Cyber Security News

Security researchers have uncovered significant vulnerabilities in the firmware of Xiaomi’s popular Redmi Buds series, specifically affecting models ranging from the Redmi Buds 3 Pro up to the latest Redmi Buds 6 Pro. The discovery highlights critical flaws in the Bluetooth implementation of these devices, allowing attackers to access sensitive information or force the devices […]

The post Redmi Buds Vulnerability Allow Attackers Access Call Data and Trigger Firmware Crashes appeared first on Cyber Security News.

Cybercriminals have distributed 17 malicious browser extensions across Chrome, Firefox, and Edge platforms, collectively downloading over 840,000 times and compromising user security for years. The GhostPoster campaign, which emerged as early as 2020, used deceptive extension names like “Google Translate in Right Click,” “Youtube Download,” and “Ads Block Ultimate” to appear legitimate while quietly stealing […]

The post 17 New Malicious Chrome GhostPoster Extensions with 840,000+ Installs Steals User Data appeared first on Cyber Security News.

A critical flaw in Windows Kerberos authentication that significantly expands the attack surface for credential relay attacks in Active Directory environments. By abusing how Windows clients handle DNS CNAME responses during Kerberos service ticket requests, attackers can coerce systems into requesting tickets for attacker-controlled services, bypassing traditional protections. The Attack Vector The vulnerability centers on […]

The post New Kerberos Relay Attack Uses DNS CNAME to Bypass Mitigations – PoC Released appeared first on Cyber Security News.

A critical vulnerability in ServiceNow’s Virtual Agent API and the Now Assist AI Agents application has been discovered, allowing unauthenticated attackers to impersonate any user and execute privileged AI agents remotely. Security researcher Aaron Costello from AppOmni disclosed the flaw, tracked as CVE-2025-12420, which combines a hardcoded platform-wide secret with insecure account-linking logic to bypass […]

The post BodySnatcher – New Vulnerability Allows Attacker to Impersonate Any ServiceNow User appeared first on Cyber Security News.

Microsoft has released an out-of-band emergency update to resolve a critical issue affecting Remote Desktop connections on Windows client devices. The problem emerged immediately following the installation of the January 2026 security update, identified as KB5074109. Administrators and users reported widespread credential prompt failures when attempting to sign in via the Windows App, significantly disrupting […]

The post Microsoft January 2026 Security Update Causes Credential Prompt Failures in Remote Desktop Connections appeared first on Cyber Security News.

Google-owned Mandiant has publicly released a comprehensive dataset of Net-NTLMv1 rainbow tables, marking a significant escalation in demonstrating the security risks of legacy authentication protocols. The release underscores an urgent message: organizations must immediately migrate away from Net-NTLMv1, a deprecated protocol that has been cryptographically broken since 1999 and widely known to be insecure since […]

The post Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking appeared first on Cyber Security News.

Let’s Encrypt, a key provider of free TLS certificates, has rolled out short-lived and IP address-based certificates for general use. These new options became available starting in early 2026, addressing long-standing issues in certificate security. Short-lived certificates last just 160 hours, about six and a half days, while IP-based ones tie directly to IP addresses […]

The post Let’s Encrypt has made 6-day IP-based TLS certificates Generally Available appeared first on Cyber Security News.

Argus is a comprehensive Python-based toolkit designed for reconnaissance tasks in cybersecurity. The developers recently released version 2.0, expanding it to include 135 modules. This tool consolidates network analysis, web app scanning, and threat intelligence into one interface. Users access modules through an interactive CLI that supports searching, favorites, and batch runs. Network and infrastructure […]

The post Argus – Python-powered Toolkit for Information Gathering and Reconnaissance appeared first on Cyber Security News.

Google’s Vertex AI contains default configurations that allow low-privileged users to escalate privileges by hijacking Service Agent roles. XM Cyber researchers identified two attack vectors in the Vertex AI Agent Engine and Ray on Vertex AI, which Google deemed “working as intended. Service Agents are managed identities that Google Cloud attaches to Vertex AI instances […]

The post Google’s Vertex AI Vulnerability Enables Low-Privileged Users to Gain Service Agent Roles appeared first on Cyber Security News.

Security researchers successfully exploited vulnerabilities in the StealC malware infrastructure, gaining access to operator control panels and exposing a threat actor’s identity through their own stolen session cookies. The breach highlights critical security failures in criminal operations built around credential theft. XSS Vulnerability Exposes StealC Operators StealC, an information-stealing malware operating under a Malware-as-a-Service model […]

The post Researchers Gain Access to StealC Malware Command-and-Control Systems appeared first on Cyber Security News.

Microsoft’s January 13, 2026, security update for Windows 11 has triggered a frustrating bug: affected PCs refuse to shut down or hibernate, instead restarting. The issue is caused by KB5073455, which targets OS Build 22621.6491 on Windows 11 version 23H2. It was first reported on January 15 and arises from interference with Secure Launch, a […]

The post Windows 11 PCs Fail to Shut Down After January Security Update appeared first on Cyber Security News.

Cloudflare has acquired the team behind Astro, the popular open-source web framework for building fast, content-driven sites. Announced on January 16, 2026, the deal brings The Astro Technology Company’s full-time employees under Cloudflare’s umbrella to accelerate Astro’s development. Cloudflare positions the move as a commitment to open-source innovation, with Astro staying MIT-licensed, contribution-friendly, and platform-agnostic. […]

The post Cloudflare Acquired Open-source Web Framework Astro to Supercharge Development appeared first on Cyber Security News.

Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw allows unauthenticated attackers to execute arbitrary root-level commands via crafted HTTP requests to the Spam Quarantine feature. The vulnerability stems from insufficient validation of HTTP […]

The post Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild appeared first on Cyber Security News.

Google is gradually rolling out the ability to change the @gmail.com email address associated with a Google Account to a new @gmail.com address. This feature, previously unavailable, addresses a common pain point for users who regret their original username choice but didn’t want to abandon years of emails, photos, and data. We already notified you […]

The post Google Rolls Out Long-Awaited @gmail.com Email Change Feature for Users appeared first on Cyber Security News.

The Go programming language team has rolled out emergency point releases, Go 1.25.6 and 1.24.12, to address six high-impact security flaws. These updates fix denial-of-service (DoS) vectors, arbitrary code execution risks, and TLS mishandlings that could expose developers to remote attacks. While not branded as version 1.26, the patches urge immediate upgrades for projects relying […]

The post Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks appeared first on Cyber Security News.

Wiz Research has exposed that CodeBreach originated from unanchored regular expression patterns in CodeBuild webhook filters for the ACTOR_ID parameter, which should restrict builds to trusted GitHub user IDs. Without ^ and $ anchors, the filter matched any user ID containing an approved substring, allowing bypass via “eclipse” events where new, longer GitHub IDs incorporate […]

The post New AWS Console Supply Chain Attack Allows Hijack of AWS GitHub Repositories appeared first on Cyber Security News.

Threat actors are increasingly using trusted cloud and content delivery network platforms to host phishing kits, creating major detection challenges for security teams. Unlike traditional phishing campaigns that rely on newly registered suspicious domains, these attacks use legitimate infrastructure from providers like Google, Microsoft Azure, and AWS CloudFront. This approach allows hackers to bypass many […]

The post Hackers Abusing Legitimate Cloud and CDN Platforms to Host Phishing Kits appeared first on Cyber Security News.

Large language models have become deeply integrated into everyday business operations, from customer service chatbots to autonomous agents managing calendars, executing code, and handling financial transactions. This rapid expansion has created a critical security blind spot. Researchers have identified that attacks targeting these systems are not simple prompt injections as commonly believed, but rather sophisticated, […]

The post Promptware Kill Chain – Five-Step Kill Chain Model for Analyzing Cyberthreats appeared first on Cyber Security News.

Fortinet FortiSIEM vulnerability CVE-2025-64155 is under active exploitation, as confirmed by Defused through their honeypot deployments. This critical OS command injection flaw enables unauthenticated remote code execution, posing severe risks to enterprise security monitoring systems. CVE-2025-64155 stems from improper neutralization of special elements in OS commands within the FortiSIEM phMonitor service, which handles internal data […]

The post Fortinet FortiSIEM Vulnerability CVE-2025-64155 Actively Exploited in Attacks appeared first on Cyber Security News.

New York, United States, January 15th, 2026, CyberNewsWire BreachLock, a global leader in offensive security, today announced that its Adversarial Exposure Validation (AEV) solution now supports autonomous red teaming at the application layer, expanding beyond its initial network-layer capabilities introduced in early 2025.  BreachLock AEV’s generative AI-powered autonomous red teaming engine can now emulate real-world […]

The post BreachLock Expands Adversarial Exposure Validation (AEV) to Web Applications appeared first on Cyber Security News.