Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
CVE-2026-33032 (MCPwn): Critical nginx-ui Authentication Bypass Under Active Exploitation
A critical vulnerability in nginx-ui, a popular open-source web interface for managing Nginx, is being actively exploited and allows attackers ...
Microsoft Rushes to Restore Windows Hardware Program Accounts After Driver Signing Disruption
Microsoft is rolling out an accelerated account recovery process for participants in the Windows Hardware Program after a wave of ...
Microsoft Defender Zero‑Days BlueHammer, RedSun and UnDefend Are Under Active Attack
Three newly disclosed zero‑day vulnerabilities in Microsoft Defender are being actively exploited in the wild, creating a high‑risk scenario for ...
Mirai-Style IoT Botnets Target TBK DVRs and Legacy TP-Link Routers
Internet of Things (IoT) devices are again at the center of large-scale cyber campaigns. Security researchers report that new Mirai-derived ...
Google Play Privacy Overhaul and Gemini AI Crackdown on Fraudulent Ads
Google is rolling out a significant update to the Google Play privacy policy, reshaping how Android apps access contacts and ...
Obsidian Plugins Abused to Deliver PHANTOMPULSE Malware in Targeted Financial Sector Attacks
A newly documented cyber campaign, tracked as REF6598, is abusing the popular cross‑platform note‑taking application Obsidian to gain a foothold ...
UAC-0247 Campaign Targets Ukrainian Government and Healthcare with Advanced Malware Toolkit
Ukraine’s national Computer Emergency Response Team, CERT-UA, has disclosed details of a new targeted cyber-espionage campaign tracked as UAC‑0247. The ...
Attackers Exploit n8n Low-Code Webhooks for Phishing, Malware Delivery and Tracking
Cloud-based automation platform n8n has become the latest legitimate service to be systematically abused in large-scale phishing campaigns. According to ...
Pushpaganda: AI-Driven SEO Poisoning Campaign Abuses Google Discover and Push Notifications
Cybersecurity analysts have identified a large-scale advertising fraud operation that combines SEO poisoning, AI-generated content and aggressive misuse of browser ...
Google Pixel 10 Modem Gets Rust DNS Parser to Boost Baseband Security
Google has quietly taken an important step in hardening the Pixel 10 against modem-level attacks: the company has integrated a ...
