Tag: Cyber Security News

The latest update to the Metasploit Framework this week provides a significant enhancement for penetration testers and red teamers, introducing seven new exploit modules targeting commonly used enterprise software. The highlight of this release is a sophisticated trio of modules…

Read more →

A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service conditions on critical industrial control systems. The flaw, tracked as CVE-2025-0921, affects supervisory control and data acquisition infrastructure widely deployed across automotive, energy, and…

Read more →

A significant security discovery reveals that approximately 175,000 Ollama servers remain publicly accessible across the internet, creating a serious risk for widespread code execution and unauthorized access to external systems. Ollama, an open-source framework designed to run artificial intelligence models…

Read more →

A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia, with threat actors deploying sophisticated malware designed to compromise vulnerable systems. The campaign, active from late 2025 through early 2026, focuses primarily on victims…

Read more →

A federal jury has convicted Linwei Ding, 38, a former Google software engineer, on charges of economic espionage and trade secret theft. The conviction stems from Ding’s systematic theft of over 2,000 pages of confidential Google documentation on artificial intelligence…

Read more →

A sophisticated PowerShell-based malware named TAMECAT has emerged as a critical threat to enterprise security, targeting login credentials stored in Microsoft Edge and Chrome browsers. This malware operates as part of espionage campaigns conducted by APT42, an Iranian state-sponsored cyber-espionage…

Read more →

A new Android threat campaign has emerged that uses social engineering combined with a legitimate machine learning platform to spread dangerous malware across devices. The attack begins when users see fake security alerts claiming their phones are infected and need…

Read more →

NVIDIA has issued a critical security update addressing multiple high-severity vulnerabilities in its GPU Display Driver, vGPU software, and HD Audio components. That could enable attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities, disclosed on…

Read more →

A critical security breach has exposed multiple Magento e-commerce platforms worldwide as threat actors successfully exploited a severe authentication flaw to achieve complete system control. The attack campaign, identified in January 2026, represents one of the most significant waves of…

Read more →

A new Android spyware campaign has emerged, targeting users in Pakistan through a sophisticated romance scam that uses fake dating profiles to steal personal information. The malicious application, known as GhostChat, disguises itself as a legitimate chat platform while secretly…

Read more →

A dangerous malware campaign has infiltrated the Open VSX extension marketplace, compromising over 5,000 developer workstations through a fake Angular Language Service extension. The malicious package disguised itself as legitimate development tooling, bundling authentic Angular and TypeScript components alongside encrypted…

Read more →

A new security feature is being added to Teams to help organizations detect and stop voice-based scams and phishing attacks. The new “Report a Call” button will allow users to flag suspicious one-to-one calls directly from their Teams call history.…

Read more →

Security researchers have uncovered a sophisticated traffic distribution network leveraging deceptive education-themed domains to deliver malware and phishing attacks. The operation, tracked under infrastructure indicators pointing to TOXICSNAKE, uses legitimate-looking university and educational institution branding to deceive users into visiting…

Read more →

Two critical code-injection vulnerabilities have been disclosed in the Endpoint Manager Mobile (EPMM) platform, which are currently being actively exploited in real-world attacks. The security flaws, tracked as CVE-2026-1281 and CVE-2026-1340, allow unauthenticated attackers to execute arbitrary code remotely on…

Read more →

The Wireshark Foundation has officially released Wireshark 4.6.3, the latest update to the world’s most popular network protocol analyzer. This release is critical for network administrators, security analysts, and developers, as it addresses multiple security vulnerabilities that could lead to…

Read more →

Over 3,280,081 Fortinet Devices Were exposed, with web properties running vulnerable Fortinet devices affected by CVE-2026-24858, a severe authentication-bypass flaw actively exploited in the wild. The vulnerability, rated 9.4 on the CVSS scale, affects multiple Fortinet product lines, including FortiOS, FortiManager,…

Read more →

A dangerous malware campaign has infiltrated the Open VSX extension marketplace, compromising over 5,000 developer workstations through a fake Angular Language Service extension. The malicious package disguised itself as legitimate development tooling, bundling authentic Angular and TypeScript components alongside encrypted…

Read more →

Microsoft has officially released the optional non-security preview update KB5074105 for Windows 11, versions 25H2 and 24H2. This release, part of the January 2026 “C-week” schedule, focuses on functionality enhancements, performance optimization, and reliability improvements rather than addressing security vulnerabilities.…

Read more →

A new Python-based remote access trojan has emerged, targeting both Windows and Linux systems with sophisticated surveillance and data theft capabilities. The malware operates by establishing command-and-control communication through unencrypted HTTP channels, allowing attackers to execute commands, steal files, and…

Read more →

A malicious VS Code extension has surfaced in the digital threat landscape, targeting developers who rely on coding tools daily. Discovered on January 27, 2026, the fake “ClawdBot Agent” extension presented itself as a legitimate AI-powered assistant, but it concealed…

Read more →