Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Active Exploitation of Palo Alto GlobalProtect Auth Bypass CVE-2026-0257
Palo Alto Networks has confirmed active exploitation of the CVE-2026-0257 vulnerability (CVSS 7.8) in PAN-OS and Prisma Access products. The ...
How ChatGPhish and New AI Agent Exploits Expand Phishing Risk
Researchers from Permiso Security disclosed an attack technique against ChatGPT called ChatGPhish, which turns routine web page summarization into a ...
Fake Sicoob.Sdk NuGet Package Targets Banking APIs
A malicious package named Sicoob.Sdk (versions 2.0.0–2.0.4) has been discovered in the NuGet registry, masquerading as the official C# SDK ...
How Kimsuky Used Fake Webex and Security Tools to Hack South Korea
The North Korean threat group Kimsuky (also known as Velvet Chollima) carried out a series of targeted attacks against South ...
Unpatched Gogs RCE Lets Authenticated Users Run Server Commands
In Gogs—a popular solution for self-hosting Git repositories—a critical remote code execution (RCE) vulnerability with a CVSS 9.4 rating has ...
Mass Infostealer Delivery via FortiClient EMS Vulnerability
The critical vulnerability CVE-2026-35616 in FortiClient Endpoint Management Server (EMS) is being actively exploited by threat actors for mass delivery ...
Inside the Kimwolf DDoS Botnet and the Arrest of Its Alleged Admin
US and Canadian authorities announced the arrest of 23‑year‑old Ottawa resident Jacob Butler (alias Dort), who is accused of administering ...
How Project Glasswing Exposes the Power and Risk of Claude Mythos
Anthropic published the first report on its Project Glasswing program, under which the Claude Mythos AI model scanned more than ...
How Dutch Investigators Dismantled a Sanctions-Evading Hosting Network
The Netherlands Fiscal Information and Investigation Service (FIOD) carried out a large-scale operation to seize more than 800 servers and ...
Unauthenticated Access to Gitea Private Containers (CVE-2026-27771)
A vulnerability CVE-2026-27771 has been discovered in the Gitea version control platform that allows unauthenticated remote attackers to pull private ...
