Cyber Security News

A critical vulnerability in the MediaTek Dimensity 7300 chipset allows a physical attacker to extract device PINs, decrypt on-device storage, and steal cryptocurrency wallet seed phrases in approximately 45 seconds, raising serious alarms for the roughly 25% of Android users whose devices rely on the affected chip. The vulnerability uncovered by Ledger’s Donjon security research […]

The post Critical MediaTek Vulnerability Lets Attackers Steal Android Phone PINs in 45 Seconds appeared first on Cyber Security News.

AI assistants have rapidly transformed daily operations, streamlining tasks for teams managing overloaded inboxes, client communications, and incident response. Tools like Microsoft Copilot integrate directly into daily workflows, summarizing emails and meetings while pulling context from across the Microsoft 365 ecosystem. However, this convenience introduces a novel security boundary that many organizations have not yet […]

The post Microsoft Copilot Email and Teams Summarization Vulnerability Enables Phishing Attacks appeared first on Cyber Security News.

A security advisory has been issued for a newly discovered vulnerability affecting the Cortex XDR Broker Virtual Machine (VM). This flaw could allow a highly privileged, authenticated attacker to access and alter sensitive system information. Fortunately, the issue was discovered internally, and there are currently no reports of active malicious exploitation in the wild. Paloalto […]

The post Paloalto Cortex XDR Broker Vulnerability Attackers to Obtain and Modify Sensitive Information appeared first on Cyber Security News.

The U.S. subsidiary of a Swedish telecommunications multinational has disclosed a data breach exposing the personal information of employees and customers. The incident did not occur on Ericsson’s internal network, but rather targeted one of the company’s third-party service providers. According to the breach notification letter, the unauthorized access occurred over a five-day window between […]

The post Ericsson US Discloses Data Breach – Hackers Stolen Employees and Customers Data appeared first on Cyber Security News.

Cisco has issued a high-severity security advisory warning organizations about two critical privilege-escalation vulnerabilities in its IOS XR Software. If exploited, these flaws could allow an authenticated, local attacker to execute arbitrary commands as root or gain full administrative control over affected routing devices. Both vulnerabilities were discovered during internal security testing by Cisco, and the […]

The post Cisco IOS XR Software Vulnerability Allow Attacker to Execute Commands as Root appeared first on Cyber Security News.

A critical security advisory has been released, warning users of a high-severity vulnerability affecting both Enterprise and Cloud platforms. Tracked as CVE-2026-20163, this flaw carries a CVSS score of 8.0. It enables attackers to perform Remote Command Execution (RCE) on targeted systems. The vulnerability stems from improper handling of user inputs when the system previews […]

The post Splunk RCE Vulnerability Allows Attackers to Execute Arbitrary Shell Commands appeared first on Cyber Security News.

Cybersecurity authorities have flagged a severe security flaw in SolarWinds Web Help Desk that requires immediate attention from system administrators. Tracked as CVE-2025-26399, this vulnerability allows malicious actors to execute unauthorized commands directly on the host machine. Because of its severity and active exploitation, the Cybersecurity and Infrastructure Security Agency (CISA) has officially added this […]

The post SolarWinds Web Help Desk Deserialization Vulnerability Enables Command Execution appeared first on Cyber Security News.

On March 10, 2026, Microsoft released security updates to address a critical vulnerability in its widely used Office suite. Tracked as CVE-2026-26110, this security flaw allows an unauthorized attacker to execute malicious code on a victim’s device. With a high severity rating and a CVSS base score of 8.4 out of 10, the vulnerability affects […]

The post Critical Microsoft Office Vulnerability Enables Remote Code Execution Attacks appeared first on Cyber Security News.

GitLab has released urgent security updates for its Community Edition (CE) and Enterprise Edition (EE) to address a wide range of vulnerabilities. The newly released versions 18.9.2, 18.8.6, and 18.7.6 fix a total of 15 security issues, including critical Cross-Site Scripting (XSS) and Denial-of-Service (DoS) flaws. Administrators of self-managed instances are strongly urged to apply […]

The post GitLab Security Update – Patch for XSS and API DoS Vulnerabilities appeared first on Cyber Security News.

On March 11, 2026, the global medical technology giant Stryker experienced a severe cyberattack when Iranian-linked hackers used wiper malware to permanently erase data from its network. The breach severely impacted operations at its Cork headquarters and compromised devices worldwide, prompting immediate investigations by internal cybersecurity teams and Microsoft engineers. A massive cyberattack struck Stryker […]

The post Stryker Cyber Attack – Hackers Claim System Breach and Device Wipe appeared first on Cyber Security News.

Iran’s internet blackout has now surpassed ten consecutive days, with Cloudflare Radar data confirming that HTTP traffic from the country remains well below 1% of pre-shutdown levels, effectively severing approximately 90 million Iranians from the global internet. The near-total blackout began around 07:00 UTC on February 28, 2026, coinciding with joint US and Israeli military […]

The post Iran’s Internet Blackout Surpasses 10 Days as Traffic Flatlines Below 1% of Normal Levels appeared first on Cyber Security News.

An “Important” security update released on March 10, 2026, addresses a high-severity flaw in Active Directory Domain Services (AD DS).Tracked as CVE-2026-25177, this vulnerability has a CVSS score of 8.8. It allows authorized network attackers to elevate their privileges to full SYSTEM control. This Elevation of Privilege flaw stems from an improper restriction on file […]

The post Microsoft Active Directory Domain Services Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

Microsoft has released its latest round of cumulative updates for March 2026, delivering essential security fixes and system improvements for Windows 11 users. These mandatory updates target Windows 11 versions 25H2 and 24H2 (KB5079473) and version 23H2 (KB5078883), focusing on Secure Boot enhancements, system stability, and bug fixes. Updates for Versions 25H2 and 24H2 The […]

The post Microsoft Releases Cumulative Updates for Windows 11 25H2/24H2 and 23H2 appeared first on Cyber Security News.

Early detection is not a best practice — it is the primary lever that separates a contained incident from a catastrophic breach. And yet, across thousands of organizations globally, the gap between when attackers move and when defenders notice remains dangerously wide. The Cost of Being Late The numbers from recent research are unambiguous about […]

The post How to Scale Early Threat Detection in Your SOC without Extra Staff  appeared first on Cyber Security News.

A significant service disruption has hit Meta’s Instagram platform today, leaving thousands of users globally unable to access their accounts, refresh timelines, or send direct messages. As of March 11, 2026, the widespread downtime has primarily affected users in the United States, with a notable impact on international user bases, including those in India and […]

The post Instagram Down: New Outage Causes Widespread Disruption in Posting and DM Functionality appeared first on Cyber Security News.

A critical security flaw has been discovered in a popular open-source, self-hosted Git service, allowing attackers to overwrite Large File Storage (LFS) objects secretly. Tracked as CVE-2026-25921, this maximum-severity vulnerability carries a CVSS 3.1 score of 10.0. It creates a severe risk for software supply-chain attacks. The flaw currently affects Gogs versions 0.14.1 and earlier, […]

The post Gogs Vulnerability Enables Attackers to Silently Overwrite Large File Storage Objects appeared first on Cyber Security News.

An emergency security update has been released to address a newly disclosed .NET Framework vulnerability, tracked as CVE-2026-26127. This security flaw allows unauthenticated, remote attackers to trigger a Denial-of-Service (DoS) condition on the network. With a CVSS score of 7.5, Microsoft has classified the vulnerability as “Important.” It affects multiple versions of .NET across Windows, […]

The post Microsoft .NET 0-Day Vulnerability Enables Denial-of-Service Attacks appeared first on Cyber Security News.

Microsoft has disclosed a critical zero-day vulnerability in SQL Server that allows authenticated attackers to escalate their privileges to the highest administrative level on affected database systems. Tracked as CVE-2026-21262, the flaw was officially released on March 10, 2026, and has already been publicly disclosed, raising urgent concerns for organizations running SQL Server across enterprise […]

The post Microsoft SQL Server Zero-Day Vulnerability Allows Attackers to Escalate Privileges appeared first on Cyber Security News.

Fortinet released a sweeping security advisory on March 10, 2026, addressing eleven vulnerabilities across its core enterprise products, including FortiManager, FortiAnalyzer, FortiSwitchAXFixed, and FortiSandbox. The flaws range from authentication bypasses and buffer overflows to OS command injection and SQL injection, several of which could allow remote attackers to execute arbitrary commands or escalate privileges on […]

The post Fortinet Security Update – Patch for Multiple Vulnerabilities That Enable Malicious Command Execution appeared first on Cyber Security News.

Zoom has released four security bulletins on March 10, 2026, disclosing multiple vulnerabilities across its Windows-based client suite. The flaws, ranging from High to Critical severity, could allow attackers to escalate privileges on affected systems, with one critical flaw exploitable by unauthenticated remote attackers with no prior system access. The most severe vulnerability, tracked as […]

The post Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation appeared first on Cyber Security News.