Cyber Security News

A ransomware group known as LeakNet has been quietly building a more dangerous attack strategy. Until recently, the group averaged about three victims per month — but new evidence shows it is scaling up fast, adding new tools that most security defenses are not built to catch. LeakNet has introduced two notable additions: a social […]

The post LeakNet Scales Ransomware Operations With ClickFix Lures and Stealthy Deno Loader appeared first on Cyber Security News.

A high-severity Windows vulnerability dubbed “RegPwn” (CVE-2026-24291) is an elevation-of-privilege flaw that allows low-privileged users to gain full SYSTEM access. The MDSec red team discovered the vulnerability and successfully used it in internal engagements since January 2025, before it was addressed in a recent Microsoft Patch Tuesday update. The attack targets the way Windows manages […]

The post Researchers Reveal ‘RegPwn,’ a Windows Registry Vulnerability That Granted SYSTEM Privileges appeared first on Cyber Security News.

A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue specifically affects FortiClient EMS version 7.4.4 when multi-tenant mode is active. The root cause stems […]

The post Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access appeared first on Cyber Security News.

A Local Privilege Escalation (LPE) vulnerability in default installations of Ubuntu Desktop 24.04 and later allows an unprivileged local attacker to gain full root access. Tracked as CVE-2026-3888, uncovered by The Qualys Threat Research Unit, the flaw exploits an unintended interaction between two standard system components, snap-confine and systemd-tmpfiles, making it particularly dangerous given how […]

The post Ubuntu Desktop Systems Vulnerability Enables Attackers to Gain Full Root Access appeared first on Cyber Security News.

Microsoft Detection and Response Team details a sophisticated voice phishing (vishing) campaign that successfully compromised a corporate environment in November 2025. Unlike conventional intrusions that rely on software exploits, this attack weaponized trust, collaboration platforms, and built-in Windows tooling to gain initial access. The threat actor initiated the campaign by impersonating IT support personnel through […]

The post Microsoft Teams Support Call Leads to Quick Assist Compromise in New Vishing Attack appeared first on Cyber Security News.

Iran’s cyber operations took a sharp turn in early 2026, with state-linked threat actors quietly embedding themselves inside US and Canadian networks while also targeting internet-connected surveillance cameras across the Middle East for battlefield intelligence. The Iranian APT group MuddyWater, tied to Iran’s Ministry of Intelligence and Security (MOIS), maintained unauthorized access to multiple American […]

The post Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance appeared first on Cyber Security News.

The ransomware threat landscape entered a new phase in 2025. Once a highly reliable criminal business model built on encrypting victim files and collecting ransom payments, it is now under significant financial pressure. Ransom payment rates have hit historic lows, average demands have dropped sharply, and organizations are recovering from attacks more effectively than in […]

The post Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises appeared first on Cyber Security News.

A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — [email protected] and [email protected] — were published within minutes of each other by the same publisher, AstrOOnauta, and together accounted […]

The post Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware appeared first on Cyber Security News.

A novel attack technique that exploits a fundamental blind spot in AI web assistants the gap between what a browser renders for a user and what an AI tool actually reads from the underlying HTML. Using nothing more than a custom font file and basic CSS, attackers can silently deliver malicious instructions to users while […]

The post Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems appeared first on Cyber Security News.

With the rapid growth of e-commerce and mobile payments, online shopping has become an essential part of everyday life for many people. Consumers now purchase everything from electronics and household products to digital services through online platforms. While this convenience has made shopping faster and more accessible, it has also introduced new cybersecurity challenges. Fake […]

The post How to Shop Online Safely While Finding Better Deals  appeared first on Cyber Security News.

A significant security flaw in AWS Bedrock AgentCore Code Interpreter’s “Sandbox” network mode, a feature advertised by AWS as providing complete network isolation that allows outbound DNS queries, enabling threat actors to establish covert command-and-control (C2) channels and exfiltrate sensitive data. AWS Bedrock AgentCore Code Interpreter is a managed service that allows AI agents and […]

The post AWS Bedrock AgentCore Sandbox Bypass Allows Covert C2 Channels and Data Exfiltration appeared first on Cyber Security News.

At first glance, false positives in cybersecurity seem almost comforting.  An alert fires. A SOC analyst investigates. It turns out to be nothing malicious. Case closed. Systems are safe, detection works, and the organization moves on.  In theory, this looks like a healthy process. Better safe than sorry, right?  But every false alert consumes time. Every investigation diverts attention from real threats. And every unnecessary escalation chips […]

The post To Beat Alert Overload, Stop Wasting Time on False Positives  appeared first on Cyber Security News.

A financially motivated threat actor known as Storm-2561 has been running a credential theft campaign since May 2025, manipulating search engine rankings to push fake VPN software toward enterprise users. The campaign targets employees searching for tools such as Pulse Secure, Fortinet, and Ivanti, redirecting them to spoofed websites that serve malicious download packages. Once […]

The post Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials appeared first on Cyber Security News.

A path traversal vulnerability has been identified in the Kubernetes Container Storage Interface (CSI) Driver for NFS, potentially allowing attackers to delete or modify unintended directories on NFS servers. The flaw stems from insufficient validation of the subDir parameter in volume identifiers, exposing clusters that permit users to create PersistentVolumes referencing the NFS CSI driver. […]

The post Kubernetes CSI Driver for NFS Vulnerability Lets Attackers Delete or Modify NFS Server Directories appeared first on Cyber Security News.

Microsoft has rolled out an out-of-band update for Windows 11 users to address a frustrating interface bug affecting Bluetooth device visibility. Released on March 16, 2026, this emergency patch resolves a software glitch in which connected wireless peripherals mysteriously disappeared from the operating system’s settings menus. While Microsoft typically issues security and performance fixes on […]

The post New Windows 11 25H2/24H2 Update Fixes Bluetooth Devices Visibility Issues appeared first on Cyber Security News.

A newly identified phishing campaign is turning legitimate customer service software into a weapon for stealing sensitive user data. Attackers have been found abusing LiveChat, a widely used Software-as-a-Service (SaaS) platform that businesses rely on for real-time customer support, to carry out convincing phishing operations against unsuspecting victims. The campaign marks a clear shift from […]

The post Phishers Abuse LiveChat Support Tools to Steal Sensitive Data in New SaaS-Based Attack Tactic appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a critical evasion flaw in Palo Alto Networks’ Cortex XDR agent that allowed attackers to bypass behavioral detections completely. By reverse-engineering these encrypted rules, the InfoGuard Labs team discovered hardcoded global whitelists that enabled threat actors to execute malicious actions without triggering security alerts.​ Decrypting the Detection Engine Palo Alto Cortex […]

The post Researchers Decrypt and Exploit Encrypted Palo Alto Cortex XDR BIOC Rules appeared first on Cyber Security News.

Network infrastructure has become one of the most targeted areas in today’s threat landscape. Over recent years, attackers ranging from nation-state groups to financially driven criminal actors have steadily shifted their focus toward routers, firewalls, and other network devices. These devices sit at the core of enterprise environments, making them ideal entry points for long-term […]

The post New CondiBot Variant and ‘Monaco’ Cryptominer Expand Threats to Network Devices appeared first on Cyber Security News.

Medical technology giant Stryker Corporation confirmed on March 11, 2026, that it suffered a significant cyberattack that disrupted its global Microsoft environment, with Iran-linked threat actor Handala claiming responsibility for what appears to be a politically motivated, destructive operation. Unlike typical financially driven intrusions, the attack on Stryker bears the hallmarks of a destructive wiper […]

The post Stryker Confirms Destructive Wiper Attack – Tens of Thousands of Devices Wiped appeared first on Cyber Security News.

An Iranian threat actor known as Handala Hack has carried out a series of destructive cyberattacks against organizations in Israel, Albania, and the United States, using remote desktop access, network tunneling, and multiple simultaneous data-wiping tools. The group operates under the broader identity of Void Manticore, also tracked as Red Sandstorm and Banished Kitten, and […]

The post Handala Hack Uses RDP, NetBird, and Parallel Wipers in MOIS-Linked Destructive Intrusions appeared first on Cyber Security News.