Tag: Cyber Security News

A high-severity security bypass vulnerability in Anthropic’s Claude Code AI coding agent allows malicious actors to silently evade user-configured deny rules through a simple command-padding technique, exposing hundreds of thousands of developers to credential theft and supply chain compromise. According…

Read more →

A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment. Built for Parrot OS and other Debian-based Linux distributions, METATRON combines automated reconnaissance tooling with…

Read more →

A new Remote Access Trojan (RAT) called ResokerRAT has been found targeting Windows systems by abusing Telegram’s widely used Bot API to receive commands and send stolen data back to attackers. Unlike traditional malware that relies on custom command-and-control servers,…

Read more →

A coordinated supply chain attack has been uncovered targeting developers who build applications on Strapi, a widely used open-source content management system. Thirty-six malicious npm packages disguised as legitimate Strapi plugins were published to the npm registry, carrying payloads designed…

Read more →

Researchers at Google DeepMind have published a comprehensive study revealing that autonomous AI agents browsing the web are deeply vulnerable to a new class of attacks called “AI Agent Traps,” which are adversarial content engineered into websites and digital resources…

Read more →

The Shadowserver Foundation has issued an urgent warning to FortiClient Enterprise Management Server (EMS) administrators after identifying over 2,000 publicly accessible instances globally, two of which are now confirmed to be actively exploited through critical unauthenticated remote code execution (RCE)…

Read more →

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting TrueConf software to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-3502, this security flaw is currently facing active exploitation in the wild. The discovery has…

Read more →

Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors. Tracked as CVE-2026-35616 and carrying a CVSSv3 score of 9.1 (Critical), the flaw enables…

Read more →

A highly coordinated social engineering campaign is actively targeting top open-source developers in the Node.js and npm ecosystem. Following the recent compromise of the popular package Axios, which sees over 100 million weekly downloads, several high-impact software maintainers have reported…

Read more →

The cybersecurity community is on high alert following a massive source code leak from Anthropic. On March 31, 2026, the company accidentally exposed the complete source code for Claude Code, its flagship terminal-based coding assistant. The leak occurred due to…

Read more →

A dangerous attack chain in Progress ShareFile that can allow attackers to take over exposed on-premises servers without first logging in. The issues affect customer-managed ShareFile Storage Zones Controller 5.x deployments, and Progress says customers should upgrade to version 5.12.4…

Read more →

In ever-changing technology and networks, privacy is becoming increasingly difficult to achieve. People are so used to using the Internet and IoT devices that the sensitive data they share on the web has become a prime target for hackers or…

Read more →

User Access Management tools centralize control over user permissions and access, providing a unified platform to enforce consistent security policies across diverse systems and applications. They enhance security by implementing role-based access controls, monitoring user activity, preventing unauthorized access, mitigating…

Read more →

Every time you open LinkedIn in a Chrome-based browser, hidden JavaScript silently scans your computer for installed software without your knowledge, without your consent, and without a single word in LinkedIn’s privacy policy. A revealing investigation conducted by the European…

Read more →

Anthropic has officially pulled the plug on third-party AI agent access to the Claude subscription, marking a significant shift in how users can leverage its models outside the company’s native ecosystem. According to Anthropic Claude Code exec Boris Cherny, starting…

Read more →

A critical security flaw in F5’s BIG-IP Access Policy Manager (APM) is currently under active exploitation, leaving thousands of enterprise networks at risk. The vulnerability, officially tracked as CVE-2025-53521, has sparked urgent warnings across the cybersecurity community after its impact…

Read more →

A coordinated phishing campaign has been quietly targeting banking customers across the Philippines since early 2024, and it remains active today. The attackers are not relying on crude tricks — they are hiding behind widely trusted internet platforms to steal…

Read more →

Two malicious versions of the popular JavaScript HTTP library Axios were briefly published to the npm registry on March 31, 2026. Each version carried a hidden dependency that installed a remote access trojan (RAT) across macOS, Windows, and Linux systems.…

Read more →

A North Korean threat group known as Kimsuky has been caught running a cyberattack campaign that uses malicious Windows shortcut files, known as LNK files, to quietly install a Python-based backdoor on victim systems. The attack stays hidden across multiple…

Read more →

A new malware has been quietly spreading across cybercrime networks, and security researchers say it is far more capable than most tools of its kind. Called Venom Stealer, this malware-as-a-service platform does not just harvest credentials — it builds an…

Read more →