Cyber Security News

A significant security discovery reveals that approximately 175,000 Ollama servers remain publicly accessible across the internet, creating a serious risk for widespread code execution and unauthorized access to external systems. Ollama, an open-source framework designed to run artificial intelligence models locally, has become unexpectedly exposed due to simple configuration changes that administrators make without fully […]

The post 175,000 Exposed Ollama Hosts Enable Code Execution and External System Access appeared first on Cyber Security News.

A sophisticated PowerShell-based malware named TAMECAT has emerged as a critical threat to enterprise security, targeting login credentials stored in Microsoft Edge and Chrome browsers. This malware operates as part of espionage campaigns conducted by APT42, an Iranian state-sponsored cyber-espionage group that has been actively targeting high-value senior defense and government officials worldwide. The threat […]

The post TAMECAT PowerShell-Based Backdoor Exfiltrates Login Credentials from Microsoft Edge and Chrome appeared first on Cyber Security News.

A federal jury has convicted Linwei Ding, 38, a former Google software engineer, on charges of economic espionage and trade secret theft. The conviction stems from Ding’s systematic theft of over 2,000 pages of confidential Google documentation on artificial intelligence intended to benefit the People’s Republic of China (PRC). The jury reached its verdict after […]

The post Ex-Google Engineer Convicted of Stealing Google’s AI Secrets For China appeared first on Cyber Security News.

A critical security breach has exposed multiple Magento e-commerce platforms worldwide as threat actors successfully exploited a severe authentication flaw to achieve complete system control. The attack campaign, identified in January 2026, represents one of the most significant waves of coordinated web server compromises in recent months, affecting hundreds of online stores across different regions […]

The post Attackers Hijacked 200+ Websites Exploiting Magento Vulnerability to Gain Root-level Access appeared first on Cyber Security News.

NVIDIA has issued a critical security update addressing multiple high-severity vulnerabilities in its GPU Display Driver, vGPU software, and HD Audio components. That could enable attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities, disclosed on January 28, 2026, impact Windows and Linux platforms across GeForce, RTX, Quadro, NVS, and Tesla […]

The post NVIDIA GPU Display Driver Vulnerabilities Allows Code Execution and Privilege Escalation appeared first on Cyber Security News.

A new Android threat campaign has emerged that uses social engineering combined with a legitimate machine learning platform to spread dangerous malware across devices. The attack begins when users see fake security alerts claiming their phones are infected and need protection. These deceptive prompts push users to download a fake security app called TrustBastion, which […]

The post Attackers Using Hugging Face Hosting to Deliver Android RAT Payload appeared first on Cyber Security News.

A new Android spyware campaign has emerged, targeting users in Pakistan through a sophisticated romance scam that uses fake dating profiles to steal personal information. The malicious application, known as GhostChat, disguises itself as a legitimate chat platform while secretly running surveillance operations in the background. This attack represents a dangerous trend where cybercriminals combine […]

The post GhostChat Spyware Attacking Android Users Via WhatsApp to Exfiltrate Sensitive Details appeared first on Cyber Security News.

Two critical code-injection vulnerabilities have been disclosed in the Endpoint Manager Mobile (EPMM) platform, which are currently being actively exploited in real-world attacks. The security flaws, tracked as CVE-2026-1281 and CVE-2026-1340, allow unauthenticated attackers to execute arbitrary code remotely on vulnerable systems. The vulnerabilities carry a maximum CVSS severity score of 9.8 and affect multiple […]

The post Critical Ivanti Endpoint Manager 0-day RCE Vulnerabilities Actively Exploited in Attacks appeared first on Cyber Security News.

Security researchers have uncovered a sophisticated traffic distribution network leveraging deceptive education-themed domains to deliver malware and phishing attacks. The operation, tracked under infrastructure indicators pointing to TOXICSNAKE, uses legitimate-looking university and educational institution branding to deceive users into visiting malicious websites. This tactic exploits the trust users place in educational platforms, making it an […]

The post Education-Themed Malicious Domains Linked to Bulletproof Hosting Infrastructure Exposed appeared first on Cyber Security News.

Microsoft has officially released the optional non-security preview update KB5074105 for Windows 11, versions 25H2 and 24H2. This release, part of the January 2026 “C-week” schedule, focuses on functionality enhancements, performance optimization, and reliability improvements rather than addressing security vulnerabilities. As a cumulative update, it integrates previous fixes and introduces new changes to the operating […]

The post Microsoft Releases Update for Windows 11, version 25H2 and 24H2 Systems appeared first on Cyber Security News.

Threat researchers have uncovered an actively serving command and control server hosting a complete deployment of the BYOB framework following the discovery of an exposed open directory. The server, located at IP address 38[.]255[.]43[.]60 on port 8081, was found distributing malicious payloads designed to establish persistent remote access across Windows, Linux, and macOS systems. Hosted […]

The post Exposed Open Directory Leaks BYOB Framework Across Windows, Linux, and macOS appeared first on Cyber Security News.

Cybercriminals are taking advantage of Google Search Ads to trick Mac users into visiting fake websites that promise to clean their computers. These sponsored ads appear when users search for common terms like “mac cleaner” or “clear cache macos,” making them look legitimate at first glance. The landing pages are designed to resemble Apple’s official […]

The post Threat Actors Leverage Google Search Ads for ‘Mac Cleaner’ to Direct Users to Malicious Websites appeared first on Cyber Security News.

A malicious VS Code extension has surfaced in the digital threat landscape, targeting developers who rely on coding tools daily. Discovered on January 27, 2026, the fake “ClawdBot Agent” extension presented itself as a legitimate AI-powered assistant, but it concealed a dangerous payload underneath. Unlike the actual Clawdbot service, which never released an official VS […]

The post Beware of Weaponized VS Code Extension Named ClawdBot Agent that Deploys ScreenConnect RAT appeared first on Cyber Security News.

A new Python-based remote access trojan has emerged, targeting both Windows and Linux systems with sophisticated surveillance and data theft capabilities. The malware operates by establishing command-and-control communication through unencrypted HTTP channels, allowing attackers to execute commands, steal files, and capture screenshots remotely. When executed, it immediately begins fingerprinting the victim’s system by collecting details […]

The post Python-based PyRAT with Cross-Platform Capabilities and Extensive Remote Access Features appeared first on Cyber Security News.

Matanbuchus is once again drawing attention in the cybersecurity community as it quietly returns to the threat landscape with refined tactics and better tools to avoid detection. This malware, known for its role as a stealthy downloader, is actively being used to deliver more dangerous payloads, including ransomware, onto targeted systems. Recent activity shows that […]

The post Matanbuchus Malware Downloader Evading AV Detections by Changing Components appeared first on Cyber Security News.

The Aisuru/Kimwolf botnet unleashed the largest publicly disclosed distributed denial-of-service (DDoS) attack in history, peaking at an unprecedented 31.4 terabits per second (Tbps). The massive attack, dubbed “The Night Before Christmas” campaign, targeted Cloudflare’s infrastructure and customers with hyper-volumetric attacks beginning December 19, 2025, combining Layer 4 DDoS attacks at record bandwidth alongside application-layer HTTP […]

The post 31.4 Tbps DDoS Attack Via Aisuru Botnet Breaks Internet With New World Record appeared first on Cyber Security News.

A sophisticated cybercriminal group known as TA584 has expanded its attack toolkit by deploying a new malware called Tsundere Bot through deceptive social engineering tactics. This threat actor, tracked as an initial access broker, has significantly intensified operations throughout 2025, with campaign volumes tripling between March and December. The malware targets organizations globally through carefully […]

The post TA584 Actors Leveraging ClickFix Social Engineering to Deliver Tsundere Bot Malware appeared first on Cyber Security News.

Google has rolled out a comprehensive update to Android’s theft protection capabilities, introducing stronger authentication safeguards and enhanced recovery tools designed to protect users before, during, and after theft attempts. The multi-layered defense system, announced on January 26, 2026, builds on existing protections and aims to transform Android devices into significantly harder targets for criminals. […]

The post Google Announces Android Theft Protection Feature to Make Your Device Harder Target for Hackers appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a critical authentication bypass vulnerability in multiple Fortinet products, actively exploited in the wild. Tracked as CVE-2026-24858, the flaw allows attackers with a FortiCloud account to hijack sessions on devices registered to other accounts when FortiCloud Single Sign-On (SSO) is enabled. First […]

The post CISA Warns of FortiCloud SSO Authentication Bypass Vulnerability Exploited in Attacks appeared first on Cyber Security News.

In a sophisticated supply chain phishing attack, threat actors hijacked an ongoing email thread among C-suite executives discussing a document awaiting final approval. The intruder, posing as a legitimate participant, replied directly with a phishing link mimicking a Microsoft authentication form. Researchers attribute this to a compromised sales manager account at an enterprise contractor, allowing […]

The post Threat Actors Leverage Real Enterprise Email Threads to Deliver Phishing Links appeared first on Cyber Security News.