Cyber Security News

The rise of AI-assisted coding has brought real value to developers around the world, but it has also opened a new door for cybercriminals to exploit. A concept known as “vibe coding” — where users simply describe what they want and AI models write the code for them — has now been turned against everyday […]

The post ‘Vibe-Coded’ Malware Campaign Uses Fake Tools, CDNs and File Hosts to Infect Users appeared first on Cyber Security News.

A malicious Python package named pyronut has been discovered on the Python Package Index (PyPI), targeting developers who build Telegram bots by impersonating the popular pyrogram framework. Rather than relying on typosquatting — where a name resembles a legitimate one — the threat actor copied pyrogram’s entire project description word-for-word, creating what researchers describe as a malicious fork, a […]

The post Malicious ‘Pyronut’ Package Backdoors Telegram Bots With Remote Code Execution appeared first on Cyber Security News.

Three chained vulnerabilities in Claude.ai, Anthropic’s widely used AI assistant, that together allow attackers to silently exfiltrate sensitive conversation data and redirect unsuspecting users to malicious websites, all without requiring any integrations, tools, or MCP server configurations. The vulnerability chain, collectively dubbed Claudy Day, was responsibly reported to Anthropic through its Responsible Disclosure Program, and […]

The post Claude Vulnerabilities Allow Data Exfiltration and User Redirection to Malicious Sites appeared first on Cyber Security News.

A well-known banking trojan called Horabot has resurfaced in an active campaign targeting users across Mexico, combining a multi-stage infection chain with an email worm that turns every compromised machine into a phishing relay. The threat bundles a Delphi-based banking trojan with a PowerShell-driven spreader, making it one of the more layered financially motivated threats […]

The post Horabot Banking Trojan Resurfaces in Mexico With Multi-Stage Phishing and Email Worm Tactics appeared first on Cyber Security News.

A popular code editor extension listed on the Open VSX registry was discovered carrying hidden malware that silently fetches and runs a remote access trojan (RAT) and a full infostealer directly onto developer machines without any visible warning sign. The extension, known as fast-draft under the KhangNghiem publisher account, had accumulated over 26,000 downloads before the malicious activity embedded […]

The post Backdoored Open VSX Extension Used GitHub Downloader to Deploy RAT and Stealer appeared first on Cyber Security News.

A threat actor with ties to Iran has had their entire working infrastructure exposed after carelessly leaving an open directory on their own staging server, handing researchers a rare look into a live botnet operation. The leak revealed a 15-node relay network, a mass SSH deployment framework, DDoS tooling compiled on victim machines, and a […]

The post Iran-Linked Botnet Exposed After Open Directory Leak Reveals 15-Node Relay Network appeared first on Cyber Security News.

A North Korea-linked hacking group known as WaterPlum has introduced a dangerous new malware called StoatWaffle, deploying it through compromised Visual Studio Code (VSCode) repositories disguised as legitimate blockchain development projects to silently infiltrate developer machines.​ WaterPlum has been running a campaign known as “Contagious Interview” for some time, drawing victims in through fake job […]

The post WaterPlum Deploys New ‘StoatWaffle’ Malware in VSCode-Based Supply Chain Campaign appeared first on Cyber Security News.

A critical security flaw in Microsoft SharePoint has been identified as actively exploited, and on March 18, 2026, the vulnerability was officially added to the Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that threat actors are actively exploiting the flaw in real-world network attacks, prompting an urgent call to action for all network administrators […]

The post CISA Warns of Microsoft SharePoint Vulnerability Exploited in Attacks appeared first on Cyber Security News.

A dangerous new malware implant called SnappyClient has quietly emerged as a serious threat to Windows users, combining remote access, data theft, and sophisticated evasion techniques in one compact C++ package. First spotted in December 2025, this command-and-control (C2) framework implant can log keystrokes, take screenshots, launch a remote terminal, and pull sensitive data from […]

The post New SnappyClient Implant Combines Remote Access, Data Theft and Advanced Evasion appeared first on Cyber Security News.

An active campaign by the Interlock ransomware group is exploiting a critical zero-day vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability may allow an unauthenticated remote attacker to execute arbitrary Java code with root privileges on an affected device. Cisco disclosed the flaw on March 4, 2026; it allows unauthenticated remote […]

The post Cisco Firewall 0-day Vulnerability Exploited in the Wild to Deploy Interlock Ransomware appeared first on Cyber Security News.

A sophisticated full-chain iOS exploit kit dubbed DarkSword, actively deployed by multiple commercial surveillance vendors and state-sponsored threat actors since at least November 2025 to steal sensitive personal data from iPhone users across four countries. DarkSword is a full-chain iOS exploit that chains six distinct vulnerabilities, four of which were leveraged as zero-days, to achieve complete […]

The post New iOS Exploit With Advanced iPhone Hacking Tools Attacking Users to Steal Personal Data appeared first on Cyber Security News.

Why do so many SOCs still struggle to move quickly even with strong detection tools in place? In many cases, the real bottleneck is Tier 1 triage. When alerts take too long to validate, resources are wasted on noise, senior teams get pulled into low-value cases, and real incidents take longer to confirm.  By giving Tier […]

The post The High Cost of Slow Triage: How to Make Tier 1 the Fastest Layer in Your SOC  appeared first on Cyber Security News.

OpenAI has officially launched GPT-5.4 mini and GPT-5.4 nano, releasing its most capable small models designed to handle high-volume, latency-sensitive workloads. The new mini iteration offers a significant performance upgrade over the previous GPT-5 mini across reasoning, coding, tool use, and multimodal understanding, while running more than twice as fast. These models are engineered for […]

The post OpenAI Launches GPT-5.4 Mini and Nano to Provide Answers 2X Faster appeared first on Cyber Security News.

The Unique Identification Authority of India (UIDAI) has officially launched its first structured Bug Bounty Programme. This initiative aims to enhance the security posture of the Aadhaar ecosystem, which serves as the foundational digital identity platform for over a billion Indian residents. By collaborating with independent cybersecurity experts, UIDAI is adopting a proactive, crowdsourced approach […]

The post UIDAI Launches Bug Bounty Programme to Strengthen Aadhaar Security appeared first on Cyber Security News.

Apple has released critical security patches to address a high-severity WebKit vulnerability that allows maliciously crafted web content to bypass the Same Origin Policy. Released on March 17, 2026, these updates apply to the latest versions of Apple’s mobile and desktop operating systems. The patch is delivered through the Background Security Improvements mechanism, ensuring devices […]

The post Apple WebKit Vulnerability Enables Malicious Web Content Bypass on iOS and macOS appeared first on Cyber Security News.

Network security has taken another hard hit. Two previously unknown malware strains have emerged, quietly turning routers, IoT devices, and enterprise network equipment into weapons for large-scale distributed denial-of-service (DDoS) attacks and cryptocurrency mining operations. These campaigns mark a clear shift in how threat actors are exploiting the very network infrastructure that organizations depend on […]

The post New Malware Campaigns Turn Network Devices Into DDoS Nodes and Crypto-Mining Bots appeared first on Cyber Security News.

A serious operational security failure by Russian state-linked hacking group FancyBear has given security researchers an unusually clear view into an active espionage campaign targeting government and military organizations across Europe. On March 11, 2026, threat intelligence firm Hunt.io published findings on a campaign it tracks as Operation Roundish, based on an exposed open-directory first […]

The post FancyBear Server Exposure Reveals Stolen Credentials, 2FA Secrets and NATO-Linked Targets appeared first on Cyber Security News.

ConnectWise has issued an urgent security advisory for its ScreenConnect remote desktop software, disclosing a critical cryptographic vulnerability that could allow unauthenticated attackers to extract server-level machine keys and hijack session authentication. The flaw, tracked as CVE-2026-3564, affects all ScreenConnect versions prior to 26.1 and carries a CVSS score of 9.0, placing it firmly in […]

The post ScreenConnect Vulnerability Allows Hackers to Extract Unique Machine Keys and Hijack Sessions appeared first on Cyber Security News.

A ransomware group known as LeakNet has been quietly building a more dangerous attack strategy. Until recently, the group averaged about three victims per month — but new evidence shows it is scaling up fast, adding new tools that most security defenses are not built to catch. LeakNet has introduced two notable additions: a social […]

The post LeakNet Scales Ransomware Operations With ClickFix Lures and Stealthy Deno Loader appeared first on Cyber Security News.

A high-severity Windows vulnerability dubbed “RegPwn” (CVE-2026-24291) is an elevation-of-privilege flaw that allows low-privileged users to gain full SYSTEM access. The MDSec red team discovered the vulnerability and successfully used it in internal engagements since January 2025, before it was addressed in a recent Microsoft Patch Tuesday update. The attack targets the way Windows manages […]

The post Researchers Reveal ‘RegPwn,’ a Windows Registry Vulnerability That Granted SYSTEM Privileges appeared first on Cyber Security News.