A new and more dangerous version of the NGate malware has been found hiding inside a trojanized NFC payment application. This time, threat actors appear to have used artificial intelligence to help write the malicious code, which marks a significant…
Tag: Cyber Security News
Where Most SOCs Stall: Building SOC Maturity with Threat Intelligence Feeds
SOC maturity comes down to the quality of decisions. Yet in many teams, those decisions are still made based on fragmented intelligence and outdated indicators. This is where progress stalls: threat data remains external to the workflow. Mature SOCs take…
6000+ Apache ActiveMQ Instances Vulnerable to CVE-2026-34197 Exposed Online
More than 6,000 internet-exposed Apache ActiveMQ instances are still vulnerable to CVE-2026-34197. This newly tracked security flaw has now been added to the U.S. Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (KEV) catalog. The exposure data comes from The Shadowserver Foundation, which…
CISA Warns of Cisco Catalyst SD-WAN Manager Vulnerabilities Exploited in Attacks
CISA has added three critical Cisco Catalyst SD-WAN Manager vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies and organizations to act immediately. All three flaws were added on April 20, 2026, with a tight remediation deadline of…
Hackers Abuse GitHub Issue Notifications to Phish Developers Through Malicious OAuth Apps
Cybersecurity researchers have uncovered a sophisticated phishing technique that targets software developers by abusing GitHub’s own notification system to deliver malicious OAuth app authorization requests. This attack is particularly dangerous because it uses GitHub’s trusted infrastructure, making it extremely hard…
Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers
A critical vulnerability in the SGLang inference server that allows threat actors to execute arbitrary code. Tracked as CVE-2026-5760, this flaw allows hackers to weaponize standard GGUF machine learning models to compromise the underlying servers that host them. As enterprise…
12 Browser Extensions Mimic as TikTok Video Downloaders Compromised 130k Users
A massive malware campaign known as “StealTok” involves at least 12 interrelated browser extensions. These extensions masquerade as TikTok video downloaders but secretly track user activity and harvest sensitive data. The campaign uncovered by LayerX security has affected over 130,000…
AI-Powered Exploitation May Collapse the Patch Window for Defenders
Artificial intelligence is reshaping cybercrime in ways that defenders can no longer treat as distant or theoretical. New frontier AI models are showing a growing ability to find software flaws, understand attack paths, and help move an intrusion from one…
Gentlemen RaaS Attacking Windows, Linux With additional locker written in C for ESXi
A new ransomware-as-a-service (RaaS) operation known as “The Gentlemen” has emerged as a serious threat to corporate networks worldwide. Since appearing around mid-2025, this group has rapidly grown into a well-organized criminal platform, publicly claiming over 320 victims, with most…
Hackers Use Nightmare-Eclipse Tools After Compromising FortiGate SSL VPN Access
A real-world intrusion campaign leveraging publicly available Nightmare-Eclipse privilege escalation tooling, BlueHammer, RedSun, and UnDefend, following what appears to be unauthorized access through a compromised FortiGate SSL VPN. The incident marks the first confirmed in-the-wild deployment of these tools against…
SideWinder Uses Fake Chrome PDF Viewer and Zimbra Clone to Steal Government Webmail Credentials
A well-known advanced persistent threat group called SideWinder has launched a highly targeted phishing campaign against South Asian government organizations, using a fake Chrome PDF viewer and a pixel-perfect clone of the Zimbra email login portal to steal employee credentials.…
Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via GitHub Comments
A critical cross-vendor vulnerability class dubbed “Comment and Control” is a new category of prompt injection attacks that weaponizes GitHub pull request titles, issue bodies, and issue comments to hijack AI coding agents and steal API keys and access tokens directly from…
Critical Gardyn Smart Gardens Vulnerabilities Let Attackers Control Devices Remotely
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about severe vulnerabilities in Gardyn Home Kit smart garden systems. Carrying a maximum severity score of 9.3 out of 10, these flaws could allow unauthenticated attackers to hijack…
British National Admits Hacking Companies and Stealing Millions in Virtual Currency
A British man has pleaded guilty in the United States to his role in a large cybercrime scheme that used SMS phishing, company network intrusions, and SIM swapping to steal at least $1 million in virtual currency from victims across…
iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code Execution
Cybersecurity researchers, working in partnership with OpenAI, have uncovered a fascinating and severe vulnerability in iTerm2, a widely used macOS terminal emulator. According to Califio, the flaw abuses the application’s SSH integration feature, allowing attackers to turn seemingly harmless text…
PoC Exploit Released for Windows Snipping Tool NTLM Hash Leak Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for a newly disclosed vulnerability in Microsoft’s Snipping Tool that allows attackers to silently steal users’ Net-NTLM credential hashes by luring them to a malicious webpage. Tracked as CVE-2026-33829, the flaw resides…
Critical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks
A critical flaw in Anthropic’s Model Context Protocol (MCP) exposes over 150 million downloads to potential compromise. The vulnerability could enable full system takeover across up to 200,000 servers. The OX Security Research team identified the flaw as a fundamental design…
Hackers Use AppDomain Hijacking to Turn Trusted Intel Utility Into Malware Launcher
Security researchers have uncovered a highly sophisticated attack campaign that weaponizes a legitimate, digitally signed Intel utility to secretly deploy malware, all without touching a single line of the original program’s code. The campaign, dubbed Operation PhantomCLR, represents a serious evolution…
Gh0st RAT and CloverPlus Adware Delivered Together in New Dual-Payload Malware Campaign
A newly identified malware campaign is raising serious concerns across the cybersecurity community by delivering two very different threats at the same time. Attackers are now using a single, obfuscated loader to push both Gh0st Remote Access Trojan (RAT) and…
North Korea-Linked UNC1069 Uses Fake Zoom and Teams Meetings to Hack Crypto Professionals
A North Korean threat group known as UNC1069 has been running a sophisticated campaign that tricks cryptocurrency and Web3 professionals into joining fake online meetings, only to infect their computers with malware designed to steal digital assets. The group pretends…