Cisco has issued an urgent security warning regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. Enterprise organizations widely use this tool to manage their Cisco software licenses locally. Tracked as CVE-2026-20160, the flaw carries a…
Tag: Cyber Security News
New WhatsApp Attack Chain Uses VBS Scripts, Cloud Downloads, and MSI Backdoors
A new malware campaign is actively using WhatsApp to deliver harmful files directly to Windows users, exploiting the widespread trust placed in everyday messaging apps. The threat actors send malicious Visual Basic Script (VBS) files through WhatsApp messages, knowing that…
Microsoft Copilot Terms of Service Label Copilot is for Entertainment Purposes Only
Microsoft’s terms of service for its Copilot AI assistant include a notable disclaimer that has sparked renewed scrutiny from security and enterprise communities: the product is intended solely for entertainment purposes. According to the official Copilot terms of use, Microsoft…
Symantec DLP Agent Vulnerability Let Attackers Escalate Privileges
A high-severity security flaw has been identified in the Symantec Data Loss Prevention (DLP) Agent for Windows. Tracked as CVE-2026-3991, this vulnerability allows a low-privileged local attacker to escalate their system privileges to the highest level. Security researcher Manuel Feifel…
Remcos RAT Infection Chain Hides Behind Obfuscated Scripts and Trusted Windows Binaries
Cybercriminals are getting better at hiding their tracks, and a recently uncovered Remcos RAT campaign is proof of that. This attack does not rely on a single malicious file dropped onto a system. Instead, it uses a carefully built, multi-stage…
Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication
Cisco has recently disclosed a critical security flaw affecting its Integrated Management Controller (IMC), prompting the release of urgent software updates. The vulnerability, officially tracked as CVE-2026-20093, has been assigned a critical Base CVSS score of 9.8, indicating the highest…
Top 20 Best Digital Forensic Tools in 2026
Digital forensic tools are specialized software designed to analyze, recover, and investigate data from digital devices. They help uncover crucial evidence in cybercrime investigations and legal proceedings. These tools can extract data from various sources, including computers, smartphones, and storage…
10 Best VPN For Privacy In 2026
When it comes to privacy-focused VPNs, several providers stand out in 2026. NordVPN, based in Panama, offers robust security features including Double VPN, Onion over VPN, and an independently audited no-logs policy. Proton VPN, founded by CERN scientists and based…
Starbucks Breach – Attacks Allegedly Claim 10GB of Stolen Source Code
The threat group ShadowByt3s has claimed responsibility for a new cyberattack on Starbucks, allegedly stealing 10GB of proprietary source code and operational firmware. The data was reportedly scraped from a misconfigured Amazon S3 bucket named “sbux-assets” as part of a…
Microsoft to Remove EXIF Data for Images Shared on Teams
In a significant move to enhance corporate privacy and operational security, Microsoft has announced an important update for its Teams platform. As part of the March 2026 feature rollout, Microsoft Teams will now automatically remove EXIF metadata from all images…
Public PoC Exploit Released for Nginx-UI Backup Restore Vulnerability
A critical security flaw has been disclosed in the Nginx-UI backup restore mechanism, tracked as CVE-2026-33026. This vulnerability allows threat actors to tamper with encrypted backup archives and inject malicious configurations during the restoration process. With a public Proof-of-Concept (PoC)…
Vim Modeline Bypass Vulnerability Let Attackers Execute Arbitrary OS Commands
A newly discovered high-severity vulnerability in the popular Vim text editor exposes users to arbitrary command execution on the operating system. Tracked as CVE-2026-34982, the flaw relies on a modeline sandbox bypass that triggers when a victim opens a specially…
Magecart Hackers Uses 100+ Domains to Hijack eStores Checkouts and Steal Card Data
A sophisticated and long-running Magecart campaign has been quietly operating for over 24 months, infecting e-commerce websites across at least 12 countries using more than 100 malicious domains to steal payment card data in real time and banks, not merchants,…
HSBC India Asks Customers to use All-Uppercase Passwords
Beginning April 6, 2026, HSBC India will require its internet banking customers to enter their passwords in uppercase letters only. The mandate, communicated via official customer emails, has sparked widespread concern among technical experts regarding the bank’s credential storage practices…
New Chrome Zero-Day Vulnerability Actively Exploited in Attacks — Patch Now
Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The Stable channel has been updated to version 146.0.7680.177/178 for Windows and Mac, and 146.0.7680.177 for…
Russian Hackers Using Remote Access Toolkit “CTRL” for RDP Hijacking
A newly disclosed Russian-linked remote access toolkit called “CTRL” is being used to hijack Remote Desktop Protocol sessions and steal credentials from Windows systems. According to Censys ARC, the malware is a custom .NET framework that combines phishing, keylogging, reverse…
Hackers Actively Exploiting Critical WebLogic RCE Vulnerabilities in Attacks
A recent cybersecurity study reveals that threat actors are moving faster than ever to weaponize new software flaws. According to data collected from a high-interaction honeypot, hackers are actively exploiting a newly disclosed, maximum-severity vulnerability in Oracle WebLogic Server. The…
Google Cloud’s Vertex AI platform Vulnerability Allow Attackers to Access Sensitive Data
Artificial intelligence agents are rapidly becoming integral to enterprise workflows, but they also introduce new attack surfaces. Security researchers recently uncovered a significant vulnerability within Google Cloud Platform’s Vertex AI Agent Engine. By exploiting default permission scoping, attackers could weaponize…
XLoader Malware Upgrades Obfuscation Tactics and Hides C2 Traffic Behind Decoy Servers
A well-known information-stealing malware called XLoader has received significant upgrades in its latest versions, making it considerably harder to detect and analyze than before. Originally derived from a malware family known as FormBook, which first surfaced in 2016, XLoader was…
PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, Leak Sensitive Information
Two high-severity vulnerabilities have been discovered in libpng, the widely used reference library for reading and writing PNG images. These flaws allow attackers to trigger process crashes, leak sensitive information, and potentially execute arbitrary code by convincing a system to…