Cyber Security News

A critical vulnerability chain affecting Pardus Linux has been disclosed, allowing local users to gain full root privileges without authentication. The issue, assigned a CVSS v3.1 score of 9.3, impacts the pardus-update package, a core component responsible for system updates in the Debian-based distribution maintained by TÜBİTAK. Pardus is widely deployed across government institutions, educational […]

The post Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access appeared first on Cyber Security News.

A critical vulnerability in the open-source IP PBX platform FreePBX could allow unauthenticated attackers to access user portals. The issue, tracked as CVE-2026-46376, affects the User Control Panel (UCP) interface due to hard-coded credentials in the userman module. It impacts FreePBX versions before 16.0.45 and 17.0.7. Systems running outdated versions are at risk if administrators […]

The post FreePBX Vulnerability Allow Attackers to Gain Access to User Portals appeared first on Cyber Security News.

ExifTool, a ubiquitous open-source utility for reading and writing file metadata, is at the center of a severe security flaw affecting macOS environments. Discovered by Kaspersky’s Global Research and Analysis Team (GReAT) in February 2026, CVE-2026-3102 allows threat actors to execute arbitrary shell commands by concealing malicious instructions within an image file’s metadata. By weaponizing […]

The post Critical ExifTool Vulnerability Allows Attackers to Compromise Macs via Single Malicious Image appeared first on Cyber Security News.

A seemingly innocent typo in a Go module name has been quietly serving a live backdoor for nearly three years. Security researchers uncovered a malicious package called github.com/shopsprint/decimal that impersonates the popular github.com/shopspring/decimal library, differing by just a single letter in its name. The package went live in 2017 but was weaponized in August 2023, when attackers slipped in […]

The post Hackers Use Single-Letter Go Module Typosquat to Deploy DNS-Based Backdoor appeared first on Cyber Security News.

Three consecutive releases of Microsoft’s official Python workflow SDK were poisoned with a multi-cloud credential-stealing worm, continuing the group’s relentless 2026 supply chain campaign. The TeamPCP threat group has struck again this time targeting durabletask, the official Microsoft Python client for the Durable Task workflow execution framework. Security researchers at Wiz disclosed that versions v1.4.1, v1.4.2, and […]

The post Microsoft Python Client DurableTask Compromised by TeamPCP Hackers appeared first on Cyber Security News.

Hackers are exploiting a decades-old Windows tool to deliver dangerous malware onto unsuspecting systems, with consequences ranging from stolen passwords to full system compromise. The tool is MSHTA, short for Microsoft HTML Application Host, a built-in Windows utility that can run scripts from local files and remote internet locations. Attackers have been using it to […]

The post Hackers Abuse MSHTA Legacy Windows Tool to Deliver LummaStealer and Amatera Malware appeared first on Cyber Security News.

A notorious threat actor operating under the alias TeamPCP claims to have breached GitHub’s internal systems, allegedly exfiltrating proprietary organization data and source code. The attackers are offering the stolen dataset for sale on underground cybercrime forums, demanding offers exceeding $50,000. According to the threat actor’s post, the compromised data encompasses approximately 4,000 private repositories tied directly […]

The post GitHub Source Code Breach – TeamPCP Claims Access to 4,000 Repositories appeared first on Cyber Security News.

A newly documented attack chain linked to the threat group UAC-0184 has been observed using Windows’ built-in bitsadmin tool and HTA files to sneak malicious payloads onto targeted systems. The campaign is primarily aimed at Ukraine, with clear indicators pointing toward military-related targets, including individuals connected to the Ukrainian Defence Forces. The level of craft […]

The post UAC-0184 Malware Chain Uses bitsadmin and HTA Files for Gated Payload Delivery appeared first on Cyber Security News.

macOS users are facing a new and sophisticated threat as a variant of the SHub infostealer malware, dubbed “Reaper,” has been observed deploying a fake Google Software Update LaunchAgent to maintain persistent access on infected machines. The malware stays hidden by borrowing the identity of brands that users already trust, making it exceptionally difficult to […]

The post macOS Malware Installs Fake Google Software Update LaunchAgent for Persistence appeared first on Cyber Security News.

A ransomware group called The Gentlemen has been quietly building one of the most aggressive cybercriminal operations seen in recent years. Emerging publicly in the second half of 2025, the group rapidly scaled its activity to become one of the top two most active ransomware threats globally by early 2026. What makes this group stand […]

The post The Gentlemen Ransomware Attacks Windows, Linux, NAS, BSD, and ESXi Attacks appeared first on Cyber Security News.

North Korea-linked hackers are at it again, and this time they are casting a wide net. The Kimsuky threat group, a well-known cyber espionage unit with ties to the DPRK, ran four separate spear-phishing campaigns in the first half of 2025 targeting corporate recruiters, cryptocurrency investors and developers, defense sector officials, and graduate school administrators. […]

The post Kimsuky Hackers Use LNK and JSE Lures to Target Recruiters, Crypto Users, and Defense Officials appeared first on Cyber Security News.

Torrance, United States / California, May 19th, 2026, CyberNewswire Criminal IP has announced its return to Infosecurity Europe 2026 with a focus on delivering more actionable, decision-ready intelligence through its continuously evolving platform. Taking place from June 2 to June 4 at ExCeL London, one of Europe’s most influential cybersecurity events will once again bring […]

The post Criminal IP Returns to Infosecurity Europe 2026 with Advanced AI-Driven TI & ASM appeared first on Cyber Security News.

A wave of well-crafted malware is quietly draining cryptocurrency from users across the globe, and the attackers behind it have gone to great lengths to stay hidden. Researchers have uncovered a large-scale campaign built around a multi-stage loader called CountLoader, which chains together JavaScript, PowerShell, and shellcode to deliver a payload that intercepts and redirects […]

The post Malware Campaign Uses JavaScript, PowerShell, and Shellcode to Deliver Crypto Clipper appeared first on Cyber Security News.

A working proof-of-concept (PoC) exploit for a high-severity Linux kernel local privilege escalation vulnerability dubbed DirtyDecrypt, also tracked as DirtyCBC, enables local attackers to gain full root access on affected systems. Security analyst Will Dormann technically attributes the flaw to CVE-2026-31635, a patch for which was quietly merged upstream on April 25, 2026. DirtyDecrypt resides in the […]

The post DirtyDecrypt Linux Kernel Vulnerability PoC Exploit Code Released appeared first on Cyber Security News.

A data breach makes headlines for a day. The damage it leaves behind lasts years. Critical business risk isn’t one catastrophic moment — it’s a slow-motion erosion: dwell time compounding into lateral movement, a compromised supplier becoming your breach, a compliance gap becoming a seven-figure penalty. Reactive security responds to the moment. Only proactive security […]

The post 3 Tactics Elite SOCs Use to Operationalize Threat Intelligence appeared first on Cyber Security News.

A large-scale international cybercrime crackdown dubbed Operation Ramz has led to the seizure of 53 servers, the arrest of 201 individuals, and the identification of 382 additional suspects across the Middle East and North Africa (MENA) region. The coordinated operation, led by INTERPOL, ran from October 2025 to February 28, 2026, marking the first cybercrime initiative […]

The post Operation Ramz Seizes 53 Servers Linked to Cyber Scams and Malware Threats appeared first on Cyber Security News.

The PostgreSQL Global Development Group has released critical security updates for all supported branches, fixing 11 vulnerabilities, including arbitrary code execution and several SQL injection flaws. PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 have been released as security and maintenance updates. These minor versions address 11 CVEs plus more than 60 bugs reported over the […]

The post Critical PostgreSQL Vulnerabilities Enables Code Execution and SQL Injections appeared first on Cyber Security News.

New York, United States, May 19th, 2026, CyberNewswire New research shows identity dark matter continues to expand and erode enterprise identity, resulting in a fragile foundation for agent AI readiness and adoption Orchid Security, the company solving identity at its core, today released its Identity Gap: 2026 Snapshot report, revealing that the majority of enterprise […]

The post Two-Thirds of Nonhuman Accounts Are Unseen and Unmanaged, According to Orchid Security’s Identity Gap Report appeared first on Cyber Security News.

A sophisticated npm supply chain campaign dubbed Mini Shai-Hulud has claimed over 600 package versions overnight, with security researchers at Socket and Endor Labs identifying 639 compromised package versions across 323 unique packages in the latest wave. The bulk of the activity targeted the @antv ecosystem, alongside packages under @lint-md, @openclaw-cn, and @starmind scopes. Malicious […]

The post 600+ npm Packages Compromised in New Mini Shai-Hulud Supply Chain Attack appeared first on Cyber Security News.

Hackers are actively exploiting Four-Faith industrial routers to build botnets, leveraging a critical vulnerability identified as CVE-2024-9643. Security researchers from CrowdSec report a sharp rise in exploitation attempts targeting these devices, signaling a shift from initial probing to large-scale abuse. CVE-2024-9643 is a critical authentication bypass flaw affecting Four-Faith F3x36 industrial cellular routers. The vulnerability […]

The post Hackers Hijacking Four-Faith Industrial Routers for Botnet Activity appeared first on Cyber Security News.