PHP Composer released urgent security updates to address two critical command injection vulnerabilities. PHP Composer is an essential dependency management tool used globally by developers, making any code execution flaws highly concerning. These specific bugs reside in the Perforce Version Control…
Tag: Cyber Security News
Windows Active Directory Vulnerability Allow Attackers to Execute Malicious Code
Microsoft has released urgent security updates to address a critical vulnerability in Windows Active Directory that allows attackers to execute malicious code. Disclosed on April 14, 2026, the vulnerability poses a significant risk to enterprise networks by potentially granting threat…
Microsoft Releases Cumulative Update KB5083769 for Windows 11, Version 25H2 and 24H2
Microsoft has officially released the April 2026 Patch Tuesday cumulative update, KB5083769, for Windows 11 versions 25H2 and 24H2. Released on April 14, 2026, this mandatory security update addresses system vulnerabilities. It brings significant structural enhancements, advancing the operating system…
Google, Microsoft, Meta Tracking You Even if You Opt Out – New Research
In a massive blow to consumer privacy, a new forensic audit reveals that tech giants Google, Microsoft, and Meta are systematically ignoring legally defined privacy opt-out signals. According to the March 2026 California Privacy Audit conducted by webXray, 194 online…
Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data Theft
Artificial intelligence is changing how people browse the internet. AI-powered browsers no longer just show web pages — they read content, take actions, and complete tasks for the user. These tools, called agentic LLM browsers, let users give simple commands…
Hackers Create Hidden Mailbox Rules in Microsoft 365 to Intercept Sensitive Business Emails
Cybercriminals have found a quiet way to sit inside a corporate email account and read everything being sent and received — without the account owner ever knowing. Attackers are now abusing a built-in Microsoft 365 feature called mailbox rules to…
Windows BitLocker Vulnerability Allows Attacker to Bypass Security Feature
Microsoft officially released security updates to address a significant vulnerability in Windows BitLocker. Tracked as CVE-2026-27913, this security feature bypass vulnerability was discovered by security researcher Alon Leviev in collaboration with the Microsoft STORM team. The flaw poses a substantial…
FUNNULL-Linked Triad Nexus Resurfaces With 175+ Rotating CNAME Domains and Global Scam Portals
A cybercriminal group tied to the FUNNULL Content Delivery Network has made a calculated return with a far more sophisticated and evasive infrastructure. Known as Triad Nexus, the group has rebuilt its global fraud operation following U.S. Treasury sanctions, deploying…
Microsoft Defender 0-Day Vulnerability Enables Privilege Escalation Attack
Microsoft has released patch Tuesday security updates to address a newly discovered zero-day vulnerability in the Microsoft Defender Antimalware Platform. Disclosed on April 14, 2026, the flaw is tracked as CVE-2026-33825 and carries an “Important” severity rating. If successfully…
New JanaWare Ransomware Targets Turkish Users Through Customized Adwind RAT
A new ransomware family called JanaWare has begun targeting computer users in Turkey, relying on a customized version of the Adwind remote access trojan (RAT) to gain a foothold on victims’ systems. This campaign stands out because it combines a…
25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack
What started as a routine adware alert quickly turned into something far more serious. On the morning of March 22, 2026, security alerts began firing across multiple managed environments, all linked to software signed by a company called Dragon Boss…
OpenAI Launches GPT-5.4 with Reverse Engineering, Vulnerability and Malware Analysis Features
OpenAI has unveiled GPT-5.4-Cyber, a specialized variant of its flagship GPT-5.4 model fine-tuned for advanced defensive cybersecurity workflows, granting vetted security professionals expanded access to capabilities such as binary reverse engineering, vulnerability scanning, and malware analysis, with fewer restrictions than…
Microsoft SharePoint Server 0-Day Vulnerability Actively Exploited in Attacks
A critical zero-day spoofing vulnerability in Microsoft SharePoint Server is being actively exploited in the wild, Microsoft confirmed on April 14, 2026, as part of its monthly security update cycle. Tracked as CVE-2026-32201, the flaw affects multiple versions of SharePoint…
Synology SSL VPN Client Vulnerabilities Let Remote Attackers Access Sensitive Files
Synology reveals two severe SSL VPN Client flaws that could let remote attackers steal sensitive files and intercept network traffic. The vulnerabilities affect users running older versions of the software and require immediate patching to prevent potential network compromise. Virtual…
Critical ShowDoc RCE Vulnerability Active Exploited in the Wild
Threat actors are actively exploiting a critical vulnerability in ShowDoc, a popular online document-sharing and collaboration tool used by IT teams worldwide. Tracked under the identifier CNVD-2020-26585, this severe security flaw allows unauthenticated remote attackers to upload malicious files and execute…
CISA Warns of Microsoft Exchange and Windows CLFS Vulnerabilities Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to organizations regarding two severe Microsoft vulnerabilities. On April 13, 2026, the agency officially added flaws affecting Microsoft Exchange Server and the Windows Common Log File System (CLFS)…
Ivanti Neurons for ITSM Vulnerabilities Allow Remote Attacker to Obtain User Sessions
Ivanti has released security updates addressing two medium-severity vulnerabilities in Ivanti Neurons for ITSM (N-ITSM), its on-premise IT service management platform. The flaws, if exploited, could allow remote authenticated attackers to retain unauthorized access or harvest session data from other…
Critical etcd Auth Bypass Flaw Allows Unauthorized Access to Sensitive Cluster APIs
A critical authentication bypass vulnerability has emerged in etcd, the foundational distributed key-value store that supports countless cloud-native systems and Kubernetes clusters globally. Tracked as CVE-2026-33413, this high-severity flaw carries a CVSS score of 8.8. It enables attackers to access…
New Mirax Android RAT Turns Infected Phones Into Residential Proxy Nodes
A newly discovered Android malware called Mirax has been quietly circulating in underground criminal forums since late 2025, posing a growing threat to mobile users across Europe and beyond. What sets it apart from typical banking trojans is its dual…
New Janela RAT Campaign Uses Fake MSI Installers and Malicious Browser Extensions to Steal Data
A new malware campaign involving a Remote Access Trojan called Janela RAT has been actively targeting financial institutions and cryptocurrency platforms across Latin America. The threat actors behind this attack are using fake MSI installer files and malicious browser extensions…