Tag: Cyber Security News

A high-severity vulnerability in Next.js threatens self-hosted web applications with severe data breaches. Threat actors can now exploit a Server-Side Request Forgery (SSRF) flaw to silently steal cloud credentials, harvest API keys, and access sensitive internal admin panels. Organizations running…

Read more →

Microsoft issued an urgent security alert regarding a newly discovered vulnerability in Exchange Server that is currently being exploited in the wild. Tracked as CVE-2026-42897, this critical spoofing flaw carries a high CVSS 3.1 severity score of 8.1 and directly…

Read more →

Google has rolled out a massive security update for its Chrome browser, sealing a staggering 79 vulnerabilities before threat actors can exploit them. With 14 of these flaws rated as critical, browsing the web on an outdated version leaves your…

Read more →

A maximum-severity zero-day vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited in the wild, allowing unauthenticated remote attackers to fully bypass authentication and seize administrative control of enterprise network infrastructure. Tracked as CVE-2026-20182 with a CVSS score of…

Read more →

Two employee devices at OpenAI were compromised in a sweeping software supply chain attack targeting TanStack npm, but the AI company confirmed no user data, production systems, or intellectual property were affected. On May 11, 2026 UTC, threat actors launched…

Read more →

A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchange server to plant multiple backdoors inside the network. The attack ran from late December 2025 through late February…

Read more →

A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology systems that control physical infrastructure. The campaign is alarming because it does not rely on cutting-edge exploits. Instead,…

Read more →

Enterprise email infrastructure remains one of the most critical and vulnerable targets for cybercriminals. A highly severe security flaw has just been discovered in Canon’s GUARDIANWALL MailSuite, exposing corporate networks to devastating Remote Code Execution (RCE) attacks. Threat actors can…

Read more →

A sprawling supply chain attack has put software developers worldwide on high alert after hackers compromised more than 170 npm packages and two PyPI packages in a coordinated credential theft campaign. The infected packages are collectively downloaded over 200 million…

Read more →

Security researchers at Calif, a Palo Alto-based cybersecurity firm, have used techniques derived from an early version of Anthropic’s secretive Mythos AI model to uncover two previously undocumented vulnerabilities in Apple’s macOS. The bugs were chained together into a privilege…

Read more →

A widely used JavaScript inter-process communication library has been weaponized again. Socket and Stepsecurity have confirmed that three newly published versions of node-ipc, a package with over 822,000 weekly downloads, contain obfuscated stealer and backdoor payloads, marking the second major…

Read more →

A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have identified a previously unknown implant called TencShell, a sophisticated tool capable of giving attackers full remote control over a compromised system. The discovery highlights how…

Read more →

A faulty update to Dell’s SupportAssist Remediation service is sending thousands of Dell and Alienware laptop users into endless Blue Screen of Death (BSOD) loops, with systems crashing every 30 minutes and displaying the dreaded CRITICAL_PROCESS_DIED stop error. Dell Engineering…

Read more →

A critical vulnerability in the widely used Exim mail server allows unauthenticated attackers to execute arbitrary code and fully compromise exposed servers. Federico Kirschbaum, head of the Security Lab at XBOW, discovered and reported the issue, which has been dubbed…

Read more →

Imagine locking your organization’s sensitive data behind a heavy vault door, only to realize the locking mechanism is entirely missing. Security researchers at Fog Security recently uncovered a severe authorization bypass in Amazon Quick’s AI Chat Agents. This vulnerability allowed…

Read more →

Artificial intelligence is now capable of generating attack telemetry that looks and behaves like the real thing, and that is changing how security teams think about testing their defenses. In new work, Microsoft researchers show that large language models can…

Read more →

A critical vulnerability in Palo Alto Networks PAN-OS is putting enterprise firewalls at risk, allowing unauthenticated attackers to execute arbitrary code with root privileges. Tracked as CVE-2026-0300, the flaw affects the User-ID Authentication Portal (Captive Portal) and has already seen…

Read more →

Hackers are once again turning familiar tools against the very users who trust them. A new attack campaign has been discovered in which threat actors weaponized HWMonitor, a widely used hardware monitoring utility developed by CPUID, to silently deliver a…

Read more →

Threat actors are constantly hunting for infrastructure weaknesses, and a newly discovered batch of vulnerabilities in GitLab just handed them a dangerous roadmap. On May 13, 2026, GitLab rolled out emergency security updates to address multiple high-severity flaws. These bugs…

Read more →

OpenAI Global LLC is facing a new class‑action complaint in the Southern District of California that accuses the company of quietly wiring its ChatGPT web interface with Meta’s Facebook Pixel and Google Analytics, turning highly sensitive chatbot conversations into monetizable…

Read more →