A new and stealthy backdoor named Mistic has been quietly targeting corporate networks since April 2026, disguising itself using the names and appearance of legitimate Microsoft endpoint security components. This clever camouflage helps it avoid detection, allowing attackers to maintain…
Tag: Cyber Security News
Malicious Edge Extension Uses Chrome Native Messaging to Execute Code on Victim Systems
A new and deceptive malware campaign has been uncovered, one that turns an everyday browser extension into a dangerous tool for system compromise. Security researchers have identified a threat that uses a malicious Microsoft Edge extension to break out of…
EvilTokens Hides Its Attack Flow in the Browser, Exposing Static Analysis Gaps
EvilTokens is drawing attention in phishing investigations for abusing Microsoft Device Code authentication and hiding key parts of its attack flow from static URL analysis. In a recent analysis, the phishing page was found encrypted in the initial HTML response and appeared only after browser-side…
Authorities Disrupt Stealer Malware StealC and Amadey Infrastructure in Global Operation
Europol and law enforcement partners across multiple countries have dealt a significant blow to the cybercriminal ecosystems powering StealC, Amadey, and SocGholish malware, three widely deployed tools in the modern “cybercrime-as-a-service” supply chain. Announced as part of Operation Endgame, the…
Hackers Exploiting Cisco Catalyst SD-WAN Manager 0-Day Flaw to Gain Root-Level Access
A sophisticated threat actor is actively targeting SD-WAN infrastructure at a major service provider. The campaign culminated in the exploitation of a zero-day privilege escalation vulnerability, now tracked as CVE-2026-20245 (CVSS 7.8), in Cisco Catalyst SD-WAN Manager, enabling attackers to…
Critical Webmin Vulnerabilities Allow Attackers to Impersonate as Any User
Critical security flaws in Webmin have exposed systems to severe risks, allowing attackers to impersonate users, bypass authentication, and gain root-level control across affected environments. Webmin, a widely used web-based system administration tool for Unix-like systems, has disclosed multiple vulnerabilities…
Laravel Livewire Applications Compromised to Steal Credentials Exploiting RCE Vulnerability
A large-scale cyber campaign targeting Laravel Livewire applications has been uncovered, with attackers exploiting a critical remote code execution (RCE) flaw to steal sensitive credentials from thousands of systems worldwide. Security researchers at Imperva first observed the activity on May…
PoC Exploit Released for Microsoft Exchange Server Elevation of Privilege Vulnerability
A public proof-of-concept exploit is now available for CVE-2026-45504, a high‑severity server-side request forgery vulnerability in Microsoft Exchange Server that enables privilege escalation via arbitrary file reads. The flaw affects on‑premises Exchange Server 2016 and 2019, including Subscription Edition, and…
Fake Income Tax Assessment Notice Delivers RAT-Like Malware to Windows Users
Cybercriminals are now using fake government tax notices to push dangerous malware onto Windows computers, and the tactic is proving alarmingly effective. A newly uncovered campaign targets users in India by impersonating the Income Tax Department, tricking victims into downloading…
Authorities Disrupt Password-Stealing Malware StealC Infrastructure in Global Operation
Europol and law enforcement partners across multiple countries have dealt a significant blow to the cybercriminal ecosystems powering StealC, Amadey, and SocGholish malware, three widely deployed tools in the modern “cybercrime-as-a-service” supply chain. Announced as part of Operation Endgame, the…
Red-Team AI Tool Vulnerabilities Let Attackers Exfiltrate API Keys and Compromise Operators’ Systems
A first-of-its-kind security analysis of 12 widely deployed agentic offensive-security tools reveals critical architectural flaws that allow adversaries to steal LLM API keys, establish persistent footholds, and achieve full host compromise even inside sandboxed containers. Security researchers from Cracken have…
GhostShell Malware Uses mTLS Implant and Telegram Dead-Drop to Target Ukrainian Drone Operations
A newly identified malware cluster known as GhostShell has been found actively targeting Ukraine’s drone operations and its broader defense supply chain. The campaign uses a sophisticated combination of techniques, including a mutual TLS implant and a Telegram-based dead-drop resolver,…
Browser-in-the-Browser Kit Uses Fake Software Errors to Deliver Malware Installers
A newly identified attack campaign is using a sophisticated Browser-in-the-Browser (BitB) kit to trick users into downloading malware disguised as legitimate software installers. The technique combines convincing fake browser pop-ups with fabricated error messages to manipulate victims into taking actions…
PoC Exploit Released for libssh2 Remote Code Execution Vulnerability
A public proof-of-concept (PoC) exploit for the critical libssh2 remote code execution vulnerability tracked as CVE-2026-55200 is now available, significantly increasing the risk of real‑world attacks against unpatched systems. The flaw affects libssh2 versions up to and including 1.11.1 and…
Hackers Exploit Unpatched SharePoint Servers to Deploy Ransomware and Custom Backdoors
Unpatched on-premises SharePoint servers have become a prime target for sophisticated threat actors using known security flaws to break in, plant ransomware, and leave behind hidden backdoors. These are not opportunistic smash-and-grab operations. They are calculated, multi-stage campaigns designed to…
Malicious AI Agent Skill Bypasses Security Scans and Seizes Full Control of Over 26,000 Agents
A malicious AI “skill” created as part of a controlled security experiment has exposed critical weaknesses in modern AI agent ecosystems, successfully bypassing security scanners and compromising more than 26,000 agents across individual and enterprise environments. According to researcher Niv…
Claude Fable 5 Wrote Windows Kernel Code in Rust in 38 Minutes
Anthropic’s Claude Fable 5 generated a complete, bootable NT-compatible Windows kernel written in Rust called ntoskrnl-rs from an empty directory in just 38 minutes of active model work, raising profound questions about AI-authored trust and the future of critical infrastructure…
Malicious AI Agent Skill Bypasses Security Scans and Seized Full Control of Over 26,000 Agents
A malicious AI “skill” created as part of a controlled security experiment has exposed critical weaknesses in modern AI agent ecosystems, successfully bypassing security scanners and compromising more than 26,000 agents across individual and enterprise environments. According to researcher Niv…
Critical Cisco Unified CM and SME Flaw Enables Remote Attacker to Launch SSRF Attacks
Cisco has warned customers about a critical server-side request forgery (SSRF) flaw in Cisco Unified Communications Manager (Unified CM) and Unified CM Session Management Edition (Unified CM SME) that allows remote, unauthenticated attackers to write files on the underlying OS…
How Attackers Exploit Privileged Access and How to Lock Them Out
Every major breach you read about has a quiet middle chapter that rarely makes the headline. The headline is the ransom note or the leaked customer database. The middle chapter the part that actually decided the outcome is almost always the same: an attacker found a…