Cybersecurity News

Security researchers at SentinelOne and WithSecure have uncovered a sophisticated Python-based backdoor named DEEP#DOOR that leverages legitimate tunneling services to establish co...

Atos Threat Research Center (TRC) uncovered in March 2026 a highly resilient malicious operation that distributes a remote‑access trojan called EtherRAT. The campaign abuses GitHub...

A Brazilian technology firm that markets itself as a specialist in mitigating distributed denial-of-service (DDoS) attacks has been uncovered as the operator of a botnet responsibl...

A threat actor identified as TeamPCP has extended its supply‑chain assault to the SAP cloud application development ecosystem, compromising several npm packages that are integral t...

Security researchers using an AI-driven static analysis engine called Sentinel have uncovered a nine‑year‑old flaw in the Linux kernel’s netfilter subsystem. The vulnerability, tra...

Anthropic has officially launched Mythos, its latest large language model designed with a reported 1.2 trillion parameters and native multimodal reasoning capabilities. According t...

Oracle Red Bull Racing has launched a sweeping automation initiative aimed at embedding security directly into the team’s high‑velocity development pipelines. With the pit wall and...

Japan’s financial services industry is on high alert after the release of Anthropic’s latest large language model, internally dubbed “Claude Mythos,” which early demonstrations sug...

Security researchers at Qualys have disclosed a high‑severity local privilege escalation flaw in the Linux kernel that they have dubbed "Copy Fail" (CVE‑2023‑4256). The vulnerabili...

Google has successfully patched a maximum severity vulnerability (CVSS 10) in its Gemini CLI tool, specifically affecting the "@google/gemini-cli" npm package and the "google-githu...

Security researchers have uncovered a new phishing-as-a-service platform called Bluekit that advertises more than 40 ready‑made templates targeting popular online services such as ...

Security researchers at Wiz have leveraged an AI‑powered reverse‑engineering engine to uncover a high‑severity flaw in GitHub’s continuous integration infrastructure that would hav...

Security researchers using an AI‑driven code analysis platform identified 38 distinct vulnerabilities in the OpenEMR electronic health record (EHR) system, including 12 rated criti...

A newly identified ransomware strain named Vect 2.0 has been observed executing wiper‑style attacks against organizations compromised through the TeamPCP software supply chain. The...

A coordinated cyberattack leveraging a newly identified wiper malware, named Lotus Wiper, has struck several energy companies and utility providers in Venezuela, according to a rep...

Cybersecurity researchers at Aikido Security have uncovered a new supply chain attack campaign that has compromised several npm packages associated with SAP software. The malicious...

Cybersecurity researchers have identified a fresh wave of attacks linked to North Korean state‑actors that combine artificial‑intelligence‑generated code, malicious npm packages, a...

In February 2026, a joint research team from SentinelLabs and the University of Calgary published a report revealing a paradigm shift in cyber‑attack tradecraft. The analysts, led ...

Security teams across industries are increasingly discovering that traditional vulnerability management approaches fail to accurately represent organizational risk. Despite closing...

cPanel and its WebHost Manager (WHM) product line contain a critical authentication flaw that could allow a remote attacker to bypass login controls and gain full control of the ho...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security flaws—one affecting ConnectWise ScreenConnect and the other targeting Microsoft Win...

Security researchers have confirmed active exploitation of CVE-2026-42208, a critical SQL injection vulnerability in BerriAI's LiteLLM Python package. The flaw, which was disclosed...

BlueNoroff, the North Korean threat group tracked as an advanced persistent threat (APT), has refined its attack playbook by weaponizing fake Zoom calls to snare cryptocurrency exe...

Chris Inglis, who served as NSA Deputy Director from 2011 to 2014 under Director Keith Alexander, has broken his silence on the agency's missteps during the Edward Snowden affair, ...

The ransomware ecosystem was rocked in early 2026 when two prominent ransomware‑as‑a‑service (RaaS) operations, 0APT and KryBit, turned on each other, spilling a treasure trove of ...

Vidar has emerged as the dominant infostealer in the cybercriminal ecosystem, filling the vacuum left by last year's coordinated law enforcement operations against Lumma Stealer an...

Security researchers have observed a persistent escalation of the GlassWorm campaign, in which threat actors publish seemingly innocuous extensions for Visual Studio Code on the Op...

Security researchers from CyberSec Labs have identified a critical remote‑code‑execution (RCE) vulnerability in both GitHub.com and GitHub Enterprise Server. Tracked as CVE‑2026‑38...

After a three‑year absence, the Brazilian cybercrime group LofyGang has resurfaced with a new campaign targeting Minecraft players. The outfit is deploying a freshly coded stealer ...

The cyber‑crime group behind the VECT 2.0 ransomware has been observed deploying a strain that behaves more like a data‑wiper than conventional ransomware. In recent incidents targ...