Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
How ChatGPhish and New AI Agent Exploits Expand Phishing Risk
Researchers from Permiso Security disclosed an attack technique against ChatGPT called ChatGPhish, which turns routine web page summarization into a ...
Fake Sicoob.Sdk NuGet Package Targets Banking APIs
A malicious package named Sicoob.Sdk (versions 2.0.0–2.0.4) has been discovered in the NuGet registry, masquerading as the official C# SDK ...
How Kimsuky Used Fake Webex and Security Tools to Hack South Korea
The North Korean threat group Kimsuky (also known as Velvet Chollima) carried out a series of targeted attacks against South ...
Unpatched Gogs RCE Lets Authenticated Users Run Server Commands
In Gogs—a popular solution for self-hosting Git repositories—a critical remote code execution (RCE) vulnerability with a CVSS 9.4 rating has ...
Mass Infostealer Delivery via FortiClient EMS Vulnerability
The critical vulnerability CVE-2026-35616 in FortiClient Endpoint Management Server (EMS) is being actively exploited by threat actors for mass delivery ...
Inside the Kimwolf DDoS Botnet and the Arrest of Its Alleged Admin
US and Canadian authorities announced the arrest of 23‑year‑old Ottawa resident Jacob Butler (alias Dort), who is accused of administering ...
How Project Glasswing Exposes the Power and Risk of Claude Mythos
Anthropic published the first report on its Project Glasswing program, under which the Claude Mythos AI model scanned more than ...
How Dutch Investigators Dismantled a Sanctions-Evading Hosting Network
The Netherlands Fiscal Information and Investigation Service (FIOD) carried out a large-scale operation to seize more than 800 servers and ...
Unauthenticated Access to Gitea Private Containers (CVE-2026-27771)
A vulnerability CVE-2026-27771 has been discovered in the Gitea version control platform that allows unauthenticated remote attackers to pull private ...
Microsoft Details Cryptojacking Campaign Abusing AI Chatbots and ScreenConnect
The Microsoft Defender Experts and Microsoft Defender Security Research teams have published a report on an active cryptojacking campaign in ...
