Tag: Cyber Security News

The Node.js project released a critical security update on March 24, 2026, for the Long-Term Support (LTS) branch, designating version 20.20.2 ‘Iron’ as a security release. The update resolves seven tracked vulnerabilities spanning TLS error handling, HTTP/2 flow control, cryptographic…

Read more →

Mozilla has officially rolled out Firefox 149.0 to the Release channel on March 24, 2026, delivering a massive update focused heavily on user privacy and security hardening. The standout addition in this release is a free built-in VPN offering 50 GB of protected…

Read more →

OpenAI is pulling the plug on its Sora video generation platform, a high-profile product launched to widespread attention last year that has since quietly faded from the spotlight. The shutdown is part of a broader strategic realignment as the company…

Read more →

Mozilla released Firefox 149 on March 24, 2026, delivering one of the largest security advisories in the browser’s recent history, addressing 37 vulnerabilities spanning memory corruption, sandbox escapes, use-after-free flaws, and remote code execution risks across multiple browser components. Published…

Read more →

A high-severity vulnerability has been disclosed affecting both NGINX Open Source and NGINX Plus. Tracked formally as CVE-2026-32647, this security flaw carries a CVSS v4.0 base score of 8.5 and a CVSS v3.1 score of 7.8. It allows local, authenticated…

Read more →

The cryptocurrency development community is facing a serious supply chain threat after five malicious npm packages were discovered stealing private wallet keys and forwarding them directly to a Telegram bot. Published under the npm account “galedonovan,” these packages were crafted…

Read more →

Aleksei Volkov, a 26-year-old Russian national, has been sentenced to 81 months in federal prison for operating as an Initial Access Broker (IAB). His illicit activities directly enabled major cybercrime syndicates, including the notorious Yanluowang ransomware group, to compromise numerous…

Read more →

TP-Link has recently issued a critical security advisory addressing multiple high-severity vulnerabilities impacting its Archer NX series routers. These flaws, which affect the Archer NX200, NX210, NX500, and NX600 models, expose devices to severe risks. If exploited, threat actors could…

Read more →

A critical unrestricted file upload vulnerability, dubbed “PolyShell,” is actively being exploited in Magento and Adobe Commerce stores. Discovered by the Sansec Forensics Team, this flaw allows unauthenticated attackers to execute remote code (RCE) and completely take over accounts. With…

Read more →

A widely used open-source Python library was compromised on the Python Package Index (PyPI). Versions 1.82.7 and 1.82.8 of the package, which route requests across various LLM providers and have over 95 million monthly downloads, were found to contain a…

Read more →

The Federal Communications Commission (FCC) announced a major update to its Covered List, officially prohibiting the approval of new consumer-grade network routers produced in foreign countries. This regulatory action prevents these new devices from entering the United States market by…

Read more →

Passwordless authentication was supposed to mark the end of account takeovers. Designed to replace traditional passwords with cryptographic keys tied to physical devices, it promised a future where stolen credentials could no longer unlock user accounts. But a close examination…

Read more →

Security research team has uncovered a critical vulnerability in ClawHub, the public skills registry for the OpenClaw agentic ecosystem. This flaw allowed attackers to artificially inflate the download counts of malicious skills, thereby bypassing security checks and manipulating search rankings.…

Read more →

A widely used open-source Python library was compromised on the Python Package Index (PyPI). Versions 1.82.7 and 1.82.8 of the package, which route requests across various LLM providers and have over 95 million monthly downloads, were found to contain a…

Read more →

A sophisticated supply chain attack targeting Aqua Security’s widely used open-source vulnerability scanner, Trivy. A threat actor leveraged compromised credentials to distribute malicious releases, turning a trusted security tool into a mechanism for large-scale credential theft across CI/CD pipelines. The…

Read more →

Kali Linux 2026.1 has officially been released, marking the first major update of the year for the popular penetration testing distribution. Designed for professionals engaged in technical security research and vulnerability analysis, this update features modern aesthetic enhancements, notable advancements…

Read more →

A persistent threat actor known as Larva-26002 has been continuously targeting poorly managed Microsoft SQL (MS-SQL) servers, this time deploying a new scanner malware called ICE Cloud Client. The campaign has been active since at least January 2024 and continues…

Read more →

A threat actor known as TeamPCP has taken a sharp turn toward destruction with a new payload that goes far beyond credential theft or backdoor installation. The group, tracked as a cloud-native attacker since late 2025, has deployed a Kubernetes…

Read more →

Cybercriminals behind Tycoon2FA, a phishing-as-a-service (PhaaS) platform, have resumed targeting cloud accounts with near-full force despite a coordinated law enforcement takedown on March 4, 2026. Europol, working alongside authorities from six countries, seized 330 domains that formed the backbone of…

Read more →

A recent security analysis has revealed how chaining seemingly minor logic flaws in Dell Wyse Management Suite (WMS) On-Premises can result in a complete system compromise. Security researchers demonstrated that combining two distinct vulnerabilities allows an unauthenticated attacker to bypass…

Read more →