Cyber Security News

A highly critical security vulnerability in Drupal core is set to impact websites worldwide, with the official security release scheduled for May 20, 2026. The vulnerability has been assigned a “Highly Critical” severity rating (20/25), indicating potential risks to confidentiality and integrity across affected systems. While technical details remain undisclosed until the official release window, […]

The post Critical Drupal Core Security Vulnerability Exposes Websites to Cyberattack appeared first on Cyber Security News.

A newly disclosed zero-day remote code execution (RCE) vulnerability, dubbed nginx-poolslip, has been identified in NGINX version 1.31.0, the latest stable release of the widely deployed web server software. The discovery was made by security agent Vega, operating under the NebSec security team, and publicly disclosed via X (formerly Twitter) on May 21, 2026. Just […]

The post New NGINX 0-Day RCE “nginx-poolslip” Affects Millions of NGINX Servers appeared first on Cyber Security News.

A ransomware strain called WantToCry has been targeting businesses by abusing a widely used file-sharing protocol to encrypt files without dropping any malware on the victim’s system. The attacks mark a notable shift in how ransomware operators approach campaigns, serving as a warning to any organization that still has file-sharing services exposed to the open […]

The post WantToCry Ransomware Abuses SMB Services to Remotely Encrypt Files appeared first on Cyber Security News.

A dangerous new Android malware called DevilNFC has emerged, combining NFC relay attacks with a Kiosk Mode trap that locks victims inside a fake banking screen until their card data is stolen. The malware targets customers across Europe and LATAM with technical precision rarely seen in independently built tools. Unlike previous threats, DevilNFC does not […]

The post DevilNFC Android Malware Uses Kiosk Mode to Trap Victims During NFC Relay Attacks appeared first on Cyber Security News.

A proof-of-concept (PoC) exploit was published for a new Linux Local Privilege Escalation (LPE) vulnerability dubbed “PinTheft.” Discovered by Aaron Esau of the V12 security team, the flaw allows local attackers to gain root access by exploiting an RDS zerocopy double-free bug. A kernel patch is currently available, prompting the researchers to release their PoC […]

The post PinTheft Linux Vulnerability Let Attackers Gain Root Access – PoC Released appeared first on Cyber Security News.

There is a quiet gap inside many SOCs. It sits between the moment Tier 1 says “this should be escalated” and the moment the response team can actually act on it. Too often, the alert moves forward, but the context does not.  So, the response team has to rebuild the case, filter out false positives, confirm the behavior, and decide what […]

The post How to Close the Most Expensive Gap in Your SOC  appeared first on Cyber Security News.

Grafana Labs has disclosed a targeted ransomware-linked breach of its GitHub environment, traced to a broader TanStack npm supply chain compromise associated with the “Mini Shai-Hulud” campaign. The incident, detected on May 11, 2026, involved unauthorized access to internal repositories and culminated in a ransom demand issued on May 16 under threat of data disclosure. […]

The post Grafana GitHub Breach Linked to TanStack npm Supply Chain Ransomware appeared first on Cyber Security News.

A critical vulnerability chain affecting Pardus Linux has been disclosed, allowing local users to gain full root privileges without authentication. The issue, assigned a CVSS v3.1 score of 9.3, impacts the pardus-update package, a core component responsible for system updates in the Debian-based distribution maintained by TÜBİTAK. Pardus is widely deployed across government institutions, educational […]

The post Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access appeared first on Cyber Security News.

A critical vulnerability in the open-source IP PBX platform FreePBX could allow unauthenticated attackers to access user portals. The issue, tracked as CVE-2026-46376, affects the User Control Panel (UCP) interface due to hard-coded credentials in the userman module. It impacts FreePBX versions before 16.0.45 and 17.0.7. Systems running outdated versions are at risk if administrators […]

The post FreePBX Vulnerability Allow Attackers to Gain Access to User Portals appeared first on Cyber Security News.

ExifTool, a ubiquitous open-source utility for reading and writing file metadata, is at the center of a severe security flaw affecting macOS environments. Discovered by Kaspersky’s Global Research and Analysis Team (GReAT) in February 2026, CVE-2026-3102 allows threat actors to execute arbitrary shell commands by concealing malicious instructions within an image file’s metadata. By weaponizing […]

The post Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image appeared first on Cyber Security News.

A seemingly innocent typo in a Go module name has been quietly serving a live backdoor for nearly three years. Security researchers uncovered a malicious package called github.com/shopsprint/decimal that impersonates the popular github.com/shopspring/decimal library, differing by just a single letter in its name. The package went live in 2017 but was weaponized in August 2023, when attackers slipped in […]

The post Hackers Use Single-Letter Go Module Typosquat to Deploy DNS-Based Backdoor appeared first on Cyber Security News.

Three consecutive releases of Microsoft’s official Python workflow SDK were poisoned with a multi-cloud credential-stealing worm, continuing the group’s relentless 2026 supply chain campaign. The TeamPCP threat group has struck again this time targeting durabletask, the official Microsoft Python client for the Durable Task workflow execution framework. Security researchers at Wiz disclosed that versions v1.4.1, v1.4.2, and […]

The post Microsoft Python Client DurableTask Compromised by TeamPCP Hackers appeared first on Cyber Security News.

Hackers are exploiting a decades-old Windows tool to deliver dangerous malware onto unsuspecting systems, with consequences ranging from stolen passwords to full system compromise. The tool is MSHTA, short for Microsoft HTML Application Host, a built-in Windows utility that can run scripts from local files and remote internet locations. Attackers have been using it to […]

The post Hackers Abuse MSHTA Legacy Windows Tool to Deliver LummaStealer and Amatera Malware appeared first on Cyber Security News.

A notorious threat actor operating under the alias TeamPCP claims to have breached GitHub’s internal systems, allegedly exfiltrating proprietary organization data and source code. The attackers are offering the stolen dataset for sale on underground cybercrime forums, demanding offers exceeding $50,000. According to the threat actor’s post, the compromised data encompasses approximately 4,000 private repositories tied directly […]

The post GitHub Source Code Breach – TeamPCP Claims Access to 4,000 Repositories appeared first on Cyber Security News.

A newly documented attack chain linked to the threat group UAC-0184 has been observed using Windows’ built-in bitsadmin tool and HTA files to sneak malicious payloads onto targeted systems. The campaign is primarily aimed at Ukraine, with clear indicators pointing toward military-related targets, including individuals connected to the Ukrainian Defence Forces. The level of craft […]

The post UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery appeared first on Cyber Security News.

macOS users are facing a new and sophisticated threat as a variant of the SHub infostealer malware, dubbed “Reaper,” has been observed deploying a fake Google Software Update LaunchAgent to maintain persistent access on infected machines. The malware stays hidden by borrowing the identity of brands that users already trust, making it exceptionally difficult to […]

The post macOS Malware Installs Fake Google Software Update LaunchAgent for Persistence appeared first on Cyber Security News.

A ransomware group called The Gentlemen has been quietly building one of the most aggressive cybercriminal operations seen in recent years. Emerging publicly in the second half of 2025, the group rapidly scaled its activity to become one of the top two most active ransomware threats globally by early 2026. What makes this group stand […]

The post The Gentlemen Ransomware Attacks Windows, Linux, NAS, BSD, and ESXi Attacks appeared first on Cyber Security News.

North Korea-linked hackers are at it again, and this time they are casting a wide net. The Kimsuky threat group, a well-known cyber espionage unit with ties to the DPRK, ran four separate spear-phishing campaigns in the first half of 2025 targeting corporate recruiters, cryptocurrency investors and developers, defense sector officials, and graduate school administrators. […]

The post Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials appeared first on Cyber Security News.

Torrance, United States / California, May 19th, 2026, CyberNewswire Criminal IP has announced its return to Infosecurity Europe 2026 with a focus on delivering more actionable, decision-ready intelligence through its continuously evolving platform. Taking place from June 2 to June 4 at ExCeL London, one of Europe’s most influential cybersecurity events will once again bring […]

The post Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM appeared first on Cyber Security News.

A wave of well-crafted malware is quietly draining cryptocurrency from users across the globe, and the attackers behind it have gone to great lengths to stay hidden. Researchers have uncovered a large-scale campaign built around a multi-stage loader called CountLoader, which chains together JavaScript, PowerShell, and shellcode to deliver a payload that intercepts and redirects […]

The post Malware Campaign Uses JavaScript, PowerShell, and Shellcode to Deliver Crypto Clipper appeared first on Cyber Security News.