CYBER ATTACK

KB5078127 is an out-of-band (OOB) cumulative update that fixes serious file system compatibility problems for Windows 11 users This article explores

After January's monthly security updates, Microsoft released emergency out-of-band (OOB) security patches KB5078127 and KB5078132 to fix critical file

a fake CAPTCHA ecosystem that spreads malware by imitating reliable web verification pages.

The Python PLY (Python Lex-Yacc) library has been found to have a serious security flaw that permits remote code execution (RCE) via an undocumented

In partnership with international cybersecurity partners such as the National Cyber Security Centre (NCSC) of the United Kingdom, the Australian Cyber

Over 20,000 active installations of the LA-Studio Element Kit for Elementor WordPress plugin are vulnerable to unauthenticated attacks due to a critical

By exploiting flaws in the business software that operates on their job sites, attackers are increasingly focusing on construction companies.

A serious flaw in the HDFS native client of Apache Hadoop, a popular distributed storage and processing framework, could allow hackers to cause system

Through maliciously constructed URI inputs, a moderate-severity vulnerability in the Hadoop Distributed File System (HDFS) native client could enable

An enormous database with 149 million stolen login credentials was found to be publicly accessible online without encryption or password protection This

Following reports that the January 2026 security update for Windows 11 is causing critical boot failures on physical devices, Microsoft has initiated an urgent investigation into the serio

A critical remote code execution (RCE) vulnerability in Broadcom VMware vCenter Server has been added to the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulne

A serious GNU authentication bypass vulnerability Threat actors are actively using the InetUtils telnetd service after a proof-of-concept exploit was made public on January 20, 2026 This a

The Windows App Development CLI (winapp), a new open-source command-line tool intended to streamline the Windows application development lifecycle across various frameworks and toolchains,

A much-anticipated feature that enables users to modify their Gmail address without losing their account information or access to Google services has started to roll out This article explo

Go 1.25.6 and 1.24.12 are emergency point releases that the Go programming language team released to fix six serious security vulnerabilities This article explores release go1. . These upd

Key AWS-owned GitHub repositories, including the popular AWS JavaScript SDK that powers the AWS Console itself, were taken over by unauthenticated attackers due to a crucial misconfigurati

The first two publications in the National Security Agency's Zero Trust Implementation Guidelines series, which offer helpful advice to assist organizations in implementing Zero Trust secu

Project Zero has revealed a complex zero-click exploit chain that targets the Pixel 9 smartphone, proving that extremely sophisticated attacks are still feasible even in the face of contem

For versions 1.25.6 and 1.24.12, the Go programming language team has released security updates that fix six serious flaws, including denial-of-service attacks, memory exhaustion, and arbi

UAT-8837 is a suspected China-nexus advanced persistent threat (APT) group that the researcher has identified This article explores exploited uat 8837. . Its primary goal is to obtain init

A sophisticated keylogger attack that targeted the employee store of one of the biggest banks in America has been discovered by cybersecurity researchers, putting over 200,000 employees at

Researchers have discovered CodeBreach, a serious flaw that allows the full takeover of important AWS GitHub repositories, endangering the AWS Console supply chain This article explores sd

Attackers with local administrator access were able to circumvent authentication procedures and obtain unauthorized access to any machine within the same Azure tenant due to a critical vul

The National Computer Virus Emergency Response Center (CVERC) of China has strengthened its assertion that Volt Typhoon, a threat actor, is a hoax. The agency then accused the United States o

A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) The malware makes use of obfuscated JavaScript to slip past security g

For C2 communications, Zloader

In June, Trend Micro and the KnownSec 404 Team published campaigns that distributed Winos

It is estimated that a campaign abusing the recently revealed security flaws compromised up to 2,000 Palo Alto Networks devices. The vulnerabilities in question are a combination of privilege

A Chinese cybersecurity firm and a cyber actor based in Shanghai have been subject to sanctions by the U.S. Treasury Department's Office of Foreign Assets Control. Yin Kecheng, who is associa