Tag: Cyber Security News

DUBAI, UAE — May 11, 2026 — As the internet transitions from a playground of chatbots to a workforce of autonomous agents, the question isn’t just what AI can do—it’s who the AI is. Today, OTT Cybersecurity LLC officially launched the Agent Trust Protocol…

Read more →

A critical heap buffer overflow vulnerability has been discovered in the source code of NGINX, present since 2008. This vulnerability has been publicly disclosed, along with a working proof-of-concept exploit that can enable unauthenticated remote code execution (RCE) against one…

Read more →

A newly disclosed vulnerability in the Microsoft Windows DNS Client could let attackers silently execute malicious code across enterprise networks, exposing a massive attack surface. Officially designated as CVE-2026-41096, this critical security flaw carries a severe CVSS score of 9.8…

Read more →

Iran-linked hackers have been quietly breaking into networks around the world, and their latest campaign is more calculated than anything we have seen from them before. The group known as Seedworm, also tracked as MuddyWater, spent the first quarter of…

Read more →

Packagist is sounding the alarm for PHP developers everywhere. A flaw in Composer, the widely used PHP dependency manager, briefly caused GitHub authentication tokens to leak into publicly visible CI logs, raising urgent concerns about credential exposure across thousands of…

Read more →

Attackers are now abusing a fresh Langflow vulnerability to quietly steal cloud keys and turn victim systems into workers for a new NATS based botnet. This campaign shows how a single exposed AI workflow tool can become the start of…

Read more →

A ransomware group that only surfaced in mid-2025 has already made a significant mark on the threat landscape. The Gentlemen, a ransomware-as-a-service (RaaS) operation, has quickly risen to become one of the most active ransomware programs in the world, with…

Read more →

A newly disclosed critical vulnerability in MongoDB could allow threat actors to execute arbitrary code, potentially handing them complete control over affected servers and exposing millions of records to theft. The vulnerability, officially tracked as CVE-2026-8053, directly impacts MongoDB Server…

Read more →

A critical heap buffer overflow vulnerability, lurking in NGINX’s source code since 2008, has been publicly disclosed. Complete with a working proof-of-concept exploit capable of delivering unauthenticated remote code execution (RCE) against one of the world’s most widely deployed web…

Read more →

Two new unpatched Windows BitLocker zero-day vulnerabilities significantly compromise Microsoft’s ecosystem. The exploits include a critical BitLocker encryption bypass called YellowKey and a privilege escalation flaw named GreenPlasma. The most critical of these flaws, dubbed “YellowKey,” enables a total bypass…

Read more →

Foxconn has officially confirmed a cyberattack targeting its North American operations after the Nitrogen ransomware gang publicly listed the company on its data leak site, claiming to have stolen a staggering 8 terabytes of sensitive data. The Nitrogen ransomware group…

Read more →

Email filters are important, but they can’t remove phishing risk on their own. Today’s campaigns are built to slip through the cracks, using fresh domains, CAPTCHA checks, fake login pages, OTP theft, and even legitimate RMM tools.  For security leaders, the bigger issue…

Read more →

A newly disclosed Linux kernel vulnerability dubbed Fragnesia allows any local unprivileged user to escalate privileges to root without requiring a race condition, making it one of the more reliable local privilege escalation exploits seen in recent years. Discovered by…

Read more →

For years, texting between an iPhone and an Android phone meant your messages traveled without any real privacy protection. That long-standing gap is now being addressed, as Apple and Google have jointly launched a beta rollout of end-to-end encrypted messaging…

Read more →

A critical security flaw has been found in SandboxJS, a widely used JavaScript sandboxing library available on npm. The vulnerability allows attackers to break out of the sandbox entirely and run any code they want directly on the host system.…

Read more →

A cyberattack campaign that tricks users into running malicious commands on their own computers has taken a dangerous new turn. The technique, known as “ClickFix,” has been circulating for some time, but a recent incident revealed that attackers are now…

Read more →

Android smartphones have become the go-to device for billions of people around the world. From banking and messaging to storing personal photos and sensitive documents, people rely on them for almost everything. That reliance has made mobile devices a prime…

Read more →

A serious security flaw has been found in Exim, one of the most widely deployed mail transfer agents on the internet today. The vulnerability, tracked as EXIM-Security-2026-05-01.1, allows a remote attacker to corrupt server memory and potentially execute malicious code…

Read more →

In 2026, data is the undisputed lifeblood of the modern enterprise. As organizations shift completely to decentralized, multi-cloud architectures, the challenge of securing sensitive information—such as Intellectual Property (IP), Personally Identifiable Information (PII), and Protected Health Information (PHI)—has grown exponentially.…

Read more →

Microsoft pushed out a significant cumulative update for Windows 11 on May 12, 2026, covering both version 25H2 and version 24H2. The update, identified as KB5089549, brings OS Builds 26200.8457 and 26100.8457 to users running these versions. It bundles the…

Read more →