Cyber Security News

Fortinet temporarily disabled its FortiCloud Single Sign-On (SSO) service after confirming active exploitation of a zero-day authentication bypass vulnerability in multiple products. The issue, tracked as FG-IR-26-060, allows attackers with a malicious FortiCloud account to log into devices registered to other accounts. The flaw stems from an Authentication Bypass Using an Alternate Path or Channel […]

The post Fortinet Disables FortiCloud SSO Following 0-day Vulnerability Exploited in the Wild appeared first on Cyber Security News.

OpenSSL patched 12 vulnerabilities on January 27, 2026, including one high-severity flaw that could lead to remote code execution. Most issues cause denial-of-service attacks but highlight risks in parsing untrusted data. The most serious issue, CVE-2025-15467, hits CMS AuthEnvelopedData parsing with AEAD ciphers like AES-GCM. Attackers craft oversized IVs in ASN.1 parameters, causing stack overflows […]

The post Critical OpenSSL Vulnerabilities Allow Remote Attackers to Execute Malicious Code appeared first on Cyber Security News.

A critical security flaw in WinRAR, one of the most widely used file compression tools for Windows, has become a favorite weapon for attackers seeking unauthorized access to computer systems. The vulnerability, tracked as CVE-2025-8088, allows threat actors to place malicious files into sensitive system directories without user awareness, essentially handing over control of Windows […]

The post Google Warns of WinRAR Vulnerability Exploited to Gain Control Over Windows System appeared first on Cyber Security News.

A critical sandbox escape vulnerability has been identified in vm2. This widely used Node.js library provides sandbox isolation for executing untrusted code. The flaw, tracked as CVE-2026-22709 (GHSA-99p7-6v5w-7xg8), affects all versions up to and including 3.10.0 and carries a CVSS v3.1 base score of 10.0, indicating maximum severity. The vulnerability stems from incomplete callback sanitization […]

The post Critical Vulnerability in VM2 Sandbox Library for Node.js Let Attackers run Untrusted Code appeared first on Cyber Security News.

Cybercriminals have discovered a dangerous way to trick developers into downloading malware by exploiting how GitHub works. The attack involves creating fake versions of the GitHub Desktop installer and making them appear legitimate to unsuspecting users. Between September and October 2025, this campaign primarily targeted users in Europe and the European Economic Area, though infections […]

The post Attackers Hijacking Official GitHub Desktop Repository to Distribute Malware as Official Installer appeared first on Cyber Security News.

Meta is gearing up to roll out premium subscription tiers across its flagship apps, Instagram, Facebook, and WhatsApp, offering users exclusive features to boost productivity, creativity, and AI-driven interactions. The company confirmed the plans to emphasize that core app experiences will remain free while paid tiers unlock advanced controls for sharing and connectivity. This move […]

The post Instagram, Facebook, and WhatsApp to Test New Premium Subscriptions appeared first on Cyber Security News.

On January 23rd, 2026, security researchers discovered a dangerous npm package named ansi-universal-ui that disguised itself as a legitimate user interface component library. The deceptive package description claimed to offer a lightweight UI system for modern web applications. However, beneath this innocent facade lay G_Wagon, a highly sophisticated multi-stage information stealer designed to harvest sensitive […]

The post G_Wagon npm Package Attacking Users to Exfiltrates Browser Credentials using Obfuscated Payload appeared first on Cyber Security News.

A sophisticated phishing campaign has been identified in which threat actors are abusing legitimate Microsoft Teams functionality to distribute malicious content that appears to originate from trusted Microsoft services. By leveraging the platform’s “Invite a Guest” feature and crafting deceptive team names, attackers are bypassing traditional email security controls to deliver fraudulent billing notifications directly […]

The post Hackers Using Teams to Deliver Malicious Content Posing as Microsoft Services appeared first on Cyber Security News.

A major identity-theft operation is now targeting over 100 high-value organizations across multiple industries. The threat comes from SLSH, a dangerous alliance combining the tactics of Scattered Spider, LAPSUS$, and ShinyHunters. Unlike typical automated attacks, this campaign uses real people calling your employees while simultaneously running fake login pages that look exactly like your company’s […]

The post Canva, Atlassian, Epic Games Among the 100+ Enterprises Targeted by ShinyHunters Group appeared first on Cyber Security News.

Threat actors have started targeting companies in the insurance, e-commerce, and IT sectors through a critical vulnerability tracked as CVE-2025-55182, commonly known as React2Shell. This flaw exists in the Flight protocol that handles client-server communication for React Server Components, allowing attackers to run unauthorized code on vulnerable servers. The vulnerability originates from insecure deserialization, where […]

The post Attackers Exploiting React2Shell Vulnerability to Attack IT Sectors appeared first on Cyber Security News.

Security Operations Centers live or die by their ability to respond quickly and accurately to alerts. At the heart of this process is alert triage — the initial evaluation that decides whether an alert is a real incident, a false positive, or something that needs immediate escalation. When Tier 1 analysts get triage wrong, detection speed collapses, response resources are misused, and […]

The post Your Tier 1 Analyst at SOC Team Is Failing at Effective Triage. That’s a Business Problem  appeared first on Cyber Security News.

Cybercriminals have adopted a deceptive strategy to compromise users searching for common software applications online. These attackers are using search engine optimization poisoning techniques to place malicious links at the top of search results. When unsuspecting users click on these links, they download infected files instead of legitimate tools. This growing threat targets individuals seeking […]

The post Hackers are Leveraging SEO Poisoning to Attack Users Looking for Legitimate Tools appeared first on Cyber Security News.

MEDUSA, an AI-first Static Application Security Testing (SAST) tool boasting 74 specialized scanners and over 180 AI agent security rules. This open-source CLI scanner targets modern development challenges like false positives and multi-language coverage. MEDUSA consolidates security scanning across 42+ languages and file types, including Python, JavaScript, Go, Rust, Java, Dockerfiles, Terraform, and Kubernetes manifests. […]

The post MEDUSA Security Testing Tool With 74 Scanners and 180+ AI Agent Security Rules appeared first on Cyber Security News.

Over 6,000 SmarterMail servers exposed on the internet are running vulnerable versions that are at risk of active remote code execution (RCE) attacks. Security researchers identified the flaws through daily HTTP vulnerability scans, and exploitation attempts have already been observed in the wild. This represents a significant threat to organizations worldwide relying on SmarterMail for […]

The post 6000+ Vulnerable SmarterTools SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability appeared first on Cyber Security News.

In today’s digital world, online privacy and security have never been more important. With cybercrime on the rise and government surveillance becoming more common, protecting your personal information online is crucial. Whether you’re browsing on public Wi-Fi, shopping online, or just scrolling through social media, using a Virtual Private Network (VPN) is one of the […]

The post Best VPN Services of 2026: Fast, Secure & Affordable appeared first on Cyber Security News.

Clawdbot, the surging open-source AI agent gateway, faces escalating security concerns, with 900+ unauthenticated instances exposed online and multiple code flaws that enable credential theft and remote code execution. Clawdbot is an open-source personal AI assistant that integrates with messaging platforms like WhatsApp, Telegram, Slack, Discord, Signal, and iMessage. It features a Gateway for control […]

The post Hundreds of Exposed Clawdbot Gateways Leave API Keys and Private Chats Vulnerable appeared first on Cyber Security News.

A major accounting firm in the Netherlands has reportedly become the latest victim of Nova, an active ransomware operation. The breach was discovered and indexed by ransomware live on January 23, 2026, with the estimated attack date coinciding with the discovery date. The attackers claim to have exfiltrated sensitive data and have issued a 10-day […]

The post Nova Ransomware Allegedly Claiming Breach of KPMG Netherlands appeared first on Cyber Security News.

A critical authentication bypass vulnerability in the telnetd component of GNU Inetutils has exposed approximately 800,000 internet-accessible Telnet instances to unauthenticated remote code execution (RCE). Tracked as CVE-2026-24061 with a CVSS score of 9.8, the flaw allows attackers to gain root-level access without valid credentials, posing a severe risk to exposed infrastructure worldwide. Vulnerability Details […]

The post 800K+ Telnet Servers Exposed to RCE Attacks – PoC Released appeared first on Cyber Security News.

The curl project ended its bug bounty program in January 2026 because it received too many low-quality and useless bug reports. The decision reflects growing frustration within the open-source security community regarding the unintended consequences of financial incentive structures on vulnerability disclosure practices. The program, which was designed to encourage responsible vulnerability disclosure, paradoxically generated […]

The post Curl to End Bug Bounty Following Low-Quality AI-Generated Vulnerability Reports appeared first on Cyber Security News.

Browser attacks have become far more dangerous and organized than before. A new threat called Stanley, discovered in January 2026, shows just how serious the problem has become. This malware-as-a-service toolkit, priced between $2,000 and $6,000, does something particularly deceptive: it displays fake websites to users while the URL bar keeps showing the legitimate address. […]

The post New Malware Toolkit Sends Users to Malicious Websites While the URL Stays the Same appeared first on Cyber Security News.