CyberSecureFox Logo CyberSecureFox Editorial Team

The CyberSecureFox Editorial Team covers cybersecurity news, vulnerabilities, malware campaigns, ransomware activity, AI security, cloud security, and vendor security advisories. Articles are prepared using official advisories, CVE/NVD data, CISA alerts, vendor publications, and public research reports. Content is reviewed before publication and updated when new information becomes available.

Silk Typhoon Suspect Extradited to the US over Microsoft Exchange and COVID‑19 Espionage Campaigns

by
Extradition of Xu Zewei highlights the global fight against cybercrime.

Chinese citizen Xu Zewei, whom US authorities describe as a member of the state‑linked hacking group known as Silk Typhoon, has been extradited from Italy to the United States. Prosecutors allege his involvement in extensive cyber‑espionage operations targeting US universities, government entities and COVID‑19 vaccine and testing research, including the exploitation of critical Microsoft Exchange … Read more

Critical CVE-2026-25874 Vulnerability in Hugging Face LeRobot Exposes AI Robotics to Remote Code Execution

by
Aerial view of a high-tech cityscape featuring multiple robots and a central hub.

A critical vulnerability CVE-2026-25874 has been identified in the open-source robotics platform LeRobot by Hugging Face, enabling unauthenticated remote code execution (RCE) on both server and client systems. The flaw, rated CVSS 9.3, affects a project with nearly 24,000 GitHub stars widely used for AI research, simulation, and robotics prototyping, significantly amplifying its impact on … Read more

Apple Patches iOS Notification Bug That Left Deleted Signal Messages on iPhones (CVE-2026-28950)

by
Apple announces improved privacy features in a futuristic urban setting.

Apple has released an unscheduled security update for iOS and iPadOS to fix a critical flaw in the Notification Services subsystem. The bug, tracked as CVE-2026-28950, meant that notifications marked as deleted were in fact still stored on the device and could be recovered with forensic tools, even after the corresponding app had been removed. … Read more

DOJ Sentences Cybersecurity Professionals for Supporting BlackCat Ransomware Operations

by
Dark digital art depicting a cat controlling hackers with Bitcoin and money laundering themes.

The U.S. Department of Justice (DOJ) has sentenced two cybersecurity professionals to four years in prison each for assisting the notorious BlackCat (ALPHV) ransomware group in a series of attacks in 2023. The case highlights how insider threats and the misuse of specialist knowledge can significantly amplify the impact of ransomware on organizations. Key facts … Read more

Fake CAPTCHA Pages Fuel International SMS Fraud and TDS‑Driven Crypto Scams

by
Person looking concerned at a phone amidst symbols of cybercrime and financial worries.

A newly documented telecom fraud campaign shows how attackers are combining fake CAPTCHA pages, premium‑rate international numbers and advertising infrastructure to quietly charge victims for expensive SMS traffic. According to research by Infoblox and Confiant, this operation has been active since at least June 2020 and illustrates how traditional International Revenue Share Fraud (IRSF) is … Read more

NASA Inspector General Exposes Sophisticated Spear‑Phishing Operation Against Aerospace and Defense Research

by
Man in a hoodie manipulating puppet strings, with symbols of espionage and technology.

The NASA Office of Inspector General (OIG) has disclosed details of a sophisticated spear‑phishing and cyber‑espionage campaign in which a Chinese national allegedly posed for years as U.S. researchers to obtain sensitive aerospace and defense software. By exploiting trust in the scientific community, the attacker persuaded engineers and academics to share controlled modeling tools and … Read more

New GopherWhisper APT Uses Go-Based Malware and Cloud C2 to Spy on Mongolian Government

by
Hacker in a hoodie at a desk with screens, flags of China and Mongolia in the background.

A previously unknown advanced persistent threat (APT) group, dubbed GopherWhisper, has been linked to a cyber‑espionage campaign targeting government entities in Mongolia. According to new research from cybersecurity vendor ESET, the actors rely heavily on malware written in the Go programming language and disguise their command-and-control (C2) traffic as legitimate use of mainstream cloud collaboration … Read more

Anthropic Project Glasswing: AI Vulnerability Discovery and the New Reality of Cyber Defense

by
Overview of futuristic cybersecurity concept with AI and human collaboration.

Anthropic’s decision to delay the public release of Project Glasswing is one of the clearest signals of how rapidly artificial intelligence is transforming cybersecurity. The company restricted early access to a small group of major vendors — Apple, Microsoft, Google, Amazon and select partners — to give them time to patch newly uncovered weaknesses before … Read more

Apple Patches iOS Notification Vulnerability CVE-2026-28950 That Exposed Signal Messages

by
Close-up of a smartphone showing Signal app messages under a magnifying glass.

Apple has released a security update for iOS and iPadOS that closes a privacy‑impacting flaw in the Notification Services subsystem. The bug, tracked as CVE-2026-28950, allowed notifications marked as deleted to continue to be stored on the device, creating an unexpected source of recoverable message content for digital forensics. What CVE-2026-28950 Changes in iOS Notification … Read more

Harvester APT Deploys GoGra Linux Backdoor Using Microsoft Graph and Outlook as Covert C2

by
Aerial view of a city with modern buildings, lush greenery, and mountains in the background.

A new campaign attributed to the Harvester advanced persistent threat (APT) group is delivering a GoGra Linux backdoor that hides its command‑and‑control (C2) traffic inside Microsoft Graph API and Outlook mailboxes. By tunnelling operations through trusted Microsoft 365 services, the attackers significantly complicate network‑perimeter detection and traditional blocking strategies. Background: Harvester APT and South Asia–Focused … Read more

CyberSecureFox

© 2026 INFO

About

About

Authors

Contact

Editorial

Editorial Standards

Corrections

Legal

Privacy Policy

Terms of Service