Cybersecurity News
-
China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft
A threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes of highly classified information from the National Supercomputing Center (NSCC)…
Read More » -
CISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing Attacks
The Cybersecurity and Infrastructure security Agency (CISA) has issued an urgent alert regarding a critical security flaw in Ivanti Endpoint Manager Mobile (EPMM). The agency recently added the vulnerability, identified…
Read More » -
RoningLoader Campaign Uses DLL Side-Loading, Code Injection to Slip Past Defenses
A sophisticated cyber-espionage group known as DragonBreath (APT-Q-27) has been linked to a new RoningLoader malware campaign that uses advanced evasion techniques such as DLL side-loading and code injection to…
Read More » -
Linux Foundation Leader Impersonated in Slack Attack on Open Source Developers
A social engineering campaign is actively targeting open source developers through Slack. The warning was shared through the OpenSSF Siren mailing list, a public threat intelligence platform designed to alert…
Read More » -
Critical Chrome Flaws Let Attackers Execute Arbitrary Code
Google has released an urgent security update for its Chrome browser, resolving multiple dangerous vulnerabilities. The Chrome team promoted version 147 to the stable channel for Windows, Mac, and Linux…
Read More » -
Silver Fox Campaign Spreads ValleyRAT via Fake Chinese Telegram Language Pack
New analysis of a fake Telegram installer uploaded to MalwareBazaar reveals Silver Fox expanding its ValleyRAT operations via a fresh delivery chain. This chain employs a Chinese-language pack-decoy and an…
Read More » -
Anthropic Launches Claude Mythos Preview Focused on Zero-Day Vulnerability Discovery
Anthropic recently unveiled Claude Mythos Preview, a groundbreaking general-purpose language model demonstrating an unprecedented, emergent ability to autonomously discover and exploit zero-day vulnerabilities. In response to these powerful capabilities, the…
Read More » -
Hackers Target Adobe Reader Users With Sophisticated Zero-Day Exploit
Security researchers have uncovered a highly sophisticated, unpatched zero-day vulnerability actively targeting Adobe Reader users. The exploit, first detected in the wild late last month, allows threat actors to silently…
Read More » -
EvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BEC
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end‑to‑end factory for Business Email Compromise (BEC) at scale. By combining device-code phishing,…
Read More » -
IBM Security Verify Access Flaws Let Remote Attackers Access Sensitive Data
IBM has issued an urgent security bulletin addressing a slew of vulnerabilities impacting IBM Verify Identity Access and IBM Security Verify Access. These flaws span across critical dependencies and internal…
Read More » -
Masjesu Botnet Targets Routers in Commercial DDoS Attacks
Hackers are abusing the Masjesu botnet to run high-volume DDoS-for-hire attacks against routers, gateways, and other exposed IoT infrastructure, turning everyday network hardware into commercial attack firepower. Operating quietly since…
Read More » -
Multiple OpenSSL Flaws Expose Sensitive Data in RSA KEM Handling
A recently uncovered vulnerability in OpenSSL could expose sensitive data stored within application memory to potential attackers. Identified as CVE-2026-31790, this moderate-severity issue impacts the RSA Key Encapsulation Mechanism (KEM)…
Read More » -
Docker Authorization Bypass Flaw Exposed Hosts to Potential Attackers
A critical security vulnerabilityhas been identified in Docker Engine, creating a risk of authorization bypass attacks against host systems. Referred to as CVE-2026-34040, the flaw allows attackers to circumvent authorization…
Read More » -
Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware
Hackers are increasinglyusing fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL says it has blocked 164 malicious domains tied to this…
Read More » -
FBI Takes Down Russian Campaign That Compromised Thousands of Routers
U.S. Justice Department and FBI actions disrupted a worldwide network of hacked SOHO routers controlled by Russia’s GRU intelligence agency in a campaign dubbed “Operation Masquerade.” These state-sponsored hackers compromised…
Read More » -
Russian State-Sponsored Hackers Targeting Global Router Networks
Russian military-linked hackers are actively compromising poorly secured home and small-office routers to hijack internet traffic and conduct espionage on organizations worldwide. Microsoft Threat Intelligence has exposed this massive global…
Read More »