Multiple high-severity vulnerabilities exist in TP-Link’s Tapo C520WS smart security cameras. If exploited, these vulnerabilities may allow adjacent attackers to trigger Denial-of-Service (DoS) conditions, crash the device, or completely bypass authentication. TP-Link has released urgent firmware updates to address these…
Tag: Cyber Security News
Microsoft Forcing Upgrades to Unmanaged Windows 11, Version 24H2
Microsoft has officially begun force-upgrading unmanaged Windows 11 version 24H2 devices to version 25H2, marking the final phase of a staged rollout that relies on machine learning to determine device readiness. The move, confirmed in an updated Windows Release Health…
Best VPN For Linux In 2026
Linux users are known for prioritizing privacy, control, and performance — and in 2026, choosing the best VPN for Linux has become more important than ever. While Linux offers stronger security compared to other operating systems, it still doesn’t protect against ISP…
20 Best Application Performance Monitoring Tools in 2026
Applications’ performance and availability are monitored, measured, and optimized as part of the practice known as application performance monitoring (APM). Using APM tools and methodologies, organizations may diagnose issues that impair the user experience, discover performance bottlenecks, and gain visibility…
North Korea-Related Campaign Abuses GitHub as C2 in New LNK Phishing Attacks
A newly identified campaign linked to North Korean state-sponsored threat actors is using Windows shortcut files, known as LNK files, to launch targeted phishing attacks against organizations in South Korea. What makes this campaign alarming is how attackers conceal their…
North Korea-Linked Hackers Compromise Axios npm Package in Major Supply Chain Attack
A North Korea-linked threat group has successfully hijacked one of the most widely used JavaScript libraries on the internet, injecting malware into millions of potential development environments. On March 31, 2026, attackers gained access to the Axios Node Package Manager…
Adobe Breach – Threat Actor Allegedly Claims Leak of 13 Million Support Tickets and Employee Records
A threat actor identified as “Mr. Raccoon” has allegedly breached Adobe, claiming to have exfiltrated a massive trove of sensitive data, including 13 million support tickets containing personal information, 15,000 employee records, all HackerOne bug bounty submissions, and a range…
OpenSSH 10.3 Fixes Shell Injection and Multiple SSH Security Issues
The OpenSSH project released version 10.3 and 10.3p1 on April 2, 2026, addressing a shell injection vulnerability and introducing several security-hardening changes that administrators should review before upgrading. The most notable security fix targets a shell injection vulnerability in the…
Qilin Ransomware Uses Malicious DLL to Kill Almost Every Vendor’s EDR Solutions
Qilin ransomware group is deploying a sophisticated, multi-stage infection chain via a malicious msimg32.dll that can disable over 300 endpoint detection and response (EDR) drivers from virtually every major security vendor. As organizations increasingly rely on EDR solutions, which offer…
New Akira Lookalike Ransomware Campaign Targeting Windows Users in South America
A new and dangerous ransomware campaign has surfaced across South America, targeting Windows users with a carefully crafted strain that closely imitates the well-known Akira ransomware. While the two may appear nearly identical on the surface, this new threat is…
Hackers Clone CERT-UA Site to Trick Victims Into Installing Go-Based RAT
A threat group recently set up a convincing fake version of Ukraine’s official cybersecurity authority website to trick targets into downloading a dangerous remote access tool. The campaign, now tracked under the identifier UAC-0255, relied on a mix of phishing…
How Elite SOCs Cut Escalation Rates by Arming Tier 1 With Better Threat Intelligence
In a mature Security Operations Center, escalation is supposed to work like a scalpel, precise, intentional, and reserved for alerts that genuinely demand deeper expertise. But across many teams today, it has become something far less disciplined: a reflex, a…
WhatsApp Warns Users Targeted by Spyware Attack via Weaponized Version of the App
Meta has officially alerted approximately 200 WhatsApp users, primarily located in Italy, that their devices were compromised by a weaponized, fraudulent version of the messaging application. This malicious software was distributed through social engineering tactics rather than official app stores,…
New ZAP PTK Add-On Maps Browser Security Findings as Native Alert Into ZAP
The Zed Attack Proxy (ZAP) team has rolled out version 0.3.0 of the OWASP PenTest Kit (PTK) add-on, introducing a transformative workflow upgrade for application security testing. This new release bridges the critical gap between traditional proxy-level scanning and modern…
Apple Expands iOS 18.7.7 Update to More Devices to Shield Users from DarkSword Exploit
Apple has taken the rare step of expanding the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader set of devices on April 1, 2026, pushing critical backported security patches to millions of users still running iOS 18 who…
Microsoft Details Steps to Mitigate the Axios npm Supply Chain Compromise
A widely used JavaScript library called Axios was at the center of a serious supply chain attack that came to light on March 31, 2026. Two updated versions of the Axios npm package — version 1.14.1 and version 0.30.4 —…
TA416 Expands Espionage Operations Across Europe With Web Bug Recon and Malware Delivery
TA416 has returned to Europe with a fresh wave of espionage emails aimed at government and diplomatic staff. The campaign mixes quiet reconnaissance with malware delivery, showing how a patient threat actor can test who opens a message before sending…
FBI Warns of Chinese Mobile Apps May Expose User Data to Cyberattacks
Millions of Americans use mobile apps daily without thinking much about where their data actually goes. The Federal Bureau of Investigation has stepped forward to address that. On March 31, 2026, the FBI released a Public Service Announcement outlining serious…
Critical PX4 Autopilot Vulnerability Let Attackers Gain Control Over the Drones
A newly discovered critical vulnerability in the widely used PX4 Autopilot software could allow malicious actors to take complete control over drone operations. The Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) advisory on March 31,…
Oracle Lays Off 30,000 Employees to Ramp Up Investment in AI Technologies
Oracle has executed a massive workforce reduction, eliminating between 20,000 and 30,000 employees globally to free up cash flow for its aggressive artificial intelligence infrastructure investments. The layoffs, representing roughly 18% of its workforce, were communicated abruptly via email, highlighting…