Cybersecurity News
Stay informed about the latest cybersecurity incidents, vulnerabilities, and threat landscape changes. We cover data breaches, ransomware campaigns, critical CVEs, and regulatory updates – with context on what it means for you and how to protect yourself.
How a GitHub.dev Browser Attack Can Steal OAuth Tokens to All Your Repositories
Security researcher Ammar Askar published details of an attack on the GitHub.dev browser environment that makes it possible to steal ...
Windows Search URI flaw exposes NTLMv2 hashes, no Microsoft patch
Researchers from Huntress have published details of an unpatched vulnerability in the search: protocol handler in Windows that allows an ...
How the HTTP/2 Bomb Attack Exploits HPACK to Exhaust Server Memory
Researchers from the company Calif have published a description of a new remote denial-of-service attack technique dubbed HTTP/2 Bomb. According ...
McAfee uncovers Weedhack, a Minecraft malware-as-a-service platform
McAfee Labs has uncovered the Weedhack campaign — a “malware-as-a-service” (MaaS) platform targeting Minecraft players. According to the researchers, attackers ...
CVE-2025-48595: Actively Exploited Android Privilege Escalation
As part of the June 2026 Android Security Bulletin, Google has fixed 124 vulnerabilities, one of which — CVE-2025-48595 — ...
Oracle WebLogic CVE-2024-21182: CISA Confirms Active Exploitation
On June 1, 2026, CISA added vulnerability CVE-2024-21182 to the Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of this ...
Operation XENOFISCAL: Xeno RAT phishing hits Afghan public finance
Researchers at Seqrite Labs have disclosed details of a targeted phishing campaign against Afghanistan’s Ministry of Finance, provincial revenue and ...
Miasma malware campaign compromises @redhat-cloud-services npm
Numerous npm packages in the @redhat-cloud-services namespace were compromised as part of a campaign codenamed Miasma. According to researchers from ...
Supply-chain attack targets OpenAI Codex users via npm and Android
Researchers from Aikido Security discovered a malicious campaign targeting developers using OpenAI Codex. The npm package codexui-android, promoted as a ...
WP Maps Pro vulnerability exploited to create WordPress admin accounts
The critical vulnerability CVE-2026-8732 (CVSS 9.8) in the WordPress plugin WP Maps Pro is being actively exploited by attackers to ...