Cybersecurity News

The attackers had access to a senior executive’s email account for 150 days and exfiltrated data for months. The post Hackers Target Global Stock Exchange in Espionage Operation ap...

The affected individuals’ personal information was stolen from a legacy server managed by a third party. The post IMA Diligence Services Data Breach Impacts 525,000 People appeared...

Cybersecurity researchers at Huntress have disclosed an unpatched vulnerability in the Windows "search:" URI handler that can be weaponized to leak a user's NTLMv2 hash to a remote...

Cybersecurity researchers at Calif have disclosed a new remote denial-of-service vulnerability dubbed "HTTP/2 Bomb" that affects five major web server platforms: NGINX, Apache HTTP...

Cybersecurity researchers at McAfee Labs have uncovered a malware-as-a-service (MaaS) campaign dubbed Weedhack that has been actively targeting Minecraft players since January 2026...

Acer has confirmed it is actively developing patches for two maximum-severity zero-day vulnerabilities impacting its Wave 7 mesh routers. Both flaws were reported by independent se...

European and international law enforcement agencies have dismantled nine organized crime groups and arrested 29 suspects in a major crackdown on illegal streaming operations. [...]...

Google is introducing a new Android security feature that will detect and flag phone calls in which scammers use artificial intelligence to impersonate a user's personal contacts. ...

A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking us...

A prompt injection flaw in Google Gemini's voice assistant let attackers hide malicious commands in notifications, enabling social engineering and more....

A threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools....

An improper authentication bug allows attackers to escalate their privileges and escape containers. The post Organizations Warned of Exploited Linux Kernel Vulnerability appeared f...

The default HTTP/2 configuration of major web servers is vulnerable to an attack chain combining a compression bomb and a Slowloris-style hold. The post ‘HTTP/2 Bomb’ E...

Microsoft responds to backlash over its threats of legal action against researchers who publicly disclose zero-day vulnerabilities. The post Microsoft Tries to Calm Legal Threat Fe...

The military branch would take 12 to 18 months to get up and running and also include roughly 5,000 members of the National Guard and up to 6,000 civilians, according to the commis...

Zoom CISO Sandra McLeod discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and her advice for aspiring cybersecurity...

A large-scale malware-as-a-service operation dubbed WeedHack has infected more than 116,464 systems since January 2026 by targeting Minecraft players with trojanized mods, clients,...

Google has rolled out its June 2026 Android security bulletin, addressing 124 vulnerabilities across the mobile operating system, including a high-severity privilege escalation fla...

Russian state-sponsored hacking group Gamaredon, officially linked to the Federal Security Service (FSB), has been exploiting a WinRAR path traversal vulnerability (CVE-2025-8088) ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Oracle WebLogic Server flaw, tracked as CVE-2024-21182, to its Known Exploited Vulnerabil...

Microsoft announced at its Build 2026 developer conference the release of Coreutils for Windows, a package that delivers common Linux command-line utilities as native Windows appli...

OpenAI says it's rolling out a new update that improves the existing GPT-5.5 Instant model, and this move comes ahead of the scheduled retirement of multiple legacy models, includi...

Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to a...

A large-scale malware campaign dubbed WeedHack is targeting Minecraft players and has infected more than 116,000 systems since January. [...]...

A threat actor is using an AI-built ransomware attack toolkit that automates Active Directory discovery and helps evade endpoint detection and response (EDR) solutions. [...]...

As Zoom's CISO, Sandra McLeod, discusses the challenges of securing a global communication platform, the promise of AI-driven security workflows, and advice for aspiring cybersecur...

Once targeting just Microsoft 365, the phishing-as-a-service platform now aims at AWS, Okta, and Russian platforms, while relying on device code phishing....

A sneaky, wide-scale IAB operation uses a malicious traffic distribution system (TDS) to redirect visitors of trusted websites to ones that deliver malware....

China is stealing data from high-value targets via a sneaky, double-layer spear-phishing campaign that includes the Azureveil malware....

High-autonomy agents with broad permissions and unfettered access are a recipe for disaster, and enterprises need to act now before they become the next horror story....