The Zed Attack Proxy (ZAP) team has released the OWASP PTK add-on, version 0.2.0 alpha, integrating the OWASP Penetration Testing Kit (PTK) browser extension directly into ZAP-launched browsers. This streamlines application security testing by embedding DAST, IAST, SAST, SCA, and…
Tag: Cyber Security News
New Osiris Ransomware Using Wide Range of Living off the Land and Dual-use Tools in Attacks
A newly discovered ransomware family called Osiris launched attacks against a major food service company in Southeast Asia during November 2025. Security researchers have identified this threat as a completely new malware variant with no connection to an older ransomware…
Proxyware Malware Disguised as Notepad++ Tool Leverages Windows Explorer Process to Hijack Systems
A sophisticated malware campaign targeting unsuspecting users has emerged, disguising malicious proxyware as legitimate Notepad++ installations. This attack, orchestrated by the threat actor Larva-25012, exploits users seeking cracked software through deceptive advertisement pages and fake download portals. The malware hijacks…
Attackers Reverse‑Engineer Patch to Exploit SmarterMail Admin Bypass in the Wild
A critical authentication bypass vulnerability in SmarterTools SmarterMail is actively being exploited in the wild by attackers, according to security researchers at watchTowr Labs. The vulnerability, tracked as WT-2026-0001, allows unauthenticated attackers to reset the system administrator password without any…
Hackers Earned $516,500 for 37 Unique 0-day Vulnerabilities – Pwn2Own Automotive 2026
Day One of Pwn2Own Automotive 2026, which delivered $516,500 USD for 37 zero-days, the event has now accumulated $955,750 USD across 66 unique vulnerabilities, demonstrating the automotive sector’s substantial attack surface. The competition showcased exploits targeting multiple vehicle subsystems, including…
Researchers Detailed r1z Initial Access Broker OPSEC Failures
U.S. authorities have pulled back the curtain on “r1z,” an initial access broker who quietly sold gateways into corporate networks around the world. Operating across popular cybercrime forums, he offered stolen VPN credentials, remote access to enterprise environments, and custom…
Attackers Infrastructure Exposed Using JA3 Fingerprinting Tool
A new powerful method to detect and trace attacker infrastructure using JA3 fingerprinting, a technique that identifies malicious tools through network communication patterns. While many security teams considered JA3 fingerprints outdated after fingerprint lists remained largely unchanged since 2021, fresh…
CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after confirming active exploitation of a zero-day remote code execution (RCE) vulnerability in multiple Cisco Unified Communications products. Tracked as CVE-2026-20045, the flaw enables code injection attacks that…
FortiGate Firewalls Hacked in Automated Attacks to Steal Configuration Data
A new cluster of automated malicious activity targeting FortiGate firewall devices. Beginning January 15, 2026, threat actors have been observed executing unauthorized configuration changes, establishing persistence through generic accounts, and exfiltrating sensitive firewall configuration data. This campaign echoes a December…
Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code
A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as CVE-2026-22755, affects dozens of camera models and poses significant risks to organizations relying on legacy…
New ClickFix Campaign Hijacks Facebook Sessions Using Fake Verification Pages
Attackers have launched a widespread campaign called ClickFix that steals Facebook account credentials by tricking users into handing over their session tokens. Rather than using complex malware or software exploits, the attack relies on social engineering to guide victims through…
Malicious PyPI Package Mimic as Popular Sympy-Dev to Attack Millions of Users
A new malicious package on the Python Package Index (PyPI), named sympy-dev, has been caught impersonating the widely used SymPy library to deliver cryptomining malware. SymPy is a popular symbolic mathematics library that sees tens of millions of downloads every month,…
New AI-Android Malware that Auto Clicks Ads from the Infected Devices
A dangerous Android malware campaign has emerged, targeting users through mobile games and pirated streaming app modifications. The threat, known as Android.Phantom, employs machine learning technology to perform automated ad-click fraud on infected smartphones. Over 155,000 downloads of compromised games…
Critical Chainlit AI Vulnerabilities Let Hackers Gain Control Over Cloud Environments
Cybersecurity researchers have uncovered two critical security flaws in Chainlit, a widely used open-source AI framework with over 700,000 monthly downloads. The vulnerabilities allow attackers to steal sensitive cloud credentials, leak database files, and take control of enterprise AI environments…
Critical Vulnerability in Binary-Parser Library for Node.js Allows Malicious Code injection
A critical code-injection vulnerability has been identified in the Node.js binary-parser library, affecting all versions before 2.3.0. The flaw allows attackers to execute arbitrary JavaScript code if untrusted input is used to construct parser definitions, potentially compromising application integrity and…
New Multi-Stage Windows Malware Disables Microsoft Defender Before Dropping Malicious Payloads
Security researchers have identified a sophisticated multi-stage malware campaign targeting Windows systems through social engineering and weaponized cloud services. The attack employs business-themed documents as deceptive entry points, luring users into extracting compressed archives containing malicious shortcuts that execute PowerShell…
BIND 9 Vulnerability Allow Attackers to Crash Server by Sending Malicious Records
A high-severity vulnerability has been disclosed in BIND 9, the widely used DNS server software responsible for domain name resolution across millions of internet services. The vulnerability, tracked as CVE-2025-13878, enables remote attackers to crash DNS servers by sending specially…
New ClearFake Campaign Leveraging Proxy Execution to Run PowerShell Commands via Trusted Window Feature
ClearFake has entered a new and more dangerous phase, turning a familiar fake CAPTCHA scam into a highly evasive malware delivery chain. Across hundreds of hacked websites, visitors now see what looks like a routine verification challenge, but behind the…
Fortinet SSO Vulnerability Actively Exploited to Hack Firewalls and Gain Admin Access
A critical vulnerability in Fortinet’s Single Sign-On (SSO) feature for FortiGate firewalls, tracked as CVE-2025-59718, is under active exploitation. Attackers are leveraging it to create unauthorized local admin accounts, granting full administrative access to internet-exposed devices. Multiple users have reported…
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access
Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability, CVE-2026-20045, actively exploited in the wild. Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access. The…