Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
PromptMink: North Korean Supply Chain Attacks Against npm, Web3 Developers and Open Source Ecosystems
A newly documented campaign, dubbed PromptMink, is targeting the open source ecosystem and Web3 developers through malicious npm packages, fake ...
VECT 2.0 Ransomware: Critical Encryption Flaw Turns RaaS into a Data-Wiping Wiper
Recent analysis of the VECT 2.0 ransomware family reveals a critical design flaw that effectively transforms this ransomware-as-a-service (RaaS) operation ...
Critical Gemini CLI and Cursor IDE Vulnerabilities Expose AI Development Security Risks
Google has remediated a critical remote code execution (RCE) vulnerability in its Gemini CLI tools, while independent researchers have disclosed ...
Copy Fail (CVE-2026-31431): New Linux Kernel Bug Enables Easy Root Privilege Escalation
A newly disclosed Linux kernel vulnerability, dubbed Copy Fail and tracked as CVE-2026-31431, has been rated CVSS 7.8 and allows ...
Checkmarx Supply Chain Attack and Dark Web Data Leak: Expert Analysis of the Incident
Application security vendor Checkmarx is continuing to investigate a significant software supply chain attack that has reportedly led to internal ...
Critical LiteLLM Vulnerability CVE-2026-42208: SQL Injection Threatens AI Gateway Security
The open source AI gateway LiteLLM by BerriAI is at the center of a serious security incident. A critical vulnerability ...
Critical cPanel Authentication Vulnerability: What Hosting Providers and Site Owners Must Do Now
One of the world’s most widely used hosting control panels, cPanel, has received urgent security updates to address a serious ...
Microsoft Entra ID Agent ID Administrator Vulnerability Exposed Critical Service Principal Takeover Risk
A recently disclosed vulnerability in Microsoft Entra ID (formerly Azure AD) allowed users with a new Agent ID Administrator role ...
Silk Typhoon Suspect Extradited to the US over Microsoft Exchange and COVID‑19 Espionage Campaigns
Chinese citizen Xu Zewei, whom US authorities describe as a member of the state‑linked hacking group known as Silk Typhoon, ...
Critical CVE-2026-25874 Vulnerability in Hugging Face LeRobot Exposes AI Robotics to Remote Code Execution
A critical vulnerability CVE-2026-25874 has been identified in the open-source robotics platform LeRobot by Hugging Face, enabling unauthenticated remote code ...
