Cyber Security News

Linux has long been considered a more secure operating system than Windows, but that reputation is being tested. A ransomware group known as Pay2Key, attributed to Iranian threat actors, has developed a Linux variant that is actively targeting organizational servers, virtualization hosts, and cloud workloads. The malware was first detected in the wild in late […]

The post Linux Ransomware Pay2Key Attacking Servers, Virtualization Platforms, and Cloud Environments appeared first on Cyber Security News.

Security research team has uncovered a critical vulnerability in ClawHub, the public skills registry for the OpenClaw agentic ecosystem. This flaw allowed attackers to artificially inflate the download counts of malicious skills, thereby bypassing security checks and manipulating search rankings. By pushing a compromised skill to the top, threat actors could orchestrate massive supply-chain attacks […]

The post ClawHub Vulnerability Let Attackers Manipulate Rankings to Become the #1 Skill appeared first on Cyber Security News.

Passwordless authentication was supposed to mark the end of account takeovers. Designed to replace traditional passwords with cryptographic keys tied to physical devices, it promised a future where stolen credentials could no longer unlock user accounts. But a close examination of how Google has actually built its passkey ecosystem reveals something far more complex than […]

The post Google Authenticator’s Hidden Passkey Architecture Could Open New Passwordless Attack Paths appeared first on Cyber Security News.

The Federal Communications Commission (FCC) announced a major update to its Covered List, officially prohibiting the approval of new consumer-grade network routers produced in foreign countries. This regulatory action prevents these new devices from entering the United States market by denying them the required FCC equipment authorization. The decision stems from a determination by a […]

The post FCC Banned Foreign-made Consumer Routers Over Security Risks appeared first on Cyber Security News.

A widely used open-source Python library was compromised on the Python Package Index (PyPI). Versions 1.82.7 and 1.82.8 of the package, which route requests across various LLM providers and have over 95 million monthly downloads, were found to contain a sophisticated backdoor by security vendors Endor Labs and JFrog. The malicious code was injected directly into the […]

The post LiteLLM Python Package With 95 Million Downloads Compromised by TeamPCP Hackers appeared first on Cyber Security News.

Kali Linux 2026.1 has officially been released, marking the first major update of the year for the popular penetration testing distribution. Designed for professionals engaged in technical security research and vulnerability analysis, this update features modern aesthetic enhancements, notable advancements in mobile penetration testing, and a respectful nod to the platform’s history. Under the hood, […]

The post Kali Linux 2026.1 Released With 8 New Hacking Tools appeared first on Cyber Security News.

A sophisticated supply chain attack targeting Aqua Security’s widely used open-source vulnerability scanner, Trivy. A threat actor leveraged compromised credentials to distribute malicious releases, turning a trusted security tool into a mechanism for large-scale credential theft across CI/CD pipelines. The incident remains an ongoing and evolving investigation, with attackers actively weaponizing stolen credentials across the […]

The post Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack appeared first on Cyber Security News.

HackerOne recently disclosed a data breach affecting 287 of its employees following a cyberattack on its U.S. benefits administrator, Navia Benefit Solutions. The breach stemmed from a Broken Object Level Authorization (BOLA) vulnerability in Navia’s API, which exposed the sensitive personal and health information of approximately 2.7 million individuals nationwide. An unknown threat actor exploited […]

The post HackerOne Data Breach – Employees Data Stolen Following Navia Hack appeared first on Cyber Security News.

A recent security analysis has revealed how chaining seemingly minor logic flaws in Dell Wyse Management Suite (WMS) On-Premises can result in a complete system compromise. Security researchers demonstrated that combining two distinct vulnerabilities allows an unauthenticated attacker to bypass security controls and achieve remote code execution (RCE) on the management server.​ CVE-2026-22765 (CVSS 8.8): […]

The post Dell Wyse Management Vulnerabilities Enables Complete System Compromise appeared first on Cyber Security News.

Cybercriminals behind Tycoon2FA, a phishing-as-a-service (PhaaS) platform, have resumed targeting cloud accounts with near-full force despite a coordinated law enforcement takedown on March 4, 2026. Europol, working alongside authorities from six countries, seized 330 domains that formed the backbone of the platform’s infrastructure in what became one of the more visible efforts to disrupt a […]

The post Tycoon2FA Operators Resume Cloud Account Phishing After Infrastructure Disruption appeared first on Cyber Security News.

A threat actor known as TeamPCP has taken a sharp turn toward destruction with a new payload that goes far beyond credential theft or backdoor installation. The group, tracked as a cloud-native attacker since late 2025, has deployed a Kubernetes wiper that specifically targets systems configured for Iran — a geopolitical targeting tactic that marks […]

The post CanisterWorm Gets Destructive as TeamPCP Deploys Iran-Focused Kubernetes Wiper appeared first on Cyber Security News.

A persistent threat actor known as Larva-26002 has been continuously targeting poorly managed Microsoft SQL (MS-SQL) servers, this time deploying a new scanner malware called ICE Cloud Client. The campaign has been active since at least January 2024 and continues into 2026, with the attacker upgrading their tools with every cycle. What started as a […]

The post Threat Actors Continuously Attacking MS-SQL Servers to Deploy ICE Cloud Scanner appeared first on Cyber Security News.

Attackers have found a new way to push malware by weaponizing one of the most trusted everyday tools — Google Forms. A newly identified campaign is exploiting business-themed lures, including fake job interviews, project briefs, and financial documents, to deliver a Remote Access Trojan (RAT) known as PureHVNC onto victim machines. What sets this campaign […]

The post Google Forms Job Lures Deliver PureHVNC in New Multi-Stage Malware Campaign appeared first on Cyber Security News.

One of the world’s most dangerous state-backed hacking groups is actively targeting Remote Desktop Protocol (RDP) servers across critical infrastructure, defense organizations, and government agencies. The threat actor, known as APT-C-13 and widely tracked as Sandworm, APT44, Seashell Blizzard, and Voodoo Bear, has long been conducting cyber operations since at least 2009. Its latest campaign, […]

The post APT Hackers Attacking RDP Servers to Deploy Malicious Payloads and Establish Persistence appeared first on Cyber Security News.

A powerful iOS exploit toolkit known as DarkSword has been publicly leaked on GitHub, dramatically lowering the barrier for cybercriminals to target hundreds of millions of iPhones and iPads still running outdated software. Security researchers are sounding the alarm as the leak transforms what was once a sophisticated, state-linked offensive tool into an accessible attack […]

The post DarkSword Exploit Chain That Can Hack Millions of iPhones Leaked Online appeared first on Cyber Security News.

There is a version of threat monitoring that looks impressive on paper and fails in practice. High log ingestion volumes. Hundreds of detection rules. A dashboard full of metrics. And yet, attackers dwell in the environment for weeks or months completely undetected, moving laterally, exfiltrating data, preparing a payload.  The problem is not a lack of […]

The post Why Your Monitoring Program Is Letting Attackers Win  appeared first on Cyber Security News.

The rapid rise of generative AI has brought new security concerns that organizations can no longer afford to overlook. Microsoft has now outlined a detailed framework of security safeguards designed to protect generative AI models hosted on its Azure AI Foundry platform, addressing a growing threat that sits squarely at the intersection of software supply […]

The post Microsoft Details New Security Safeguards for Generative AI Models on Azure AI Foundry appeared first on Cyber Security News.

Luxembourg, Luxembourg, March 24th, 2026, CyberNewswire Gcore data highlights a threat landscape defined by newfound automated attack capabilities, scale, and frequency Gcore, the global infrastructure and software provider for AI, cloud, network, and security solutions, today announced the findings of its Q3-Q4 2025 Gcore Radar report DDoS attack trends. The report reveals growing attack volumes, […]

The post Gcore Radar report reveals 150% surge in DDoS attacks year-on-year appeared first on Cyber Security News.

The underground cybercriminal world saw a notable development on March 22, 2026, when a new Tor-based leak site called “ALP-001” appeared on the dark web, openly marketing itself as a “Data Leaks / Access Market.” The emergence of this platform points to a growing trend where established threat actors who traditionally sell corporate network access […]

The post New Data Leak Site Uncovered Linked to Active Initial Access Broker on Underground Forums appeared first on Cyber Security News.

The National Institute of Standards and Technology (NIST) has released NIST SP 1308, the “Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide”. Published in March 2026, this strategic document provides a structured methodology to integrate cybersecurity risk management (CSRM) into broader enterprise risk management (ERM) strategies. The guide emphasizes workforce planning to address the […]

The post NIST Releases Quick-Start Guide on Cybersecurity, Risk, and Workforce Management appeared first on Cyber Security News.