Cyber Security News (RSS Feed)

Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance Iran’s cyber operations took a sharp turn in early 2026, with state-linked threat actors quietly embedding themselves inside US and Canadian networks while also targeting internet-connected surveillance cameras across the Middle East for battlefield intelligence. The Iranian APT group MuddyWater, tied to Iran’s Ministry of Intelligence and Security (MOIS), maintained unauthorized access to multiple American […] The post https://cybersecuritynews.com/iranian-cyber-ops-maintain-… appeared first on https://cybersecuritynews.com. https://cybersecuritynews.com/iranian-cyber-ops-maintain-…

Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises The ransomware threat landscape entered a new phase in 2025. Once a highly reliable criminal business model built on encrypting victim files and collecting ransom payments, it is now under significant financial pressure. Ransom payment rates have hit historic lows, average demands have dropped sharply, and organizations are recovering from attacks more effectively than in […] The post https://cybersecuritynews.com/google-warns-ransomware-act… appeared first on https://cybersecuritynews.com. https://cybersecuritynews.com/google-warns-ransomware-act…

Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 — were published within minutes of each other by the same publisher, AstrOOnauta, and together accounted […] The post https://cybersecuritynews.com/glassworm-hits-popular-reac… appeared first on https://cybersecuritynews.com. https://cybersecuritynews.com/glassworm-hits-popular-reac…

AWS Bedrock AgentCore Sandbox Bypass Allows Covert C2 Channels and Data Exfiltration A significant security flaw in AWS Bedrock AgentCore Code Interpreter’s “Sandbox” network mode, a feature advertised by AWS as providing complete network isolation that allows outbound DNS queries, enabling threat actors to establish covert command-and-control (C2) channels and exfiltrate sensitive data. AWS Bedrock AgentCore Code Interpreter is a managed service that allows AI agents and […] The post https://cybersecuritynews.com/aws-bedrock-agentcore-sandb… appeared first on https://cybersecuritynews.com. https://cybersecuritynews.com/aws-bedrock-agentcore-sandb…

New CondiBot Variant and ‘Monaco’ Cryptominer Expand Threats to Network Devices Network infrastructure has become one of the most targeted areas in today’s threat landscape. Over recent years, attackers ranging from nation-state groups to financially driven criminal actors have steadily shifted their focus toward routers, firewalls, and other network devices. These devices sit at the core of enterprise environments, making them ideal entry points for long-term […] The post https://cybersecuritynews.com/new-condibot-variant-and-mo… appeared first on https://cybersecuritynews.com. https://cybersecuritynews.com/new-condibot-variant-and-mo…

Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code Google has released an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are being actively exploited in the wild. The stable channel has been updated to version 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux, with the rollout expected to reach users over the coming days and weeks. […] The post https://cybersecuritynews.com/chrome-zero-day-vulnerabili… . https://cybersecuritynews.com/chrome-zero-day-vulnerabili…

OpenSSH GSSAPI Vulnerability Allow Attacker to Crash SSH Child Processes A significant vulnerability in the GSSAPI Key Exchange patch was applied by numerous Linux distributions on top of their OpenSSH packages. The flaw, tracked as CVE-2026-3497, was uncovered by security researcher Jeremy Brown. It allows an attacker to crash SSH child processes reliably and potentially violates privilege separation boundaries, all with a single crafted network […] The post https://cybersecuritynews.com/openssh-gssapi-vulnerability/ . https://cybersecuritynews.com/openssh-gssapi-vulnerability/

Meta Launches New Anti-Scam Tools on WhatsApp, Facebook and Messenger Meta has launched a suite of advanced anti-scam tools across WhatsApp, Facebook, and Messenger to combat the growing industrialization of online fraud. These new defenses combine artificial intelligence, behavioral alerts, and global law enforcement partnerships to protect users proactively. To protect users from evolving social engineering tactics, Meta introduced specific warning mechanisms across its ecosystem. […] The post https://cybersecuritynews.com/meta-new-anti-scam-tools/ . https://cybersecuritynews.com/meta-new-anti-scam-tools/

Attackers Hijack Microsoft 365 Accounts Through OAuth Device Code Abuse Without Stealing Passwords Analysts at ANY.RUN has identified a sharp spike in phishing campaigns exploiting Microsoft’s OAuth Device Authorization Grant flow, with more than 180 malicious URLs detected within a single week. Unlike conventional credential harvesting, this technique routes victims through legitimate Microsoft authentication pages, making it substantially harder for security operations centers (SOCs) to catch the compromise […] The post https://cybersecuritynews.com/oauth-device-code-phishing-… . https://cybersecuritynews.com/oauth-device-code-phishing-…

Microsoft Copilot Email and Teams Summarization Vulnerability Enables Phishing Attacks AI assistants have rapidly transformed daily operations, streamlining tasks for teams managing overloaded inboxes, client communications, and incident response. Tools like Microsoft Copilot integrate directly into daily workflows, summarizing emails and meetings while pulling context from across the Microsoft 365 ecosystem. However, this convenience introduces a novel security boundary that many organizations have not yet […] The post https://cybersecuritynews.com/microsoft-copilot-summariza… . https://cybersecuritynews.com/microsoft-copilot-summariza…

Paloalto Cortex XDR Broker Vulnerability Attackers to Obtain and Modify Sensitive Information A security advisory has been issued for a newly discovered vulnerability affecting the Cortex XDR Broker Virtual Machine (VM). This flaw could allow a highly privileged, authenticated attacker to access and alter sensitive system information. Fortunately, the issue was discovered internally, and there are currently no reports of active malicious exploitation in the wild. Paloalto […] The post https://cybersecuritynews.com/paloalto-cortex-xdr-broker-… . https://cybersecuritynews.com/paloalto-cortex-xdr-broker-…

Ericsson US Discloses Data Breach – Hackers Stolen Employees and Customers Data The U.S. subsidiary of a Swedish telecommunications multinational has disclosed a data breach exposing the personal information of employees and customers. The incident did not occur on Ericsson’s internal network, but rather targeted one of the company’s third-party service providers. According to the breach notification letter, the unauthorized access occurred over a five-day window between […] The post https://cybersecuritynews.com/ericsson-data-breach/ . https://cybersecuritynews.com/ericsson-data-breach/

Cisco IOS XR Software Vulnerability Allow Attacker to Execute Commands as Root Cisco has issued a high-severity security advisory warning organizations about two critical privilege-escalation vulnerabilities in its IOS XR Software. If exploited, these flaws could allow an authenticated, local attacker to execute arbitrary commands as root or gain full administrative control over affected routing devices. Both vulnerabilities were discovered during internal security testing by Cisco, and […] The post https://cybersecuritynews.com/cisco-ios-xr-software-vulne… . https://cybersecuritynews.com/cisco-ios-xr-software-vulne…

Splunk RCE Vulnerability Allow Attackers to Execute Arbitrary Shell Commands A critical security advisory has been released, warning users of a high-severity vulnerability affecting both Enterprise and Cloud platforms. Tracked as CVE-2026-20163, this flaw carries a CVSS score of 8.0. It enables attackers to perform Remote Command Execution (RCE) on targeted systems. The vulnerability stems from improper handling of user inputs when the system previews […] The post https://cybersecuritynews.com/splunk-rce-vulnerability-2/ . https://cybersecuritynews.com/splunk-rce-vulnerability-2/

SolarWinds Web Help Desk Deserialization Vulnerability Enables Command Execution Cybersecurity authorities have flagged a severe security flaw in SolarWinds Web Help Desk that requires immediate attention from system administrators. Tracked as CVE-2025-26399, this vulnerability allows malicious actors to execute unauthorized commands directly on the host machine. Because of its severity and active exploitation, the Cybersecurity and Infrastructure Security Agency (CISA) has officially added this […] The post https://cybersecuritynews.com/solarwinds-web-help-desk-de… . https://cybersecuritynews.com/solarwinds-web-help-desk-de…

Critical Microsoft Office Vulnerability Enables Remote Code Execution Attacks On March 10, 2026, Microsoft released security updates to address a critical vulnerability in its widely used Office suite. Tracked as CVE-2026-26110, this security flaw allows an unauthorized attacker to execute malicious code on a victim’s device. With a high severity rating and a CVSS base score of 8.4 out of 10, the vulnerability affects […] The post https://cybersecuritynews.com/microsoft-office-vulnerabil… . https://cybersecuritynews.com/microsoft-office-vulnerabil…

GitLab Security Update – Patch for XSS and API DoS Vulnerabilities GitLab has released urgent security updates for its Community Edition (CE) and Enterprise Edition (EE) to address a wide range of vulnerabilities. The newly released versions 18.9.2, 18.8.6, and 18.7.6 fix a total of 15 security issues, including critical Cross-Site Scripting (XSS) and Denial-of-Service (DoS) flaws. Administrators of self-managed instances are strongly urged to apply […] The post https://cybersecuritynews.com/gitlab-security-update-2/ . https://cybersecuritynews.com/gitlab-security-update-2/

Hackers Leveraging Cloudflare Anti-Bot Features to Steal Microsoft 365 Credentials A sophisticated Microsoft 365 credential harvesting campaign that weaponizes Cloudflare’s own protective features to evade detection and silently steal user login data. The campaign demonstrates a growing and troubling trend: threat actors turning the very tools designed to defend websites into shields for malicious infrastructure. Platforms like Cloudflare are widely trusted for their anti-bot protections, […] The post https://cybersecuritynews.com/cloudflare-anti-bot-feature… . https://cybersecuritynews.com/cloudflare-anti-bot-feature…

Chrome Security Update – Patch for 29 Vulnerabilities that Allows Remote Code Execution Google has officially released Chrome version 146 to the stable channel, delivering crucial security updates for Windows, Mac, and Linux users. Rolling out over the coming days, Chrome 146.0.7680.71 for Linux and 146.0.7680.71/72 for Windows and Mac addresses 29 security vulnerabilities. Many of these flaws, if left unpatched, could allow remote attackers to execute arbitrary […] The post https://cybersecuritynews.com/chrome-security-update-29-v… . https://cybersecuritynews.com/chrome-security-update-29-v…

Google Completes Acquisition of Wiz in Historic $32 Billion Deal Google has officially closed its $32 billion all-cash acquisition of Wiz, the Israeli cloud and AI security platform, marking the largest deal in Google’s history and a landmark moment for the global cybersecurity industry. The Wiz team will join Google Cloud while retaining its brand and continuing to support customers across all major cloud environments. […] The post https://cybersecuritynews.com/google-acquires-wiz/ . https://cybersecuritynews.com/google-acquires-wiz/