Cyber Security News

A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — [email protected] and [email protected] — were published within minutes of each other by the same publisher, AstrOOnauta, and together accounted […]

The post Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware appeared first on Cyber Security News.

A novel attack technique that exploits a fundamental blind spot in AI web assistants the gap between what a browser renders for a user and what an AI tool actually reads from the underlying HTML. Using nothing more than a custom font file and basic CSS, attackers can silently deliver malicious instructions to users while […]

The post Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems appeared first on Cyber Security News.

With the rapid growth of e-commerce and mobile payments, online shopping has become an essential part of everyday life for many people. Consumers now purchase everything from electronics and household products to digital services through online platforms. While this convenience has made shopping faster and more accessible, it has also introduced new cybersecurity challenges. Fake […]

The post How to Shop Online Safely While Finding Better Deals  appeared first on Cyber Security News.

A significant security flaw in AWS Bedrock AgentCore Code Interpreter’s “Sandbox” network mode, a feature advertised by AWS as providing complete network isolation that allows outbound DNS queries, enabling threat actors to establish covert command-and-control (C2) channels and exfiltrate sensitive data. AWS Bedrock AgentCore Code Interpreter is a managed service that allows AI agents and […]

The post AWS Bedrock AgentCore Sandbox Bypass Allows Covert C2 Channels and Data Exfiltration appeared first on Cyber Security News.

At first glance, false positives in cybersecurity seem almost comforting.  An alert fires. A SOC analyst investigates. It turns out to be nothing malicious. Case closed. Systems are safe, detection works, and the organization moves on.  In theory, this looks like a healthy process. Better safe than sorry, right?  But every false alert consumes time. Every investigation diverts attention from real threats. And every unnecessary escalation chips […]

The post To Beat Alert Overload, Stop Wasting Time on False Positives  appeared first on Cyber Security News.

A financially motivated threat actor known as Storm-2561 has been running a credential theft campaign since May 2025, manipulating search engine rankings to push fake VPN software toward enterprise users. The campaign targets employees searching for tools such as Pulse Secure, Fortinet, and Ivanti, redirecting them to spoofed websites that serve malicious download packages. Once […]

The post Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials appeared first on Cyber Security News.

A path traversal vulnerability has been identified in the Kubernetes Container Storage Interface (CSI) Driver for NFS, potentially allowing attackers to delete or modify unintended directories on NFS servers. The flaw stems from insufficient validation of the subDir parameter in volume identifiers, exposing clusters that permit users to create PersistentVolumes referencing the NFS CSI driver. […]

The post Kubernetes CSI Driver for NFS Vulnerability Lets Attackers Delete or Modify NFS Server Directories appeared first on Cyber Security News.

Microsoft has rolled out an out-of-band update for Windows 11 users to address a frustrating interface bug affecting Bluetooth device visibility. Released on March 16, 2026, this emergency patch resolves a software glitch in which connected wireless peripherals mysteriously disappeared from the operating system’s settings menus. While Microsoft typically issues security and performance fixes on […]

The post New Windows 11 25H2/24H2 Update Fixes Bluetooth Devices Visibility Issues appeared first on Cyber Security News.

A newly identified phishing campaign is turning legitimate customer service software into a weapon for stealing sensitive user data. Attackers have been found abusing LiveChat, a widely used Software-as-a-Service (SaaS) platform that businesses rely on for real-time customer support, to carry out convincing phishing operations against unsuspecting victims. The campaign marks a clear shift from […]

The post Phishers Abuse LiveChat Support Tools to Steal Sensitive Data in New SaaS-Based Attack Tactic appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a critical evasion flaw in Palo Alto Networks’ Cortex XDR agent that allowed attackers to bypass behavioral detections completely. By reverse-engineering these encrypted rules, the InfoGuard Labs team discovered hardcoded global whitelists that enabled threat actors to execute malicious actions without triggering security alerts.​ Decrypting the Detection Engine Palo Alto Cortex […]

The post Researchers Decrypt and Exploit Encrypted Palo Alto Cortex XDR BIOC Rules appeared first on Cyber Security News.

Network infrastructure has become one of the most targeted areas in today’s threat landscape. Over recent years, attackers ranging from nation-state groups to financially driven criminal actors have steadily shifted their focus toward routers, firewalls, and other network devices. These devices sit at the core of enterprise environments, making them ideal entry points for long-term […]

The post New CondiBot Variant and ‘Monaco’ Cryptominer Expand Threats to Network Devices appeared first on Cyber Security News.

Medical technology giant Stryker Corporation confirmed on March 11, 2026, that it suffered a significant cyberattack that disrupted its global Microsoft environment, with Iran-linked threat actor Handala claiming responsibility for what appears to be a politically motivated, destructive operation. Unlike typical financially driven intrusions, the attack on Stryker bears the hallmarks of a destructive wiper […]

The post Stryker Confirms Destructive Wiper Attack – Tens of Thousands of Devices Wiped appeared first on Cyber Security News.

An Iranian threat actor known as Handala Hack has carried out a series of destructive cyberattacks against organizations in Israel, Albania, and the United States, using remote desktop access, network tunneling, and multiple simultaneous data-wiping tools. The group operates under the broader identity of Void Manticore, also tracked as Red Sandstorm and Banished Kitten, and […]

The post Handala Hack Uses RDP, NetBird, and Parallel Wipers in MOIS-Linked Destructive Intrusions appeared first on Cyber Security News.

A sophisticated espionage campaign, tracked as Operation CamelClone, has been actively targeting government agencies, defense institutions, and diplomatic bodies across multiple countries, including Algeria, Mongolia, Ukraine, and Kuwait. The operation relies on spear-phishing emails carrying malicious ZIP archives disguised as official government correspondence, tricking recipients into triggering a multi-stage infection chain that ultimately leads to […]

The post CamelClone Spy Campaign Abuses Public File-Sharing Sites and Rclone in Government-Focused Attacks appeared first on Cyber Security News.

A newly tracked botnet called RondoDox has quietly built itself into one of the more concerning threats observed in recent months, combining an unusually large collection of exploits with a calculated use of residential internet infrastructure. First detected in May 2025, the botnet began generating high volumes of traffic in security honeypots and has since […]

The post RondoDox Botnet Expands to 174 Exploits, Leveraging Residential IP Infrastructure at Scale appeared first on Cyber Security News.

Every day, billions of people rely on postal and courier services to deliver everything from personal letters to online orders. This dependence has grown steadily alongside the global rise of e-commerce. The 2024 Universal Postal Union report found that postal services now serve 7.3 billion people, and Statista recorded roughly 161 billion parcels shipped in […]

The post Fake Shipment Tracking Scams Surge in MEA, Stealing Banking Data Through Real-Time Phishing appeared first on Cyber Security News.

A concerning development has emerged in early 2026, as IBM X-Force uncovered a likely AI-generated malware strain they named “Slopoly,” deployed during a ransomware attack by the financially motivated threat group Hive0163. The group is primarily focused on large-scale data theft and ransomware deployments, using a growing arsenal of custom-built tools to stay persistent inside […]

The post IBM Uncovers ‘Slopoly,’ Likely AI-Generated Malware Used in Hive0163 Ransomware Attack appeared first on Cyber Security News.

China’s largest cybersecurity firm, Qihoo 360, has inadvertently exposed its own wildcard SSL private key by bundling it directly inside the public installer of its newly launched AI assistant, 360Qihoo (Security Claw). The flaw discovered on March 16, 2026, is a textbook operational security failure from a company trusted by over 461 million users to […]

The post Qihoo 360 Leaked Its Own Wildcard SSL Private Key Inside Public AI Installer appeared first on Cyber Security News.

The creator of the widely popular Gitleaks tool has launched a new open-source secrets scanner called Betterleaks. Sponsored by Aikido Security, this modern tool is a faster, highly configurable successor that detects exposed credentials across directories, files, and Git repositories. Gitleaks has become an industry standard, with over 26 million downloads, and is used by […]

The post Betterleaks – A New Open-Source Tool to Scan Directories, Files, and Git Repositories appeared first on Cyber Security News.

A threat group known as Konni APT has been caught running a multi-stage attack campaign that starts with targeted spear-phishing emails and ends with hijacking victims’ KakaoTalk messaging accounts to push malware further. The campaign was uncovered following a forensic investigation of a compromised system and relies on North Korean human rights themes to trick […]

The post Konni APT Hijacks KakaoTalk Accounts to Spread Malware in Multi-Stage Spear-Phishing Campaign appeared first on Cyber Security News.