Cyber Security News

A Russian state-linked threat actor has launched a targeted cyberattack against a Ukrainian government agency, exploiting a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite to steal credentials and sensitive email data. Dubbed “Operation GhostMail,” the campaign stands out for its complete absence of traditional attack indicators — no malicious file attachments, no suspicious links, […]

The post Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’ appeared first on Cyber Security News.

Authorities have successfully dismantled the command-and-control (C2) infrastructure powering four massive Internet of Things (IoT) botnets. The U.S. Justice Department, collaborating closely with Canadian and German agencies, targeted the administrators and architecture behind the Aisuru, KimWolf, JackSkid, and Mossad botnets. Together, these malicious networks infected over three million devices globally and launched catastrophic Distributed Denial […]

The post Authorities Disrupt IoT Botnet Infrastructure Behind Record-Breaking 30 Tbps DDoS Attacks appeared first on Cyber Security News.

CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-66376, this security flaw is currently facing active exploitation in the wild. Organizations utilizing Zimbra must urgently prioritize remediation to prevent unauthorized access and potential data compromise. The vulnerability is a stored cross-site scripting […]

The post CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert urging organizations to harden their endpoint management system configurations following a cyberattack on Stryker Corporation, a U.S.-based medical technology firm, on March 11, 2026. The attack targeted Stryker’s Microsoft environment and has prompted CISA to coordinate with the Federal Bureau of Investigation […]

The post CISA Urges Organizations to Secure Microsoft Intune Environments Following Stryker Breach appeared first on Cyber Security News.

Austin, United States, March 19th, 2026, CyberNewswire Cybersecurity has entered a new phase, one defined less by reactive controls and more by continuous, intelligence-driven operations. As attack surfaces expand and adversaries increasingly leverage AI, the modern CISO is tasked with orchestrating resilience at scale. Amid this shift, CISO Whisperer has released its list of “Cybersecurity […]

The post CISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026 appeared first on Cyber Security News.

Ubiquiti has disclosed two critical-to-high severity vulnerabilities in its widely deployed UniFi Network Application, including a maximum-severity flaw that could allow unauthenticated attackers to seize full control of underlying systems. Organizations running affected versions are urged to patch immediately. CVE-2026-22557: Path Traversal Enables Full System Compromise The more severe of the two flaws, tracked as […]

The post Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems appeared first on Cyber Security News.

The rise of AI-assisted coding has brought real value to developers around the world, but it has also opened a new door for cybercriminals to exploit. A concept known as “vibe coding” — where users simply describe what they want and AI models write the code for them — has now been turned against everyday […]

The post ‘Vibe-Coded’ Malware Campaign Uses Fake Tools, CDNs and File Hosts to Infect Users appeared first on Cyber Security News.

A malicious Python package named pyronut has been discovered on the Python Package Index (PyPI), targeting developers who build Telegram bots by impersonating the popular pyrogram framework. Rather than relying on typosquatting — where a name resembles a legitimate one — the threat actor copied pyrogram’s entire project description word-for-word, creating what researchers describe as a malicious fork, a […]

The post Malicious ‘Pyronut’ Package Backdoors Telegram Bots With Remote Code Execution appeared first on Cyber Security News.

Three chained vulnerabilities in Claude.ai, Anthropic’s widely used AI assistant, that together allow attackers to silently exfiltrate sensitive conversation data and redirect unsuspecting users to malicious websites, all without requiring any integrations, tools, or MCP server configurations. The vulnerability chain, collectively dubbed Claudy Day, was responsibly reported to Anthropic through its Responsible Disclosure Program, and […]

The post Claude Vulnerabilities Allow Data Exfiltration and User Redirection to Malicious Sites appeared first on Cyber Security News.

A well-known banking trojan called Horabot has resurfaced in an active campaign targeting users across Mexico, combining a multi-stage infection chain with an email worm that turns every compromised machine into a phishing relay. The threat bundles a Delphi-based banking trojan with a PowerShell-driven spreader, making it one of the more layered financially motivated threats […]

The post Horabot Banking Trojan Resurfaces in Mexico With Multi-Stage Phishing and Email Worm Tactics appeared first on Cyber Security News.

A popular code editor extension listed on the Open VSX registry was discovered carrying hidden malware that silently fetches and runs a remote access trojan (RAT) and a full infostealer directly onto developer machines without any visible warning sign. The extension, known as fast-draft under the KhangNghiem publisher account, had accumulated over 26,000 downloads before the malicious activity embedded […]

The post Backdoored Open VSX Extension Used GitHub Downloader to Deploy RAT and Stealer appeared first on Cyber Security News.

A threat actor with ties to Iran has had their entire working infrastructure exposed after carelessly leaving an open directory on their own staging server, handing researchers a rare look into a live botnet operation. The leak revealed a 15-node relay network, a mass SSH deployment framework, DDoS tooling compiled on victim machines, and a […]

The post Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network appeared first on Cyber Security News.

A North Korea-linked hacking group known as WaterPlum has introduced a dangerous new malware called StoatWaffle, deploying it through compromised Visual Studio Code (VSCode) repositories disguised as legitimate blockchain development projects to silently infiltrate developer machines.​ WaterPlum has been running a campaign known as “Contagious Interview” for some time, drawing victims in through fake job […]

The post WaterPlum Deploys New ‘StoatWaffle’ Malware in VSCode-Based Supply Chain Campaign appeared first on Cyber Security News.

A critical security flaw in Microsoft SharePoint has been identified as actively exploited, and on March 18, 2026, the vulnerability was officially added to the Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that threat actors are actively exploiting the flaw in real-world network attacks, prompting an urgent call to action for all network administrators […]

The post CISA Warns of Microsoft SharePoint Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A dangerous new malware implant called SnappyClient has quietly emerged as a serious threat to Windows users, combining remote access, data theft, and sophisticated evasion techniques in one compact C++ package. First spotted in December 2025, this command-and-control (C2) framework implant can log keystrokes, take screenshots, launch a remote terminal, and pull sensitive data from […]

The post New SnappyClient Implant Combines Remote Access, Data Theft and Advanced Evasion appeared first on Cyber Security News.

An active campaign by the Interlock ransomware group is exploiting a critical zero-day vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability may allow an unauthenticated remote attacker to execute arbitrary Java code with root privileges on an affected device. Cisco disclosed the flaw on March 4, 2026; it allows unauthenticated remote […]

The post Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware appeared first on Cyber Security News.

A sophisticated full-chain iOS exploit kit dubbed DarkSword, actively deployed by multiple commercial surveillance vendors and state-sponsored threat actors since at least November 2025 to steal sensitive personal data from iPhone users across four countries. DarkSword is a full-chain iOS exploit that chains six distinct vulnerabilities, four of which were leveraged as zero-days, to achieve complete […]

The post New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data appeared first on Cyber Security News.

Why do so many SOCs still struggle to move quickly even with strong detection tools in place? In many cases, the real bottleneck is Tier 1 triage. When alerts take too long to validate, resources are wasted on noise, senior teams get pulled into low-value cases, and real incidents take longer to confirm.  By giving Tier […]

The post The High Cost of Slow Triage: How to Make Tier 1 the Fastest Layer in Your SOC  appeared first on Cyber Security News.

OpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, releasing its most capable small models designed to handle high-volume, latency-sensitive workloads. The new mini iteration offers a significant performance upgrade over the previous GPT-5 mini across reasoning, coding, tool use, and multimodal understanding, while running more than twice as fast. These models are engineered for […]

The post OpenAI Launches GPT-5.4 Mini and Nano to Provide Answers 2X Faster appeared first on Cyber Security News.

The Unique Identification Authority of India (UIDAI) has officially launched its first structured Bug Bounty Programme. This initiative aims to enhance the security posture of the Aadhaar ecosystem, which serves as the foundational digital identity platform for over a billion Indian residents. By collaborating with independent cybersecurity experts, UIDAI is adopting a proactive, crowdsourced approach […]

The post UIDAI Launches Bug Bounty Programme to Strengthen Aadhaar Security appeared first on Cyber Security News.