Cyber Security News

Clawdbot, the surging open-source AI agent gateway, faces escalating security concerns, with 900+ unauthenticated instances exposed online and multiple code flaws that enable credential theft and remote code execution. Clawdbot is an open-source personal AI assistant that integrates with messaging platforms like WhatsApp, Telegram, Slack, Discord, Signal, and iMessage. It features a Gateway for control […]

The post Hundreds of Exposed Clawdbot Gateways Leave API Keys and Private Chats Vulnerable appeared first on Cyber Security News.

A major accounting firm in the Netherlands has reportedly become the latest victim of Nova, an active ransomware operation. The breach was discovered and indexed by ransomware live on January 23, 2026, with the estimated attack date coinciding with the discovery date. The attackers claim to have exfiltrated sensitive data and have issued a 10-day […]

The post Nova Ransomware Allegedly Claiming Breach of KPMG Netherlands appeared first on Cyber Security News.

A critical authentication bypass vulnerability in the telnetd component of GNU Inetutils has exposed approximately 800,000 internet-accessible Telnet instances to unauthenticated remote code execution (RCE). Tracked as CVE-2026-24061 with a CVSS score of 9.8, the flaw allows attackers to gain root-level access without valid credentials, posing a severe risk to exposed infrastructure worldwide. Vulnerability Details […]

The post 800K+ Telnet Servers Exposed to RCE Attacks – PoC Released appeared first on Cyber Security News.

The curl project ended its bug bounty program in January 2026 because it received too many low-quality and useless bug reports. The decision reflects growing frustration within the open-source security community regarding the unintended consequences of financial incentive structures on vulnerability disclosure practices. The program, which was designed to encourage responsible vulnerability disclosure, paradoxically generated […]

The post Curl to End Bug Bounty Following Low-Quality AI-Generated Vulnerability Reports appeared first on Cyber Security News.

Browser attacks have become far more dangerous and organized than before. A new threat called Stanley, discovered in January 2026, shows just how serious the problem has become. This malware-as-a-service toolkit, priced between $2,000 and $6,000, does something particularly deceptive: it displays fake websites to users while the URL bar keeps showing the legitimate address. […]

The post New Malware Toolkit Sends Users to Malicious Websites While the URL Stays the Same appeared first on Cyber Security News.

Lazarus, a sophisticated North Korean-aligned hacking group also known as HIDDEN COBRA, has launched a new wave of targeted attacks against European drone manufacturers and defense contractors. The campaign, tracked as Operation DreamJob, emerged in late March 2025 and specifically targets organizations developing unmanned aerial vehicle technology across Central and Southeastern Europe. Researchers have identified […]

The post Lazarus Hackers Actively Attacking European Drone Manufacturing Companies appeared first on Cyber Security News.

A new Embedded Systems Threat Matrix™ (ESTM) framework was introduced to help secure embedded systems used in critical infrastructure and defense technologies across the U.S. Developed collaboratively with the Air Force’s Cyber Resiliency Office for Weapon Systems (CROWS). ESTM addresses a critical security gap in protecting mission-critical systems that remain increasingly vulnerable to sophisticated cyber […]

The post MITRE Releases New Cybersecurity Framework to Protect the Embedded Systems appeared first on Cyber Security News.

North Korea’s Lazarus Group has launched a sophisticated supply chain attack targeting software developers through a campaign called “Fake Font.” The threat actors are using fake job interviews and malicious GitHub repositories to trick engineers into downloading code that contains hidden malware. This campaign, which began over 100 days ago, has recently intensified with 19 […]

The post New DPRK Interview Campaign Leverages Fake Fonts to Deploy Malware appeared first on Cyber Security News.

In December 2025, threat researchers uncovered an alarming espionage operation targeting residents of India through sophisticated phishing campaigns. The attack, dubbed SyncFuture, demonstrates how cybercriminals can abuse legitimate business software as a vehicle for launching advanced malware attacks. Attackers sent fraudulent emails impersonating India’s Income Tax Department, tricking victims into downloading malicious files containing multiple […]

The post ‘SyncFuture’ Campaign Weaponizing Legitimate Enterprise Security Software to Deploy Malware appeared first on Cyber Security News.

A moderate-severity vulnerability in the Hadoop Distributed File System (HDFS) native client could allow attackers to trigger system crashes or corrupt critical data through maliciously crafted URI inputs. The vulnerability, tracked as CVE-2025-27821, affects Apache Hadoop versions 3.2.0 through 3.4.1. Stems from an out-of-bounds write flaw in the URI parser of the HDFS native client. […]

The post Apache Hadoop Vulnerability Exposes Systems Potential Crashes or Data Corruption appeared first on Cyber Security News.

An out-of-band (OOB) cumulative update, KB5078127, to address critical file system compatibility issues affecting Windows 11 users. The update resolves widespread problems introduced by the January 13, 2026, security update (KB5074109) that caused application freezes and cloud storage failures across multiple platforms. The most significant fix addresses file system corruption affecting cloud-based storage applications. Users […]

The post Microsoft Releases Out-of-Band Update KB5078127 to Fix Windows 11 File System and Outlook Freezes appeared first on Cyber Security News.

A sophisticated phishing campaign active between November 2025 and January 2026 has been exploiting Vercel’s legitimate hosting platform to distribute remote access tools to unsuspecting victims. The attack chain combines social engineering with trusted domain exploitation, making it particularly effective at bypassing traditional security layers. Attackers craft phishing emails using financially themed lures such as […]

The post New Phishing Attack Leverages Vercel Hosting Platform to Deliver a Remote Access Tool appeared first on Cyber Security News.

A critical server-side vulnerability in Instagram’s infrastructure allowed unauthenticated attackers to access private photos and captions without a login or follower relationship, according to a disclosure released this week by security researcher Jatin Banga. The vulnerability, which was reportedly patched silently by Meta in October 2025, relied on a specific configuration of HTTP headers to […]

The post New Instagram Vulnerability Exposes Private Posts to Anyone appeared first on Cyber Security News.

Late December 2025 brought alarming news to Poland as its energy infrastructure became the target of what security experts describe as the country’s largest cyberattack in years. The Russian-aligned Sandworm group, known for orchestrating some of the most damaging attacks on critical infrastructure, emerged as the culprit behind this coordinated assault. The group deployed a […]

The post Sandworm APT Group Targeting Poland’s Power Grid with DynoWiper Malware appeared first on Cyber Security News.

A massive database containing 149 million stolen login credentials was discovered exposed online without password protection or encryption. Posing serious security risks to users of Gmail, Instagram, Facebook, Netflix, and thousands of other platforms worldwide. The publicly accessible database contained 149,404,754 unique logins and passwords harvested through infostealer malware and keylogging software. Each record included […]

The post 48M Gmail, 6.5M Instagram Exposed Online From Unprotected Database appeared first on Cyber Security News.

A sophisticated “homoglyph” phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter “m” with the combination “rn” (r + n), creating fake websites that look nearly identical to the real ones. This technique, known as typosquatting or a homoglyph attack, exploits the way modern fonts display text. […]

The post Hackers Use ‘rn’ Typo Trick to Impersonate Microsoft and Marriott in New Phishing Attack appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that active exploitation of CVE-2024-37079 has been detected in the wild, posing a significant risk to enterprise environments that rely on vCenter for virtualization management. The vulnerability, originally […]

The post CISA Warns of Critical VMware vCenter RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Microsoft is preparing to deploy a significant, potentially controversial update to Microsoft Teams that automatically detects and displays a user’s physical work location based on the Wi-Fi network they connect to. According to the latest update on the Microsoft 365 Roadmap (ID 488800), this feature is scheduled to begin rolling out in March 2026 for […]

The post Microsoft Teams to Share your Location With Your Employer Soon Based on Wi-Fi Network appeared first on Cyber Security News.

Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations through SharePoint file-sharing abuse. The multi-stage attack compromised multiple user accounts and evolved into widespread business email compromise (BEC) operations across several organisations. Initial Compromise Through Trusted Vendor The attack began with phishing emails sent from a compromised trusted vendor’s […]

The post Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign appeared first on Cyber Security News.

Microsoft has unveiled the public preview of WinApp CLI (winapp), a new open-source command-line tool designed to simplify Windows app development for developers using diverse frameworks outside Visual Studio or MSBuild. Hosted on GitHub, the tool targets web devs with Electron, C++ experts on CMake, and .NET, Rust, or Dart builders, making modern Windows APIs—like […]

The post Microsoft Launches Open-Source WinApp CLI to Streamline Windows App Development appeared first on Cyber Security News.