Cyber Security News

A newly identified phishing campaign is turning legitimate customer service software into a weapon for stealing sensitive user data. Attackers have been found abusing LiveChat, a widely used Software-as-a-Service (SaaS) platform that businesses rely on for real-time customer support, to carry out convincing phishing operations against unsuspecting victims. The campaign marks a clear shift from […]

The post Phishers Abuse LiveChat Support Tools to Steal Sensitive Data in New SaaS-Based Attack Tactic appeared first on Cyber Security News.

Cybersecurity researchers have uncovered a critical evasion flaw in Palo Alto Networks’ Cortex XDR agent that allowed attackers to bypass behavioral detections completely. By reverse-engineering these encrypted rules, the InfoGuard Labs team discovered hardcoded global whitelists that enabled threat actors to execute malicious actions without triggering security alerts.​ Decrypting the Detection Engine Palo Alto Cortex […]

The post Researchers Decrypt and Exploit Encrypted Palo Alto Cortex XDR BIOC Rules appeared first on Cyber Security News.

Network infrastructure has become one of the most targeted areas in today’s threat landscape. Over recent years, attackers ranging from nation-state groups to financially driven criminal actors have steadily shifted their focus toward routers, firewalls, and other network devices. These devices sit at the core of enterprise environments, making them ideal entry points for long-term […]

The post New CondiBot Variant and ‘Monaco’ Cryptominer Expand Threats to Network Devices appeared first on Cyber Security News.

Medical technology giant Stryker Corporation confirmed on March 11, 2026, that it suffered a significant cyberattack that disrupted its global Microsoft environment, with Iran-linked threat actor Handala claiming responsibility for what appears to be a politically motivated, destructive operation. Unlike typical financially driven intrusions, the attack on Stryker bears the hallmarks of a destructive wiper […]

The post Stryker Confirms Destructive Wiper Attack – Tens of Thousands of Devices Wiped appeared first on Cyber Security News.

An Iranian threat actor known as Handala Hack has carried out a series of destructive cyberattacks against organizations in Israel, Albania, and the United States, using remote desktop access, network tunneling, and multiple simultaneous data-wiping tools. The group operates under the broader identity of Void Manticore, also tracked as Red Sandstorm and Banished Kitten, and […]

The post Handala Hack Uses RDP, NetBird, and Parallel Wipers in MOIS-Linked Destructive Intrusions appeared first on Cyber Security News.

A sophisticated espionage campaign, tracked as Operation CamelClone, has been actively targeting government agencies, defense institutions, and diplomatic bodies across multiple countries, including Algeria, Mongolia, Ukraine, and Kuwait. The operation relies on spear-phishing emails carrying malicious ZIP archives disguised as official government correspondence, tricking recipients into triggering a multi-stage infection chain that ultimately leads to […]

The post CamelClone Spy Campaign Abuses Public File-Sharing Sites and Rclone in Government-Focused Attacks appeared first on Cyber Security News.

A newly tracked botnet called RondoDox has quietly built itself into one of the more concerning threats observed in recent months, combining an unusually large collection of exploits with a calculated use of residential internet infrastructure. First detected in May 2025, the botnet began generating high volumes of traffic in security honeypots and has since […]

The post RondoDox Botnet Expands to 174 Exploits, Leveraging Residential IP Infrastructure at Scale appeared first on Cyber Security News.

Every day, billions of people rely on postal and courier services to deliver everything from personal letters to online orders. This dependence has grown steadily alongside the global rise of e-commerce. The 2024 Universal Postal Union report found that postal services now serve 7.3 billion people, and Statista recorded roughly 161 billion parcels shipped in […]

The post Fake Shipment Tracking Scams Surge in MEA, Stealing Banking Data Through Real-Time Phishing appeared first on Cyber Security News.

A concerning development has emerged in early 2026, as IBM X-Force uncovered a likely AI-generated malware strain they named “Slopoly,” deployed during a ransomware attack by the financially motivated threat group Hive0163. The group is primarily focused on large-scale data theft and ransomware deployments, using a growing arsenal of custom-built tools to stay persistent inside […]

The post IBM Uncovers ‘Slopoly,’ Likely AI-Generated Malware Used in Hive0163 Ransomware Attack appeared first on Cyber Security News.

China’s largest cybersecurity firm, Qihoo 360, has inadvertently exposed its own wildcard SSL private key by bundling it directly inside the public installer of its newly launched AI assistant, 360Qihoo (Security Claw). The flaw discovered on March 16, 2026, is a textbook operational security failure from a company trusted by over 461 million users to […]

The post Qihoo 360 Leaked Its Own Wildcard SSL Private Key Inside Public AI Installer appeared first on Cyber Security News.

The creator of the widely popular Gitleaks tool has launched a new open-source secrets scanner called Betterleaks. Sponsored by Aikido Security, this modern tool is a faster, highly configurable successor that detects exposed credentials across directories, files, and Git repositories. Gitleaks has become an industry standard, with over 26 million downloads, and is used by […]

The post Betterleaks – A New Open-Source Tool to Scan Directories, Files, and Git Repositories appeared first on Cyber Security News.

A threat group known as Konni APT has been caught running a multi-stage attack campaign that starts with targeted spear-phishing emails and ends with hijacking victims’ KakaoTalk messaging accounts to push malware further. The campaign was uncovered following a forensic investigation of a compromised system and relies on North Korean human rights themes to trick […]

The post Konni APT Hijacks KakaoTalk Accounts to Spread Malware in Multi-Stage Spear-Phishing Campaign appeared first on Cyber Security News.

Google is preparing to launch Android 17, bringing a comprehensive set of new APIs and system capabilities to fundamentally improve device security, user privacy, and performance debugging. At the forefront of this release is the highly anticipated Android Advanced Protection Mode (AAPM), a powerful new feature designed to safeguard users from increasingly sophisticated cyberattacks and […]

The post Android 17 Advanced Protection Mode to Block Malicious Service Usage appeared first on Cyber Security News.

A newly identified backdoor called A0Backdoor has emerged as part of a calculated social-engineering campaign that abuses Microsoft Teams and the Windows remote assistance tool Quick Assist. The threat group is tracked under aliases including Blitz Brigantine, Storm-1811, and STAC5777, and holds ties to the Black Basta ransomware network. Active since at least August 2025 […]

The post Attackers Abuse Microsoft Teams and Quick Assist to Drop Stealthy A0Backdoor appeared first on Cyber Security News.

Attackers can exploit insecure defaults and prompt injection vulnerabilities to turn normal agent behavior into a silent data-exfiltration pipeline. The core issue is not just confusing the AI model; it is manipulating the agent to steal sensitive information without requiring any user interaction. The most alarming demonstration comes from security firm PromptArmor. They revealed how […]

The post OpenClaw AI Agents Leaking Sensitive Data in Indirect Prompt Injection Attacks appeared first on Cyber Security News.

A set of nine novel cross-tenant vulnerabilities in Google Looker Studio, collectively dubbed “LeakyLooker,” that could have allowed attackers to run arbitrary SQL queries, exfiltrate sensitive data, and even modify or delete records across Google Cloud environments, all without victims granting explicit permission. Google has since fully remediated all identified issues following responsible disclosure. Google […]

The post Google Looker Studio Vulnerabilities Allow Attackers to Exfiltrate Data from Google Services appeared first on Cyber Security News.

Microsoft has announced a two-phase plan to disable the hands-free deployment feature in Windows Deployment Services (WDS) following the discovery of a critical remote code execution (RCE) vulnerability tracked as CVE-2026-0386. The flaw, rooted in improper access control, allows an unauthenticated attacker on an adjacent network to intercept sensitive configuration files and execute arbitrary code […]

The post Microsoft to Block Windows 11 and Server 2025 Automated Installation After Critical RCE Vulnerability appeared first on Cyber Security News.

Meta has confirmed it will permanently remove end-to-end encryption (E2EE) support from Instagram direct messages, with the feature officially shutting down after May 8, 2026. The announcement, quietly posted on Instagram’s Help Center support page, marks a significant reversal from Meta’s earlier commitment to privacy-focused messaging across its platforms. Instagram’s E2EE feature was never widely […]

The post Meta to Permanently Remove End-to-End Encryption Feature in Instagram DMs appeared first on Cyber Security News.

Microsoft released an out-of-band hotpatch update on March 13, 2026, addressing serious security vulnerabilities in Windows 11 versions 24H2 and 25H2. Tracked as KB5084597 and targeting OS Builds 26200.7982 and 26100.7982, this update patches three actively concerning flaws in the Windows Routing and Remote Access Service (RRAS) management tool, and notably, it does so without […]

The post Microsoft Releases Out-of-Band Patch For Critical RRAS RCE Vulnerabilities in Windows 11 appeared first on Cyber Security News.

A series of intrusions in early 2026 in which threat actors compromised FortiGate Next-Generation Firewalls (NGFW) to establish persistent footholds within enterprise environments. Each case was intercepted during the lateral movement phase before the attackers could fully achieve their objectives. The attack wave uncovered by SentinelOne closely tracks three high-severity Fortinet vulnerabilities disclosed between December […]

The post FortiGate Firewalls Exploited in Wave of Attacks to Breach Networks and Steal Credentials appeared first on Cyber Security News.