Cyber Security News

A critical authentication bypass vulnerability in SmarterTools SmarterMail is actively being exploited in the wild by attackers, according to security researchers at watchTowr Labs. The vulnerability, tracked as WT-2026-0001, allows unauthenticated attackers to reset the system administrator password without any validation, leading to complete system takeover. The flaw exists in the ForceResetPassword API endpoint, which is designed […]

The post Attackers Reverse‑Engineer Patch to Exploit SmarterMail Admin Bypass in the Wild appeared first on Cyber Security News.

Attackers have launched a widespread campaign called ClickFix that steals Facebook account credentials by tricking users into handing over their session tokens. Rather than using complex malware or software exploits, the attack relies on social engineering to guide victims through a fake verification process. This campaign has grown significantly since early 2025 and continues to […]

The post New ClickFix Campaign Hijacks Facebook Sessions Using Fake Verification Pages appeared first on Cyber Security News.

A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as CVE-2026-22755, affects dozens of camera models and poses significant risks to organizations relying on legacy surveillance infrastructure. The vulnerability exists in the upload_map.cgi script, where user-supplied filenames are processed through an unsanitized snprintf() function […]

The post Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code appeared first on Cyber Security News.

A new cluster of automated malicious activity targeting FortiGate firewall devices. Beginning January 15, 2026, threat actors have been observed executing unauthorized configuration changes, establishing persistence through generic accounts, and exfiltrating sensitive firewall configuration data. This campaign echoes a December 2025 incident involving malicious SSO logins shortly after Fortinet disclosed critical vulnerabilities CVE-2025-59718 and CVE-2025-59719. […]

The post FortiGate Firewalls Hacked in Automated Attacks to Steal Configuration Data appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after confirming active exploitation of a zero-day remote code execution (RCE) vulnerability in multiple Cisco Unified Communications products. Tracked as CVE-2026-20045, the flaw enables code injection attacks that grant attackers user-level access to the underlying OS, followed by full root privilege escalation. Added […]

The post CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A new malicious package on the Python Package Index (PyPI), named sympy-dev, has been caught impersonating the widely used SymPy library to deliver cryptomining malware. SymPy is a popular symbolic mathematics library that sees tens of millions of downloads every month, making it an attractive target for attackers looking to abuse developer trust and widespread adoption. […]

The post Malicious PyPI Package Mimic as Popular Sympy-Dev to Attack Millions of Users appeared first on Cyber Security News.

A high-severity vulnerability has been disclosed in BIND 9, the widely used DNS server software responsible for domain name resolution across millions of internet services. The vulnerability, tracked as CVE-2025-13878, enables remote attackers to crash DNS servers by sending specially crafted, malformed DNS records, potentially disrupting critical internet infrastructure and organizational services. The vulnerability stems […]

The post BIND 9 Vulnerability Allow Attackers to Crash Server by Sending Malicious Records appeared first on Cyber Security News.

Security researchers have identified a sophisticated multi-stage malware campaign targeting Windows systems through social engineering and weaponized cloud services. The attack employs business-themed documents as deceptive entry points, luring users into extracting compressed archives containing malicious shortcuts that execute PowerShell commands in the background. Once initiated, the infection chain systematically neutralizes Microsoft Defender before delivering […]

The post New Multi-Stage Windows Malware Disables Microsoft Defender Before Dropping Malicious Payloads appeared first on Cyber Security News.

A critical code-injection vulnerability has been identified in the Node.js binary-parser library, affecting all versions before 2.3.0. The flaw allows attackers to execute arbitrary JavaScript code if untrusted input is used to construct parser definitions, potentially compromising application integrity and system security. The binary-parser library, designed to facilitate writing efficient binary parsers in a simple, […]

The post Critical Vulnerability in Binary-Parser Library for Node.js Allows Malicious Code injection appeared first on Cyber Security News.

Cybersecurity researchers have uncovered two critical security flaws in Chainlit, a widely used open-source AI framework with over 700,000 monthly downloads. The vulnerabilities allow attackers to steal sensitive cloud credentials, leak database files, and take control of enterprise AI environments without user interaction. Zafran Labs identified these flaws affecting internet-facing deployments across enterprises. Both vulnerabilities […]

The post Critical Chainlit AI Vulnerabilities Let Hackers Gain Control Over Cloud Environments appeared first on Cyber Security News.

A dangerous Android malware campaign has emerged, targeting users through mobile games and pirated streaming app modifications. The threat, known as Android.Phantom, employs machine learning technology to perform automated ad-click fraud on infected smartphones. Over 155,000 downloads of compromised games have been recorded, with additional infections spreading through modified versions of Spotify, YouTube, Netflix, and […]

The post New AI-Android Malware that Auto Clicks Ads from the Infected Devices appeared first on Cyber Security News.

ClearFake has entered a new and more dangerous phase, turning a familiar fake CAPTCHA scam into a highly evasive malware delivery chain. Across hundreds of hacked websites, visitors now see what looks like a routine verification challenge, but behind the scenes the page is preparing to launch hidden code. Victims only need to follow simple […]

The post New ClearFake Campaign Leveraging Proxy Execution to Run PowerShell Commands via Trusted Window Feature appeared first on Cyber Security News.

Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability, CVE-2026-20045, actively exploited in the wild. Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access. The Cisco Product Security Incident Response Team (PSIRT) confirmed exploitation attempts and urged immediate patching. The […]

The post Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access appeared first on Cyber Security News.

A large-scale campaign is turning a trusted Windows security driver into a weapon that shuts down protection tools before ransomware and remote access malware are dropped. The attacks abuse truesight.sys, a kernel driver from Adlice Software’s RogueKiller antivirus, and use more than 2,500 validly signed variants to quietly disable endpoint detection and response (EDR) and […]

The post Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware appeared first on Cyber Security News.

The cybersecurity landscape has entered a dangerous new chapter with the discovery of VoidLink, the first documented advanced malware framework built almost entirely by artificial intelligence. Unlike earlier attempts where inexperienced hackers used AI to create basic malicious tools, VoidLink represents a turning point where sophisticated threat actors can now use AI to develop complex […]

The post New AI Malware Era Begins as Advanced VoidLink Malware Emerges as the First Fully AI-Driven Threat Framework appeared first on Cyber Security News.

Microsoft has confirmed it is actively investigating a new service incident affecting multiple core services within the Microsoft 365 ecosystem. The company acknowledged the disruption on Wednesday evening, following reports of connectivity issues and service degradation for users relying on its cloud-based productivity tools. The incident, tracked under Issue ID MO1220495, officially began on January […]

The post Microsoft Investigating Issue Impacting Exchange Online, Teams, and M365 Suite appeared first on Cyber Security News.

LockBit, one of the most dangerous ransomware groups in the world, has released its newest version despite facing serious law enforcement actions. The group’s operations continue moving forward, displaying fresh variants that target different computer systems and platforms. Recently, leaked materials and screenshots have provided security experts with a detailed look at how this criminal […]

The post Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants appeared first on Cyber Security News.

Boston, MA, USA, January 21st, 2026, CyberNewsWire Reflectiz today announced the release of its 2026 State of Web Exposure Research, revealing a sharp escalation in client‑side risk across global websites, driven primarily by third‑party applications, marketing tools, and unmanaged digital integrations. According to the new analysis of 4,700 leading websites, 64% of third‑party applications now […]

The post New Research Exposes Critical Gap: 64% of Third-Party Applications Access Sensitive Data Without Authorization appeared first on Cyber Security News.

A new Magecart-style campaign has emerged, targeting online shoppers through malicious JavaScript code designed to steal payment information directly from ecommerce websites. The attack works by injecting hidden scripts into compromised shopping sites, allowing attackers to intercept sensitive data when customers enter their credit card details during checkout. Magecart attacks represent a significant threat to […]

The post New Magecart Attack Inject Malicious JavaScript to Skim Payment Data appeared first on Cyber Security News.

A ransomware attack has reportedly exposed confidential internal documents at a major electronics manufacturer. The breach compromises the company’s critical role in Apple’s global supply chain, including AirPods manufacturing, iPhone production, and Vision Pro assembly. Threat actors have published internal documents revealing sensitive operational intelligence, including production workflows, security procedures, and supply chain protocols. Luxshare […]

The post Alleged Ransomware Attack on Apple’s Second-Largest Manufacturer Luxshare – Confidential Data Exposed appeared first on Cyber Security News.