Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
How AI Is Accelerating Real-World Attacks on Active Directory and AWS
In early June 2025, researchers at Huntress documented an incident in which an unknown attacker used a PowerShell script, apparently ...
How Lexfo uncovered dual MFA-bypass phishing for Microsoft 365
The French company Lexfo discovered three active phishing campaigns against Microsoft 365 after taking advantage of one operator’s mistake: they ...
Critical iCagenda and Balbooa Forms RCE Flaws Actively Exploited
On July 10, 2026, CISA added two maximum‑severity vulnerabilities to the KEV catalog — CVE-2026-48939 and CVE-2026-56291 — affecting the ...
ModHeader HTTP header editor found with dormant data exfiltration code
Google and Microsoft have removed the popular HTTP header editing tool ModHeader (around 1.6 million installations on Chrome and Edge) ...
RoguePlanet in Microsoft Defender: CVE-2026-50656 Fixed, New DoS Concerns
Microsoft has fixed the critical privilege escalation vulnerability CVE-2026-50656 (RoguePlanet) in Microsoft Defender, rated 7.8 on the CVSS scale, but ...
Zimbra 10.1.19: Mitigating Stored XSS via Malicious Emails
Zimbra has released an update, Zimbra Collaboration Suite 10.1.19, that fixes a stored XSS vulnerability in the Classic Web Client ...
How the XRING vulnerability exposes XQUIC HTTP/3 servers
In the XQUIC library — Alibaba’s open-source implementation of the QUIC and HTTP/3 protocols — a vulnerability has been discovered ...
How the GigaWiper Backdoor Enables Espionage and Data Wiping
Microsoft has published a detailed analysis of the destructive backdoor GigaWiper — a Windows malware written in Go that merges ...
Backdoored Injective Labs SDK Targets Private Keys and Seed Phrases
Attackers compromised the official GitHub repository of the Injective Labs project and published a malicious version of the SDK package ...