Mastodon Mastodon Mastodon Mastodon

Cybersecurity News

Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.

** Graphic illustrating OAuth token theft risk for private GitHub repositories.

How a GitHub.dev Browser Attack Can Steal OAuth Tokens to All Your Repositories

CyberSecureFox Editorial Team

Security researcher Ammar Askar published details of an attack on the GitHub.dev browser environment that makes it possible to steal ...

Graphical representation of Windows security against hacking threats.

Windows Search URI flaw exposes NTLMv2 hashes, no Microsoft patch

CyberSecureFox Editorial Team

Researchers from Huntress have published details of an unpatched vulnerability in the search: protocol handler in Windows that allows an ...

Illustration of a bomb labeled “HTTP/2 BOMB” targeting servers, depicting a DoS concept.

How the HTTP/2 Bomb Attack Exploits HPACK to Exhaust Server Memory

CyberSecureFox Editorial Team

Researchers from the company Calif have published a description of a new remote denial-of-service attack technique dubbed HTTP/2 Bomb. According ...

Minecraft-themed graphic showing malware threat with screens and icons.

McAfee uncovers Weedhack, a Minecraft malware-as-a-service platform

CyberSecureFox Editorial Team

McAfee Labs has uncovered the Weedhack campaign — a “malware-as-a-service” (MaaS) platform targeting Minecraft players. According to the researchers, attackers ...

Android logo on a smartphone with a security bug and CVE-2025-48595 reference.

CVE-2025-48595: Actively Exploited Android Privilege Escalation

CyberSecureFox Editorial Team

As part of the June 2026 Android Security Bulletin, Google has fixed 124 vulnerabilities, one of which — CVE-2025-48595 — ...

Oracle WebLogic Server graphic highlighting CVE-2024-21182 vulnerability.

Oracle WebLogic CVE-2024-21182: CISA Confirms Active Exploitation

CyberSecureFox Editorial Team

On June 1, 2026, CISA added vulnerability CVE-2024-21182 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of this ...

Xeno RAT targets Afghan finance ministry in a digital illustration.

Operation XENOFISCAL: Xeno RAT phishing hits Afghan public finance

CyberSecureFox Editorial Team

Researchers at Seqrite Labs have disclosed details of a targeted phishing campaign against Afghanistan’s Ministry of Finance, provincial revenue and ...

Dark illustration of a box with npm branding, emitting ominous smoke and eyes.

Miasma malware campaign compromises @redhat-cloud-services npm

CyberSecureFox Editorial Team

Numerous npm packages in the @redhat-cloud-services namespace were compromised as part of a campaign codenamed Miasma. According to researchers from ...

Illustration of a malicious npm package stealing tokens from a server.

Supply-chain attack targets OpenAI Codex users via npm and Android

CyberSecureFox Editorial Team

Researchers from Aikido Security discovered a malicious campaign targeting developers using OpenAI Codex. The npm package codexui-android, promoted as a ...