Cyber Security News

An international law enforcement operation led by the U.S. Justice Department has successfully dismantled SocksEscort, a massive residential proxy network. The malicious service compromised thousands of home and small business routers worldwide, enabling cybercriminals to mask their identities while executing large-scale financial fraud. The coordinated takedown resulted in the seizure of dozens of U.S.-registered internet […]

The post Authorities Dismantle Malicious Proxy Service Used to Deploy Malware Attacking Thousands of Users appeared first on Cyber Security News.

Apple has rolled out an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect older devices from a severe threat known as the ‘Coruna’ exploit kit. Released on March 11, 2026, this critical patch backports fixes from newer iOS versions, ensuring that users on legacy hardware are not left vulnerable to advanced cyberattacks. The […]

The post Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna’ Exploit Kit appeared first on Cyber Security News.

Menlo Park, California, USA, March 13th, 2026, CyberNewswire AI-HealthTech innovator Humata Health announced that it is partnering with AccuKnox, a leader in Code to Cognition Security, Zero Trust Cloud-Native Application Protection Platform (CNAPP), to streamline security for its SaaS platform.  Healthcare Security Requirements  To meet HIPAA mandates, the company adopted an on-prem deployment supported by AccuKnox. By […]

The post AI-HealthTech Innovator Humata Health Partners with AccuKnox for Zero Trust CNAPP appeared first on Cyber Security News.

Starbucks Corporation has confirmed a data breach affecting an undisclosed number of its employees, exposing highly sensitive personal and financial information after unauthorized actors gained access to internal partner accounts through a sophisticated phishing scheme. On or about February 6, 2026, Starbucks became aware of potential unauthorized access to certain Starbucks Partner Central accounts. Partner […]

The post Starbucks Data Breach – Hundreds of Users’ Personal Data Exposed appeared first on Cyber Security News.

A critical security update has been released for Backup & Replication software to fix severe vulnerabilities that could allow attackers to execute remote code and escalate privileges. Released on March 12, 2026, the latest security patch (Build 12.3.2.4465) is an essential update for administrators needing to secure their backup infrastructure against active threats. Consistently applying […]

The post Veeam Patches Multiple Critical RCE Vulnerabilities on Backup Server appeared first on Cyber Security News.

As cybercriminals continue to weaponize new vulnerabilities, the demand for continuous red-teaming and proactive security assessments has never been higher. Annual penetration tests are no longer enough to secure modern, complex environments. To help security teams stay ahead of advanced threat actors, Metasploit Pro 5.0.0 has officially been released. This major update delivers a fundamentally […]

The post Metasploit Pro 5.0.0 Released With Powerful New Modules and Critical Enhancements appeared first on Cyber Security News.

Google has released an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are being actively exploited in the wild. The stable channel has been updated to version 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux, with the rollout expected to reach users over the coming days and weeks. […]

The post Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code appeared first on Cyber Security News.

A critical warning has been issued about an active threat campaign targeting misconfigured Experience Cloud sites. The notorious threat actor group ShinyHunters has claimed responsibility for a massive data theft operation exploiting overly permissive guest user configurations, reportedly impacting hundreds of high-profile organizations. According to Salesforce’s Cyber Security Operations Center, this campaign does not rely […]

The post Salesforce Warns of ShinyHunters Group Exploiting Experience Cloud Sites appeared first on Cyber Security News.

Nine critical vulnerabilities have been discovered in AppArmor, which is a widely used mandatory access control framework for Linux. These vulnerabilities, collectively referred to as “CrackArmor,” enable unprivileged local users to escalate their privileges to root, break container isolation, and cause kernel operations to crash. This issue affects over 12.6 million enterprise Linux systems worldwide. […]

The post Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover appeared first on Cyber Security News.

A significant vulnerability in the GSSAPI Key Exchange patch was applied by numerous Linux distributions on top of their OpenSSH packages. The flaw, tracked as CVE-2026-3497, was uncovered by security researcher Jeremy Brown. It allows an attacker to crash SSH child processes reliably and potentially violates privilege separation boundaries, all with a single crafted network […]

The post OpenSSH GSSAPI Vulnerability Allow an Attacker to Crash SSH Child Processes appeared first on Cyber Security News.

Meta has launched a suite of advanced anti-scam tools across WhatsApp, Facebook, and Messenger to combat the growing industrialization of online fraud. These new defenses combine artificial intelligence, behavioral alerts, and global law enforcement partnerships to protect users proactively. To protect users from evolving social engineering tactics, Meta introduced specific warning mechanisms across its ecosystem. […]

The post Meta Launches New Anti-Scam Tools on WhatsApp, Facebook and Messenger appeared first on Cyber Security News.

Analysts at ANY.RUN has identified a sharp spike in phishing campaigns exploiting Microsoft’s OAuth Device Authorization Grant flow, with more than 180 malicious URLs detected within a single week. Unlike conventional credential harvesting, this technique routes victims through legitimate Microsoft authentication pages, making it substantially harder for security operations centers (SOCs) to catch the compromise […]

The post Attackers Hijack Microsoft 365 Accounts Through OAuth Device Code Abuse Without Stealing Passwords appeared first on Cyber Security News.

A critical vulnerability in the MediaTek Dimensity 7300 chipset allows a physical attacker to extract device PINs, decrypt on-device storage, and steal cryptocurrency wallet seed phrases in approximately 45 seconds, raising serious alarms for the roughly 25% of Android users whose devices rely on the affected chip. The vulnerability uncovered by Ledger’s Donjon security research […]

The post Critical MediaTek Vulnerability Lets Attackers Steal Android Phone PINs in 45 Seconds appeared first on Cyber Security News.

AI assistants have rapidly transformed daily operations, streamlining tasks for teams managing overloaded inboxes, client communications, and incident response. Tools like Microsoft Copilot integrate directly into daily workflows, summarizing emails and meetings while pulling context from across the Microsoft 365 ecosystem. However, this convenience introduces a novel security boundary that many organizations have not yet […]

The post Microsoft Copilot Email and Teams Summarization Vulnerability Enables Phishing Attacks appeared first on Cyber Security News.

A security advisory has been issued for a newly discovered vulnerability affecting the Cortex XDR Broker Virtual Machine (VM). This flaw could allow a highly privileged, authenticated attacker to access and alter sensitive system information. Fortunately, the issue was discovered internally, and there are currently no reports of active malicious exploitation in the wild. Paloalto […]

The post Paloalto Cortex XDR Broker Vulnerability Attackers to Obtain and Modify Sensitive Information appeared first on Cyber Security News.

The U.S. subsidiary of a Swedish telecommunications multinational has disclosed a data breach exposing the personal information of employees and customers. The incident did not occur on Ericsson’s internal network, but rather targeted one of the company’s third-party service providers. According to the breach notification letter, the unauthorized access occurred over a five-day window between […]

The post Ericsson US Discloses Data Breach – Hackers Stolen Employees and Customers Data appeared first on Cyber Security News.

Cisco has issued a high-severity security advisory warning organizations about two critical privilege-escalation vulnerabilities in its IOS XR Software. If exploited, these flaws could allow an authenticated, local attacker to execute arbitrary commands as root or gain full administrative control over affected routing devices. Both vulnerabilities were discovered during internal security testing by Cisco, and the […]

The post Cisco IOS XR Software Vulnerability Allow Attacker to Execute Commands as Root appeared first on Cyber Security News.

A critical security advisory has been released, warning users of a high-severity vulnerability affecting both Enterprise and Cloud platforms. Tracked as CVE-2026-20163, this flaw carries a CVSS score of 8.0. It enables attackers to perform Remote Command Execution (RCE) on targeted systems. The vulnerability stems from improper handling of user inputs when the system previews […]

The post Splunk RCE Vulnerability Allows Attackers to Execute Arbitrary Shell Commands appeared first on Cyber Security News.

Cybersecurity authorities have flagged a severe security flaw in SolarWinds Web Help Desk that requires immediate attention from system administrators. Tracked as CVE-2025-26399, this vulnerability allows malicious actors to execute unauthorized commands directly on the host machine. Because of its severity and active exploitation, the Cybersecurity and Infrastructure Security Agency (CISA) has officially added this […]

The post SolarWinds Web Help Desk Deserialization Vulnerability Enables Command Execution appeared first on Cyber Security News.

On March 10, 2026, Microsoft released security updates to address a critical vulnerability in its widely used Office suite. Tracked as CVE-2026-26110, this security flaw allows an unauthorized attacker to execute malicious code on a victim’s device. With a high severity rating and a CVSS base score of 8.4 out of 10, the vulnerability affects […]

The post Critical Microsoft Office Vulnerability Enables Remote Code Execution Attacks appeared first on Cyber Security News.