Cyber Security News

An active campaign by the Interlock ransomware group is exploiting a critical zero-day vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability may allow an unauthenticated remote attacker to execute arbitrary Java code with root privileges on an affected device. Cisco disclosed the flaw on March 4, 2026; it allows unauthenticated remote […]

The post Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware appeared first on Cyber Security News.

A sophisticated full-chain iOS exploit kit dubbed DarkSword, actively deployed by multiple commercial surveillance vendors and state-sponsored threat actors since at least November 2025 to steal sensitive personal data from iPhone users across four countries. DarkSword is a full-chain iOS exploit that chains six distinct vulnerabilities, four of which were leveraged as zero-days, to achieve complete […]

The post New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data appeared first on Cyber Security News.

Why do so many SOCs still struggle to move quickly even with strong detection tools in place? In many cases, the real bottleneck is Tier 1 triage. When alerts take too long to validate, resources are wasted on noise, senior teams get pulled into low-value cases, and real incidents take longer to confirm.  By giving Tier […]

The post The High Cost of Slow Triage: How to Make Tier 1 the Fastest Layer in Your SOC  appeared first on Cyber Security News.

OpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, releasing its most capable small models designed to handle high-volume, latency-sensitive workloads. The new mini iteration offers a significant performance upgrade over the previous GPT-5 mini across reasoning, coding, tool use, and multimodal understanding, while running more than twice as fast. These models are engineered for […]

The post OpenAI Launches GPT-5.4 Mini and Nano to Provide Answers 2X Faster appeared first on Cyber Security News.

The Unique Identification Authority of India (UIDAI) has officially launched its first structured Bug Bounty Programme. This initiative aims to enhance the security posture of the Aadhaar ecosystem, which serves as the foundational digital identity platform for over a billion Indian residents. By collaborating with independent cybersecurity experts, UIDAI is adopting a proactive, crowdsourced approach […]

The post UIDAI Launches Bug Bounty Programme to Strengthen Aadhaar Security appeared first on Cyber Security News.

Apple has released critical security patches to address a high-severity WebKit vulnerability that allows maliciously crafted web content to bypass the Same Origin Policy. Released on March 17, 2026, these updates apply to the latest versions of Apple’s mobile and desktop operating systems. The patch is delivered through the Background Security Improvements mechanism, ensuring devices […]

The post Apple WebKit Vulnerability Enables Malicious Web Content Bypass on iOS and macOS appeared first on Cyber Security News.

Network security has taken another hard hit. Two previously unknown malware strains have emerged, quietly turning routers, IoT devices, and enterprise network equipment into weapons for large-scale distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations. These campaigns mark a clear shift in how threat actors are exploiting the very network infrastructure that organizations depend on […]

The post New Malware Campaigns Turn Network Devices Into DDoS Nodes and Crypto-Mining Bots appeared first on Cyber Security News.

A serious operational security failure by Russian state-linked hacking group FancyBear has given security researchers an unusually clear view into an active espionage campaign targeting government and military organizations across Europe. On March 11, 2026, threat intelligence firm Hunt.io published findings on a campaign it tracks as Operation Roundish, based on an exposed open-directory first […]

The post FancyBear Server Exposure Reveals Stolen Credentials, 2FA Secrets and NATO-Linked Targets appeared first on Cyber Security News.

ConnectWise has issued an urgent security advisory for its ScreenConnect remote desktop software, disclosing a critical cryptographic vulnerability that could allow unauthenticated attackers to extract server-level machine keys and hijack session authentication. The flaw, tracked as CVE-2026-3564, affects all ScreenConnect versions prior to 26.1 and carries a CVSS score of 9.0, placing it firmly in […]

The post ScreenConnect Vulnerability Allows Hackers to Extract Unique Machine Keys and Hijack Sessions appeared first on Cyber Security News.

A ransomware group known as LeakNet has been quietly building a more dangerous attack strategy. Until recently, the group averaged about three victims per month — but new evidence shows it is scaling up fast, adding new tools that most security defenses are not built to catch. LeakNet has introduced two notable additions: a social […]

The post LeakNet Scales Ransomware Operations With ClickFix Lures and Stealthy Deno Loader appeared first on Cyber Security News.

A high-severity Windows vulnerability dubbed “RegPwn” (CVE-2026-24291) is an elevation-of-privilege flaw that allows low-privileged users to gain full SYSTEM access. The MDSec red team discovered the vulnerability and successfully used it in internal engagements since January 2025, before it was addressed in a recent Microsoft Patch Tuesday update. The attack targets the way Windows manages […]

The post Researchers Reveal ‘RegPwn,’ a Windows Registry Vulnerability That Granted SYSTEM Privileges appeared first on Cyber Security News.

A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue specifically affects FortiClient EMS version 7.4.4 when multi-tenant mode is active. The root cause stems […]

The post Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access appeared first on Cyber Security News.

A Local Privilege Escalation (LPE) vulnerability in default installations of Ubuntu Desktop 24.04 and later allows an unprivileged local attacker to gain full root access. Tracked as CVE-2026-3888, uncovered by The Qualys Threat Research Unit, the flaw exploits an unintended interaction between two standard system components, snap-confine and systemd-tmpfiles, making it particularly dangerous given how […]

The post Ubuntu Desktop Systems Vulnerability Enables Attackers to Gain Full Root Access appeared first on Cyber Security News.

Microsoft Detection and Response Team details a sophisticated voice phishing (vishing) campaign that successfully compromised a corporate environment in November 2025. Unlike conventional intrusions that rely on software exploits, this attack weaponized trust, collaboration platforms, and built-in Windows tooling to gain initial access. The threat actor initiated the campaign by impersonating IT support personnel through […]

The post Microsoft Teams Support Call Leads to Quick Assist Compromise in New Vishing Attack appeared first on Cyber Security News.

Iran’s cyber operations took a sharp turn in early 2026, with state-linked threat actors quietly embedding themselves inside US and Canadian networks while also targeting internet-connected surveillance cameras across the Middle East for battlefield intelligence. The Iranian APT group MuddyWater, tied to Iran’s Ministry of Intelligence and Security (MOIS), maintained unauthorized access to multiple American […]

The post Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance appeared first on Cyber Security News.

The ransomware threat landscape entered a new phase in 2025. Once a highly reliable criminal business model built on encrypting victim files and collecting ransom payments, it is now under significant financial pressure. Ransom payment rates have hit historic lows, average demands have dropped sharply, and organizations are recovering from attacks more effectively than in […]

The post Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises appeared first on Cyber Security News.

A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — [email protected] and [email protected] — were published within minutes of each other by the same publisher, AstrOOnauta, and together accounted […]

The post Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware appeared first on Cyber Security News.

A novel attack technique that exploits a fundamental blind spot in AI web assistants the gap between what a browser renders for a user and what an AI tool actually reads from the underlying HTML. Using nothing more than a custom font file and basic CSS, attackers can silently deliver malicious instructions to users while […]

The post Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems appeared first on Cyber Security News.

With the rapid growth of e-commerce and mobile payments, online shopping has become an essential part of everyday life for many people. Consumers now purchase everything from electronics and household products to digital services through online platforms. While this convenience has made shopping faster and more accessible, it has also introduced new cybersecurity challenges. Fake […]

The post How to Shop Online Safely While Finding Better Deals  appeared first on Cyber Security News.

A significant security flaw in AWS Bedrock AgentCore Code Interpreter’s “Sandbox” network mode, a feature advertised by AWS as providing complete network isolation that allows outbound DNS queries, enabling threat actors to establish covert command-and-control (C2) channels and exfiltrate sensitive data. AWS Bedrock AgentCore Code Interpreter is a managed service that allows AI agents and […]

The post AWS Bedrock AgentCore Sandbox Bypass Allows Covert C2 Channels and Data Exfiltration appeared first on Cyber Security News.