Cybersecurity News
-
Iranian Hacker Group Handal Claims Breach of Israeli Defense Firm
The international cybersecurity community has been notified about a significant data breach targeting Israeli military infrastructure. Handala, identified as an Iranian state-sponsored hacking group, claims responsibility for infiltrating PSK Wind…
Read More » -
Axios npm Supply Chain Breach: Microsoft Shares Mitigation Steps
Microsoft hasdetailed how organizations can detect and mitigate a recent supply chain compromise involving malicious Axios npm releases and infrastructure attributed to the North Korean threat actor Sapphire Sleet. On…
Read More » -
Cisco Smart Software Manager Flaw Allowed Arbitrary Command Execution
Cisco has issued a critical security alert regarding a severe vulnerability in its Smart Software Manager On-Prem (SSM On-Perm) platform. The flaw, identified as CVE-2026-20160, carries an extremely high CVSS…
Read More » -
WhatsApp Attack Chain Delivers VBS, Cloud Payloads, MSI Backdoor
A newmalware campaign leverages WhatsApp messages to deliver malicious Visual Basic Script (VBS) files to Windows systems, facilitating persistent remote access via unsigned MSI installers. The attack initiates when users…
Read More » -
CrystalX Malware-as-a-Service Spreads via Telegram With Stealer, RAT Tools
Hackers are actively promoting a new malware-as-a-service (MaaS) platform called CrystalX RAT through private Telegram channels, offering cybercriminals a powerful toolkit that combines remote access, data theft, surveillance, and even…
Read More » -
Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2026
In today’s fast-paced software development world, where applications are released at an unprecedented rate, ensuring their security is more critical than ever. DAST tools, often referred to as “black box”…
Read More » -
Cisco Faces Alleged Data Leak as ShinyHunters Claims Responsibility
Cisco is actively dealing with a major cybersecurity incident after threat actors breached its internal development networks. The notorious hacking group ShinyHunters has claimed responsibility for the attack, alleging they…
Read More » -
Google Warns of New Chrome Zero-Day Under Active Exploitation — Users Urged to Update Immediately
Google has released an urgent security update for Chrome desktop (version 146.0.7680.177/.178 for Windows/Mac, 146.0.7680.177 for Linux) to patch 21 vulnerabilities, including a critical zero-day flaw actively exploited in the…
Read More » -
PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw
A critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and execute arbitrary commands. Proof-of-Concept (PoC) exploit code has been publicly…
Read More » -
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems
A North Korea–nexus threat actor hijacked the popular Axios NPM package in a high‑impact software supply chain attack, deploying a backdoor capable of compromising Windows, macOS, and Linux systems silently.…
Read More » -
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature
Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks. This defense intercepts potentially harmful commands before…
Read More » -
Axios NPM Packages Breached in Ongoing Supply Chain Attack
A severe supply chain attack has compromised the widely used Axios HTTP client on the npm registry. Attackers injected a malicious dependency into specific Axios releases, exposing millions of developers…
Read More » -
Telegram-Based ResokerRAT Adds Screenshot Capture and Persistence
Hackers are deploying a new Windows malware called ResokerRAT, a Telegram‑based Remote Access Trojan (RAT) that gives attackers stealthy remote control over infected systems. Instead of relying on a traditional command‑and‑control…
Read More » -
EvilTokens Launches New Phishing Service Targeting Microsoft Accounts
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that industrialises Microsoft account takeover by abusing the OAuth device code flow rather than traditional credential phishing. The service sells a turnkey Microsoft…
Read More » -
Google Introduces Advanced Ransomware Defense and Recovery Features in Drive
Google has officially rolled out its enhanced ransomware detection and file restoration capabilities for Google Drive, transitioning them from beta to general availability across organizations globally. First made available during…
Read More »