Tag: Cyber Security News

A powerful iOS exploit toolkit known as DarkSword has been publicly leaked on GitHub, dramatically lowering the barrier for cybercriminals to target hundreds of millions of iPhones and iPads still running outdated software. Security researchers are sounding the alarm as…

Read more →

One of the world’s most dangerous state-backed hacking groups is actively targeting Remote Desktop Protocol (RDP) servers across critical infrastructure, defense organizations, and government agencies. The threat actor, known as APT-C-13 and widely tracked as Sandworm, APT44, Seashell Blizzard, and…

Read more →

The rapid rise of generative AI has brought new security concerns that organizations can no longer afford to overlook. Microsoft has now outlined a detailed framework of security safeguards designed to protect generative AI models hosted on its Azure AI…

Read more →

There is a version of threat monitoring that looks impressive on paper and fails in practice. High log ingestion volumes. Hundreds of detection rules. A dashboard full of metrics. And yet, attackers dwell in the environment for weeks or months completely…

Read more →

Google has officially deployed Gemini AI agents within Google Threat Intelligence to autonomously monitor dark web forums in public preview. These agents process millions of posts daily, using advanced organizational profiling to detect specific security risks like data leaks and…

Read more →

Sparks, Nevada — March 6, 2026  NAKIVO Inc. announced the release of NAKIVO Backup & Replication v11.2, offering expanded platform support, enhanced security and faster disaster recovery for organizations worldwide. This version is the product of a focused engineering roadmap, while NAKIVO’s international…

Read more →

Cybercriminals have set their sights on Android users through a well-crafted phishing scheme that disguises malicious applications as beta-testing opportunities for ChatGPT and Meta advertising tools. What appears to be a legitimate app-testing invitation turns out to be a carefully…

Read more →

A massive attack surface involving outdated Microsoft Internet Information Services (IIS) servers. During Shadowserver’s daily network scans on March 23, 2026, researchers identified over 511,000 End-of-Life (EOL) IIS instances actively connected to the internet. This widespread exposure presents a serious…

Read more →

Mazda Motor Corporation has officially disclosed a security incident involving unauthorized external access to an internal warehouse management system, potentially exposing 692 personal data records of employees, group company staff, and business partners. The Japanese automaker published its formal breach…

Read more →

Cloud Software Group has released urgent security patches for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), addressing two significant vulnerabilities that could allow unauthenticated remote attackers to compromise affected systems. Organizations running customer-managed deployments are strongly…

Read more →

QNAP has released a critical security advisory addressing a severe vulnerability in its QVR Pro surveillance software. Tracked as CVE-2026-22898, this flaw allows remote, unauthenticated attackers to gain unauthorized access to affected systems. Users relying on QVR Pro 2.7. x…

Read more →

A sophisticated SEO poisoning campaign has been quietly targeting Windows users since at least October 2025, luring them into downloading trojanized installers for more than 25 popular software applications. The operation went undetected for roughly five months before investigators uncovered…

Read more →

Every April, millions of Americans rush to file taxes before the deadline — and attackers count on it. A large-scale malvertising campaign, active since at least January 2026, has been exploiting that urgency by placing fake tax form pages through…

Read more →

A sophisticated macOS infostealer known as MioLab — also tracked as Nova — has emerged as one of the most advanced Malware-as-a-Service (MaaS) platforms targeting Apple users. Advertised on Russian-speaking underground forums, MioLab marks a shift in the threat landscape,…

Read more →

A Libyan oil refinery, a telecoms organization, and a state institution fell victim to a coordinated espionage campaign between November 2025 and February 2026. The attacks delivered AsyncRAT, a publicly available remote access Trojan with a documented history of use…

Read more →

A newly discovered Android remote access trojan known as Oblivion RAT has emerged on cybercrime networks as a complete malware-as-a-service (MaaS) platform, turning fake Google Play Store update pages into a full-scale spyware operation. First reported by Certo Software, the…

Read more →

A supply chain attack targeting Trivy, the widely used open-source vulnerability scanner, has grown well beyond its initial scope. What started as a GitHub Actions compromise has now extended to Docker Hub, where three malicious Docker image versions were silently…

Read more →

A recent security assessment by researchers has uncovered nine severe vulnerabilities across four popular low-cost IP-KVM devices. These flaws uncovered by Eclypsium allow attackers to gain complete, BIOS-level control over connected systems, effectively bypassing all operating system security controls and…

Read more →

A critical vulnerability in Craft CMS (CVE-2025-32432) has been added to the Known Exploited Vulnerabilities catalog following confirmed active exploitation in the wild. Security teams and system administrators are advised to address this issue immediately to prevent severe network compromises.…

Read more →

Microsoft has released an out-of-band (OOB) update, KB5085516, for Windows 11 versions 25H2 and 24H2 to address a critical sign-in issue introduced by the March 2026 Patch Tuesday update. The emergency patch, released on March 21, 2026, targets a bug…

Read more →