Cyber Security News

PyrsistenceSniper is an advanced tool for detecting offline persistence, enabling cybersecurity analysts to identify 117 separate persistence mechanisms across Windows, Linux, and macOS platforms. Originally inspired by Autoruns and PersistenceSniper, this Python-based solution developed by Hexastrike enables rapid triage of forensic collections without requiring live system access. According to the Hexastrike GitHub repository, PyrsistenceSniper runs […]

The post PyrsistenceSniper – Tool that Detects 117 Persistence Malware Techniques on Windows, Linux, and macOS appeared first on Cyber Security News.

A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolslip, the vulnerability affects both NGINX Plus and NGINX Open Source, and can be triggered by a remote, unauthenticated attacker over plain HTTP. The vulnerability resides in […]

The post Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! appeared first on Cyber Security News.

A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that ultimately accessed Active Directory. According to Microsoft’s Defender Security Research, the attack reflects a growing trend in which firewalls, VPN gateways, and load balancer devices traditionally deployed as security boundaries […]

The post Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks appeared first on Cyber Security News.

A highly sophisticated supply chain attack has compromised the Laravel-Lang ecosystem, injecting credential-stealing remote code execution backdoors into 233 package versions across 700 GitHub repositories. Discovered in May 2026 by Socket and Aikido, threat actors manipulated GitHub tags to distribute malware through Composer’s autoloader, granting complete remote access to developer environments. The attackers bypassed direct […]

The post Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos appeared first on Cyber Security News.

Anthropic has revealed the staggering initial results of Project Glasswing, a collaborative cybersecurity initiative designed to secure critical infrastructure using advanced AI before malicious actors can exploit it. In its first month, the project leveraged the unreleased Claude Mythos Preview model to autonomously discover over 10,000 high- and critical-severity zero-day vulnerabilities across the world’s most […]

The post Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing appeared first on Cyber Security News.

Hackers are using telecom networks and hosting providers across the Middle East as a foundation for massive command-and-control operations, turning trusted infrastructure into a launchpad for cyberattacks. A newly released threat intelligence report reveals that more than 1,350 active command-and-control (C2) servers were identified across 98 infrastructure providers in the region within just three months. […]

The post Hackers Abuse Middle East Telecom Networks for Large-Scale Command-and-Control Operations appeared first on Cyber Security News.

A large-scale phishing campaign targeting the 2026 FIFA World Cup has grown far beyond what security researchers originally thought. What began as a documented set of 79 fraudulent domains has ballooned into a network of at least 222 domains spread across 203 unique IP addresses, making it nearly three times larger than first reported. The […]

The post World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses appeared first on Cyber Security News.

Russian state-sponsored threat groups significantly stepped up their cyber operations in 2025, using a range of methods to break into targeted systems. From exploiting remote desktop tools and virtual private networks to manipulating trusted supply chains and deceiving employees through social engineering, these actors have built a dangerous and versatile toolkit for gaining initial access. […]

The post Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access appeared first on Cyber Security News.

A widely-used JavaScript templating library called art-template has been weaponized to deliver a sophisticated iOS browser exploit kit through a supply chain attack. The backdoored package silently dropped malicious code into end users’ browsers, turning everyday web applications into watering holes targeting Apple device owners worldwide. The attack began when the art-template npm package, originally […]

The post Hackers Backdoor Popular art-template npm Package to Launch Watering-Hole Attacks appeared first on Cyber Security News.

A hacker group known as INJ3CTOR3 has been running an active campaign against FreePBX systems, deploying a newly discovered PHP webshell called JOMANGY that uses six separate persistence layers to stay embedded on compromised servers. The campaign targets internet-exposed VoIP phone systems and routes calls through them at the victims’ expense, a scheme known as […]

The post Hackers Use Six-Layer Persistence to Maintain Access on Compromised FreePBX Systems appeared first on Cyber Security News.

A newly discovered banking trojan is targeting Brazilians by disguising itself as a legitimate electronic invoice. The malware, known as Banana RAT, uses fake NF-e (Nota Fiscal Eletronica) documents to trick victims into running malicious batch files that quietly install a powerful remote access tool on their Windows systems. The campaign has been active and […]

The post Hackers Use NF-e Invoice Lures to Deliver Banana RAT Through Malicious Batch Files appeared first on Cyber Security News.

Ubiquiti Networks has released urgent security updates to address a series of highly critical vulnerabilities affecting its UniFi OS platform. These severe flaws could allow unauthenticated, remote attackers to execute arbitrary code, escalate privileges, and severely compromise enterprise network infrastructure. In total, the hardware vendor patched five distinct security issues, three of which carry a […]

The post Ubiquiti Patches Critical UniFi OS Vulnerabilities Allowing Remote Privilege Escalation appeared first on Cyber Security News.

LiteSpeed has disclosed and patched a critical 0‑day privilege escalation flaw in its user-end cPanel plugin that is already being actively exploited to gain root access on Linux hosting servers. The bug is tracked as CVE‑2026‑48172 and affects LiteSpeed cPanel user-end plugin versions from v2.3 up to, but not including, v2.4.5. 0‑Day in LiteSpeed cPanel […]

The post LiteSpeed cPanel Plugin 0-Day Exploited in the wild to Gain Server Root Access appeared first on Cyber Security News.

 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Langflow vulnerability, tracked as CVE-2025-34291, to its Known Exploited Vulnerabilities (KEV) Catalog, signaling active exploitation and urging organizations to remediate immediately. The flaw affects Langflow, a popular tool used for building and deploying AI-driven workflows. The issue stems from an origin validation error […]

The post CISA adds Langflow Origin Validation Flaw to Known Exploited Vulnerabilities Catalog appeared first on Cyber Security News.

A newly disclosed issue with Google Cloud API keys reveals that deleted credentials may remain usable for up to 23 minutes, exposing projects to potential abuse even after revocation. The finding raises concerns about delayed credential invalidation across Google’s infrastructure, particularly for sensitive services such as Gemini, BigQuery, and Google Maps APIs. According to Aikido […]

The post Deleted Google API Keys Continue Accessing Gemini, BigQuery, and Maps APIs appeared first on Cyber Security News.

A newly uncovered Android malware campaign has been quietly draining money from mobile users across four countries by signing them up for paid services they never asked for. The operation ran for nearly ten months and carried out financial fraud entirely behind the scenes, using fake versions of well-known apps as its primary entry point […]

The post Android Malware Silently Subscribes Victims to Premium Services Without Consent appeared first on Cyber Security News.

A newly uncovered cyber operation has raised concerns among security professionals after a coordinated wave of attacks targeted government institutions in Pakistan. The campaign, now tracked as Operation Dragon Whistle, used highly convincing phishing emails to trick employees into opening malicious file attachments. Once those files were opened, they set off a chain of events […]

The post Operation Dragon Whistle Uses Malicious LNK Files to Target Changzhou University appeared first on Cyber Security News.

Canadian and U.S. authorities have arrested and charged a 23‑year‑old Ottawa resident for allegedly operating “KimWolf,” a massive Internet‑of‑Things (IoT) DDoS‑for‑hire botnet that weaponized more than a million connected devices worldwide, including systems in Alaska and on the U.S. Department of Defense Information Network (DoDIN). According to an unsealed criminal complaint in the District of […]

The post Canadian Man Arrested for Operating KimWolf DDoS Botnet Hacking 2 Million Devices appeared first on Cyber Security News.

Hackers are quietly hiding Windows malware inside nested folders that imitate macOS system paths, making dangerous payloads look like harmless archives to the untrained eye. By burying their tools several layers deep, they aim to slip past automated scanning and casual inspection during routine email use. The result is a stealthy infection chain that starts […]

The post Hackers Hide Malware Payloads Inside Nested macOS-Like Folders to Evade Scanning appeared first on Cyber Security News.

Splunk has released security updates addressing multiple vulnerabilities across Splunk Enterprise, Splunk Cloud Platform, and the Splunk AI Toolkit that could lead to denial-of-service (DoS) conditions and exposure of sensitive data. The issues, disclosed on May 20, 2026, include three tracked vulnerabilities: CVE-2026-20238, CVE-2026-20239, and CVE-2026-20240. Splunk AI Toolkit Access Flaw (CVE-2026-20238) A medium-severity flaw […]

The post Splunk Patches Multiple Vulnerabilities that Enable DOS Attacks and Expose Sensitive Data appeared first on Cyber Security News.