have now…