Tag: Cyber Security News

A newly disclosed security vulnerability in Microsoft Teams could allow attackers to spoof local devices, raising concerns for enterprises and individual users who rely on the platform for daily communications. Microsoft disclosed CVE-2026-32185 on May 12, 2026, as part of…

Read more →

A critical security flaw in Fortinet’s FortiSandbox platform is putting enterprise networks at serious risk, allowing unauthenticated attackers to execute arbitrary code or commands remotely, with no credentials required. Fortinet disclosed the vulnerability on May 12, 2026, under the identifier…

Read more →

Fortinet released security advisories on May 12, 2026, addressing five vulnerabilities spanning its wireless access point controllers, network operating system, and enterprise management platforms, including a critical unauthenticated authorization bypass in FortiSandbox. Critical Flaw in FortiSandbox The most severe vulnerability…

Read more →

Microsoft’s May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across Windows, Office, Azure, developer tools, and Microsoft 365 apps, including 29 remote code execution (RCE) flaws rated Critical. Unlike several recent cycles, Microsoft reports no…

Read more →

Every incident that damages a client starts with a moment of invisibility: a connection the SIEM didn’t flag, a domain the detection rules didn’t know about, an IOC that was active for two days before any feed registered it. Top-performing MSSPs have…

Read more →

Ivanti has released its May 2026 Patch Tuesday security updates, disclosing vulnerabilities across four products while revealing that artificial intelligence tools are already helping its engineers uncover flaws that traditional scanners miss and warning that AI-driven discovery will likely accelerate…

Read more →

A single click can allow attackers to exploit a critical, unpatched flaw in Open WebUI to seize control of AI workspaces, execute remote code, hijack accounts, and steal sensitive chat histories. Discovered by security researcher Metin Yunus Kandemir, the vulnerability…

Read more →

A new wave of cyberattacks is putting Microsoft Teams users on high alert across organizations worldwide. Hackers have been found hijacking Teams accounts to impersonate IT support staff and push a dangerous piece of malware called ModeloRAT directly into corporate…

Read more →

On May 12, 2026, SAP released its highly anticipated monthly Security Patch Day updates, addressing numerous severe security flaws across its entire enterprise software portfolio. The most alarming discovery is a critical SQL injection vulnerability in SAP S/4HANA, giving attackers…

Read more →

A new and highly stealthy campaign distributing Vidar Stealer has surfaced, targeting Windows users with a sophisticated attack chain designed to slip past endpoint defenses and harvest sensitive credentials. The campaign has drawn significant attention from the cybersecurity community because…

Read more →

A series of newly discovered vulnerabilities in Zoom’s software ecosystem could hand local attackers the keys to your system. As organizations continue to rely heavily on virtual meetings, threat actors are constantly hunting for ways to exploit these communication tools.…

Read more →

A new and growing wave of phishing attacks is making credential theft easier than ever before. Threat actors are now using Vercel, a legitimate AI-powered web development platform, to build convincing fake login pages that closely mirror real websites. The…

Read more →

North Korean hackers have found a new way to hide malware inside the tools that software developers rely on every single day. Instead of sending phishing emails or planting fake links, they are now burying malicious code deep inside Git…

Read more →

A fake Chrome browser extension pretending to be the popular TronLink crypto wallet has been caught stealing sensitive wallet credentials from unsuspecting users. The malicious extension operates silently in the background, harvesting mnemonic phrases, private keys, and passwords before forwarding…

Read more →

A critical security flaw has been identified in the Cline Kanban server that allows threat actors to exfiltrate workspace data and execute arbitrary code silently and remotely. Security researcher TheRealSpencer recently published details of this cross-origin WebSocket hijacking vulnerability affecting…

Read more →

Researchers have exposed a catastrophic vulnerability hiding inside the “Claude in Chrome” extension. By weaponizing an otherwise harmless, zero-permission extension, invisible attackers can completely hijack the trusted AI assistant. Transform it into a malicious puppet that silently pillages private Gmail…

Read more →

A popular AI development library has been turned into a weapon. The mistralai PyPI package, version 2.4.6, was found to contain malicious code secretly injected by attackers, putting developers and organizations worldwide at serious risk. The compromise affects anyone who…

Read more →

A supply chain attack that started with a relatively obscure open-source scanner has now reached one of the most widely used application security tools in the industry. In May 2026, a malicious version of the Checkmarx Jenkins AST plugin was…

Read more →

Online shoppers have long been targets of digital theft, but a recent wave of attacks has raised the stakes in a troubling new way. Hackers tied to the notorious Magecart group are now hiding credit card skimmers inside Google Tag…

Read more →

A serious cluster of vulnerabilities has been uncovered in PHP’s core string processing and ext-soap components, putting numerous web servers at immediate risk of total takeover. While the SOAP extension has a notorious history of memory corruption flaws, this latest…

Read more →