Cyber Security News

A new security feature for Teams Calling now alerts users to suspicious external calls that try to impersonate trusted organizations. The feature will begin deployment in mid-February 2026 for Targeted Release customers, with general availability timelines to be communicated later. Brand Impersonation Protection is a proactive security safeguard that evaluates inbound Voice over IP (VoIP) […]

The post Microsoft to Add Brand Impersonation Protection Warning to Teams Calls appeared first on Cyber Security News.

Security researchers at Pwn2Own Automotive 2026 demonstrated 76 unique zero-day vulnerabilities across electric vehicle chargers and in-vehicle infotainment systems. The three-day event in Tokyo awarded $1,047,000 USD total, with Fuzzware.io claiming the Master of Pwn title. Day One Activities Day One featured 30 entries targeting systems like Alpine iLX-F511, Kenwood DNR1007XR, and various EV chargers, […]

The post 76 Zero-day Vulnerabilities Uncovered by Hackers on Pwn2Own Automotive 2026 appeared first on Cyber Security News.

A major security threat has emerged targeting developers who use EmEditor, a popular text editor favored by Japanese programming communities. In late December 2025, the software’s official download page fell victim to a compromise that allowed attackers to distribute malicious versions of the installer to unsuspecting users. The attack demonstrates how trusted software platforms can […]

The post New Watering Hole Attacking EmEditor User with Stealer Malware appeared first on Cyber Security News.

Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass vulnerability, with a new automated campaign targeting even fully patched FortiGate devices. Cybersecurity firm Arctic Wolf first observed the attacks on January 15, 2026, involving rapid configuration exfiltration and persistence via generic admin accounts. In December 2025, Fortinet disclosed two critical vulnerabilities, CVE-2025-59718 and CVE-2025-59719 […]

The post Fortinet Confirms Active Exploitation of FortiCloud SSO Authentication Bypass Vulnerability appeared first on Cyber Security News.

Artificial intelligence (AI) features have been added to Windows 11 Notepad and Paint for Canary and Dev Channel users, turning them into cloud-connected tools that require sign-in. The Notepad update (version 11.2512.10.0) brings AI-powered text generation, rewriting, and summarization features that stream results from both local and cloud sources. Users must sign in with Microsoft […]

The post New Windows Notepad and Paint Update Brings More Useful AI Features appeared first on Cyber Security News.

A newly discovered ransomware family called Osiris launched attacks against a major food service company in Southeast Asia during November 2025. Security researchers have identified this threat as a completely new malware variant with no connection to an older ransomware family that shared the same name in 2016. The emergence of Osiris marks another addition […]

The post New Osiris Ransomware Using Wide Range of Living off the Land and Dual-use Tools in Attacks appeared first on Cyber Security News.

Miami, Florida, January 22nd, 2026, CyberNewsWire Halo Security, a leading provider of external attack surface management and penetration testing services, today announced it has successfully achieved SOC 2 Type II compliance following an extensive multi-month audit by Insight Assurance. This certification validates that Halo Security’s security controls are not only properly designed but also operate […]

The post Halo Security Achieves SOC 2 Type II Compliance, Demonstrating Sustained Security Excellence Over Time appeared first on Cyber Security News.

A sophisticated phishing campaign targeting PNB MetLife insurance customers has surfaced, deceiving victims through fake payment gateway pages that steal personal information and redirect them to fraudulent UPI transactions. The scam exploits the trusted reputation of PNB MetLife by creating convincing mobile-optimized payment portals that mimic legitimate premium payment services. These malicious pages accept policy […]

The post Beware of PNB MetLife Payment Gateway that Steals Your Details and Direct to UPI Payments appeared first on Cyber Security News.

Security vulnerabilities in the Canonical Snap Store have reached a critical level as attackers continue to distribute malicious software through the popular Linux package repository. Scammers are deploying fraudulent cryptocurrency wallet applications that steal digital assets from unsuspecting users. The campaign involves sophisticated tactics designed to evade detection systems and manipulate trust signals that users […]

The post Hackers Hijacking Snap Domains to Posion Linux Software Packages for Desktops and Servers appeared first on Cyber Security News.

A sophisticated malware campaign targeting unsuspecting users has emerged, disguising malicious proxyware as legitimate Notepad++ installations. This attack, orchestrated by the threat actor Larva-25012, exploits users seeking cracked software through deceptive advertisement pages and fake download portals. The malware hijacks victims’ internet bandwidth without consent, allowing attackers to profit by sharing network resources with external […]

The post Proxyware Malware Disguised as Notepad++ Tool Leverages Windows Explorer Process to Hijack Systems appeared first on Cyber Security News.

A new powerful method to detect and trace attacker infrastructure using JA3 fingerprinting, a technique that identifies malicious tools through network communication patterns. While many security teams considered JA3 fingerprints outdated after fingerprint lists remained largely unchanged since 2021, fresh analysis reveals this technology remains highly effective for uncovering hidden attacker networks and tooling. The […]

The post Attackers Infrastructure Exposed Using JA3 Fingerprinting Tool appeared first on Cyber Security News.

U.S. authorities have pulled back the curtain on “r1z,” an initial access broker who quietly sold gateways into corporate networks around the world. Operating across popular cybercrime forums, he offered stolen VPN credentials, remote access to enterprise environments, and custom tools designed to bypass security controls. His activity fed the ransomware supply chain by giving […]

The post Researchers Detailed r1z Initial Access Broker OPSEC Failures appeared first on Cyber Security News.

Day One of Pwn2Own Automotive 2026, which delivered $516,500 USD for 37 zero-days, the event has now accumulated $955,750 USD across 66 unique vulnerabilities, demonstrating the automotive sector’s substantial attack surface. The competition showcased exploits targeting multiple vehicle subsystems, including in-vehicle infotainment (IVI) systems, EV charging stations, and embedded Linux environments. Researchers successfully demonstrated command […]

The post Hackers Earned $516,500 for 37 Unique 0-day Vulnerabilities – Pwn2Own Automotive 2026 appeared first on Cyber Security News.

A critical authentication bypass vulnerability in SmarterTools SmarterMail is actively being exploited in the wild by attackers, according to security researchers at watchTowr Labs. The vulnerability, tracked as WT-2026-0001, allows unauthenticated attackers to reset the system administrator password without any validation, leading to complete system takeover. The flaw exists in the ForceResetPassword API endpoint, which is designed […]

The post Attackers Reverse‑Engineer Patch to Exploit SmarterMail Admin Bypass in the Wild appeared first on Cyber Security News.

Attackers have launched a widespread campaign called ClickFix that steals Facebook account credentials by tricking users into handing over their session tokens. Rather than using complex malware or software exploits, the attack relies on social engineering to guide victims through a fake verification process. This campaign has grown significantly since early 2025 and continues to […]

The post New ClickFix Campaign Hijacks Facebook Sessions Using Fake Verification Pages appeared first on Cyber Security News.

A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as CVE-2026-22755, affects dozens of camera models and poses significant risks to organizations relying on legacy surveillance infrastructure. The vulnerability exists in the upload_map.cgi script, where user-supplied filenames are processed through an unsanitized snprintf() function […]

The post Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code appeared first on Cyber Security News.

A new cluster of automated malicious activity targeting FortiGate firewall devices. Beginning January 15, 2026, threat actors have been observed executing unauthorized configuration changes, establishing persistence through generic accounts, and exfiltrating sensitive firewall configuration data. This campaign echoes a December 2025 incident involving malicious SSO logins shortly after Fortinet disclosed critical vulnerabilities CVE-2025-59718 and CVE-2025-59719. […]

The post FortiGate Firewalls Hacked in Automated Attacks to Steal Configuration Data appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after confirming active exploitation of a zero-day remote code execution (RCE) vulnerability in multiple Cisco Unified Communications products. Tracked as CVE-2026-20045, the flaw enables code injection attacks that grant attackers user-level access to the underlying OS, followed by full root privilege escalation. Added […]

The post CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A new malicious package on the Python Package Index (PyPI), named sympy-dev, has been caught impersonating the widely used SymPy library to deliver cryptomining malware. SymPy is a popular symbolic mathematics library that sees tens of millions of downloads every month, making it an attractive target for attackers looking to abuse developer trust and widespread adoption. […]

The post Malicious PyPI Package Mimic as Popular Sympy-Dev to Attack Millions of Users appeared first on Cyber Security News.

A high-severity vulnerability has been disclosed in BIND 9, the widely used DNS server software responsible for domain name resolution across millions of internet services. The vulnerability, tracked as CVE-2025-13878, enables remote attackers to crash DNS servers by sending specially crafted, malformed DNS records, potentially disrupting critical internet infrastructure and organizational services. The vulnerability stems […]

The post BIND 9 Vulnerability Allow Attackers to Crash Server by Sending Malicious Records appeared first on Cyber Security News.