Cyber Security News

In a September 2025 incident response case, investigators found a rogue virtual machine inside a VMware vSphere environment and tied it with high confidence to Muddled Libra, also tracked as Scattered Spider and UNC3944. The VM acted like a quiet staging host, giving the intruders a place to recon the network, pull down tools, and […]

The post Rogue VM Linked to Muddled Libra in VMware vSphere Attack, Revealing Key TTPs appeared first on Cyber Security News.

A critical flaw in the WPvivid Backup & Migration WordPress plugin can let an unauthenticated attacker upload files and run code on the server, a path that often ends in full site takeover. The issue is tracked as CVE-2026-1357, scored 9.8 (Critical), and affects plugin versions up to and including 0.9.123, with a fix available […]

The post WordPress Backup Plugin Vulnerability Exposes 800,000 Sites to Remote Code Execution Attacks appeared first on Cyber Security News.

Google has released Chrome 145 to the stable channel for Windows, Mac, and Linux, addressing 11 security vulnerabilities that could enable attackers to execute malicious code on user systems. The update, rolling out over the coming weeks, includes several high-severity fixes that warrant immediate attention. The most severe flaw, CVE-2026-2313, is a use-after-free vulnerability in […]

The post Chrome Security Update – Patch for Vulnerabilities that Enables Code Execution Attacks appeared first on Cyber Security News.

A dangerous malware campaign has emerged on the NPM package registry, putting thousands of developers and Windows users at risk. The malicious package, known as “duer-js,” was published by a user named “luizaearlyx” and disguised itself as a legitimate console visibility tool. Despite having only 528 downloads, security experts warn that its sophisticated attack methods […]

The post Sophisticated ‘duer-js’ NPM Package Distributes ‘Bada Stealer’ Malware Targeting Windows and Discord Users appeared first on Cyber Security News.

Threat actors have begun leveraging Google’s Gemini API to dynamically generate C# code for multi-stage malware, evading traditional detection methods. The Google Threat Intelligence Group (GTIG) detailed this in its February 2026 AI Threat Tracker report, spotlighting the HONESTCUE framework first observed in September 2025. HONESTCUE operates as a downloader and launcher that queries Gemini’s […]

The post Google Warns of Hackers Leveraging Gemini AI for All Stages of Cyberattacks appeared first on Cyber Security News.

The North Korean state-sponsored hacking team, Lazarus Group, has launched a sophisticated fake recruiter campaign targeting cryptocurrency developers through a malicious operation called “graphalgo.” Active since May 2025, this coordinated attack uses fraudulent job offers to distribute remote access trojans to unsuspecting developers working with blockchain and cryptocurrency technologies. The campaign exploits trusted open-source package […]

The post Lazarus Group’s ‘Graphalgo’ Fake Recruiter Campaign Exploits GitHub, npm, and PyPI to Distribute Malware appeared first on Cyber Security News.

Many internet users believe VPNs make them completely anonymous online. While VPNs hide your IP address and encrypt traffic, a new fingerprinting technique reveals they cannot protect against all tracking methods. Country-specific AdBlock filter lists installed in browsers can expose your location, even when using a VPN. Most ad blockers, such as uBlock Origin, Brave, […]

The post Adblock Filters Exposes Reveal User Location Despite VPN Protection appeared first on Cyber Security News.

LummaStealer, a notorious information-stealing malware, has made a significant comeback following a major law enforcement disruption in 2025. This resurgence is characterized by a shift in distribution tactics, moving away from traditional exploit kits towards aggressive social engineering campaigns. Cybercriminals are now leveraging “ClickFix” techniques, which present users with fake CAPTCHA verification pages. These deceptive […]

The post Fake CAPTCHA Attacks Emerge as Key Entry Point for LummaStealer Malware Campaigns appeared first on Cyber Security News.

Security researchers have identified the first documented instance of a malicious Microsoft Outlook add-in being used against users in real-world scenarios. A compromised meeting scheduler named AgreeTo was used to steal over 4,000 Microsoft account credentials, credit card numbers, and answers to banking security questions. AgreeTo began as a legitimate open-source project published to the Microsoft Office […]

The post Microsoft Outlook Add-in Stolen 4,000 Microsoft account Credentials and Credit Card Numbers appeared first on Cyber Security News.

A new and dangerous class of cyberattack called “Promptware” has been discovered, capable of turning your personal AI assistant into a sleeper agent that spies on you. Security researchers from Ben-Gurion University, Tel Aviv University, and Harvard have demonstrated a terrifying exploit in which a simple Google Calendar invite can trick Google’s Gemini assistant into […]

The post Promptware – Hackers Can Use Google Calendar Invites to Stream Victims’ Cameras via Zoom appeared first on Cyber Security News.

A $44 hardware implant disguised as an ordinary computer mouse. This device acts as a covert keystroke injector, akin to the Hak5 Rubber Ducky, but leverages the innocuous form factor of a mouse to bypass basic user awareness training. Plug it in, and it autonomously runs payloads that execute commands, deliver reverse shells, or worse, […]

The post $44 Evilmouse Autonomously Executes Commands and Compromises Systems Once Connected appeared first on Cyber Security News.

A critical denial-of-service (DoS) flaw in Palo Alto Networks’ PAN-OS software could let unauthenticated attackers crash firewalls into endless reboot cycles, potentially crippling enterprise networks. Dubbed CVE-2026-0229, the vulnerability lurks in the Advanced DNS Security (ADNS) feature. An attacker sends a maliciously crafted packet to trigger a system reboot. Repeated exploitation forces the firewall into […]

The post Palo Alto Networks Firewall Vulnerability Allows an Attacker to Force Firewalls into a Reboot Loop appeared first on Cyber Security News.

Cybercriminals are increasingly using valid administrative software to launch attacks, making their malicious activities much harder to spot. Instead of relying solely on custom computer viruses, these actors abuse legitimate workforce monitoring tools to hide inside business networks. By utilizing software designed for tracking employee productivity, they can control systems and steal sensitive data without […]

The post Threat Actors Leveraging Employee Monitoring and SimpleHelp Tools to Deploy Ransomware Attacks appeared first on Cyber Security News.

WhatsApp has accused the Russian government of attempting a nationwide block on its messaging service to force over 100 million users onto a Kremlin-backed alternative riddled with surveillance risks. In a statement on X, the Meta-owned app declared: “Today the Russian government attempted to fully block WhatsApp in an effort to drive people to a […]

The post Russia Blocked WhatsApp For Over 100 Million Users Nationwide appeared first on Cyber Security News.

An Israeli spyware firm, Paragon Solutions, accidentally exposed its secretive Graphite control panel in a LinkedIn post, drawing sharp criticism from cybersecurity experts. The blunder offers a rare glimpse into the tool’s operations targeting encrypted communications. Cybersecurity researcher Jurre van Bergen spotted the image posted by Paragon’s general counsel on LinkedIn on February 11, 2026. […]

The post Israeli Spyware Firm Exposes Paragon Spyware Control Panel on LinkedIn appeared first on Cyber Security News.

Apple released iOS 26.3 and iPadOS 26.3 on February 11, 2026, patching over 40 vulnerabilities, including a critical zero-day in the dyld component actively exploited in targeted attacks. The update addresses CVE-2026-20700, a memory-corruption flaw discovered by Google’s Threat Analysis Group, which enables arbitrary code execution for attackers with memory-write access. Dyld, Apple’s Dynamic Link […]

The post Apple 0-Day Vulnerability Actively Exploited in Sophisticated Attack to Target Individuals appeared first on Cyber Security News.

A newly tracked intrusion framework called VoidLink is drawing attention for its modular design and focus on Linux systems. It behaves like an implant management framework, letting operators deploy a core implant and add capabilities as needed, which shortens the time from access to action. Recent activity has been linked to a threat actor Cisco […]

The post VoidLink Framework Enables On-Demand Tool Generation with Windows Plugin Support appeared first on Cyber Security News.

Modern warfare extends far beyond physical battlefields, increasingly infiltrating the digital servers and supply chains that safeguard national defense. Today, the sector faces a relentless barrage of cyber operations from state-sponsored actors and criminal groups alike. These attacks no longer focus solely on military entities but aggressively target defense contractors, aerospace manufacturers, and individual employees […]

The post GTIG Analysis Highlights Escalating Espionage and Supply Chain Risks Facing Defense Sector appeared first on Cyber Security News.

A sophisticated cyber threat has emerged, targeting users across multiple operating systems through compromised mirror websites and GitHub repositories. The RU-APT-ChainReaver-L campaign represents one of the most elaborate supply chain attacks identified recently, affecting Windows, macOS, and iOS platforms simultaneously. This campaign employs advanced techniques including code signing with valid certificates, deceptive redirect chains, and […]

The post RU-APT-ChainReaver-L Hijacks Trusted Websites and GitHub Repos in Massive Cross-Platform Supply Chain Campaign appeared first on Cyber Security News.

An unprecedented surge in exploitation attempts targeting CVE-2026-1281, a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM). On February 9, 2026, Shadowserver scans revealed over 28,300 unique source IP addresses attempting to exploit the flaw, marking one of the largest coordinated attack campaigns observed against enterprise mobile management infrastructure this year. CVE-2026-1281 is a pre-authentication […]

The post Massive Spike in Attacks Exploiting Ivanti EPMM Systems 0-day Vulnerability appeared first on Cyber Security News.