Cyber Security News

A new supply chain attack campaign is quietly targeting developers through a method most would never think to look for. Hidden inside software packages on GitHub, a malicious script downloads a Linux binary during installation and disguises it using a filename designed to look like a standard system process. The attack has now touched more […]

The post Hackers Hide Linux Payload Under SSH-Like Filename During Package Installation appeared first on Cyber Security News.

A solo Russian-speaking threat actor leveraged a jailbroken instance of Google Gemini to run a five-year MAGA-themed influence operation, crack WordPress administrator credentials, and empty at least one victim’s cryptocurrency wallet, all at near-zero cost using stolen API keys. In May 2026, TrendAI™ Research uncovered the full operational infrastructure of a threat actor tracked as […]

The post Russian Hacker Used Jailbroken Gemini to Steal Admin Credentials and Drain Crypto Wallets appeared first on Cyber Security News.

Hackers are actively abusing a flaw in shared Content Delivery Network (CDN) infrastructure to hide malicious traffic behind trusted, high-reputation domains, effectively slipping past the security tools that organizations rely on every day. The technique, now tracked under the name “Underminr,” is not a software bug but a deliberate abuse of how CDNs are designed […]

The post Hackers Abuse Shared CDN Infrastructure to Bypass Domain Reputation Security Controls appeared first on Cyber Security News.

A newly disclosed zero-day vulnerability in the KnowledgeDeliver Learning Management System (LMS) has been actively exploited in the wild to deploy the BLUEBEAM in-memory web shell, according to Mandiant’s incident response findings. The flaw, now tracked as CVE-2026-5426, enables unauthenticated remote code execution (RCE) and affects deployments that relied on default ASP.NET configuration settings prior […]

The post KnowledgeDeliver LMS Zero-Day Exploited to Deploy BLUEBEAM Web Shell appeared first on Cyber Security News.

A well-known Iranian threat group has found a new way to push malware onto people’s machines. Instead of sending phishing emails, the group built a fake website that impersonated a real database software download page and used search engine tricks to rank it near the top of results. Anyone who searched for the tool online […]

The post Iranian APT Uses SEO Poisoning to Deliver Fake SQL Developer Malware Installer appeared first on Cyber Security News.

A Russian state-sponsored threat group has quietly upgraded one of its most powerful cyber weapons, and the result is a spying tool that is harder to detect, harder to kill, and more capable than ever before. Security researchers have now confirmed that Kazuar, a sophisticated backdoor long used by Secret Blizzard, has evolved from a […]

The post Kazuar Malware Evolves Into Modular Espionage Ecosystem for Secret Blizzard Operations appeared first on Cyber Security News.

CISA has issued an urgent alert regarding a critical SQL injection vulnerability in Drupal Core, tracked as CVE-2026-9082, which is now being actively exploited in real-world attacks. The flaw, classified under CWE-89, affects Drupal’s database abstraction API and could allow attackers to execute malicious SQL queries through specially crafted requests. According to the Cybersecurity and […]

The post CISA Warns of Drupal Core SQL Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.

GitHub has introduced a major security upgrade to the npm ecosystem with the general availability of staged publishing and new install-time controls, aimed at reducing automated supply chain attacks targeting open-source packages. The newly released staged publishing feature changes how npm packages are published and distributed. Instead of immediately making a package available after publishing, […]

The post GitHub Adds Staged Publishing to npm to Block Automated Supply Chain Attacks appeared first on Cyber Security News.

A newly identified scareware kit called CypherLoc is locking victims’ browsers and tricking them into calling fake Microsoft support lines. The kit has been linked to roughly 2.8 million attacks since the start of 2026, making it one of the more aggressive browser-based threats observed this year. Unlike traditional malware that requires a file to […]

The post Hackers Use Browser-Locking CypherLoc Kit to Push Fake Microsoft Support Calls appeared first on Cyber Security News.

A fully autonomous bug-bounty framework called Pentest Agent Suite has been open-sourced, delivering 50 specialized security agents, 26 slash commands, 19 CLI tools, and a cross-IDE installer across seven major AI coding platforms — Claude Code, OpenAI Codex, Google Gemini, Cursor, Windsurf, VS Code Copilot, and OpenClaw. The project, published on GitHub by researcher H-mmer, […]

The post Pentest Agent Suite – Bug Bounty Framework for Claude Code and 6 AI Coding Tools appeared first on Cyber Security News.

The Wireshark Foundation has released Wireshark 4.6.6, addressing a critical security vulnerability in the ROHC (Robust Header Compression) protocol dissector that could allow an attacker to crash the application by injecting a specially crafted, malformed packet. The update also resolves over a dozen stability and compatibility bugs affecting Windows users. The primary security fix targets […]

The post Wireshark 4.6.6 Released With Fix for Dissector Crash via Malformed Packet Injection appeared first on Cyber Security News.

New TrapDoor supply chain campaign, an active attack deploying 34 malicious packages and over 384 related versions across npm, PyPI, and Crates.io to steal developer credentials and cryptocurrency wallets. The operation explicitly targets developers in the crypto, DeFi, Solana, and AI communities by disguising malware as generic developer tools and security scanners. The campaign’s earliest […]

The post Hackers Compromised 34 Packages in npm, PyPI, and Crates in New Supply Chain Attack appeared first on Cyber Security News.

The cybersecurity landscape in 2026 is defined by unprecedented sophistication. Threat actors are leveraging generative AI, highly evasive polymorphic code, and zero-day exploits to bypass traditional perimeter defenses. For modern Security Operations Centers (SOCs) and incident response teams, signature-based detection is no longer sufficient. To truly understand and neutralize an unknown threat, security professionals must […]

The post Top 10 Best Malware Sandbox Tools for Security Teams in 2026 appeared first on Cyber Security News.

PyrsistenceSniper is an advanced tool for detecting offline persistence, enabling cybersecurity analysts to identify 117 separate persistence mechanisms across Windows, Linux, and macOS platforms. Originally inspired by Autoruns and PersistenceSniper, this Python-based solution developed by Hexastrike enables rapid triage of forensic collections without requiring live system access. According to the Hexastrike GitHub repository, PyrsistenceSniper runs […]

The post PyrsistenceSniper – Tool that Detects 117 Persistence Malware Techniques on Windows, Linux, and macOS appeared first on Cyber Security News.

A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256 and publicly nicknamed nginx-poolslip, the vulnerability affects both NGINX Plus and NGINX Open Source, and can be triggered by a remote, unauthenticated attacker over plain HTTP. The vulnerability resides in […]

The post Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now! appeared first on Cyber Security News.

A multi-stage intrusion attack where a threat actor exploited an internet-facing F5 BIG-IP edge appliance as the entry point for a widespread, identity-focused attack that ultimately accessed Active Directory. According to Microsoft’s Defender Security Research, the attack reflects a growing trend in which firewalls, VPN gateways, and load balancer devices traditionally deployed as security boundaries […]

The post Hackers Exploit F5 BIG-IP Appliance to Gain SSH Access and Pivot Into Enterprise Linux Networks appeared first on Cyber Security News.

A highly sophisticated supply chain attack has compromised the Laravel-Lang ecosystem, injecting credential-stealing remote code execution backdoors into 233 package versions across 700 GitHub repositories. Discovered in May 2026 by Socket and Aikido, threat actors manipulated GitHub tags to distribute malware through Composer’s autoloader, granting complete remote access to developer environments. The attackers bypassed direct […]

The post Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos appeared first on Cyber Security News.

Anthropic has revealed the staggering initial results of Project Glasswing, a collaborative cybersecurity initiative designed to secure critical infrastructure using advanced AI before malicious actors can exploit it. In its first month, the project leveraged the unreleased Claude Mythos Preview model to autonomously discover over 10,000 high- and critical-severity zero-day vulnerabilities across the world’s most […]

The post Anthropic’s Claude Mythos Preview Uncovers 10,000+ 0-Days in Project Glasswing appeared first on Cyber Security News.

Hackers are using telecom networks and hosting providers across the Middle East as a foundation for massive command-and-control operations, turning trusted infrastructure into a launchpad for cyberattacks. A newly released threat intelligence report reveals that more than 1,350 active command-and-control (C2) servers were identified across 98 infrastructure providers in the region within just three months. […]

The post Hackers Abuse Middle East Telecom Networks for Large-Scale Command-and-Control Operations appeared first on Cyber Security News.

A large-scale phishing campaign targeting the 2026 FIFA World Cup has grown far beyond what security researchers originally thought. What began as a documented set of 79 fraudulent domains has ballooned into a network of at least 222 domains spread across 203 unique IP addresses, making it nearly three times larger than first reported. The […]

The post World Cup Phishing Campaign Nearly Triples With 203 Unique IP Addresses appeared first on Cyber Security News.