Aggregator

You must login to view this content

On March 4, 2026, a major international law enforcement operation led to the capture of John Daghita, a U.S. government contractor. Daghita is accused of a massive insider theft, allegedly stealing more than $46 million in cryptocurrency from the United States Marshals Service (USMS). The arrest highlights significant concerns regarding insider threats and the secure […]

The post FBI Arrested U.S. Government Contractor Who Allegedly Stole More than $46 Million appeared first on Cyber Security News.

A critical security bulletin addressing three distinct vulnerabilities in AWS-LC, its open-source, general-purpose cryptographic library. Published on March 2, 2026, the disclosure highlights a flaw that allows unauthenticated attackers to bypass certificate chain verification and exploit timing side-channels. If left unpatched, these vulnerabilities could compromise cryptographic integrity across affected environments. The newly discovered vulnerabilities primarily […]

The post Amazon AWS-LC Vulnerabilities Allows Attackers to Bypass Certificate Chain Verification appeared first on Cyber Security News.

A new Android banking malware called Mirax Bot has surfaced on underground cybercriminal forums, with a threat actor actively promoting it as a powerful tool built specifically for financial fraud. Sold under a Malware-as-a-Service (MaaS) model, the bot is offered in structured rental tiers, making it accessible to a broad range of criminals regardless of […]

The post New Android Mirax Bot Advertised on Cybercriminal Forums Claiming Advanced Capabilities appeared first on Cyber Security News.

A critical security flaw, identified as CVE-2026-1492, has been found in the User Registration & Membership plugin for WordPress. This vulnerability allows unauthenticated attackers to bypass security controls and create administrator accounts, leading to a complete website takeover. The User Registration & Membership plugin helps website owners create custom registration forms and manage user profiles. However, versions up to and including 5.1.2 suffer from a […]

The post WordPress Membership Plugin Vulnerability Let Attackers Create Admin Accounts appeared first on Cyber Security News.

The Administration for Strategic Preparedness and Response’s (ASPR) new cybersecurity module in the Risk Identification and Site Criticality (RISC) 2.0 Toolkit helps organizations identify critical gaps, prioritize investments, and make informed decisions about risk mitigation to reduce disruptions to patient care and strengthen resilience. Healthcare leaders identified cloud-related threats, quantum computing risks, and attacks on connected products as the three areas where they feel least prepared. “Cyber threats are growing more sophisticated. This module is … More →

The post New cyber module strengthens risk planning for health organizations appeared first on Help Net Security.

A sophisticated phishing campaign is targeting iPhone users by impersonating two of the world’s most trusted AI brands — OpenAI’s ChatGPT and Google’s Gemini. The attackers are sending out deceptive emails designed to lure recipients into downloading fake applications from Apple’s official App Store. What makes this operation stand out is that the malicious apps […]

The post Phishing Emails Push Fake ChatGPT and Gemini iOS Apps To Steal Logins appeared first on Cyber Security News.