A critical Broken Object Level Authorization (BOLA) vulnerability in Lovable, the popular AI-powered app builder platform, is reportedly allowing unauthorized users to access sensitive project data, including source code, database credentials, AI chat histories, and real customer information from thousands…
Tag: Cyber Security News
Researchers Say Iranian MOIS Uses Multiple Hacker Personas for One Coordinated Cyber Campaign
Iran’s Ministry of Intelligence and Security (MOIS) has been running a long and carefully organized cyber campaign using three separate hacker identities. These identities, known as Homeland Justice, Karma/KarmaBelow80, and Handala, were widely believed to be independent hacktivist groups. However,…
Microsoft Teams Desktop Client Faces Launch Failures After Update Triggers Caching Regression
Microsoft is actively working to resolve a service disruption that has left a subset of Teams desktop client users unable to launch the application, with the company now monitoring the rollback of the problematic update to confirm full recovery. Microsoft…
New JanaWare Ransomware Targets Turkish Users Through Customized Adwind RAT
A new ransomware strain known as JanaWare has been quietly targeting home users and small to medium-sized businesses in Turkey, using a customized version of the well-known Adwind Remote Access Trojan (RAT) as its delivery vehicle. The campaign is notable…
Attackers Turn QEMU Into a Stealth Backdoor for Credential Theft and Ransomware
Threat actors are now weaponizing QEMU, a legitimate open-source machine emulator and virtualizer, as a covert backdoor to steal credentials and deliver ransomware without triggering endpoint security alerts. This alarming shift in attacker behavior highlights how freely available, trusted software…
Attackers Abuse Microsoft Teams and Quick Assist in New Helpdesk Impersonation Attack Chain
A new and deceptive attack campaign has emerged where threat actors are impersonating IT helpdesk personnel through Microsoft Teams to trick employees into granting remote access to their systems. What makes this campaign dangerous is how it uses trusted, everyday…
Lovable AI App Builder Reportedly Exposes Customer Data From Projects via Unpatched API Flaw
A critical Broken Object Level Authorization (BOLA) vulnerability in Lovable, the popular AI-powered app builder platform, is reportedly allowing unauthorized users to access sensitive project data, including source code, database credentials, AI chat histories, and real customer information from thousands…
New Windows 11 Dev Build Improves Secure Boot Monitoring and Storage Controls
Microsoft has released Windows 11 Insider Preview Build 26300.8170 to the Dev Channel, introducing notable improvements to Secure Boot visibility, storage management, and the Feedback Hub experience. The most security-relevant update in this build is a revamped Secure Boot experience…
Hackers Use FUD Crypt to Generate Microsoft-Signed Malware With Built-In Persistence and C2
A newly uncovered malware-as-a-service platform called FUD Crypt is giving cybercriminals an easy way to build sophisticated Windows malware without writing a single line of code. The platform, operating from fudcrypt.net, accepts any Windows executable uploaded by a subscriber and…
New RDP Alert After April 2026 Security Update Warns of Unknown Connections
Microsoft has rolled out a significant behavioral change to the Windows Remote Desktop Connection application (MSTSC) as part of its April 2026 Patch Tuesday security update, introducing new warning dialogs designed to protect users from phishing attacks that exploit Remote…
Public Notion Pages Leaks Profile Photos and Email address of Editors
Notion, a popular productivity and collaboration platform, is under significant scrutiny from the cybersecurity community. Security researchers have revealed that public Notion pages silently expose the personally identifiable information (PII) of anyone who has ever edited them. This data leak…
Hackers Use CVE-2024-3721 to Infect TBK DVRs With Nexcorium DDoS Malware
A newly identified botnet campaign is actively exploiting a critical flaw in TBK digital video recorders to deploy a dangerous piece of malware known as Nexcorium, a Mirai-based threat built to launch large-scale distributed denial-of-service attacks. The vulnerability at the…
Google Uses Gemini AI to Stop Malicious Ads From Threat Actors – 8.3 billion ads Blocked
Threat actors are increasingly leveraging generative AI to launch sophisticated advertising scams at an unprecedented scale. In response, Google has integrated its advanced Gemini AI models into its security infrastructure to neutralize these threats actively. According to Google’s newly released…
NIST Shifts to Risk-Based NVD Model as CVE Submissions Surge 263% Since 2020
The National Institute of Standards and Technology (NIST) has officially updated how it processes vulnerabilities in the National Vulnerability Database (NVD). According to an April 15, 2026 announcement, NIST is abandoning its comprehensive analysis approach in favor of a targeted,…
Critical Vulnerability In Flowise Allows Remote Command Execution Via MCP Adapters
A critical vulnerability in Flowise and multiple AI frameworks has been discovered by OX Security, exposing millions of users to remote code execution (RCE). The flaw stems from the Model Context Protocol (MCP), a widely used communication standard for AI…
Vercel Confirms Data Breach — Hackers Claim Access to Internal Systems
Vercel has disclosed a significant security incident after threat actors gained unauthorized access to internal systems, with a hacker group reportedly attempting to sell stolen data for $2 million on underground forums. Vercel, one of the most widely used frontend…
OpenAI Expands Cyber Defense Program With GPT-5.4-Cyber Access for Trusted Organizations
OpenAI has officially launched the expanded phase of its Trusted Access for Cyber program. Granting select organizations access to its specialized GPT-5.4-Cyber model to strengthen digital defenses across critical infrastructure, financial services, and open-source security communities. The program operates on a tiered trust model…
Microsoft Teams Right-Click Paste Broken Following Edge Browser Update
A confirmed bug in Microsoft Teams desktop client version 26072.519.4556.7438 is disabling the right-click paste option for users on Windows and macOS, with Microsoft attributing the root cause to a code regression introduced in a recent Microsoft Edge browser update.…
Researcher Uses Claude Opus to Build a Working Chrome Exploit Chain
Amidst the heated debate surrounding Anthropic’s recent announcement of its Mythos and Project Glasswing models, a security researcher has demonstrated the tangible cybersecurity implications of frontier AI. Moving beyond theoretical warnings, the researcher successfully utilized Claude Opus to construct a…
Apple Works on Fix for iPhone Passcode Bug Linked to Missing Czech Keyboard Character
Apple is reportedly developing a software fix for a frustrating iOS 26 bug that has left some users entirely locked out of their iPhones for months. According to a recent report by The Register, Cupertino’s software engineers are scrambling to…