Cybersecurity News
-
New Critical MediaTek Vulnerability Exposes Android Phone PINs to Theft in 45 seconds
A newly discovered hardware vulnerability in the MediaTek Dimensity 7300 chipset is putting millions of Android users at risk. By exploiting this flaw, physical attackers can bypass security layers to…
Read More » -
Hackers Exploit CloudFlare Anti-Security to Steal Microsoft 365 Login Credentials
A recent Microsoft 365 credential harvesting campaign shows attackers exploiting CloudFlare’s protective features to shield malicious phishing sites from security scanners and threat researchers. CloudFlare is widely used by organizations…
Read More » -
4,000+ Routers Compromised by KadNap Malware Exploiting Vulnerabilities
A newly uncovered malware campaign known as KadNap has silently infected over 14,000 internet-connected routers and edge devices, primarily targeting Asus models. Over 60% of the known victims reside in…
Read More » -
AI-Driven Phishing Attacks Bypass Email Filters, Land in Inboxes
AI-generated phishing is rapidly reshaping email risk, with more attacks slipping past filters and landing directly in users’ inboxes, even though AI-generated emails remain a minority of total phishing. The…
Read More » -
Stryker Faces Cyber Attack as Hackers Report System Breach and Device Destruction
On March 11, 2026, the global medical technology giant Stryker suffered a devastating cyberattack that brought its worldwide IT operations to a sudden halt. Iranian-linked threat actors breached the company’s…
Read More » -
Microsoft .NET 0-Day Flaw Opens Doors for Denial of Service Attacks
Microsoft released it’s March 2026 Patch Tuesday update addressing the critical zero-day vulnerability tracked as CVE-2026-26127 within the .NET framework. The publicly disclosed flaw enables unauthenticated remote attackers to force…
Read More » -
Microsoft Active Directory Flaw Allows Attackers to Escalate Privileges
Microsoft has released a critical security update addressing a high-severity elevation of privilege vulnerability in Active Directory Domain Services (AD DS). This flaw, patched during the March 10, 2026, Patch…
Read More » -
Google Warns of AI‑Driven Adaptive Malware Rewriting Its Own Code
The cybersecurity landscape experienced a major shift in 2025 as threat actors transitioned from experimenting with artificial intelligence to fully integrating it into real-world cyber operations. According to new insights…
Read More » -
Critical Vulnerability in Microsoft Office Allows Malicious Code to Run Remotely
Microsoft has revealed a critical security flaw in its Microsoft Office suite, formally designated as CVE-2026-26110. This Remote Code Execution (RCE) vulnerability, disclosed on March 10, 2026, poses a severe…
Read More » -
UNC6426 Hackers Exploit NPM Package to Gain AWS Admin Access in 72 Hours
Attackers turned a routine NPM update into a direct path to full AWS administrator access in under 72 hours, highlighting how fragile CI/CD-to-cloud trust can become when roles are overly…
Read More » -
SurxRAT Android Malware Uses LLMs for Phishing and Data Theft
A new Android Remote Access Trojan (RAT) named SurxRAT, which is being sold as a commercial malware platform through a Telegram-based malware-as-a-service (MaaS) ecosystem. The malware, marketed under the SURXRAT…
Read More » -
Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threats
Iran-linked threat actors are escalating cyber operations against U.S. and allied networks, with Seedworm recently deploying new backdoors against critical infrastructure and high-value organizations amid the current regional conflict. Activity…
Read More » -
Fake CleanMyMac Site Spreads SHub Stealer, Targets Crypto Wallets
Hackers are leveraging a counterfeit CleanMyMac download site to deploy SHub Stealer on macOS users, a potent infostealer that compromises crypto wallets and exfiltrates sensitive data. Instead of a standard…
Read More » -
Nginx UI Vulnerabilities Let Attackers Download Full System Backups
A critical security flaw has been identified in Nginx UI that permits unauthorized threat actors to download and decrypt entire system backups. Classified under the identifier CVE-2026-27944, this vulnerability carries…
Read More » -
Malicious Browser Add‑on Targets imToken Users’ Private Keys
Socket’s Threat Research Team has uncovered a highly deceptive Google Chrome extension designed to steal private keys and seed phrases from cryptocurrency users. The malicious add-on, named “lmΤoken Chromophore” (extension…
Read More » -
OpenAI’s Codex Security Built to Automate Vulnerability Discovery and Remediation
OpenAI has officially introduced Codex Security, an advanced application security agent designed to automate vulnerability discovery and remediation. Formerly known as Aardvark, the tool is now available in a research…
Read More »