Cyber Security News

Cybersecurity researchers at Infoblox Threat Intel have uncovered a highly sophisticated phishing campaign that exploits the foundational plumbing of the internet to bypass enterprise security controls. In a novel evasion tactic, threat actors are weaponizing the .arpa top-level domain (TLD) and utilizing IPv6 tunnels to host malicious phishing content. This approach actively circumvents traditional domain reputation checks, […]

The post Phishing Schemes Abuse .arpa TLD and IPv6 Tunnels to Evade Detection appeared first on Cyber Security News.

Cybercriminals are increasingly abusing a legacy feature within Windows File Explorer to distribute malware, bypassing traditional web browser security and endpoint detection controls. According to a threat report by Kahng An of the Cofense Intelligence Team, threat actors are leveraging Web-based Distributed Authoring and Versioning (WebDAV) to trick victims into executing malicious payloads.​ The WebDAV […]

The post Hackers Abuse Windows File Explorer and WebDAV for Stealthy Malware Delivery appeared first on Cyber Security News.

The latest Metasploit update, released on February 27, 2026, brings significant firepower to security professionals and penetration testers. The release introduces seven new modules, nine feature enhancements, and critical bug fixes. Standout additions include unauthenticated remote code execution (RCE) exploits for Ollama, BeyondTrust, and Grandstream VoIP devices, alongside advanced evasion techniques for Linux environments. Critical […]

The post Metasploit Adds New Modules Targeting Linux RC4, BeyondTrust, and Registry Persistence appeared first on Cyber Security News.

The U.S. government has taken unprecedented action against domestic AI firm Anthropic, directing all federal agencies to immediately stop using its AI model Claude and officially designating the company a supply chain risk to national security, a classification historically reserved for foreign adversaries like Huawei. The standoff reached a critical point on February 28, 2026, […]

The post Trump Bans Anthropic AI in Federal Agencies — Pentagon Flags Claude as Security Risk appeared first on Cyber Security News.

For years, taking down a botnet meant finding its command-and-control (C2) server, seizing the domain, and watching the network go dark. Law enforcement used this method to dismantle major operations like Emotet, TrickBot, and QakBot. A newly discovered botnet loader called Aeternum C2 has been built specifically to close that door, storing all of its […]

The post Researchers Uncover Aeternum C2 Infrastructure with Advanced Persistence and Network Evasion Features appeared first on Cyber Security News.

A Go-based command-and-control (C2) framework originally marketed within Chinese-speaking offensive security communities has been quietly expanding its reach, drawing growing attention from threat actors seeking flexible and cost-effective alternatives to expensive commercial tools. Known as Vshell, the tool has evolved well beyond its early roots as a basic remote access tool (RAT) and now poses […]

The post Vshell Gains Traction Among Threat Actors as an Alternative to Cobalt Strike appeared first on Cyber Security News.

A newly discovered malware campaign has been quietly targeting educational institutions and healthcare organizations across the United States since at least December 2025. The threat, tracked under the actor designation “UAT-10027,” deploys a previously unknown backdoor called “Dohdoor,” which uses an advanced combination of stealth techniques and multi-stage delivery to gain persistent access into victim […]

The post New Dohdoor Malware Attacking Schools and Health Care Sectors in U.S. via Multi-Stage Attack Chain appeared first on Cyber Security News.

Trend Micro has released fixes for multiple Apex One vulnerabilities, ranging from High to Critical severity, including management console issues that can lead to remote code execution (RCE). The affected CVEs range from CVE-2025-71210 to CVE-2025-71217, with CVSS v3 scores ranging from 7.2 to 9.8.​ The February 2026 advisory lists Apex One 2019 (on‑prem) on Windows and […]

The post Critical Trend Micro Apex One Vulnerabilities Allows Malicious Code Execution appeared first on Cyber Security News.

Malicious Go Crypto Module Steals Passwords and Deploys Rekoobe Backdoor in Developer Environments A newly discovered supply chain attack is putting Go developers at serious risk. A threat actor published a malicious Go module that closely mimics one of the most trusted cryptographic libraries in the ecosystem — golang.org/x/crypto — and used it to steal […]

The post Malicious Go Crypto Module Steals Passwords and Deploy Rekoobe Backdoor in Developer Environments appeared first on Cyber Security News.

A wave of credential stuffing attacks has exposed a troubling shift in how threat actors are breaking into corporate networks — not by exploiting software vulnerabilities, but by simply logging in with stolen passwords. At the center of this campaign are infostealer malware families, which silently harvest credentials from infected employee devices and feed them […]

The post Infostealers Fuel Large‑Scale Brute‑Forcing of Corporate SSO Gateways Using Stolen Credentials appeared first on Cyber Security News.

Administrators must urgently patch a critical vulnerability that allows attackers to escape isolated jail environments. Tracked as CVE-2025-15576, the flaw enables a dangerous jailbreak condition despite often being associated with system crashes. It enables a jailed process to bypass its restricted environment and gain full, unauthorized access to the host’s underlying filesystem. FreeBSD jails are […]

The post FreeBSD Vulnerability Allow Attackers to Crash the Entire System appeared first on Cyber Security News.

Critical firmware updates have been released to address multiple serious vulnerabilities in networking devices, including 4G LTE/5G NR CPEs, DSL/Ethernet CPEs, Fiber ONTs, Security Routers, and Wireless Extenders. These flaws expose affected routers to remote command injection and denial-of-service (DoS) attacks. The security advisory highlights seven distinct vulnerabilities discovered by security researchers Tiantai Zhang, Víctor […]

The post Critical Zyxel Vulnerabilities Exposes Routers to Remote Command Injection appeared first on Cyber Security News.

A major networking vendor has issued an out-of-cycle security bulletin to address a critical vulnerability in its Junos OS Evolved software, specifically affecting PTX Series platforms. This flaw, identified as CVE-2026-21902, allows an unauthenticated, remote attacker to execute arbitrary code as the ‘root’ user, effectively granting them complete control over the affected device. The vulnerability […]

The post Juniper Networks PTX Vulnerability Enables Full Router Takeover appeared first on Cyber Security News.

Microsoft is strengthening its cybersecurity ecosystem by extending Microsoft Defender for Office 365 (MDO) URL click alerts to Microsoft Teams. Previously focused on email threats, this update gives security teams crucial visibility into potentially malicious activity happening within Teams messages. As attackers increasingly target collaboration platforms, this enhancement proactively notifies administrators when users click on […]

The post Microsoft Defender Expands URL Click Alerts to Include Microsoft Teams for Enhanced Security Visibility appeared first on Cyber Security News.

A newly uncovered phishing campaign is delivering Agent Tesla, one of the most widely used credential-stealing malware families, through a multi-stage attack chain that leaves almost no trace on a victim’s machine. The campaign uses business-themed phishing emails, obfuscated scripts, and in-memory execution to silently harvest sensitive data from Windows users. With its ability to […]

The post Phishing‑Led Agent Tesla Campaign Uses Process Hollowing and Anti‑Analysis to Evade Detection appeared first on Cyber Security News.

A cleverly crafted fake Zoom website has silently pushed surveillance software onto Windows machines, infecting 1,437 users globally in just 12 days. The campaign, first detected on February 11, 2026, on the Microsoft Defender for Endpoint (MDE) platform, used a rogue version of Teramind — a legitimate commercial workforce monitoring tool — to spy on […]

The post Zoom Update Scam Infected 1,437 Users to Deploy Surveillance Tools in 12 Days appeared first on Cyber Security News.

A newly uncovered cloaking platform called 1Campaign is giving cybercriminals a powerful tool to push malicious advertisements through Google’s ad review system, putting everyday users at serious risk of phishing scams and cryptocurrency theft.​ Google Ads is one of the most trusted advertising networks online. Millions of users click on sponsored search results daily, trusting those links […]

The post 1Campaign Platform Helps Attackers Bypass Google Ads Screening to Show Malicious Ads appeared first on Cyber Security News.

A newly documented Android spyware called ResidentBat has been linked to the Belarusian KGB, giving state operators deep and persistent access to the mobile devices of journalists and civil society members. First publicly reported in December 2025 through a joint investigation by Reporters Without Borders (RSF) and RESIDENT.NGO, the malware’s code history suggests it was quietly developed […]

The post ResidentBat Android Malware Provides Belarusian KGB with Persistent Access to Mobile Devices appeared first on Cyber Security News.

A newly discovered Android Remote Access Trojan (RAT) named Oblivion is raising serious concerns across the mobile security community. Sold on a public hacking forum for as little as $300 a month, this malware is built to silently take over Android devices without the victim ever knowing.​ What makes Oblivion different from other underground RATs […]

The post New $300 Android RAT With Automated Permission Bypass and Hidden Remote Control appeared first on Cyber Security News.

The cybersecurity threat landscape is facing a growing challenge as infostealers continue to dominate the initial access ecosystem in 2026. Among the latest threats drawing serious attention is DarkCloud, a commercially available credential-harvesting malware that proves even low-cost tools can deliver devastating results against enterprise environments.​ DarkCloud was first observed in 2022 and is attributed […]

The post DarkCloud Infostealer Emerges as Major Threat With Scalable Credential Theft Targeting Enterprises appeared first on Cyber Security News.