Cyber Security News

A dangerous malware campaign targeting software developers has surfaced, with a rogue npm package posing as a trusted developer tool to silently drain credentials, crypto wallets, SSH keys, browser sessions, and even iMessage conversations. The package, published under the name @openclaw-ai/openclawai, disguises itself as a legitimate command-line installer called “OpenClaw Installer” while deploying a deeply hidden […]

The post GhostClaw Mimic as OpenClaw to Steal Everything from Developers appeared first on Cyber Security News.

ScamAgent is an autonomous, multi-turn AI framework developed by researcher Sanket Badhe at Rutgers University that demonstrates how large language models (LLMs) can be weaponized to conduct fully automated scam calls. By integrating goal-driven planning, contextual memory, and real-time text-to-speech (TTS) synthesis, the system successfully bypasses existing AI safety guardrails to simulate highly realistic social […]

The post ScamAgent- AI Agent Built by Researchers that Run Fully Autonomous Scam Calls appeared first on Cyber Security News.

A social-engineering campaign abusing Microsoft Teams and Windows Quick Assist is evolving again, with BlueVoyant warning that the attackers are now deploying a newly identified malware family called A0Backdoor after convincing employees to hand over remote access. The activity overlaps with tactics previously tied to Blitz Brigantine, also tracked as Storm-1811, a financially motivated cluster […]

The post Hackers Attack Employees Over Microsoft Teams to Trick Them Into Granting Remote Access appeared first on Cyber Security News.

A convincing fake website posing as the popular Mac utility CleanMyMac is actively pushing dangerous macOS malware called SHub Stealer onto unsuspecting users. The site, hosted at cleanmymacos[.]org, has no connection to the real CleanMyMac software or its developers, MacPaw. Once inside a system, SHub Stealer harvests saved passwords, browser data, Apple Keychain contents, cryptocurrency […]

The post Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets appeared first on Cyber Security News.

A new data-stealing malware called BoryptGrab has been quietly spreading across Windows systems through a network of fake GitHub repositories, tricking users into downloading what appear to be popular free software tools. The campaign, which has been active since at least April 2025, uses search engine manipulation to make these malicious repositories look legitimate, luring […]

The post BoryptGrab Stealer Spreads via Fake GitHub Repositories, Stealing Browser and Crypto Wallet Data appeared first on Cyber Security News.

The Iranian advanced persistent threat group known as Seedworm — also tracked as MuddyWater, Temp Zagros, and Static Kitten — has been found actively operating inside the networks of multiple U.S. organizations since early February 2026, raising serious alarms across the cybersecurity community. The group’s intensified activity follows the coordinated U.S. and Israeli military strikes […]

The post Iran-Linked Hackers Target U.S. Critical Infrastructure Amid Rising Cyber Threat Activity appeared first on Cyber Security News.

A sophisticated credential-stealing campaign built around a tool called VIP Keylogger has emerged as a serious threat to organizations and individuals. Unlike conventional malware that drops files onto a victim’s hard drive, this keylogger runs entirely in memory, making it far harder for traditional security tools to detect. The campaign was first spotted through suspicious […]

The post MaaS VIP Keylogger Campaign Uses Steganography and In-Memory Execution to Steal Credentials at Scale appeared first on Cyber Security News.

Signal has officially confirmed an ongoing wave of targeted phishing campaigns resulting in successful account takeovers for high-profile users, including journalists and government officials. The encrypted messaging service explicitly stated that its core infrastructure and end-to-end encryption protocols remain intact and entirely uncompromised. Rather than exploiting technical vulnerabilities, threat actors are bypassing security boundaries by […]

The post Signal Confirms Targeted Phishing Attacks Resulting in Account Takeovers appeared first on Cyber Security News.

A sprawling cybercrime ecosystem rooted in Vietnam has been linked to large-scale fraudulent account registration campaigns targeting service providers and online platforms worldwide. Researchers traced this activity to an infrastructure cluster internally designated O-UNC-036, which uses disposable email addresses and automated bots to manufacture fake digital identities at an alarming scale.​ Fraudulent online accounts are […]

The post Vietnam-Based Cybercrime Network Enables Fraudulent Account Signups at Scale appeared first on Cyber Security News.

Philadelphia, PA, United States, March 9th, 2026, CyberNewswire Security Risk Advisors (SRA) is proud to announce the release of its inaugural report, The Purple Perspective 2026. This comprehensive analysis examines real-world detection and prevention performance against a curated set of high-priority adversary techniques, providing actionable insights to improve cybersecurity defenses. The report is based on the […]

The post Security Risk Advisors Releases “The Purple Perspective 2026” Report appeared first on Cyber Security News.

Pakistan-based threat actor APT36, widely known as Transparent Tribe, has shifted away from carefully crafted tools to a new approach called “vibeware” — AI-assisted malware produced in high volumes with little regard for quality. Rather than investing time in one sophisticated piece of code, the group uses AI coding tools to pump out dozens of […]

The post Transparent Tribe’s ‘Vibeware’ Shift Signals Rise of AI-Generated Malware at Industrial Scale appeared first on Cyber Security News.

A newly discovered vulnerability is challenging the long-held belief that macOS systems are inherently immune to malware. Security researchers from Kaspersky’s Global Research and Analysis Team (GReAT) have identified a critical flaw that allows threat actors to execute malicious code on Macs simply by processing a tampered image file. ExifTool, a widespread open-source utility for […]

The post Critical ExifTool Flaw Lets Malicious Images Trigger Code Execution on macOS appeared first on Cyber Security News.

A severe vulnerability affecting multiple Hikvision products was added to the Known Exploited Vulnerabilities (KEV) catalog on March 5, 2026. Tracked globally under CVE-2017-7921, this security flaw poses a significant risk to organizations that rely on these popular surveillance systems. The flaw enables malicious users to bypass standard security checks, escalate their privileges, and gain […]

The post Hikvision Multiple Products Vulnerability Allows Malicious Users to Escalate Privileges appeared first on Cyber Security News.

A wave of counterfeit AI-powered browser extensions has silently breached over 20,000 enterprise environments, compromising the chat histories of employees who routinely used AI tools for work. These malicious Chromium-based extensions disguised themselves as legitimate AI assistant tools and accumulated close to 900,000 installs before the threat was surfaced. What made these extensions particularly alarming […]

The post Microsoft Warns Fake AI Browser Extensions Compromised Chat Histories Across 20,000+ Enterprise Tenants appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding multiple Apple vulnerabilities currently facing active exploitation. On March 5, 2026, CISA added three security flaws affecting macOS, iOS, iPadOS, and other Apple products to its Known Exploited Vulnerabilities (KEV) catalog. This addition warns network defenders that threat actors are actively leveraging […]

The post CISA Warns of macOS and iOS Vulnerabilities Exploited in Attacks appeared first on Cyber Security News.

A new open-source edge AI system called π RuView is turning ordinary WiFi infrastructure into a through-wall human-sensing platform detecting body pose, vital signs, and movement patterns without a single camera, raising urgent security and surveillance concerns. Researchers and developers have long theorized that ambient radio signals could be weaponized for passive surveillance. That theory […]

The post WiFi Signals Reveal Human Activities Through Walls by Mapping Body Keypoints appeared first on Cyber Security News.

A threat actor is allegedly selling a zero-day exploit for a Windows Remote Desktop Services privilege escalation vulnerability, tracked as CVE-2026-21533, for a staggering $220,000 on a dark web forum. This highly priced exploit targets improper privilege management to grant attackers local administrative control. The underground cybersecurity community has observed a new high-stakes listing on […]

The post Hackers Allegedly Selling Exploit for Windows Remote Desktop Services 0-Day Flaw appeared first on Cyber Security News.

A critical vulnerability in AVideo, a widely used open-source video hosting and streaming platform. Tracked as CVE-2026-29058, this zero-click flaw carries a maximum severity rating, allowing unauthenticated attackers to execute arbitrary operating system commands on the targeted server. Discovered by security researcher Arkmarta, the vulnerability specifically affects AVideo version 6.0. It has been officially patched […]

The post Critical Zero-Click Command Injection in AVideo Platform Allows Stream Hijacking appeared first on Cyber Security News.

TriZetto Provider Solutions, a healthcare technology subsidiary of the IT services giant Cognizant, has officially disclosed a massive cybersecurity data breach affecting the sensitive health information of 3,433,965 patients. The healthcare organization recently filed a formal data breach notification revealing that malicious threat actors successfully compromised their external systems. This extensive breach heavily underscores the […]

The post Cognizant TriZetto Data Breach Exposes Health Information of 3.4 Million Patients appeared first on Cyber Security News.

Socket’s Threat Research Team has discovered a malicious Google Chrome extension named “lmΤoken Chromophore” that actively steals cryptocurrency wallet credentials. Masquerading as a harmless hex color visualizer, the extension actually impersonates the popular non-custodial wallet brand imToken. Since its launch in 2016, imToken has served more than 20 million customers globally, making it a highly […]

The post Malicious imToken Chrome Extension Caught Stealing Mnemonics and Private Keys appeared first on Cyber Security News.