Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
Citrix NetScaler CVE-2026-3055: Critical SAML IDP Vulnerability Under Active Reconnaissance
A new critical vulnerability in Citrix NetScaler ADC and Citrix NetScaler Gateway, tracked as CVE-2026-3055 with a CVSS score of ...
CVE-2025-53521: Critical F5 BIG-IP APM Vulnerability Added to CISA KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in F5 BIG-IP Access Policy Manager (APM), ...
Apple Issues Urgent Security Warnings Over Coruna and DarkSword iOS Exploits
Apple has begun displaying critical system alerts directly on the lock screen of iPhone and iPad devices running outdated versions ...
Telnyx PyPI Supply Chain Attack Uses Audio Steganography to Target Python Developers
A new phase in an ongoing software supply chain attack campaign has compromised the popular Python package Telnyx, with malicious ...
TikTok for Business AitM Phishing and SVG Malware: How Attackers Hijack Brand Accounts
Cybercriminals have launched a new wave of adversary‑in‑the‑middle (AitM) phishing attacks targeting TikTok for Business accounts, aiming to steal credentials ...
LangChain and LangGraph Vulnerabilities Expose LLM Applications to Sensitive Data Leaks
Security researchers have disclosed three vulnerabilities in the popular AI development frameworks LangChain and LangGraph that can lead to leakage ...
Axios npm Supply Chain Attack Installs Cross-Platform RAT via Malicious Dependency
The widely used JavaScript HTTP client Axios has been at the center of a significant npm supply chain attack, in ...
Red Menshen’s BPFdoor: Stealth Cyber Espionage Against Global Telecom Operators
Major telecommunications providers around the world are facing a long-running and highly covert cyber‑espionage campaign attributed to the China‑linked threat ...
AI Agents in SaaS: Why the Cyber Kill Chain Fails and What OpenClaw Exposed
In September 2025, Anthropic publicly disclosed a cyber‑espionage campaign in which a state‑sponsored threat actor used an AI agent to ...
Massive Microsoft 365 Device Code Phishing Campaign Targets Global Organizations with EvilTokens PhaaS
An extensive Microsoft 365 phishing campaign abusing the OAuth device code flow has impacted more than 340 organizations across the ...
