Latest Cyber Security News
General Cyber Security News
A new multi-stage phishing campaign has been observed targeting users in Russia with ransomware and a remote access trojan called Amnesia RAT. "The attack begins with social engineering lures …
Multi-Stage Phishing Campaign Targets Russia with Amnesia RAT and RansomwareRead More
The Russian nation-state hacking group known as Sandworm has been attributed to what has been described as the "largest cyber attack" targeting Poland's power system in the last week of December …
New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power SectorRead More
AI agents are accelerating how work gets done. They schedule meetings, access data, trigger workflows, write code, and take action in real time, pushing productivity beyond human speed across the …
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited …
CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV CatalogRead More
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in …
CISA Updates KEV Catalog with Four Actively Exploited Software VulnerabilitiesRead More
Fortinet has officially confirmed that it's working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched …
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate FirewallsRead More
TikTok on Friday officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS …
TikTok Forms U.S. Joint Venture to Continue Operations Under 2025 Executive OrderRead More
Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management (RMM) software for persistent …
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent AccessRead More
Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector. "The campaign abused …
Microsoft Flags Multi-Stage AitM Phishing and BEC Attacks Targeting Energy FirmsRead More
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack …
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD AttackRead More
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 …
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root AccessRead More
Most of this week's threats didn't rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows …
Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not …
Filling the Most Common Gaps in Google Workspace SecurityRead More
A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency …
Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux HostsRead More
A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a …
SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch ReleaseRead More
Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes on Fortinet FortiGate devices. The activity, …
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall ConfigurationsRead More
Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that …
Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and WebexRead More
As many as 3,136 individual IP addresses linked to likely targets of the Contagious Interview activity have been identified, with the campaign claiming 20 potential victim organizations spanning …
North Korean PurpleBravo Campaign Targeted 3,136 IP Addresses via Fake Job InterviewsRead More
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a …
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass FlawsRead More
Every managed security provider is chasing the same problem in 2026 — too many alerts, too few analysts, and clients demanding "CISO-level protection" at SMB budgets. The truth? Most MSSPs are running …
Webinar: How Smart MSSPs Using AI to Boost Margins with Half the StaffRead More
