Cyber Security News

A critical server-side vulnerability in Instagram’s infrastructure allowed unauthenticated attackers to access private photos and captions without a login or follower relationship, according to a disclosure released this week by security researcher Jatin Banga. The vulnerability, which was reportedly patched silently by Meta in October 2025, relied on a specific configuration of HTTP headers to […]

The post New Instagram Vulnerability Exposes Private Posts to Anyone appeared first on Cyber Security News.

Late December 2025 brought alarming news to Poland as its energy infrastructure became the target of what security experts describe as the country’s largest cyberattack in years. The Russian-aligned Sandworm group, known for orchestrating some of the most damaging attacks on critical infrastructure, emerged as the culprit behind this coordinated assault. The group deployed a […]

The post Sandworm APT Group Targeting Poland’s Power Grid with DynoWiper Malware appeared first on Cyber Security News.

A massive database containing 149 million stolen login credentials was discovered exposed online without password protection or encryption. Posing serious security risks to users of Gmail, Instagram, Facebook, Netflix, and thousands of other platforms worldwide. The publicly accessible database contained 149,404,754 unique logins and passwords harvested through infostealer malware and keylogging software. Each record included […]

The post 48M Gmail, 6.5M Instagram Exposed Online From Unprotected Database appeared first on Cyber Security News.

A sophisticated “homoglyph” phishing campaign targeting customers of Marriott International and Microsoft. Attackers are registering domains that replace the letter “m” with the combination “rn” (r + n), creating fake websites that look nearly identical to the real ones. This technique, known as typosquatting or a homoglyph attack, exploits the way modern fonts display text. […]

The post Hackers Use ‘rn’ Typo Trick to Impersonate Microsoft and Marriott in New Phishing Attack appeared first on Cyber Security News.

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting Broadcom’s VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog. This addition confirms that active exploitation of CVE-2024-37079 has been detected in the wild, posing a significant risk to enterprise environments that rely on vCenter for virtualization management. The vulnerability, originally […]

The post CISA Warns of Critical VMware vCenter RCE Vulnerability Exploited in Attacks appeared first on Cyber Security News.

Microsoft is preparing to deploy a significant, potentially controversial update to Microsoft Teams that automatically detects and displays a user’s physical work location based on the Wi-Fi network they connect to. According to the latest update on the Microsoft 365 Roadmap (ID 488800), this feature is scheduled to begin rolling out in March 2026 for […]

The post Microsoft Teams to Share your Location With Your Employer Soon Based on Wi-Fi Network appeared first on Cyber Security News.

Microsoft Defender researchers have exposed a sophisticated adversary-in-the-middle (AiTM) phishing campaign targeting energy sector organizations through SharePoint file-sharing abuse. The multi-stage attack compromised multiple user accounts and evolved into widespread business email compromise (BEC) operations across several organisations. Initial Compromise Through Trusted Vendor The attack began with phishing emails sent from a compromised trusted vendor’s […]

The post Threat Actors Leverage SharePoint Services in Sophisticated AiTM Phishing Campaign appeared first on Cyber Security News.

Microsoft has unveiled the public preview of WinApp CLI (winapp), a new open-source command-line tool designed to simplify Windows app development for developers using diverse frameworks outside Visual Studio or MSBuild. Hosted on GitHub, the tool targets web devs with Electron, C++ experts on CMake, and .NET, Rust, or Dart builders, making modern Windows APIs—like […]

The post Microsoft Launches Open-Source WinApp CLI to Streamline Windows App Development appeared first on Cyber Security News.

Microsoft gave U.S. federal agents the digital keys needed to unlock three encrypted laptops linked to a massive COVID unemployment scam in Guam. This case shows how cloud-stored encryption keys can help law enforcement, but also raises big privacy worries for everyday users. Early last year, in 2025, FBI investigators in Guam got a search […]

The post Microsoft Shares BitLocker Keys with FBI to Unlock Encrypted Laptops in Guam Fraud Investigation appeared first on Cyber Security News.

Active exploitation of a critical authentication bypass vulnerability in the GNU InetUtils telnetd server (CVE-2026-24061) has been observed in the wild, allowing unauthenticated attackers to gain root access to Linux systems. The vulnerability, which affects GNU InetUtils versions 1.9.3 through 2.7, enables remote code execution by manipulating the USER environment variable passed during the Telnet […]

The post Hackers Exploiting telnetd Vulnerability for Root Access – Public PoC Released appeared first on Cyber Security News.

A critical backdoor vulnerability has been discovered in the LA-Studio Element Kit for Elementor, a popular WordPress plugin used by more than 20,000 active sites. This security flaw allows attackers to create administrator accounts without any authentication, putting thousands of websites at risk of complete takeover. The vulnerability, tracked as CVE-2026-0920, carries a CVSS score […]

The post 20,000 WordPress Sites Affected by Backdoor Vulnerability Allowing Malicious Admin User Creation appeared first on Cyber Security News.

A new malware campaign targeting Windows users has emerged, using deceptive LNK shortcut files to distribute MoonPeak, a dangerous remote access trojan. This malware, which appears to be a variant of XenoRAT, has been linked to threat actors affiliated with North Korea. The attack primarily targets South Korean investors and cryptocurrency traders through weaponized files […]

The post Threat Actors Weaponizes LNK File to Deploy MoonPeak Malware Attacking Windows Systems appeared first on Cyber Security News.

A new wave of web-based malware campaigns is using fake verification pages to trick users into installing dangerous software. These attacks copy the look and feel of legitimate security checks that people see every day while browsing the internet. The fake captcha ecosystem represents a fast-changing threat that uses trusted web interfaces as delivery surfaces […]

The post Fake Captcha Ecosystem Exploits Trusted Web Infrastructure to Deliver Malware appeared first on Cyber Security News.

A sophisticated macOS malware called MacSync has emerged as a dangerous new threat targeting cryptocurrency users through deceptive social engineering tactics. The infostealer operates as an affordable Malware-as-a-Service tool designed to harvest sensitive data from macOS systems by convincing victims to paste a single command into their Terminal application. Security researchers discovered MacSync while investigating […]

The post MacSync macOS Infostealer Leverage ClickFix-style Attack to Trick Users Pasting a Single Terminal Command appeared first on Cyber Security News.

Data security companies are essential in 2026 for protecting sensitive information amid rising cyber threats and complex cloud environments. In 2026, data security has become a top priority for organizations of all sizes as cyber threats, regulatory pressure, and cloud adoption continue to accelerate. With sensitive business data spread across cloud platforms, SaaS applications, endpoints, […]

The post Top 10 Best Data Security Companies in 2026 appeared first on Cyber Security News.

A new and alarming threat has emerged in the cybersecurity landscape where attackers combine artificial intelligence with web-based attacks to transform innocent-looking webpages into dangerous phishing tools in real time. Security researchers discovered that cybercriminals are now leveraging generative AI systems to create malicious code that loads dynamically after users visit seemingly safe websites. This […]

The post Hackers Can Use GenAI to Change Loaded Clean Page Into Malicious within Seconds appeared first on Cyber Security News.

A dangerous new generation of phishing kits designed specifically for voice-based attacks has emerged as a growing threat to enterprise users across major technology platforms. Okta Threat Intelligence discovered multiple custom phishing kits available on an as-a-service basis that criminals are using in coordinated campaigns. These sophisticated tools target employees at Google, Microsoft, Okta, and […]

The post New Phishing Kit As-a-service Attacking Google, Microsoft, and Okta Users appeared first on Cyber Security News.

Node.js has updated its HackerOne vulnerability disclosure program to require a minimum Signal score of 1.0, aiming to reduce low-quality submissions and improve processing efficiency. Node.js has implemented a new threshold for vulnerability report submissions through its HackerOne program, mandating that researchers maintain a Signal score of 1.0 or higher to participate. Signal is HackerOne’s […]

The post Node.js Updated HackerOne Program to Require a Signal of 1.0 or Higher to Submit Vulnerability Reports appeared first on Cyber Security News.

A new security feature for Teams Calling now alerts users to suspicious external calls that try to impersonate trusted organizations. The feature will begin deployment in mid-February 2026 for Targeted Release customers, with general availability timelines to be communicated later. Brand Impersonation Protection is a proactive security safeguard that evaluates inbound Voice over IP (VoIP) […]

The post Microsoft to Add Brand Impersonation Protection Warning to Teams Calls appeared first on Cyber Security News.

Security researchers at Pwn2Own Automotive 2026 demonstrated 76 unique zero-day vulnerabilities across electric vehicle chargers and in-vehicle infotainment systems. The three-day event in Tokyo awarded $1,047,000 USD total, with Fuzzware.io claiming the Master of Pwn title. Day One Activities Day One featured 30 entries targeting systems like Alpine iLX-F511, Kenwood DNR1007XR, and various EV chargers, […]

The post 76 Zero-day Vulnerabilities Uncovered by Hackers on Pwn2Own Automotive 2026 appeared first on Cyber Security News.