Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Oracle WebLogic CVE-2024-21182: CISA Confirms Active Exploitation
On June 1, 2026, CISA added vulnerability CVE-2024-21182 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of this ...
Operation XENOFISCAL: Xeno RAT phishing hits Afghan public finance
Researchers at Seqrite Labs have disclosed details of a targeted phishing campaign against Afghanistan’s Ministry of Finance, provincial revenue and ...
Miasma malware campaign compromises @redhat-cloud-services npm
Numerous npm packages in the @redhat-cloud-services namespace were compromised as part of a campaign codenamed Miasma. According to researchers from ...
Supply-chain attack targets OpenAI Codex users via npm and Android
Researchers from Aikido Security discovered a malicious campaign targeting developers using OpenAI Codex. The npm package codexui-android, promoted as a ...
WP Maps Pro vulnerability exploited to create WordPress admin accounts
The critical vulnerability CVE-2026-8732 (CVSS 9.8) in the WordPress plugin WP Maps Pro is being actively exploited by attackers to ...
How Dutch Authorities Took Down a 17 Million-Device Botnet
The Dutch Police, together with the National Cyber Security Centre (NCSC), announced the dismantling of one of the largest botnets ...
Active Exploitation of Palo Alto GlobalProtect Auth Bypass CVE-2026-0257
Palo Alto Networks has confirmed active exploitation of the CVE-2026-0257 vulnerability (CVSS 7.8) in PAN-OS and Prisma Access products. The ...
How ChatGPhish and New AI Agent Exploits Expand Phishing Risk
Researchers from Permiso Security disclosed an attack technique against ChatGPT called ChatGPhish, which turns routine web page summarization into a ...
Fake Sicoob.Sdk NuGet Package Targets Banking APIs
A malicious package named Sicoob.Sdk (versions 2.0.0–2.0.4) has been discovered in the NuGet registry, masquerading as the official C# SDK ...
How Kimsuky Used Fake Webex and Security Tools to Hack South Korea
The North Korean threat group Kimsuky (also known as Velvet Chollima) carried out a series of targeted attacks against South ...
