Researchers at Google DeepMind have published a comprehensive study revealing that autonomous AI agents browsing the web are deeply vulnerable to a new class of attacks called “AI Agent Traps,” which are adversarial content engineered into websites and digital resources…
Tag: Cyber Security News
2,000+ FortiClient EMS Instances Exposed Online Amid Active RCE Vulnerability Exploits in the Wild
The Shadowserver Foundation has issued an urgent warning to FortiClient Enterprise Management Server (EMS) administrators after identifying over 2,000 publicly accessible instances globally, two of which are now confirmed to be actively exploited through critical unauthenticated remote code execution (RCE)…
CISA Adds TrueConf Vulnerability to KEV Catalog Following Active Exploitation
The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting TrueConf software to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-3502, this security flaw is currently facing active exploitation in the wild. The discovery has…
Critical Fortinet FortiClient EMS 0-Day Vulnerability Actively Exploited in the Wild
Fortinet has issued an emergency hotfix after security researchers disclosed a critical zero-day vulnerability in FortiClient EMS that is already being actively exploited by threat actors. Tracked as CVE-2026-35616 and carrying a CVSSv3 score of 9.1 (Critical), the flaw enables…
Top Node.js Maintainers Targeted in Sophisticated Social Engineering Scheme
A highly coordinated social engineering campaign is actively targeting top open-source developers in the Node.js and npm ecosystem. Following the recent compromise of the popular package Axios, which sees over 100 million weekly downloads, several high-impact software maintainers have reported…
Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware
The cybersecurity community is on high alert following a massive source code leak from Anthropic. On March 31, 2026, the company accidentally exposed the complete source code for Claude Code, its flagship terminal-based coding assistant. The leak occurred due to…
New Progress ShareFile Bugs Let Attackers Take Over Servers Without Logging In
A dangerous attack chain in Progress ShareFile that can allow attackers to take over exposed on-premises servers without first logging in. The issues affect customer-managed ShareFile Storage Zones Controller 5.x deployments, and Progress says customers should upgrade to version 5.12.4…
Top 10 Best VPN For Chrome in 2026
In ever-changing technology and networks, privacy is becoming increasingly difficult to achieve. People are so used to using the Internet and IoT devices that the sensitive data they share on the web has become a prime target for hackers or…
Top 10 Best User Access Management Tools in 2026
User Access Management tools centralize control over user permissions and access, providing a unified platform to enforce consistent security policies across diverse systems and applications. They enhance security by implementing role-based access controls, monitoring user activity, preventing unauthorized access, mitigating…
LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions
Every time you open LinkedIn in a Chrome-based browser, hidden JavaScript silently scans your computer for installed software without your knowledge, without your consent, and without a single word in LinkedIn’s privacy policy. A revealing investigation conducted by the European…
Anthropic Officially Ends Claude Subscriptions for Third-Party Tools Like OpenClaw
Anthropic has officially pulled the plug on third-party AI agent access to the Claude subscription, marking a significant shift in how users can leverage its models outside the company’s native ecosystem. According to Anthropic Claude Code exec Boris Cherny, starting…
14,000+ F5 BIG-IP APM Devices Exposed Online Amid Active RCE Vulnerability Exploits
A critical security flaw in F5’s BIG-IP Access Policy Manager (APM) is currently under active exploitation, leaving thousands of enterprise networks at risk. The vulnerability, officially tracked as CVE-2025-53521, has sparked urgent warnings across the cybersecurity community after its impact…
Hackers Abuse Trusted Platforms to Steal Bank Credentials From Philippine Users
A coordinated phishing campaign has been quietly targeting banking customers across the Philippines since early 2024, and it remains active today. The attackers are not relying on crude tricks — they are hiding behind widely trusted internet platforms to steal…
Axios Maintainer Confirms The npm Compromise Was via a Targeted Social Engineering Attack
Two malicious versions of the popular JavaScript HTTP library Axios were briefly published to the npm registry on March 31, 2026. Each version carried a hidden dependency that installed a remote access trojan (RAT) across macOS, Windows, and Linux systems.…
Kimsuky Deploys Malicious LNK Files to Deliver Python-Based Backdoor in Multi-Stage Attack
A North Korean threat group known as Kimsuky has been caught running a cyberattack campaign that uses malicious Windows shortcut files, known as LNK files, to quietly install a Python-based backdoor on victim systems. The attack stays hidden across multiple…
Hackers Use Venom Stealer to Turn ClickFix Lures Into Full Data Exfiltration Pipelines
A new malware has been quietly spreading across cybercrime networks, and security researchers say it is far more capable than most tools of its kind. Called Venom Stealer, this malware-as-a-service platform does not just harvest credentials — it builds an…
Hackers Use Phorpiex Botnet to Spread Ransomware, Sextortion, and Crypto-Clipping Malware
A botnet that has been running since 2011 is back in the spotlight — not because it is new, but because it keeps reinventing itself. Phorpiex, also known as Trik, has grown from a basic spam tool into a full-scale…
Malicious Chrome Extension “ChatGPT Ad Blocker” Steals ChatGPT Conversations
As OpenAI introduces advertisements to its free tier, cybercriminals are seizing the opportunity to trick users with fake utility tools. Security researchers have discovered a malicious Google Chrome extension named “ChatGPT Ad Blocker.” While it claims to hide unwanted ads,…
CERT-EU Confirms Trivy Supply Chain Attack Led to European Commission AWS Breach
The European Commission’s primary web platform, “europa.eu,” recently suffered a severe data breach stemming from a supply-chain compromise involving the popular open-source vulnerability scanner, Trivy. On April 3, 2026, CERT-EU published an official advisory detailing how a threat actor known…
Hackers Compromised 700+ Next.js Hosts by Exploiting React2Shell Vulnerability
A massive automated credential theft campaign is actively targeting web applications worldwide. Cybersecurity researchers at Cisco Talos have uncovered an operation by a hacker group tracked as UAT-10608, which has already compromised over 700 servers. The attackers are exploiting a…