Chrome 151’s latest stable-channel update delivers patches for 382 security vulnerabilities, including 15 critical bugs that can be weaponized for remote code execution and full browser compromise if left unpatched. Google is rolling this update out for Windows, macOS, Linux,…
Tag: Cyber Security News
U.S. Lifts Export Controls on Claude Fable 5 and Mythos 5
The U.S. Department of Commerce has formally withdrawn export control restrictions on Anthropic’s Claude Fable 5 and Mythos 5 AI models, ending an 18-day standoff that had blocked global access to the company’s most advanced systems. In a letter dated…
Multiple Apache Tomcat Vulnerabilities Allow Attackers to Bypass Authentication
The Apache Software Foundation has disclosed two vulnerabilities affecting Apache Tomcat that could allow attackers to bypass authentication and security constraints protecting web applications. The flaws, tracked as CVE-2026-55957 and CVE-2026-55956, impact multiple major versions of the widely deployed servlet…
Microsoft Teams’ New Feature Blocks Bots from Joining Meetings
Microsoft has rolled out a new bot protection capability in Microsoft Teams that gives IT administrators and meeting organizers greater control over external bots attempting to join meetings, a move designed to address growing privacy and security concerns around AI-powered…
Anthropic’s Claude Code Reportedly Uses Hidden Code to Detect Chinese Users
A Reddit disclosure has ignited a serious debate about developer trust and covert surveillance, alleging that Anthropic embedded undisclosed detection logic inside its Claude Code CLI tool, specifically targeting users in China or those routing traffic through Chinese AI lab…
New BioShocking Attack Allows Attackers to Trick AI Browser and Leak Credentials
A newly disclosed attack technique dubbed “BioShocking” is raising concerns across the cybersecurity community after researchers demonstrated that AI-powered browsers can be manipulated to leak sensitive data and bypass built-in safety controls. Security researchers at LayerX revealed that attackers can…
False Positive or First Sign of a Breach? How Tier 1 SOC Analysts Can Tell the Difference Faster
Imagine a Tier 1 analyst receiving an alert: an employee’s laptop has connected to an unfamiliar domain. The detection is not dramatic. No ransomware note. No obvious malware verdict. No endpoint isolation. Just a domain, an IP address, a timestamp, and a medium-severity…
Hackers Hijack WhatsApp Web Sessions to Launch CEO Fraud Through DLL Sideloading
A new breed of executive impersonation attack is making rounds across Indian enterprises, and it is far more technical than the typical CEO fraud most organizations have prepared for. This campaign, dubbed the “Boss Scam,” blends social engineering with a…
Hackers Use SystemBC Malware to Hide C2 Traffic and Maintain Persistent Access
A cyberattack tool that quietly turns victim computers into tunnels for criminal traffic has been gaining ground across enterprise networks. Security researchers have linked it to some of the most destructive ransomware operations in recent years. Known as SystemBC, this…
Bing Search for ‘ManageEngine OpManager’ Delivers Akira Ransomware
A simple Bing search for a popular IT tool turned into a full-scale ransomware attack. Threat actors abused search engine optimization (SEO) poisoning to push a fake download link into Bing search results, tricking IT administrators into installing malware disguised…
TONResolver Malware Uses TON Smart Contracts as Dead Drop Resolver for C2 Switching
A new wave of cyberattacks targeting Japan’s hospitality sector has put the global threat landscape on high alert. In late May 2026, attackers began sending phishing emails to Japanese partner companies of Booking.com, disguised as urgent guest complaints and review…
SimpleHelp Authentication Bypass Vulnerability Exploited in the Wild to Deploy TaskWeaver Loader
A critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software is being actively exploited in the wild. This enables attackers to deploy advanced malware, including a newly identified loader, TaskWeaver, and an information-stealing tool, Djinn Stealer. Security…
Multiple WolfSSL Vulnerabilities Expose Billions of Servers and IoT Devices to Cyberattacks
Multiple newly disclosed vulnerabilities in the wolfSSL embedded TLS library expose billions of servers and Internet of Things (IoT) devices to potential certificate forgery, remote code execution, and denial-of-service attacks if left unpatched. These flaws undermine core trust mechanisms in…
PoC Released for NTLM Reflection Bypass Flaw that Enables SYSTEM Access on Windows Server
A working proof-of-concept (PoC) exploit has been released for a new NTLM reflection bypass flaw that enables SYSTEM-level access on Windows Server 2025, raising fresh concerns about the resilience of Microsoft’s authentication hardening. The vulnerability, tracked as CVE-2026-24294, shows that…
GitHub Advisory Database Hits Record Volume as Vulnerability Reports Surpass Review Capacity
GitHub’s Advisory Database reached an all-time high in May 2026, publishing 1,560 reviewed security advisories, more than five times its typical monthly output. Despite this milestone, the platform still struggled to keep pace with a rapidly expanding volume of vulnerability…
New Windows Backdoor Mistic Enables In-Memory Code Execution and Credential Theft
A newly identified Windows backdoor called Mistic has been quietly making its way through enterprise networks since April 2026, giving attackers persistent, low-profile access that is extremely difficult to detect. The malware has been spotted targeting organizations across the insurance,…
X Launches Hosted MCP Servers to Connect Cursor, Claude, and Other AI Tools
X (formerly Twitter) has officially launched hosted Model Context Protocol (MCP) servers, enabling AI development tools such as Grok Build, Cursor, and Claude Desktop to seamlessly connect with the platform’s API and documentation. Announced on Tuesday, the move positions X…
Mustang Panda Abuses Zoho WorkDrive for Command-and-Control and Data Exfiltration
A China-aligned cyber espionage group known as Mustang Panda has been caught running two simultaneous attack campaigns against Indian government and energy targets, using a trusted cloud storage service as its hidden command center. The group deployed newly developed malware…
Synology MailPlus Server Vulnerabilities Allow Attackers to Trigger DoS Attacks
Synology has released a critical security advisory addressing multiple vulnerabilities in its MailPlus Server package that could allow attackers to execute denial-of-service (DoS) attacks, access internal services, and read or modify arbitrary files. The vulnerabilities affect multiple versions of MailPlus…
Fake Perplexity AI Extension Captures Real-Time Search Suggestions and Browser Signals
A fake browser extension disguised as the popular AI search tool Perplexity AI has been caught quietly capturing users’ real-time search inputs and browser signals, raising serious concerns about how easily trusted brand names can be used against ordinary users.…