serisec

Category: Cyber Security

  • 10 Best Spam Filter Tools 2026

    10 Best Spam Filter Tools 2026 Spam filter tools use advanced algorithms and machine learning techniques to detect and block unwanted email messages. They analyze email content, sender reputation, and patterns to effectively identify and filter out spam, ensuring inboxes remain clutter-free. These tools offer customizable filtering rules, allowing users to set specific criteria for…

  • 10 Best Log Monitoring Tools in 2026

    10 Best Log Monitoring Tools in 2026 As enterprises adopt more cloud-native technologies, containers, and microservices-based architectures, log monitoring and management are now critical. According to many market research assessments, the global log management industry is anticipated to increase from $1.9 billion in 2020 to $4.1 billion in 2026. This expansion is driven by the increased…

  • Hackers Probe Citrix NetScaler Instances Ahead of Likely CVE-2026-3055 Exploitation

    Hackers Probe Citrix NetScaler Instances Ahead of Likely CVE-2026-3055 Exploitation Cybersecurity researchers are sounding the alarm over imminent in-the-wild exploitation of a recently disclosed critical vulnerability in Citrix NetScaler ADC and Gateway appliances. Threat intelligence firm watchTowr and Defused Cyber have detected active reconnaissance campaigns specifically targeting CVE-2026-3055, a high-severity memory overread flaw that could…

  • Cybersecurity Companies’ Stocks Fall as Anthropic Tests Powerful New Model

    Cybersecurity Companies’ Stocks Fall as Anthropic Tests Powerful New Model Cybersecurity stocks declined sharply on Friday following revelations that Anthropic has begun testing “Mythos,” an extraordinarily powerful new AI model with advanced vulnerability-discovery capabilities. Anthropic is actively trialing a new tier of artificial intelligence models codenamed “Capybara,” with the flagship model operating under the moniker…

  • CISA Warns of F5 BIG-IP Vulnerability Actively Exploited in Attacks

    CISA Warns of F5 BIG-IP Vulnerability Actively Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability affecting F5 BIG-IP systems to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw is being actively leveraged in real-world attacks. The vulnerability, tracked as CVE-2025-53521, was officially listed on…

  • European Commission Confirms Cyberattack Following AWS Account Hack

    European Commission Confirms Cyberattack Following AWS Account Hack The European Commission has officially confirmed a cyberattack following a targeted cyberattack that compromised its Amazon Web Services (AWS) account. Discovered on March 24, the intrusion specifically affected the external cloud environment that hosts the Commission’s public web presence on the Europa.eu platform. Despite the severity of…

  • Windows 11 and Server 2025 Update to Block Untrusted Cross-Signed Kernel Drivers by Default

    Windows 11 and Server 2025 Update to Block Untrusted Cross-Signed Kernel Drivers by Default Microsoft is taking a major step to harden the Windows operating system against kernel-level threats by removing trust for drivers signed by the deprecated cross-signed root program. Starting with the April 2026 update, Windows 11 and Windows Server 2025 will block…

  • CISA Adds Aquasecurity Trivy Scanner Vulnerability to KEV Catalog

    CISA Adds Aquasecurity Trivy Scanner Vulnerability to KEV Catalog CISA has officially added a critical vulnerability affecting Aquasecurity’s Trivy scanner to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2026-33634, this alarming security flaw poses a severe risk to software development pipelines. By exploiting this vulnerability, threat actors can gain unauthorized access to highly sensitive…

  • FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers

    FBI Chief Kash Patel’s Gmail Account was Hacked by Iranian Hackers Iran-linked hackers have claimed responsibility for breaching FBI Director Kash Patel’s personal Gmail inbox, leaking photographs, documents, and email correspondence online. The hacker group Handala Hack Team announced the breach on their website, declaring that Patel “will now find his name among the list…

  • New Silver Fox Campaign Hits Japanese Businesses With Tax-Themed Phishing Lures

    New Silver Fox Campaign Hits Japanese Businesses With Tax-Themed Phishing Lures Japan’s tax season has become a hunting ground for a well-organized threat actor known as Silver Fox. As Japanese companies enter their annual cycle of tax filing, salary reviews, and personnel changes, this group is taking full advantage of the moment — sending highly…

  • Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information

    Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information Cloud Software Group has issued a critical security bulletin detailing two newly discovered vulnerabilities affecting customer-managed NetScaler ADC and NetScaler Gateway appliances. These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow remote attackers to leak sensitive information or cause user session mixups. Network…

  • Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer Malware on macOS Systems

    Fake Cloudflare CAPTCHA Pages Spread Infiniti Stealer Malware on macOS Systems A new macOS malware that was undocumented previously, is quietly tricking users through fake Cloudflare human verification pages. Called Infiniti Stealer, this threat uses a well-known social engineering trick called ClickFix to convince Mac users into running dangerous commands directly on their own machines,…

  • New Windows Error Reporting Vulnerability Lets Attackers Escalate to Gain SYSTEM Access

    New Windows Error Reporting Vulnerability Lets Attackers Escalate to Gain SYSTEM Access A newly analyzed local privilege escalation vulnerability in the Windows Error Reporting (WER) service allows attackers to easily gain full SYSTEM access. The flaw, tracked as CVE-2026-20817, was considered so structurally dangerous that Microsoft completely removed the vulnerable feature rather than attempting a…

  • ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely

    ISC Warns of High-Severity Kea DHCP Flaw That Can Crash Services Remotely The Internet Systems Consortium (ISC) has released a critical security advisory warning network administrators of a high-severity vulnerability affecting the Kea DHCP server. Tracked as CVE-2026-3608, this flaw allows unauthenticated remote attackers to trigger a stack overflow error. When successfully exploited, the vulnerability…

  • Anthropic’s Leaked Drafts Expose Powerful New AI Model “Claude Mythos”

    Anthropic’s Leaked Drafts Expose Powerful New AI Model “Claude Mythos” Anthropic has inadvertently exposed highly sensitive internal documents, revealing the existence of a powerful, unreleased AI model dubbed “Claude Mythos.” The leak, which stems from an unsecured and publicly searchable data cache, has raised immediate alarms within the cybersecurity community, particularly due to internal assessments…

  • Fake npm Install Messages Hide RAT Malware in New Open Source Supply Chain Campaign

    Fake npm Install Messages Hide RAT Malware in New Open Source Supply Chain Campaign A new and carefully crafted software supply chain campaign is targeting developers through the npm package registry, using fake installation messages to hide malicious activity. The campaign, which security researchers have named the “Ghost campaign,” began in early February 2026 and…

  • Fake VS Code Security Alerts on GitHub Used to Push Malware in Widespread Phishing Campaign

    Fake VS Code Security Alerts on GitHub Used to Push Malware in Widespread Phishing Campaign A large-scale phishing campaign is targeting software developers on GitHub, using fake Visual Studio Code security alerts posted in GitHub Discussions to trick users into downloading malicious software. The attacks are designed to look like legitimate security advisories, warning developers…

  • Ghost SPN Attack Lets Hackers Conduct Stealthy Kerberoasting Under the Radar

    Ghost SPN Attack Lets Hackers Conduct Stealthy Kerberoasting Under the Radar A sophisticated evolution of Kerberoasting dubbed the “Ghost SPN” attack that allows adversaries to extract Active Directory credentials while erasing all traces of their activity, rendering traditional detection models effectively blind to the intrusion. The attack revealed by Trellix security researchers utilizes delegated administrative…

  • China-Linked Hackers Breach Southeast Asian Military Systems in Long-Running Spy Campaign

    China-Linked Hackers Breach Southeast Asian Military Systems in Long-Running Spy Campaign A sophisticated and long-running cyber espionage campaign, tracked as CL-STA-1087, has been quietly targeting military organizations across Southeast Asia since at least 2020. The operation, assessed with moderate confidence to be linked to a China-aligned threat actor, focuses on collecting strategic and operational intelligence rather…

  • Open Directory Malware Campaign Uses Obfuscated VBS, PNG Loaders and RAT Payloads

    Open Directory Malware Campaign Uses Obfuscated VBS, PNG Loaders and RAT Payloads A sophisticated multi-stage malware campaign has surfaced, deploying obfuscated Visual Basic Script (VBS) files, PNG-embedded loaders, and remote access trojans (RATs) to target systems without leaving a trace on disk. What began as a routine endpoint detection in early 2026 quickly revealed itself…

  • LiteLLM Python Package With 95 Million Downloads Compromised by TeamPCP Hackers

    LiteLLM Python Package With 95 Million Downloads Compromised by TeamPCP Hackers A widely used open-source Python library was compromised on the Python Package Index (PyPI). Versions 1.82.7 and 1.82.8 of the package, which route requests across various LLM providers and have over 95 million monthly downloads, were found to contain a sophisticated backdoor by security…

  • Kali Linux 2026.1 Released With 8 New Hacking Tools

    Kali Linux 2026.1 Released With 8 New Hacking Tools Kali Linux 2026.1 has officially been released, marking the first major update of the year for the popular penetration testing distribution. Designed for professionals engaged in technical security research and vulnerability analysis, this update features modern aesthetic enhancements, notable advancements in mobile penetration testing, and a…

  • Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack

    Aqua Security’s Trivy Scanner Compromised in Supply Chain Attack A sophisticated supply chain attack targeting Aqua Security’s widely used open-source vulnerability scanner, Trivy. A threat actor leveraged compromised credentials to distribute malicious releases, turning a trusted security tool into a mechanism for large-scale credential theft across CI/CD pipelines. The incident remains an ongoing and evolving…

  • HackerOne Data Breach – Employees Data Stolen Following Navia Hack

    HackerOne Data Breach – Employees Data Stolen Following Navia Hack HackerOne recently disclosed a data breach affecting 287 of its employees following a cyberattack on its U.S. benefits administrator, Navia Benefit Solutions. The breach stemmed from a Broken Object Level Authorization (BOLA) vulnerability in Navia’s API, which exposed the sensitive personal and health information of…

  • Dell Wyse Management Vulnerabilities Enables Complete System Compromise

    Dell Wyse Management Vulnerabilities Enables Complete System Compromise A recent security analysis has revealed how chaining seemingly minor logic flaws in Dell Wyse Management Suite (WMS) On-Premises can result in a complete system compromise. Security researchers demonstrated that combining two distinct vulnerabilities allows an unauthenticated attacker to bypass security controls and achieve remote code execution…

  • New Data Leak Site Uncovered Linked to Active Initial Access Broker on Underground Forums

    New Data Leak Site Uncovered Linked to Active Initial Access Broker on Underground Forums The underground cybercriminal world saw a notable development on March 22, 2026, when a new Tor-based leak site called “ALP-001” appeared on the dark web, openly marketing itself as a “Data Leaks / Access Market.” The emergence of this platform points…

  • NIST Releases Quick-Start Guide on Cybersecurity, Risk, and Workforce Management

    NIST Releases Quick-Start Guide on Cybersecurity, Risk, and Workforce Management The National Institute of Standards and Technology (NIST) has released NIST SP 1308, the “Cybersecurity, Enterprise Risk Management, and Workforce Management Quick-Start Guide”. Published in March 2026, this strategic document provides a structured methodology to integrate cybersecurity risk management (CSRM) into broader enterprise risk management…

  • Roundcube Webmail Security Updates Patches Multiple Critical Vulnerabilities

    Roundcube Webmail Security Updates Patches Multiple Critical Vulnerabilities A widely used open-source web-based IMAP email client, Roundcube Webmail, has released version 1.6.14, delivering critical security patches to fix multiple severe vulnerabilities in the 1.6.x branch. The release resolves a complex range of security issues, spanning from pre-authentication arbitrary file write risks to cross-site scripting (XSS)…

  • Chrome Security Update Fixes 8 Vulnerabilities Allowing Remote Code Execution

    Chrome Security Update Fixes 8 Vulnerabilities Allowing Remote Code Execution Google has rolled out an urgent security update for the Chrome browser to address eight high-severity vulnerabilities. These newly patched security flaws could allow threat actors to execute arbitrary code remotely, posing a significant risk to user data and system integrity. The stable channel is…

  • New CanisterWorm Steals npm Tokens and Spreads Through Compromised Publisher Accounts

    New CanisterWorm Steals npm Tokens and Spreads Through Compromised Publisher Accounts A new wave of supply chain attacks is hitting the npm ecosystem through a self-propagating malware campaign known as CanisterWorm. The threat, linked to a group tracked as “TeamPCP,” compromises legitimate publisher namespaces and pushes poisoned package versions, effectively turning trusted developer tools into…

  • CISA Warns of Apple Vulnerabilities Linked to DarkSword iOS Exploit Chain Exploited in Attacks

    CISA Warns of Apple Vulnerabilities Linked to DarkSword iOS Exploit Chain Exploited in Attacks An urgent warning regarding three critical Apple vulnerabilities that threat actors are actively exploiting in the wild. These security flaws, officially tracked as CVE-2025-31277, CVE-2025-43510, and CVE-2025-43520, were recently added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Security researchers have linked…

  • Copyright-Themed Lures Deliver Multi-Stage PureLog Stealer in New Credential Theft Campaign

    Copyright-Themed Lures Deliver Multi-Stage PureLog Stealer in New Credential Theft Campaign A new malware campaign is targeting organizations across healthcare, government, education, and hospitality sectors using cleverly disguised copyright violation notices to deliver PureLog Stealer, a powerful information-stealing malware. The campaign, first analyzed in March 2026, tricks victims into executing a malicious file that looks…

  • Microsoft Emergency Out-of-Band Update for Windows 11 to Fix Microsoft Account Sign-In Failure

    Microsoft Emergency Out-of-Band Update for Windows 11 to Fix Microsoft Account Sign-In Failure Microsoft has issued an out-of-band (OOB) update for Windows 11 versions 25H2 and 24H2, identified as KB5085516, addressing a critical sign-in bug introduced by the March 2026 Patch Tuesday release. The update carries OS builds 26200.8039 and 26100.8039 and was made available…

  • Crunchyroll Data Breach — Threat Actor Claims Exfiltration of 100 GB of User Data

    Crunchyroll Data Breach — Threat Actor Claims Exfiltration of 100 GB of User Data A threat actor has allegedly exfiltrated approximately 100 GB of personally identifiable information (PII) from Crunchyroll, the Sony-owned anime streaming giant, after gaining access through a compromised employee at the platform’s outsourcing partner, Telus. The breach, which reportedly occurred on March…

  • Hackers Compromise Trivy Scanner to Inject malicious Scripts and Steal Login Credentials

    Hackers Compromise Trivy Scanner to Inject malicious Scripts and Steal Login Credentials A sophisticated supply chain attack targeting the official Trivy GitHub Action (aquasecurity/trivy-action) has compromised continuous integration and continuous deployment (CI/CD) pipelines globally. Disclosed in late March 2026, this incident marks the second distinct compromise affecting the Trivy ecosystem within a single month. Threat…

  • FBI, CISA Warn Russian Hackers Are Targeting High-Value Individuals Through Signal

    FBI, CISA Warn Russian Hackers Are Targeting High-Value Individuals Through Signal The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released a joint cybersecurity advisory regarding a widespread phishing campaign. The alert warns that Russian Intelligence Services are actively targeting users of encrypted messaging applications, primarily Signal. The…

  • Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution

    Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution Google has released a substantial security update for its Chrome web browser, addressing 26 distinct vulnerabilities that could allow unauthenticated attackers to execute malicious code remotely. The latest Stable channel update rolls out versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS, while Linux users will…

  • Oracle Issues Urgent Security Update for Critical RCE Flaw in Identity Manager and Web Services Manager

    Oracle Issues Urgent Security Update for Critical RCE Flaw in Identity Manager and Web Services Manager Oracle has issued an out-of-band Security Alert addressing a critical remote code execution (RCE) vulnerability, CVE-2026-21992, affecting two widely deployed Fusion Middleware components, Oracle Identity Manager and Oracle Web Services Manager. The vulnerability carries a CVSS 3.1 base score…

  • Anthropic Launches Projects Feature for Claude Cowork Desktop

    Anthropic Launches Projects Feature for Claude Cowork Desktop Anthropic is expanding Claude Cowork Desktop with a new Projects feature designed to keep files, instructions, and task context organized inside a single workspace. For paid users, the update makes it easier to start from scratch, import an existing chat, or connect a local folder so Claude…

  • Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins

    Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins Microsoft has acknowledged a significant bug introduced by its March 2026 cumulative update that is preventing users from signing into Microsoft Teams Free, OneDrive, and several other Microsoft applications on Windows 11 devices. The issue, tied to the KB5079473 update released on March 10, 2026,…

  • Apex – AI-Powered Pentester Attacks Apps in Black-Box Mode to Find Vulnerabilities

    Apex – AI-Powered Pentester Attacks Apps in Black-Box Mode to Find Vulnerabilities Apex is an autonomous, AI-powered penetration testing agent designed to operate in black-box mode against live applications. It does not require access to source code, hints, or predefined attack paths. This enables it to discover, chain, and verify real-world vulnerabilities at the speed…

  • SILENTCONNECT Uses VBScript, PowerShell and PEB Masquerading to Deploy ScreenConnect

    SILENTCONNECT Uses VBScript, PowerShell and PEB Masquerading to Deploy ScreenConnect SILENTCONNECT is a newly discovered multi-stage malware loader that has been silently targeting Windows machines since at least March 2025. It uses VBScript, in-memory PowerShell execution, and PEB masquerading to install the ConnectWise ScreenConnect remote monitoring and management tool on victim systems. Once deployed, ScreenConnect…

  • Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’

    Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’ A Russian state-linked threat actor has launched a targeted cyberattack against a Ukrainian government agency, exploiting a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite to steal credentials and sensitive email data. Dubbed “Operation GhostMail,” the campaign stands out for its complete absence…

  • Authorities Disrupt IoT Botnet Infrastructure Behind Record-Breaking 30 Tbps DDoS Attacks

    Authorities Disrupt IoT Botnet Infrastructure Behind Record-Breaking 30 Tbps DDoS Attacks Authorities have successfully dismantled the command-and-control (C2) infrastructure powering four massive Internet of Things (IoT) botnets. The U.S. Justice Department, collaborating closely with Canadian and German agencies, targeted the administrators and architecture behind the Aisuru, KimWolf, JackSkid, and Mossad botnets. Together, these malicious networks…

  • CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks

    CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-66376, this security flaw is currently facing active exploitation in the wild. Organizations utilizing Zimbra must urgently prioritize remediation to prevent unauthorized access and…

  • WaterPlum Deploys New ‘StoatWaffle’ Malware in VSCode-Based Supply Chain Campaign

    WaterPlum Deploys New ‘StoatWaffle’ Malware in VSCode-Based Supply Chain Campaign A North Korea-linked hacking group known as WaterPlum has introduced a dangerous new malware called StoatWaffle, deploying it through compromised Visual Studio Code (VSCode) repositories disguised as legitimate blockchain development projects to silently infiltrate developer machines.​ WaterPlum has been running a campaign known as “Contagious…

  • CISA Warns of Microsoft SharePoint Vulnerability Exploited in Attacks

    CISA Warns of Microsoft SharePoint Vulnerability Exploited in Attacks A critical security flaw in Microsoft SharePoint has been identified as actively exploited, and on March 18, 2026, the vulnerability was officially added to the Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that threat actors are actively exploiting the flaw in real-world network attacks, prompting…

  • New SnappyClient Implant Combines Remote Access, Data Theft and Advanced Evasion

    New SnappyClient Implant Combines Remote Access, Data Theft and Advanced Evasion A dangerous new malware implant called SnappyClient has quietly emerged as a serious threat to Windows users, combining remote access, data theft, and sophisticated evasion techniques in one compact C++ package. First spotted in December 2025, this command-and-control (C2) framework implant can log keystrokes,…

  • Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware

    Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware An active campaign by the Interlock ransomware group is exploiting a critical zero-day vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability may allow an unauthenticated remote attacker to execute arbitrary Java code with root privileges on an affected device.…

  • New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data

    New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data A sophisticated full-chain iOS exploit kit dubbed DarkSword, actively deployed by multiple commercial surveillance vendors and state-sponsored threat actors since at least November 2025 to steal sensitive personal data from iPhone users across four countries. DarkSword is a full-chain iOS exploit that…

  • Boggy Serpens Targets Diplomats and Critical Infrastructure in Multi-Wave Espionage Campaign

    Boggy Serpens Targets Diplomats and Critical Infrastructure in Multi-Wave Espionage Campaign A well-resourced Iranian nation-state group known as Boggy Serpens — also tracked as MuddyWater — has sharply escalated its cyberespionage operations, running sustained and targeted campaigns against diplomatic missions, energy companies, maritime operators, and financial institutions. Attributed to Iran’s Ministry of Intelligence and Security…

  • Attackers Abuse Court Documents, GitHub Payloads to Infect Judicial Targets With COVERT RAT

    Attackers Abuse Court Documents, GitHub Payloads to Infect Judicial Targets With COVERT RAT A new wave of targeted attacks is quietly hitting Argentina’s judicial system, using fake court documents to lure legal professionals into installing a dangerous piece of malware. The campaign, formally called Operation Covert Access, deploys a Rust-built Remote Access Trojan known as…

  • Microsoft to Stop Force Installation of 365 Copilot App on Windows Devices

    Microsoft to Stop Force Installation of 365 Copilot App on Windows Devices Microsoft has temporarily halted the automatic installation of the Microsoft 365 Copilot app on Windows devices. According to a recent update in the Microsoft 365 Message Center on March 16, 2026, the company paused the mandatory rollout, originally scheduled to be completed late…

  • ‘RegPwn’ Windows Registry Vulnerability Enables Full System Access to Attackers

    ‘RegPwn’ Windows Registry Vulnerability Enables Full System Access to Attackers A high-severity Windows vulnerability dubbed “RegPwn” (CVE-2026-24291) is an elevation-of-privilege flaw that allows low-privileged users to gain full SYSTEM access. The MDSec red team discovered the vulnerability and successfully used it in internal engagements since January 2025, before it was addressed in a recent Microsoft…

  • Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access

    Critical FortiClient SQL Injection Vulnerability Enables Arbitrary Database Access A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS). Tracked as CVE-2026-21643, this severe flaw carries a CVSS score of 9.1. It allows unauthenticated attackers to execute arbitrary SQL commands and access sensitive database information. The issue specifically affects FortiClient EMS version 7.4.4…

  • CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks

    CISA Warns of Chrome 0-Day Vulnerabilities Exploited in Attacks An urgent warning regarding two highly critical zero-day vulnerabilities affecting Google Chrome and related products. These flaws have been officially added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, indicating that malicious hackers are actively exploiting them in the wild. With the deadline for federal agencies to…

  • Attackers Hijacking Legitimate Websites to Attack Microsoft Teams users

    Attackers Hijacking Legitimate Websites to Attack Microsoft Teams users A multi-vector phishing campaign using compromised WordPress sites to steal login credentials from Microsoft Teams and Xfinity users. By hijacking these trusted sites, attackers can bypass security filters and trick victims into disclosing sensitive information. The threat actors are not relying on a single method to…

  • Malicious npm Packages Deliver PylangGhost RAT in New Software Supply Chain Campaign

    Malicious npm Packages Deliver PylangGhost RAT in New Software Supply Chain Campaign A remote access trojan known as PylangGhost has appeared on the npm registry for the first time, concealed inside two malicious JavaScript packages. The malware, first publicly disclosed by Cisco Talos in June 2025 and attributed to the North Korean state-sponsored threat group…

  • Phishers Abuse LiveChat Support Tools to Steal Sensitive Data in New SaaS-Based Attack Tactic

    Phishers Abuse LiveChat Support Tools to Steal Sensitive Data in New SaaS-Based Attack Tactic A newly identified phishing campaign is turning legitimate customer service software into a weapon for stealing sensitive user data. Attackers have been found abusing LiveChat, a widely used Software-as-a-Service (SaaS) platform that businesses rely on for real-time customer support, to carry…

  • Researchers Decrypt and Exploit Encrypted Palo Alto Cortex XDR BIOC Rules

    Researchers Decrypt and Exploit Encrypted Palo Alto Cortex XDR BIOC Rules Cybersecurity researchers have uncovered a critical evasion flaw in Palo Alto Networks’ Cortex XDR agent that allowed attackers to bypass behavioral detections completely. By reverse-engineering these encrypted rules, the InfoGuard Labs team discovered hardcoded global whitelists that enabled threat actors to execute malicious actions…

  • Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services

    Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services A set of nine novel cross-tenant vulnerabilities in Google Looker Studio, collectively dubbed “LeakyLooker,” that could have allowed attackers to run arbitrary SQL queries, exfiltrate sensitive data, and even modify or delete records across Google Cloud environments, all without victims granting explicit permission.…

  • Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability

    Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability Microsoft has announced a two-phase plan to disable the hands-free deployment feature in Windows Deployment Services (WDS) following the discovery of a critical remote code execution (RCE) vulnerability tracked as CVE-2026-0386. The flaw, rooted in improper access control, allows an unauthenticated…

  • Meta to Permanently Remove End-to-End Encryption Feature in Instagram DMs

    Meta to Permanently Remove End-to-End Encryption Feature in Instagram DMs Meta has confirmed it will permanently remove end-to-end encryption (E2EE) support from Instagram direct messages, with the feature officially shutting down after May 8, 2026. The announcement, quietly posted on Instagram’s Help Center support page, marks a significant reversal from Meta’s earlier commitment to privacy-focused…

  • Microsoft Releases Out-of-Band Patch For Critical RRAS RCE Vulnerabilities in Windows 11

    Microsoft Releases Out-of-Band Patch For Critical RRAS RCE Vulnerabilities in Windows 11 Microsoft released an out-of-band hotpatch update on March 13, 2026, addressing serious security vulnerabilities in Windows 11 versions 24H2 and 25H2. Tracked as KB5084597 and targeting OS Builds 26200.7982 and 26100.7982, this update patches three actively concerning flaws in the Windows Routing and…

  • FortiGate Firewalls Exploited in Wave of Attacks to Breach Networks and Steal Credentials

    FortiGate Firewalls Exploited in Wave of Attacks to Breach Networks and Steal Credentials A series of intrusions in early 2026 in which threat actors compromised FortiGate Next-Generation Firewalls (NGFW) to establish persistent footholds within enterprise environments. Each case was intercepted during the lateral movement phase before the attackers could fully achieve their objectives. The attack…

  • Malicious npm Packages Posing as Solara Executor Target Discord, Browsers, and Crypto Wallets

    Malicious npm Packages Posing as Solara Executor Target Discord, Browsers, and Crypto Wallets JFrog security researchers Guy Korolevski and Meitar Palas uncovered a sophisticated supply chain attack on the npm ecosystem on March 12, 2026, in which threat actors disguised an information-stealing malware as a legitimate Roblox script executor. The campaign, self-named Cipher stealer, used…

  • GlassWorm Campaign Uses 72 Malicious Open VSX Extensions to Broaden Reach

    GlassWorm Campaign Uses 72 Malicious Open VSX Extensions to Broaden Reach In a major escalation of supply chain attacks, the GlassWorm malware campaign has evolved to infect developer environments using transitive dependencies. On March 13, 2026, the Socket Research Team reported identifying at least 72 new malicious Open VSX extensions linked to this campaign. Instead…

  • Critical LangSmith Account Takeover Vulnerability Puts Users at Risk

    Critical LangSmith Account Takeover Vulnerability Puts Users at Risk Miggo Security researchers have identified a critical vulnerability in LangSmith, tracked as CVE-2026-25750, that exposes users to potential token theft and complete account takeover. As a central hub for debugging and monitoring large language model data, LangSmith processes billions of events daily, making this a high-stakes…

  • Authorities Crack Down on 45,000 Malicious IPs Powering Ransomware Attacks

    Authorities Crack Down on 45,000 Malicious IPs Powering Ransomware Attacks In a massive international crackdown on cybercrime, law enforcement agencies from 72 countries have successfully dismantled over 45,000 malicious IP addresses and servers. Coordinated by INTERPOL, “Operation Synergia III” targeted the critical infrastructure behind devastating ransomware, malware, and phishing campaigns worldwide. Running from July 18,…

  • Microsoft Confirms Windows 11 24H2/25H2 Bug Blocks Access to the System Drive C

    Microsoft Confirms Windows 11 24H2/25H2 Bug Blocks Access to the System Drive C Microsoft has officially acknowledged a critical bug affecting Windows 11 users on certain Samsung devices, in which the system drive (C:) becomes completely inaccessible after installing the February 2026 security update. The company is now actively investigating the issue in coordination with…

  • Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code

    Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code Google has released an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are being actively exploited in the wild. The stable channel has been updated to version 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux, with…

  • Salesforce Warns of ShinyHunters Group Exploiting Experience Cloud Sites

    Salesforce Warns of ShinyHunters Group Exploiting Experience Cloud Sites A critical warning has been issued about an active threat campaign targeting misconfigured Experience Cloud sites. The notorious threat actor group ShinyHunters has claimed responsibility for a massive data theft operation exploiting overly permissive guest user configurations, reportedly impacting hundreds of high-profile organizations. According to Salesforce’s…

  • Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover

    Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover Nine critical vulnerabilities have been discovered in AppArmor, which is a widely used mandatory access control framework for Linux. These vulnerabilities, collectively referred to as “CrackArmor,” enable unprivileged local users to escalate their privileges to root, break container isolation, and cause kernel operations…

  • Meta Launches New Anti-Scam Tools on WhatsApp, Facebook and Messenger

    Meta Launches New Anti-Scam Tools on WhatsApp, Facebook and Messenger Meta has launched a suite of advanced anti-scam tools across WhatsApp, Facebook, and Messenger to combat the growing industrialization of online fraud. These new defenses combine artificial intelligence, behavioral alerts, and global law enforcement partnerships to protect users proactively. To protect users from evolving social…

  • Critical Microsoft Office Vulnerability Enables Remote Code Execution Attacks

    Critical Microsoft Office Vulnerability Enables Remote Code Execution Attacks On March 10, 2026, Microsoft released security updates to address a critical vulnerability in its widely used Office suite. Tracked as CVE-2026-26110, this security flaw allows an unauthorized attacker to execute malicious code on a victim’s device. With a high severity rating and a CVSS base…

  • GitLab Security Update – Patch for XSS and API DoS Vulnerabilities

    GitLab Security Update – Patch for XSS and API DoS Vulnerabilities GitLab has released urgent security updates for its Community Edition (CE) and Enterprise Edition (EE) to address a wide range of vulnerabilities. The newly released versions 18.9.2, 18.8.6, and 18.7.6 fix a total of 15 security issues, including critical Cross-Site Scripting (XSS) and Denial-of-Service…

  • Hackers Leveraging Cloudflare Anti-Bot Features to Steal Microsoft 365 Credentials

    Hackers Leveraging Cloudflare Anti-Bot Features to Steal Microsoft 365 Credentials A sophisticated Microsoft 365 credential harvesting campaign that weaponizes Cloudflare’s own protective features to evade detection and silently steal user login data. The campaign demonstrates a growing and troubling trend: threat actors turning the very tools designed to defend websites into shields for malicious infrastructure.…

  • Chrome Security Update – Patch for 29 Vulnerabilities that Allow Remote Code Execution

    Chrome Security Update – Patch for 29 Vulnerabilities that Allow Remote Code Execution Google has officially released Chrome version 146 to the stable channel, delivering crucial security updates for Windows, Mac, and Linux users. Rolling out over the coming days, Chrome 146.0.7680.71 for Linux and 146.0.7680.71/72 for Windows and Mac addresses 29 security vulnerabilities. Many…

  • Google Completes Acquisition of Wiz in Historic $32 Billion Deal

    Google Completes Acquisition of Wiz in Historic $32 Billion Deal Google has officially closed its $32 billion all-cash acquisition of Wiz, the Israeli cloud and AI security platform, marking the largest deal in Google’s history and a landmark moment for the global cybersecurity industry. The Wiz team will join Google Cloud while retaining its brand…

  • Gogs Vulnerability Enables Attackers to Silently Overwrite Large File Storage Objects

    Gogs Vulnerability Enables Attackers to Silently Overwrite Large File Storage Objects A critical security flaw has been discovered in a popular open-source, self-hosted Git service, allowing attackers to overwrite Large File Storage (LFS) objects secretly. Tracked as CVE-2026-25921, this maximum-severity vulnerability carries a CVSS 3.1 score of 10.0. It creates a severe risk for software…

  • Microsoft .NET 0-Day Vulnerability Enables Denial-of-Service Attacks

    Microsoft .NET 0-Day Vulnerability Enables Denial-of-Service Attacks An emergency security update has been released to address a newly disclosed .NET Framework vulnerability, tracked as CVE-2026-26127. This security flaw allows unauthenticated, remote attackers to trigger a Denial-of-Service (DoS) condition on the network. With a CVSS score of 7.5, Microsoft has classified the vulnerability as “Important.” It…

  • Microsoft SQL Server Zero-Day Vulnerability Allows Attackers to Escalate Privileges

    Microsoft SQL Server Zero-Day Vulnerability Allows Attackers to Escalate Privileges Microsoft has disclosed a critical zero-day vulnerability in SQL Server that allows authenticated attackers to escalate their privileges to the highest administrative level on affected database systems. Tracked as CVE-2026-21262, the flaw was officially released on March 10, 2026, and has already been publicly disclosed,…

  • Fortinet Security Update – Patch for Multiple Vulnerabilities That Enable Malicious Command Execution

    Fortinet Security Update – Patch for Multiple Vulnerabilities That Enable Malicious Command Execution Fortinet released a sweeping security advisory on March 10, 2026, addressing eleven vulnerabilities across its core enterprise products, including FortiManager, FortiAnalyzer, FortiSwitchAXFixed, and FortiSandbox. The flaws range from authentication bypasses and buffer overflows to OS command injection and SQL injection, several of…

  • Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation

    Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation Zoom has released four security bulletins on March 10, 2026, disclosing multiple vulnerabilities across its Windows-based client suite. The flaws, ranging from High to Critical severity, could allow attackers to escalate privileges on affected systems, with one critical flaw exploitable by unauthenticated remote attackers with no prior…

  • Anthropic Sued the U.S. Government for Labelling Claude as ‘Supply Chain Risk’

    Anthropic Sued the U.S. Government for Labelling Claude as ‘Supply Chain Risk’ Artificial intelligence leader Anthropic has filed an unprecedented lawsuit against the United States government after being designated a “supply chain risk”. The legal action, filed in a California federal court on Monday, targets the executive office of President Donald Trump, Defense Secretary Pete…

  • Apache ZooKeeper Vulnerability Allow Attackers to Access Sensitive Data

    Apache ZooKeeper Vulnerability Allow Attackers to Access Sensitive Data Two “Important” severity vulnerabilities have been disclosed in Apache ZooKeeper, a widely used service for configuration management and naming in distributed applications, making timely security updates critical. These newly discovered flaws could allow attackers to access sensitive configuration data or bypass hostname verification to impersonate trusted…

  • iPhone Exploit Toolkit Used by Russian Spies Likely Originated from U.S. Contractor

    iPhone Exploit Toolkit Used by Russian Spies Likely Originated from U.S. Contractor A powerful iPhone exploit kit named “Coruna,” initially created for Western intelligence by U.S. contractor L3Harris, has fallen into the hands of Russian spies and Chinese cybercriminals.​ The Coruna toolkit features 23 different hacking components designed to compromise Apple iPhones. Trenchant originally built…

  • Signed Malware Masquerading as Teams, Zoom Apps Drops RMM Backdoors

    Signed Malware Masquerading as Teams, Zoom Apps Drops RMM Backdoors A newly uncovered phishing campaign is actively targeting enterprise users by disguising malware as widely used workplace applications, including Microsoft Teams, Zoom, and Adobe Acrobat Reader. What makes this threat stand out is that the malicious files carry legitimate-looking digital signatures, making them harder for…

  • Chinese APT Campaign Targets Qatar With PlugX Lures Tied to Middle East Conflict

    Chinese APT Campaign Targets Qatar With PlugX Lures Tied to Middle East Conflict A Chinese-linked advanced persistent threat group known as Camaro Dragon launched a targeted cyberespionage campaign against entities in Qatar just one day after the outbreak of new hostilities in the Middle East on March 1, 2026. The group used war-themed lure documents…

  • Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS

    Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS A newly discovered vulnerability is challenging the long-held belief that macOS systems are inherently immune to malware. Security researchers from Kaspersky’s Global Research and Analysis Team (GReAT) have identified a critical flaw that allows threat actors to execute malicious code on Macs simply by…

  • Hikvision Multiple Products Vulnerability Allows Malicious Users to Escalate Privileges

    Hikvision Multiple Products Vulnerability Allows Malicious Users to Escalate Privileges A severe vulnerability affecting multiple Hikvision products was added to the Known Exploited Vulnerabilities (KEV) catalog on March 5, 2026. Tracked globally under CVE-2017-7921, this security flaw poses a significant risk to organizations that rely on these popular surveillance systems. The flaw enables malicious users…

  • Microsoft Warns Fake AI Browser Extensions Compromised Chat Histories Across 20,000+ Enterprise Tenants

    Microsoft Warns Fake AI Browser Extensions Compromised Chat Histories Across 20,000+ Enterprise Tenants A wave of counterfeit AI-powered browser extensions has silently breached over 20,000 enterprise environments, compromising the chat histories of employees who routinely used AI tools for work. These malicious Chromium-based extensions disguised themselves as legitimate AI assistant tools and accumulated close to…

  • CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks

    CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding multiple Apple vulnerabilities currently facing active exploitation. On March 5, 2026, CISA added three security flaws affecting macOS, iOS, iPadOS, and other Apple products to its Known Exploited Vulnerabilities (KEV) catalog. This…

  • WiFi Signals Reveal Human Activities Through Walls by Mapping Body Keypoints

    WiFi Signals Reveal Human Activities Through Walls by Mapping Body Keypoints A new open-source edge AI system called π RuView is turning ordinary WiFi infrastructure into a through-wall human-sensing platform detecting body pose, vital signs, and movement patterns without a single camera, raising urgent security and surveillance concerns. Researchers and developers have long theorized that…

  • Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking

    Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking A critical vulnerability in AVideo, a widely used open-source video hosting and streaming platform. Tracked as CVE-2026-29058, this zero-click flaw carries a maximum severity rating, allowing unauthenticated attackers to execute arbitrary operating system commands on the targeted server. Discovered by security researcher Arkmarta, the vulnerability…

  • Cognizant TriZetto Data Breach Exposes Health Information of 3.4 Million Patients

    Cognizant TriZetto Data Breach Exposes Health Information of 3.4 Million Patients TriZetto Provider Solutions, a healthcare technology subsidiary of the IT services giant Cognizant, has officially disclosed a massive cybersecurity data breach affecting the sensitive health information of 3,433,965 patients. The healthcare organization recently filed a formal data breach notification revealing that malicious threat actors…

  • Malicious imToken Chrome Extension Caught Stealing Mnemonics and Private Keys

    Malicious imToken Chrome Extension Caught Stealing Mnemonics and Private Keys Socket’s Threat Research Team has discovered a malicious Google Chrome extension named “lmΤoken Chromophore” that actively steals cryptocurrency wallet credentials. Masquerading as a harmless hex color visualizer, the extension actually impersonates the popular non-custodial wallet brand imToken. Since its launch in 2016, imToken has served…

  • OpenAI Launches Codex Security that Discover, Validate and Patch Vulnerabilities

    OpenAI Launches Codex Security that Discover, Validate and Patch Vulnerabilities OpenAI has announced the launch of Codex Security, an application security agent engineered to autonomously identify, validate, and remediate complex vulnerabilities within enterprise and open-source codebases. Formerly known as Aardvark, the tool leverages frontier AI models to provide context-aware security assessments, aiming to replace noisy…

  • New ClickFix Attack leverages Windows Terminal for Payload Execution

    New ClickFix Attack leverages Windows Terminal for Payload Execution Cybersecurity researchers have uncovered a new wave of ClickFix attacks that now exploit Windows Terminal to deliver malicious payloads directly onto victim machines. Unlike earlier iterations of this social engineering technique, which relied on the Windows Run dialog, this latest campaign leads users into opening a…

  • RMM Tools Essential for IT Operations but Increasingly Weaponized by Attackers

    RMM Tools Essential for IT Operations but Increasingly Weaponized by Attackers Remote Monitoring and Management (RMM) tools are the backbone of modern IT operations. Security professionals rely on them daily to patch systems, troubleshoot issues, and manage entire networks from anywhere. These tools deliver speed, control, and convenience — qualities every IT team values. But…