Cyber Security News

Two critical memory-safety vulnerabilities in PHP’s image-processing functions could allow attackers to leak sensitive heap memory or to execute denial-of-service attacks via specially crafted JPEG files. The flaws, discovered in PHP’s ext/standard extension by Positive Technologies researcher Nikita Sveshnikov, affect the widely-used getimagesize and iptcembed functions that process JPEG metadata and IPTC data. PHP Memory […]

The post Malicious JPEG Images Could Trigger PHP Memory Safety Vulnerabilities appeared first on Cyber Security News.

A newly disclosed Linux kernel vulnerability is raising serious concerns across the security community, as it allows attackers to access highly sensitive data, including SSH private keys and password hashes, on affected systems. Tracked as CVE-2026-46333, the flaw has been nicknamed “ssh-keysign-pwn” and impacts a wide range of Linux distributions. Linux system hit with multiple vulnerabilities in 2026, […]

The post Critical Linux Kernel Flaw ‘ssh-keysign-pwn’ Exposes SSH Keys and Shadow Passwords appeared first on Cyber Security News.

A newly disclosed zero-click exploit chain targeting Google Pixel 10 devices has raised fresh concerns about Android’s low-level security. Google Project Zero researchers demonstrated how attackers could silently compromise a device and escalate privileges to root without any user interaction by chaining just two vulnerabilities. The attack builds on earlier research targeting Pixel 9 devices, […]

The post Google Project Zero Discloses Zero-Click Exploit Chain for Pixel 10 Devices appeared first on Cyber Security News.

A newly disclosed flaw in Android 16 is raising serious privacy concerns after researchers revealed that malicious apps can bypass VPN protections and expose a user’s real IP address even when strict security settings are enabled. The vulnerability, dubbed the “Tiny UDP Cannon,” allows any regular Android app with basic permissions to leak network traffic […]

The post Android 16 VPN Bypass Lets Malicious Apps Reveal Users Real IP Address appeared first on Cyber Security News.

Gunra ransomware has quickly grown from a new threat into a serious global problem, hitting dozens of organizations in less than a year. The group behind it is not just encrypting data, but also running a business-like operation that sells access, leaks stolen files, and recruits partners to spread its malware. For defenders, this is […]

The post Gunra Ransomware Expands RaaS Operations After Shifting From Conti-Based Locker appeared first on Cyber Security News.

A chain of four critical vulnerabilities discovered in OpenClaw, one of the fastest-growing open-source platforms for autonomous AI agents, has left an estimated 245,000 publicly accessible server instances exposed to remote exploitation, credential theft, and persistent backdoor installation. Originally launched as “Clawdbot” in late 2025, OpenClaw connects large language models directly to filesystems, SaaS applications, […]

The post OpenClaw Chain Vulnerabilities Expose 245,000 Public AI Agent Servers to Attack appeared first on Cyber Security News.

A dangerous new piece of malware called Shai-Hulud has emerged as one of the most alarming supply chain threats of 2026. It is a self-propagating worm that quietly tunnels through developer environments, stealing credentials from npm, GitHub, AWS, and Kubernetes all at once. Hundreds of malicious packages have already been tied to this campaign, making […]

The post Shai-Hulud Worm Steals npm, GitHub, AWS, and Kubernetes Secrets From Developers appeared first on Cyber Security News.

Hackers are exploiting a little-known feature of Microsoft’s authentication system to steal account credentials at scale. Device code phishing campaigns now target organizations worldwide by manipulating the OAuth device authorization flow, turning a security feature into a major vulnerability. This emerging threat has surged dramatically since late 2024, catching security teams unprepared for attacks that […]

The post Hackers Abuse OAuth Device Authorization Flow to Steal Microsoft 365 Tokens appeared first on Cyber Security News.

Pwn2Own Berlin 2026 opened with a surge of zero-day exploits targeting modern browsers, operating systems, and emerging AI platforms. On Day One alone, security researchers successfully hacked Microsoft Edge, Windows 11, and LiteLLM, earning a total of $523,000 for 24 unique vulnerabilities. The results highlight a growing reality that AI ecosystems and core enterprise technologies […]

The post Microsoft Edge, Windows 11 and LiteLLM Hacked in Pwn2Own Berlin 2026 appeared first on Cyber Security News.

A dangerous rootkit called OrBit has been quietly targeting Linux systems for years, stealing login credentials and hiding deep inside infected machines without triggering most security tools. New research reveals that what was once believed to be a custom-built threat is actually a modified version of a publicly available rootkit, spreading across the globe through […]

The post Hackers Use OrBit Rootkit to Harvest SSH and Sudo Credentials From Linux Systems appeared first on Cyber Security News.

A recent intrusion uncovered by security researchers revealed a calculated attack campaign that used a legitimate enterprise management tool as a weapon. The threat actor gained access through a compromised third-party IT services provider, then quietly moved through the victim’s environment using tools that were already approved and running. No obvious malware was dropped, and […]

The post Microsoft Warns of Attackers Using Trusted HPE Operations Agent for Malware-Free Intrusions appeared first on Cyber Security News.

Cybercriminals behind the Tycoon 2FA phishing kit have added a powerful new weapon to their playbook. By combining their well-known phishing infrastructure with OAuth Device Code abuse, they can now steal access to Microsoft 365 accounts without ever capturing a single password. The Tycoon 2FA phishing kit first gained attention as a Phishing-as-a-Service (PhaaS) platform. […]

The post Tycoon 2FA Operators Adopt OAuth Device Code Phishing to Bypass MFA appeared first on Cyber Security News.

As artificial intelligence frameworks become central to enterprise operations, a critical flaw in a popular AI platform has exposed organizations to serious security risks from threat actors. Within hours of public disclosure, a severe vulnerability in PraisonAI’s legacy API server, tracked as CVE-2026-44338, is already sending shockwaves through the developer community. By shipping with authentication […]

The post PraisonAI Vulnerability Exploited Within Hours of Public Disclosure appeared first on Cyber Security News.

A critical vulnerability in the Amazon Redshift JDBC driver has put enterprise applications at severe risk of Remote Code Execution (RCE). Threat actors can exploit this newly disclosed flaw simply by manipulating database connection URLs. This hidden vulnerability allows attackers to hijack the application process from within, potentially exposing sensitive enterprise data to unauthorized access […]

The post Amazon Redshift JDBC Driver Vulnerabilities Enables Remote Code Execution Attacks appeared first on Cyber Security News.

Two employee devices at OpenAI were compromised in a sweeping software supply chain attack targeting TanStack npm, but the AI company confirmed no user data, production systems, or intellectual property were affected. On May 11, 2026 UTC, threat actors launched a campaign dubbed “Mini Shai-Hulud” a coordinated supply chain offensive orchestrated by the TeamPCP extortion […]

The post OpenAI Confirms Security Breach Via TanStack npm Supply Chain Attack appeared first on Cyber Security News.

A maximum-severity zero-day vulnerability in Cisco Catalyst SD-WAN Controller is being actively exploited in the wild, allowing unauthenticated remote attackers to fully bypass authentication and seize administrative control of enterprise network infrastructure. Tracked as CVE-2026-20182 with a CVSS score of 10.0, the flaw puts SD-WAN deployments across on-premises, cloud, and government environments at critical risk. […]

The post Cisco Catalyst SD-WAN Controller 0-Day Actively Exploited to Gain Admin Access appeared first on Cyber Security News.

A Russian state-sponsored hacking group known as Sandworm has been caught making a calculated pivot from compromised IT networks into operational technology systems that control physical infrastructure. The campaign is alarming because it does not rely on cutting-edge exploits. Instead, Sandworm walks through doors that were already left open, turning unresolved vulnerabilities into launchpads for […]

The post Sandworm Hackers Pivot From Compromised IT Systems Toward Critical OT Assets appeared first on Cyber Security News.

A Chinese state-linked hacking group known as FamousSparrow has quietly infiltrated an Azerbaijani oil and gas company, exploiting an unpatched Microsoft Exchange server to plant multiple backdoors inside the network. The attack ran from late December 2025 through late February 2026 and stands as one of the most detailed Chinese APT intrusions targeting energy infrastructure […]

The post Chinese APT Hackers Exploit Microsoft Exchange to Breach Energy Sector Network appeared first on Cyber Security News.

A newly uncovered malware framework is raising serious alarms across the cybersecurity community. Researchers have identified a previously unknown implant called TencShell, a sophisticated tool capable of giving attackers full remote control over a compromised system. The discovery highlights how threat actors are quietly repurposing publicly available offensive tools to carry out targeted intrusions with […]

The post New Malware Framework Enables Screen Control, Browser Artifact Access, and UAC Bypass appeared first on Cyber Security News.

A widely used JavaScript inter-process communication library has been weaponized again. Socket and Stepsecurity have confirmed that three newly published versions of node-ipc, a package with over 822,000 weekly downloads, contain obfuscated stealer and backdoor payloads, marking the second major supply chain compromise of this package since 2022. The affected versions are [email protected], [email protected], and […]

The post node-ipc npm Package with 822K Weekly Downloads Compromised in Supply Chain Attack appeared first on Cyber Security News.