Cyber Security News

The Internet Systems Consortium (ISC) has released a critical security advisory warning network administrators of a high-severity vulnerability affecting the Kea DHCP server. Tracked as CVE-2026-3608, this flaw allows unauthenticated remote attackers to trigger a stack overflow error. When successfully exploited, the vulnerability causes the receiving daemon to crash, resulting in a sudden and total […]

The post ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely appeared first on Cyber Security News.

A social engineering technique called ClickFix has resurfaced with significant force, tricking users on both Windows and macOS into manually executing malicious commands that quietly install malware on their devices. First documented in late 2023, the method has rapidly grown from a niche tactic into one of the most widely adopted initial access strategies across […]

The post New ClickFix Attack Leverage Windows Run Dialog Box and macOS Terminal to Deploy Malware appeared first on Cyber Security News.

A threat actor known as “Snow” from SnowTeam posted an advertisement on the Russian-speaking TierOne (T1) cybercrime forum on March 25, 2026, introducing a new criminal service called Leak Bazaar. The platform is not a traditional data leak site. Instead, it presents itself as a post-exfiltration processing service — one that takes raw stolen corporate […]

The post Leak Bazaar Turns Stolen Corporate Data Into a Structured Criminal Marketplace appeared first on Cyber Security News.

A new and technically advanced rootkit called VoidLink has emerged as a serious threat to Linux systems, blending Loadable Kernel Modules (LKMs) with extended Berkeley Packet Filter (eBPF) programs to hide deep inside the operating system’s core. First documented by Check Point Research in January 2026, VoidLink is a cloud-native Linux malware framework written in […]

The post VoidLink Rootkit Uses eBPF and Kernel Modules to Hide Deep Inside Linux Systems appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical security flaw affecting the Langflow platform to its Known Exploited Vulnerabilities (KEV) catalog on March 25, 2026. The vulnerability, tracked as CVE-2026-33017, involves a highly dangerous code injection issue that is currently being actively exploited in the wild. Langflow operates as a popular […]

The post CISA Warns of Langflow Code Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A critical local privilege escalation vulnerability has been identified in the IDrive Cloud Backup Client for Windows. Tracked as CVE-2026-1995, this local privilege escalation vulnerability affects the IDrive Cloud Backup Client for Windows, specifically targeting versions 7.0.0.63 and earlier. Security researchers at FRSecure discovered that weak permission configurations within the application’s directory could quickly lead to […]

The post IDrive for Windows Vulnerability Let Attackers Escalate Privileges appeared first on Cyber Security News.

A new malware campaign called GhostClaw is actively targeting macOS users through fake GitHub repositories and AI-assisted development workflows. The campaign uses social engineering disguised as legitimate developer tools to steal user credentials and drop secondary payloads on infected systems. GhostClaw first surfaced in early March 2026, when JFrog Security Research documented the initial campaign, […]

The post GhostClaw AI Assisted Malware Attacking macOS Users to Deploy Credential-Stealing Payloads appeared first on Cyber Security News.

Russian law enforcement has arrested the suspected administrator of LeakBase, a prominent international hacker forum. The operation, coordinated by the Russian Ministry of Internal Affairs (MVD) alongside the Bureau of Special Technical Measures (BSTM), dismantled a platform that traded in stolen personal data and compromised network access for four years. Authorities apprehended the suspect in […]

The post LeakBase Hacker Forum Admin Arrested in Russia by Law Enforcement Authorities appeared first on Cyber Security News.

A months-long investigation by Rapid7 Labs has exposed a sophisticated, state-sponsored espionage campaign by the China-nexus threat actor Red Menshen, which has embedded some of the most covert digital sleeper cells ever documented inside global telecommunications infrastructure. Released on March 26, 2026, the findings reveal a deliberate shift from opportunistic hacking to long-term pre-positioning within […]

The post Hackers Plant Stealthy BPFdoor Backdoors in Telecom Networks for Long-Term Access appeared first on Cyber Security News.

A China-based threat actor known as Silver Fox, also tracked as Void Arachne, has significantly evolved its attack approach since early 2025, shifting from deploying remote access trojans to distributing a custom Python-based stealer across South Asia. Active since at least 2022, the group first gained attention through mass infection campaigns that used SEO poisoning […]

The post Tax Audit Phishing Campaign Tied to Silver Fox Shifts From RATs to Python Stealers appeared first on Cyber Security News.

A new Malware-as-a-Service (MaaS) credential stealer named Torg Grabber has surfaced, showing remarkable development pace over just three months. Starting with simple Telegram-based data exfiltration, it matured into a fully encrypted REST API command-and-control (C2) infrastructure. With 334 samples compiled in that short period and more than 40 confirmed operator tags found in the binaries, […]

The post New Torg Grabber Stealer Moves From Telegram Exfiltration to Encrypted REST API C2 appeared first on Cyber Security News.

Multifactor authentication operates as a critical defense mechanism for securing user identities against targeted cyber attacks. Microsoft reports that implementing MFA effectively reduces the risk of account compromise by more than 99%. To expand these protections, Microsoft has announced the General Availability of external multifactor authentication for Microsoft Entra ID. This release removes previous platform […]

The post Microsoft Entra ID New Feature Removes MFA Limitations for Users appeared first on Cyber Security News.

OpenAI has announced the launch of a public Safety Bug Bounty program to identify AI abuse and safety risks across its products. Hosted on Bugcrowd, the new initiative marks a significant step in the company’s efforts to address vulnerabilities that fall outside the scope of traditional security flaws but still pose real-world harm potential. The […]

The post OpenAI Launches AI Safety Bug Bounty to Detect AI-Specific Vulnerabilities appeared first on Cyber Security News.

A newly discovered malware loader called Kiss Loader has emerged as a serious threat, using advanced code injection techniques to quietly infiltrate Windows systems without raising alarms. First spotted in early March 2026, it marks the beginning of a carefully built attack campaign that was still actively under development when researchers first caught it. Kiss […]

The post New Kiss Loader Malware Uses Early Bird APC Injection in Emerging Attack Campaign appeared first on Cyber Security News.

A new and carefully crafted software supply chain campaign is targeting developers through the npm package registry, using fake installation messages to hide malicious activity. The campaign, which security researchers have named the “Ghost campaign,” began in early February 2026 and relies on a set of npm packages built to deceive developers into surrendering their […]

The post Fake npm Install Messages Hide RAT Malware in New Open Source Supply Chain Campaign appeared first on Cyber Security News.

A large-scale phishing campaign is targeting software developers on GitHub, using fake Visual Studio Code security alerts posted in GitHub Discussions to trick users into downloading malicious software. The attacks are designed to look like legitimate security advisories, warning developers of critical vulnerabilities in VS Code and urging them to install a so-called “patched” version […]

The post Fake VS Code Security Alerts on GitHub Used to Push Malware in Widespread Phishing Campaign appeared first on Cyber Security News.

A sophisticated evolution of Kerberoasting dubbed the “Ghost SPN” attack that allows adversaries to extract Active Directory credentials while erasing all traces of their activity, rendering traditional detection models effectively blind to the intrusion. The attack revealed by Trellix security researchers utilizes delegated administrative permissions, creating temporary exposure windows. Kerberoasting is a well-documented post-exploitation technique […]

The post Ghost SPN Attack Lets Hackers Conduct Stealthy Kerberoasting Under the Radar appeared first on Cyber Security News.

A sophisticated and long-running cyber espionage campaign, tracked as CL-STA-1087, has been quietly targeting military organizations across Southeast Asia since at least 2020. The operation, assessed with moderate confidence to be linked to a China-aligned threat actor, focuses on collecting strategic and operational intelligence rather than simply stealing large amounts of data. The attackers prioritized staying […]

The post China-Linked Hackers Breach Southeast Asian Military Systems in Long-Running Spy Campaign appeared first on Cyber Security News.

A sophisticated multi-stage malware campaign has surfaced, deploying obfuscated Visual Basic Script (VBS) files, PNG-embedded loaders, and remote access trojans (RATs) to target systems without leaving a trace on disk. What began as a routine endpoint detection in early 2026 quickly revealed itself to be far more organized than a single opportunistic attack, exposing a […]

The post Open Directory Malware Campaign Uses Obfuscated VBS, PNG Loaders and RAT Payloads appeared first on Cyber Security News.

The internet has seen a sharp rise in botnet-driven threats over the past year, with much of the activity tracing back to one of the most influential malware families in modern history — Mirai. First discovered in 2016, Mirai was built to scan the internet for Internet of Things (IoT) devices running on ARC processors, […]

The post Mirai-Based Botnets Evolve Into Massive DDoS and Proxy Abuse Threat appeared first on Cyber Security News.