Indian Bank has issued an urgent cybersecurity advisory warning its customers about a rapidly spreading wave of fraudulent LPG payment and KYC update messages that are being used to steal banking credentials and drain accounts. Cybercriminals are exploiting growing public…
Tag: Cyber Security News
CUPS Vulnerability Chain Enables Remote Attacker to Execute Malicious Code as Root User
A critical vulnerability chain in the Common Unix Printing System (CUPS) that allows unauthenticated remote attackers to execute arbitrary malicious code with root system privileges. Security researcher Asim Viladi Oglu Manizada and his team discovered two zero-day flaws, officially tracked…
Claude Uncovers 13-Year-Old RCE Flaw in Apache ActiveMQ in Just 10 Minutes
A critical remote code execution (RCE) vulnerability has been disclosed in Apache ActiveMQ Classic, a flaw that sat undetected for over a decade and was ultimately discovered not by a human researcher manually combing through code, but by Anthropic’s Claude…
Fiber Optic Cables Turned Into Hidden Microphones to Secretly Spy on Your Conversations
Researchers at NDSS 2026 demonstrate a covert acoustic eavesdropping attack that transforms standard FTTH telecom fiber cables into passive, undetectable listening devices invisible to RF scanners and immune to ultrasonic jammers. Security researchers from The Hong Kong Polytechnic University, The…
Hackers Use Fake Gemini npm Package to Steal Tokens From Claude, Cursor, and Other AI Tools
A new supply chain attack has surfaced targeting software developers who work with AI coding tools. On March 20, 2026, a threat actor published a malicious npm package named gemini-ai-checker under the account gemini-check, presenting it as a simple utility to verify Google…
Hackers Exploit Kubernetes Misconfigurations to Move From Containers to Cloud Accounts
Kubernetes has become one of the most widely used platforms for managing containerized applications in enterprise environments. But as its adoption has grown, so has the attention it draws from malicious actors. Threat actors are now exploiting misconfigurations within Kubernetes…
New BPFDoor Variants Use Stateless C2 and ICMP Relays to Evade Detection
A dangerous Linux backdoor called BPFDoor has returned in a more powerful form, with researchers uncovering new variants built to stay invisible inside critical network infrastructure. Linked to a China-nexus threat actor group known as Red Menshen, these updated versions…
Hackers Exploit Next.js React2Shell Flaw to Steal Credentials From 766 Hosts in 24 Hours
A dangerous cyberattack campaign is actively hitting web applications across the internet at a frightening speed. Hackers are exploiting a critical security flaw called React2Shell, targeting websites built on the widely used Next.js framework. In just 24 hours, attackers broke…
Russian Hackers Exploiting Home and Small-office Routers in Massive DNS hijacking Attack
A large-scale campaign by Forest Blizzard, a Russian military-linked threat actor, targeting home and small-office routers to hijack DNS traffic and intercept encrypted communications with over 200 organizations and 5,000 consumer devices already compromised. Forest Blizzard (also tracked as APT28…
Hackers Use ClickFix Lure to Drop Node.js-Based Windows RAT With Tor-Powered C2
A fresh wave of cyberattacks is targeting Windows users through a deceptive social engineering technique called ClickFix. Attackers use a fake browser verification page to trick users into running a hidden command that quietly drops a Node.js-based Remote Access Trojan…
Fake Software Installers Used to Drop RATs and Monero Miners in Long-Running Malware Campaign
A financially motivated threat actor has been running a quiet malware campaign since at least late 2023, tricking users into downloading fake software installers that secretly deliver remote access trojans (RATs) and Monero cryptocurrency miners. The operation, designated REF1695, has…
BlueHammer PoC for Windows Defender Exploited by Researchers to Escalate Privileges
A proof-of-concept (PoC) exploit dubbed BlueHammer has been publicly released by security researcher Nightmare Eclipse (also known as Chaotic Eclipse), targeting a zero-day local privilege escalation (LPE) vulnerability in Microsoft Windows Defender’s signature update mechanism. The release, confirmed functional by…
Threat Actors Abuse LogMeIn Resolve and ScreenConnect in Multi-Stage Phishing Attacks
A carefully crafted phishing campaign has been targeting organizations across the United States, using trusted remote monitoring and management (RMM) tools to slip past security defenses and gain unauthorized access to victim systems. Rather than deploying traditional malware at the…
Critical Android “Zero-Interaction” Vulnerability Enables DoS Attacks
Google has released its highly anticipated Android Security Bulletin for April 2026, bringing essential security patches to millions of Android devices worldwide. The most pressing issue in this month’s rollout is CVE-2026-0049, a critical zero-interaction vulnerability residing in the core…
From Alert Overload to Rapid Response: Why Threat Intelligence Is a Top Solution for Fast MTTR
Reducing Mean Time to Respond (MTTR) is one of the most persistent challenges for modern SOC teams. Despite investments in SIEM, EDR, and automation, many organizations still struggle to investigate alerts quickly and make confident decisions under pressure. The issue…
New GPUBreach Attack Enables System-Wide Compromise Up to a Root Shell
A severe vulnerability, dubbed GPUBreach, that allows attackers to achieve a full system compromise, including a root shell. Scheduled for presentation at the IEEE Symposium on Security and Privacy, researchers from the University of Toronto show that this exploit elevates…
Flowise AI Agent Builder Injection Vulnerability Exploited in Attacks, 15,000+ Instances Exposed
Threat actors are actively exploiting a maximum-severity remote code execution (RCE) vulnerability in Flowise, an open-source platform used for building AI agents and customized large language model workflows. The critical flaw, tracked as CVE-2025-59528 with a CVSS score of 10.0,…
Iran-Linked Hackers Launch Password Spray Campaign Against Microsoft 365 Tenants in Middle East
Microsoft 365 tenants in the Middle East are facing a new password spray campaign tied to an Iran-linked threat actor. Rather than starting with malware files or software exploits, the attackers are trying to break in through weak passwords and…
Microsoft Releases New Defender Update for Windows 11, 10, and Server Installation Images
Microsoft has officially rolled out its latest security intelligence update for Microsoft Defender Antivirus, delivering crucial protections for Windows 11, Windows 10, and Windows Server installation images. This vital release ensures that Microsoft’s built-in antimalware solutions are fully equipped to identify…
Hackers Use Fake TradingView Premium Posts on Reddit to Deliver Vidar and AMOS Stealers
A threat actor has been running an active campaign on Reddit, using fake posts that promise free TradingView Premium access to deliver two malware families — Vidar on Windows and AMOS on macOS. The operation is still live, with new…