Cyber Security News

An “Important” security update released on March 10, 2026, addresses a high-severity flaw in Active Directory Domain Services (AD DS).Tracked as CVE-2026-25177, this vulnerability has a CVSS score of 8.8. It allows authorized network attackers to elevate their privileges to full SYSTEM control. This Elevation of Privilege flaw stems from an improper restriction on file […]

The post Microsoft Active Directory Domain Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Microsoft has released its latest round of cumulative updates for March 2026, delivering essential security fixes and system improvements for Windows 11 users. These mandatory updates target Windows 11 versions 25H2 and 24H2 (KB5079473) and version 23H2 (KB5078883), focusing on Secure Boot enhancements, system stability, and bug fixes. Updates for Versions 25H2 and 24H2 The […]

The post Microsoft Releases Cumulative Updates for Windows 11 25H2/24H2 and 23H2 appeared first on Cyber Security News.

Early detection is not a best practice — it is the primary lever that separates a contained incident from a catastrophic breach. And yet, across thousands of organizations globally, the gap between when attackers move and when defenders notice remains dangerously wide. The Cost of Being Late The numbers from recent research are unambiguous about […]

The post How to Scale Early Threat Detection in Your SOC without Extra Staff  appeared first on Cyber Security News.

A significant service disruption has hit Meta’s Instagram platform today, leaving thousands of users globally unable to access their accounts, refresh timelines, or send direct messages. As of March 11, 2026, the widespread downtime has primarily affected users in the United States, with a notable impact on international user bases, including those in India and […]

The post Instagram Down: New Outage Causes Widespread Disruption in Posting and DM Functionality appeared first on Cyber Security News.

A critical security flaw has been discovered in a popular open-source, self-hosted Git service, allowing attackers to overwrite Large File Storage (LFS) objects secretly. Tracked as CVE-2026-25921, this maximum-severity vulnerability carries a CVSS 3.1 score of 10.0. It creates a severe risk for software supply-chain attacks. The flaw currently affects Gogs versions 0.14.1 and earlier, […]

The post Gogs Vulnerability Enables Attackers to Silently Overwrite Large File Storage Objects appeared first on Cyber Security News.

An emergency security update has been released to address a newly disclosed .NET Framework vulnerability, tracked as CVE-2026-26127. This security flaw allows unauthenticated, remote attackers to trigger a Denial-of-Service (DoS) condition on the network. With a CVSS score of 7.5, Microsoft has classified the vulnerability as “Important.” It affects multiple versions of .NET across Windows, […]

The post Microsoft .NET 0-Day Vulnerability Enables Denial-of-Service Attacks appeared first on Cyber Security News.

Microsoft has disclosed a critical zero-day vulnerability in SQL Server that allows authenticated attackers to escalate their privileges to the highest administrative level on affected database systems. Tracked as CVE-2026-21262, the flaw was officially released on March 10, 2026, and has already been publicly disclosed, raising urgent concerns for organizations running SQL Server across enterprise […]

The post Microsoft SQL Server Zero-Day Vulnerability Allows Attackers to Escalate Privileges appeared first on Cyber Security News.

Fortinet released a sweeping security advisory on March 10, 2026, addressing eleven vulnerabilities across its core enterprise products, including FortiManager, FortiAnalyzer, FortiSwitchAXFixed, and FortiSandbox. The flaws range from authentication bypasses and buffer overflows to OS command injection and SQL injection, several of which could allow remote attackers to execute arbitrary commands or escalate privileges on […]

The post Fortinet Security Update – Patch for Multiple Vulnerabilities That Enable Malicious Command Execution appeared first on Cyber Security News.

Zoom has released four security bulletins on March 10, 2026, disclosing multiple vulnerabilities across its Windows-based client suite. The flaws, ranging from High to Critical severity, could allow attackers to escalate privileges on affected systems, with one critical flaw exploitable by unauthenticated remote attackers with no prior system access. The most severe vulnerability, tracked as […]

The post Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation appeared first on Cyber Security News.

Fortinet has disclosed a high-severity stack-based buffer overflow vulnerability in its FortiManager platform that could allow remote unauthenticated attackers to execute unauthorized commands. Tracked as CVE-2025-54820 and assigned a CVSSv3 score of 7.0, the flaw poses a significant risk to enterprise network management environments running affected versions of FortiManager. The vulnerability resides in the fgtupdates […]

The post Fortinet FortiManager fgtupdates Vulnerability Allows Attackers to Execute Malicious Commands appeared first on Cyber Security News.

Microsoft released its March 2026 Patch Tuesday security update on March 10, 2026, addressing 78 vulnerabilities across Windows, Microsoft Office, Azure, SQL Server, and .NET. The update includes one actively exploited zero-day vulnerability and multiple Critical-rated flaws demanding immediate attention from security teams. The most urgent fix this month is CVE-2026-21262, the sole zero-day in […]

The post Microsoft Patch Tuesday March 2026 – 78 Vulnerabilities Fixed, Including One 0-day appeared first on Cyber Security News.

Cloudflare has released version 0.8.0 of its open-source Pingora framework to patch three critical vulnerabilities: CVE-2026-2833, CVE-2026-2835, and CVE-2026-2836. These flaws allow HTTP request smuggling and cache poisoning, posing a severe threat to standalone Pingora deployments exposed directly to the internet. Cloudflare confirmed that its own Content Delivery Network (CDN) and customer traffic were completely […]

The post Cloudflare Pingora Vulnerabilities Allows Request Smuggling & Cache Poisoning Attacks appeared first on Cyber Security News.

A critical flaw in how antivirus and Endpoint Detection and Response (EDR) systems process archive files. Tracked as CVE-2026-0866, this weakness allows attackers to use intentionally malformed ZIP headers to sneak malicious payloads past standard security scanners entirely undetected. ZIP archives contain embedded metadata, such as version details, operational flags, and specific compression methods, which […]

The post Malformed ZIP Files Allows Attackers to Bypass Antivirus and EDR Detections appeared first on Cyber Security News.

OpenAI has announced its acquisition of Promptfoo, an artificial intelligence security platform designed to help enterprises find and fix vulnerabilities during development. This strategic move aims to secure AI systems against emerging threats, such as prompt injection and jailbreaks, before they are deployed into live business environments. Once the acquisition is finalized, OpenAI plans to […]

The post OpenAI to Acquire Promptfoo to Fix Vulnerabilities in AI Systems appeared first on Cyber Security News.

Ivanti has issued a security update for its Desktop and Server Management (DSM) software, addressing a high-severity vulnerability that could allow a local authenticated attacker to escalate their privileges on affected systems. The flaw, tracked as CVE-2026-3483, carries a CVSS score of 7.8 and affects all DSM versions up to and including 2026.1. The vulnerability […]

The post Ivanti Desktop and Server Management Vulnerability Allows Attackers to Escalate Privileges appeared first on Cyber Security News.

The Kali Linux team has published a new entry in its growing LLM-driven security series, this time eliminating all reliance on third-party cloud services by running large language models entirely on local hardware. The guide demonstrates how security professionals can use natural language to drive penetration testing tools, all processed on-premise, with no data leaving […]

The post Kali Linux Enhances AI-driven Penetration Testing with Local Ollama, 5ire, and MCP Kali Server appeared first on Cyber Security News.

A serious security flaw in Ivanti Endpoint Manager has caught federal attention after the Cybersecurity and Infrastructure Security Agency (CISA) added it to the Known Exploited Vulnerabilities (KEV) catalog on March 9, 2026. Tracked as CVE-2026-1603, this authentication bypass vulnerability affects all versions of Ivanti Endpoint Manager prior to the 2024 SU5 release and enables […]

The post CISA Warns of Ivanti Endpoint Manager Authentication Bypass Vulnerability Exploited in Attacks appeared first on Cyber Security News.

OpenClaw, a self-hosted AI agent, rose to become GitHub’s most-starred repository weeks after its launch, drawing a large developer community and immediate researcher attention. Nobody anticipated this growth would soon become an unexpected stress test for the global vulnerability tracking ecosystem. In late February, the project began publishing security advisories at a rate few open […]

The post OpenClaw Advisory Surge Exposes Gap Between GitHub and CVE Vulnerability Tracking appeared first on Cyber Security News.

Artificial intelligence leader Anthropic has filed an unprecedented lawsuit against the United States government after being designated a “supply chain risk”. The legal action, filed in a California federal court on Monday, targets the executive office of President Donald Trump, Defense Secretary Pete Hegseth, and 16 federal agencies. The core of the dispute revolves around […]

The post Anthropic Sued the U.S. Government for Labelling Claude as ‘Supply Chain Risk’ appeared first on Cyber Security News.

Two “Important” severity vulnerabilities have been disclosed in Apache ZooKeeper, a widely used service for configuration management and naming in distributed applications, making timely security updates critical. These newly discovered flaws could allow attackers to access sensitive configuration data or bypass hostname verification to impersonate trusted servers. Both vulnerabilities affect ZooKeeper versions 3.8. x and […]

The post Apache ZooKeeper Vulnerability Allow Attackers to Access Sensitive Data appeared first on Cyber Security News.