Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
SafeBreach shows how a single message could hijack Gemini on Android
SafeBreach researcher Or Yair demonstrated an indirect prompt injection technique against the Google Gemini voice assistant on Android, where a ...
Huntress Uncovers DesckVB RAT Campaign Abusing Google DoubleClick
Researchers at Huntress observed a large-scale phishing email campaign in which attackers use the legitimate Google DoubleClick Campaign Manager domain ...
Forgotten Debug Flag Exposed Microsoft 365 Android SSO Tokens
Microsoft has released fixes for four spoofing vulnerabilities in the Android apps Word, PowerPoint, Excel, and Microsoft 365 Copilot that ...
How the Redis CVE-2026-23479 RCE Works and How to Mitigate It
On May 5, Redis released fixes for five remote code execution (RCE) vulnerabilities, the most severe of which — CVE-2026-23479 ...
How a GitHub.dev Browser Attack Can Steal OAuth Tokens to All Your Repositories
Security researcher Ammar Askar published details of an attack on the GitHub.dev browser environment that makes it possible to steal ...
Windows Search URI flaw exposes NTLMv2 hashes, no Microsoft patch
Researchers from Huntress have published details of an unpatched vulnerability in the search: protocol handler in Windows that allows an ...
How the HTTP/2 Bomb Attack Exploits HPACK to Exhaust Server Memory
Researchers from the company Calif have published a description of a new remote denial-of-service attack technique dubbed HTTP/2 Bomb. According ...
McAfee uncovers Weedhack, a Minecraft malware-as-a-service platform
McAfee Labs has uncovered the Weedhack campaign — a “malware-as-a-service” (MaaS) platform targeting Minecraft players. According to the researchers, attackers ...
CVE-2025-48595: Actively Exploited Android Privilege Escalation
As part of the June 2026 Android Security Bulletin, Google has fixed 124 vulnerabilities, one of which — CVE-2025-48595 — ...
Oracle WebLogic CVE-2024-21182: CISA Confirms Active Exploitation
On June 1, 2026, CISA added vulnerability CVE-2024-21182 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of this ...
