Aggregator

A medium-severity flaw in ActiveMQ (CVE-2025-66168, CVSS 5.4) allows authenticated attackers to trigger a Denial-of-Service (DoS) using malformed network packets. The issue was initially discovered by security researcher Gai Tanaka and confirmed on the Apache mailing list by maintainers Christopher L. Shannon and Matt Pavlovich. The root cause of this vulnerability lies in the Apache […]

The post Apache ActiveMQ Allow Attackers to Trigger DoS Attacks With Malformed Packets appeared first on Cyber Security News.

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

You must login to view this content

On March 4, 2026, a major international law enforcement operation led to the capture of John Daghita, a U.S. government contractor. Daghita is accused of a massive insider theft, allegedly stealing more than $46 million in cryptocurrency from the United States Marshals Service (USMS). The arrest highlights significant concerns regarding insider threats and the secure […]

The post FBI Arrested U.S. Government Contractor Who Allegedly Stole More than $46 Million appeared first on Cyber Security News.

A critical security bulletin addressing three distinct vulnerabilities in AWS-LC, its open-source, general-purpose cryptographic library. Published on March 2, 2026, the disclosure highlights a flaw that allows unauthenticated attackers to bypass certificate chain verification and exploit timing side-channels. If left unpatched, these vulnerabilities could compromise cryptographic integrity across affected environments. The newly discovered vulnerabilities primarily […]

The post Amazon AWS-LC Vulnerabilities Allows Attackers to Bypass Certificate Chain Verification appeared first on Cyber Security News.

A new Android banking malware called Mirax Bot has surfaced on underground cybercriminal forums, with a threat actor actively promoting it as a powerful tool built specifically for financial fraud. Sold under a Malware-as-a-Service (MaaS) model, the bot is offered in structured rental tiers, making it accessible to a broad range of criminals regardless of […]

The post New Android Mirax Bot Advertised on Cybercriminal Forums Claiming Advanced Capabilities appeared first on Cyber Security News.

A critical security flaw, identified as CVE-2026-1492, has been found in the User Registration & Membership plugin for WordPress. This vulnerability allows unauthenticated attackers to bypass security controls and create administrator accounts, leading to a complete website takeover. The User Registration & Membership plugin helps website owners create custom registration forms and manage user profiles. However, versions up to and including 5.1.2 suffer from a […]

The post WordPress Membership Plugin Vulnerability Let Attackers Create Admin Accounts appeared first on Cyber Security News.