Cyber Security News

Microsoft has officially launched its new “agentic” capabilities for Copilot in Outlook, transforming the AI from a basic drafting assistant into an autonomous digital agent. Announced on April 27, 2026, this major update enables Copilot to manage both your inbox and calendar proactively. By automating complex, ongoing tasks, Microsoft aims to reduce digital fatigue and […]

The post Microsoft Launches Copilot Agent Mode for Outlook, Inbox and Calendar Functions appeared first on Cyber Security News.

A state-sponsored threat group, Sandworm (also tracked as APT-C-13 and FROZENBARENTS), has launched a targeted cyberattack campaign using a combined SSH and Tor tunneling technique to maintain long-term hidden access inside victim networks. This campaign marks a clear upgrade from the group’s earlier intrusion tactics, shifting from simple malware callbacks toward a fully anonymous, encrypted […]

The post New Sandworm Tradecraft Uses SSH-over-Tor Tunnel for Long-Term Hidden Persistence appeared first on Cyber Security News.

A major software supply chain attack has compromised the popular Python package elementary-data, exposing thousands of developers to massive credential theft. Threat actors successfully pushed a malicious version, 0.23.3, to the Python Package Index (PyPI) and poisoned the matching Docker images on the GitHub Container Registry (GHCR). With over one million monthly downloads, this widely used dbt […]

The post Popular PyPI Package With 1 Million Monthly Downloads Hacked to Inject Malicious Scripts appeared first on Cyber Security News.

Whenever someone uses Windows Remote Desktop, the operating system quietly saves visual fragments of the active session. As recently highlighted by SCYTHE Labs, attackers can easily extract these breadcrumbs and rebuild them into readable screenshots. This process requires no special privileges, takes just a few minutes, and relies entirely on free tools. If your team […]

The post Windows Remote Desktop Leaves Behind Image Fragments Attackers Can Stitch Into Screenshots appeared first on Cyber Security News.

Cybersecurity researchers have recently disclosed three moderate-severity vulnerabilities in OpenClaw, an AI agent framework previously known as Clawdbot and Moltbot. Distributed as an npm package, these security flaws allow bypasses of policy enforcement, gateway configuration mutations, and host override attacks that could lead to credential exposure. The development team has released OpenClaw version 2026.4.20 to […]

The post Multiple OpenClaw Vulnerabilities Enables Policy Bypass and Host Override appeared first on Cyber Security News.

Researchers from the Czech Technical University in Prague have developed a new adversarial malware generator targeting Linux ELF binaries. It achieves a 67.74% evasion rate against ML-based malware detectors while keeping the payload fully functional. Published on arXiv on April 24, 2026, the study by Lukáš Hrdonka and Martin Jurecek exposes a critical blind spot […]

The post Linux ELF Malware Generator Evades ML Detection With Semantic-Preserving Changes appeared first on Cyber Security News.

A well-known Iranian state-sponsored hacking group called OilRig, also tracked as APT34 and Helix Kitten, has been found hiding its command-and-control (C2) server configuration inside a regular-looking image file stored on Google Drive. The threat group used a technique called LSB (Least Significant Bit) steganography to quietly embed encrypted data into a PNG image, making […]

The post OilRig Hides C2 Configuration in Google Drive Image Using LSB Steganography appeared first on Cyber Security News.

A security vulnerability has been identified in Notepad++, one of the most widely used open-source text editors among developers and IT professionals. The vulnerability CVE-2026-3008, which could allow a remote attacker to crash the application or extract sensitive memory address information from affected systems. The vulnerability is a string injection flaw located within the FindInFiles […]

The post Notepad++ Vulnerability Allows Attackers to Crash Application, Leak Memory Data appeared first on Cyber Security News.

A publicly accessible JavaScript file on ClickUp’s homepage has been silently leaking nearly a thousand corporate and government email addresses, including employees from Fortinet, Home Depot, Tenable, Mayo Clinic, and U.S. state government workers, through a hardcoded third-party API key that was first reported in January 2025 and remains unrotated as of April 2026. The […]

The post ClickUp’s Hardcoded API Key Exposes 959 Emails from Fortune 500 Giants appeared first on Cyber Security News.

Google has fixed a critical security flaw in the Gemini CLI that could allow attackers to execute remote code in certain automated workflows. The issue affects the npm package @google/gemini-cli and the google-github-actions/run-gemini-cli GitHub Action, especially when they are used in headless environments such as CI/CD pipelines. According to the security advisory, the vulnerability comes from two related weaknesses: […]

The post Critical Gemini CLI Vulnerability Enables Remote Code Execution Attacks appeared first on Cyber Security News.

A credential-stealing malware named Vidar has quietly emerged as one of the most active threats targeting corporate employees in early 2026. Threat actors are using fake software downloads promoted through YouTube videos to trick workers into installing it on their machines, resulting in widespread theft of login credentials, browser data, and cryptocurrency wallet information. The […]

The post New Vidar Malware Campaign Uses Fake YouTube Software Downloads to Steal Corporate Credentials appeared first on Cyber Security News.

A newly discovered malware campaign is targeting government employees in Pakistan using carefully crafted spear-phishing emails that combine obfuscation and staged payload delivery to stay hidden from security tools. The attack was directed at staff from the Punjab Safe Cities Authority (PSCA) and PPIC3, with the threat actor impersonating an internal consultant and referencing a […]

The post New Malware Uses Obfuscation and Staged Payload Delivery to Evade Detection appeared first on Cyber Security News.

A new phishing campaign is actively targeting Indian taxpayers and businesses by impersonating the Income Tax Department of India. Threat actors have built convincing fake websites that look nearly identical to official government portals, using urgent language to pressure victims into downloading malware-laced files without hesitation. The attack relies on a fraudulent website displaying the […]

The post Hackers Using Fake Income Tax Department’s Notice to Deploy Malware appeared first on Cyber Security News.

Security researchers have raised a warning about two widely trusted tools, macOS textutil and KeePassXC, showing that both can become dangerous when placed inside automated pipelines that process attacker-controlled input. The findings do not point to traditional software flaws. Instead, they reveal how correct, well-designed features can turn into security risks the moment they cross […]

The post Researchers Warn macOS textutil and KeePassXC Can Become Attack Primitives in Automation appeared first on Cyber Security News.

The European Commission has formally proposed measures requiring Google to share anonymized user search data with rival search engines and AI chatbots, marking a landmark enforcement step under the Digital Markets Act (DMA) aimed at dismantling the search giant’s competitive stranglehold across Europe. Announced on April 15, 2026, the Commission’s preliminary findings outline six specific […]

The post EU Proposes Requiring Google to Share User Search Data with Rival Search Engines appeared first on Cyber Security News.

North Korean state-sponsored hackers from the Kimsuky group have launched a targeted campaign against prescription pharmaceutical companies, using a cleverly disguised malware file named White Life Science ERP Specification. The attack uses a fake Excel document to trick employees into running malicious code, giving attackers silent access to the victim’s system. This campaign shows how […]

The post North Korean Hackers Attacking Drug Companies to Deploy Malware Via Weaponized Excel Files appeared first on Cyber Security News.

A new and more capable version of the ClickFix attack has been spotted in the wild, and it works a little differently from what security teams have seen before. Instead of relying on PowerShell, attackers are now chaining native Windows tools, specifically cmdkey and regsvr32, to silently deliver a remote payload without dropping a single […]

The post ClickFix Attack Replaces PowerShell With Cmdkey and Remote Regsvr32 Payload Delivery appeared first on Cyber Security News.

A new open-source toolkit called pentest-ai-agents is redefining how security professionals leverage AI in penetration testing workflows, transforming Anthropic’s Claude Code into a fully specialized offensive security research assistant powered by 28 domain-specific subagents. Released by security researcher 0xSteph on GitHub, pentest-ai-agents is a collection of 28 Claude Code subagents, each carrying deep domain expertise […]

The post pentest-ai-agents – 28 Claude Code Subagents for Penetration Testing appeared first on Cyber Security News.

A newly disclosed security vulnerability in Tenable’s Nessus Agent for Windows could allow attackers to execute malicious code with the highest level of system privileges, raising serious concerns for enterprise security teams relying on the widely-deployed vulnerability assessment platform. The flaw enables a threat actor to create a Windows junction, a type of filesystem symbolic […]

The post Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges appeared first on Cyber Security News.

The GlassWorm supply chain attack targeting the Open VSX marketplace has escalated with the discovery of 73 new “sleeper” extensions. Identified in April 2026, this cluster marks a dangerous shift in how threat actors distribute malware to software developers. This activity follows a major wave discovered in March 2026, where researchers documented 72 malicious Open […]

The post 73 Open VSX Sleeper Extensions Linked to GlassWorm Activate New Malware Campaign appeared first on Cyber Security News.