Tag: Cyber Security News

Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations through SharePoint file-sharing abuse. The multi-stage attack compromised multiple user accounts and evolved into widespread business email compromise (BEC) operations across several organisations. Initial Compromise…

Read more →

Active exploitation of a critical authentication bypass vulnerability in the GNU InetUtils telnetd server (CVE-2026-24061) has been observed in the wild, allowing unauthenticated attackers to gain root access to Linux systems. The vulnerability, which affects GNU InetUtils versions 1.9.3 through…

Read more →

Microsoft gave U.S. federal agents the digital keys needed to unlock three encrypted laptops linked to a massive COVID unemployment scam in Guam. This case shows how cloud-stored encryption keys can help law enforcement, but also raises big privacy worries…

Read more →

A new malware campaign targeting Windows users has emerged, using deceptive LNK shortcut files to distribute MoonPeak, a dangerous remote access trojan. This malware, which appears to be a variant of XenoRAT, has been linked to threat actors affiliated with…

Read more →

A critical backdoor vulnerability has been discovered in the LA-Studio Element Kit for Elementor, a popular WordPress plugin used by more than 20,000 active sites. This security flaw allows attackers to create administrator accounts without any authentication, putting thousands of…

Read more →

A new wave of web-based malware campaigns is using fake verification pages to trick users into installing dangerous software. These attacks copy the look and feel of legitimate security checks that people see every day while browsing the internet. The…

Read more →

A sophisticated macOS malware called MacSync has emerged as a dangerous new threat targeting cryptocurrency users through deceptive social engineering tactics. The infostealer operates as an affordable Malware-as-a-Service tool designed to harvest sensitive data from macOS systems by convincing victims…

Read more →

A new and alarming threat has emerged in the cybersecurity landscape where attackers combine artificial intelligence with web-based attacks to transform innocent-looking webpages into dangerous phishing tools in real time. Security researchers discovered that cybercriminals are now leveraging generative AI…

Read more →

Data security companies are essential in 2026 for protecting sensitive information amid rising cyber threats and complex cloud environments. In 2026, data security has become a top priority for organizations of all sizes as cyber threats, regulatory pressure, and cloud…

Read more →

A major security threat has emerged targeting developers who use EmEditor, a popular text editor favored by Japanese programming communities. In late December 2025, the software’s official download page fell victim to a compromise that allowed attackers to distribute malicious…

Read more →

Security researchers at Pwn2Own Automotive 2026 demonstrated 76 unique zero-day vulnerabilities across electric vehicle chargers and in-vehicle infotainment systems. The three-day event in Tokyo awarded $1,047,000 USD total, with Fuzzware.io claiming the Master of Pwn title. Day One Activities Day…

Read more →

A new security feature for Teams Calling now alerts users to suspicious external calls that try to impersonate trusted organizations. The feature will begin deployment in mid-February 2026 for Targeted Release customers, with general availability timelines to be communicated later.…

Read more →

Node.js has updated its HackerOne vulnerability disclosure program to require a minimum Signal score of 1.0, aiming to reduce low-quality submissions and improve processing efficiency. Node.js has implemented a new threshold for vulnerability report submissions through its HackerOne program, mandating…

Read more →

A dangerous new generation of phishing kits designed specifically for voice-based attacks has emerged as a growing threat to enterprise users across major technology platforms. Okta Threat Intelligence discovered multiple custom phishing kits available on an as-a-service basis that criminals…

Read more →

A critical privilege escalation vulnerability affecting multiple storage platforms could allow remote attackers to gain administrative access without physical interaction. The flaw, tracked as CVE-2026-23594, impacts HPE Alletra 6000, Alletra 5000, and Nimble Storage arrays running vulnerable firmware versions. The…

Read more →

TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a vulnerability in its LiteSSL ACME service. The flaw allowed for the improper reuse of domain validation data across different ACME accounts, prompting an immediate suspension of issuance services and…

Read more →

Artificial intelligence (AI) features have been added to Windows 11 Notepad and Paint for Canary and Dev Channel users, turning them into cloud-connected tools that require sign-in. The Notepad update (version 11.2512.10.0) brings AI-powered text generation, rewriting, and summarization features…

Read more →

Athletic footwear and apparel manufacturer Nike has become the latest victim of WorldLeaks, a financially motivated ransomware group known for data extortion attacks. The group announced the breach on its darknet leak site on January 22, claiming responsibility for the…

Read more →

North Korea–aligned hackers have launched a new campaign that turns artificial intelligence into a weapon against software teams. Using AI-written PowerShell code, the group known as KONNI is delivering a stealthy backdoor that blends real project content with malicious scripts.…

Read more →

Microsoft’s January 2026 Windows 11 security update KB5074109 has triggered multiple system stability issues, including lockups and black screens, prompting users to uninstall it. Reports highlight graphics regressions and app failures affecting both consumer and enterprise setups. KB5074109 targets Windows…

Read more →