Cyber Security
Cybersecurity
FBI Warns Kali365 PhaaS Platform Bypasses Microsoft 365 MFA
The FBI warns Kali365, a PhaaS platform on Telegram, exploits Microsoft device code authentication to bypass MFA entirely and capture persistent OAuth tokens.
CVE Vulnerability Alerts
Lenovo BootRepair.sys Driver Exposes BYOVD Attack on CrowdStrike
Lenovo BootRepair.sys exposes IOCTL 0x222014, letting unprivileged BYOVD attackers terminate CrowdStrike Falcon at kernel level with no administrative rights.
Application Security
Splunk CVE-2026-20239 Logs Session Cookies in Plaintext
Splunk CVE-2026-20239 writes active session cookies to the _internal index in plaintext, exposing analyst tokens to any user or process reading that index.
Cybersecurity
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
OX Security found DPRK-linked npm packages using postinstall hooks to deploy a keylogging infostealer that exfiltrates credentials via the Hugging Face API.
Cybersecurity
Deleted Google API Keys Stay Active for Up to 23 Minutes
Aikido Security found deleted Google API legacy keys stay functional up to 23 minutes after revocation, a significant window during active incident response.
Application Security
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Google published PoC exploit code for an unpatched 42-month Chromium Service Worker flaw enabling persistent JavaScript execution after the browser is closed.
Cybersecurity
Texas AG Sues Meta Over WhatsApp Encryption Claims
Texas AG Ken Paxton sued Meta and WhatsApp in May 2026, alleging the companies falsely claimed end-to-end encryption while retaining private message access.
Application Security
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
SHADOW-WATER-063 deploys Banana RAT via fraudulent Brazilian NF-e invoice lures, hijacking Pix QR codes to redirect instant payments to attacker-held accounts.
Cybersecurity
UNG0002 Hides Cobalt Strike in macOS Folder Structures
Seqrite Labs exposed UNG0002 hiding Cobalt Strike inside macOS-style nested folder structures to evade Windows scanners while targeting Changzhou University.
Application Security
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
CRIL documented INJ3CTOR3 deploying new JOMANGY webshell alongside a six-layer self-healing persistence mechanism against FreePBX VoIP systems for toll fraud.
Cybersecurity
Operation Dragon Whistle Uses VS Code Tunnels as C2
Operation Dragon Whistle abuses Visual Studio Code Remote Tunnels as a C2 channel, targeting Pakistani surveillance infrastructure and a Chinese university.
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
CVE-2026-20223 lets unauthenticated remote attackers gain full Site Admin access to Cisco Secure Workload; no credentials or user interaction are required.
Application Security
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
Researcher Vega publicly disclosed nginx-poolslip, an unpatched RCE zero-day in NGINX 1.31.0 that bypasses ASLR and threatens tens of millions of servers.
Cybersecurity
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Sophos CTU analysis reveals WantToCry ransomware encrypts files off-device via brute-forced SMB sessions, leaving no local binary for EDR tools to detect.
Cybersecurity
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
Two U.S. telecom executives pleaded guilty to concealing a six-year tech-support fraud scheme that cost Americans an estimated $2.1 billion annually.
Application Security
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
Cisco Talos exposed BadIIS, a Chinese-speaking MaaS platform hijacking IIS servers to redirect traffic and manipulate search rankings since 2021.
Cybersecurity
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
Varonis Threat Labs disclosed GhostTree, an NTFS junction loop technique that causes Windows Defender to hang and fail to detect hidden malware files.
Cybersecurity
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
K7 Security Labs found SilverFox APT serving ValleyRAT via trojanized Teams installers on teams-securecall.com, targeting credentials and crypto wallets.
Application Security
TamperedChef Hides Malware Inside Signed Apps
Palo Alto's Unit 42 documented TamperedChef, a signed-app malware campaign with 12,000 global infections using digitally signed certificates to evade detection.
Application Security
Chrome 148 Patches Critical WebRTC Use-After-Free
Google patched 16 Chrome vulnerabilities including critical CVE-2026-9111, a WebRTC use-after-free enabling drive-by exploitation without user interaction.
Cybersecurity
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Cybersecurity
Microsoft Disrupts Fox Tempest Malware-Signing Service
TOP CYBERSECURITY HEADLINES
Cybersecurity
Deleted Google API Keys Stay Active for Up to 23 Minutes
Application Security
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Cybersecurity
Texas AG Sues Meta Over WhatsApp Encryption Claims
This Week’s Security Spotlight
CVE Vulnerability Alerts
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
Application Security
Anthropic Silently Fixed Claude Code Null-Byte Sandbox Escape
Application Security
CVE-2026-3102: ExifTool Image Injection Runs Shell Commands on macOS
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.
Featured Videos
Podcasts
Cyber Security News
- All
- Application Security
- Blog
- CVE Vulnerability Alerts
- Cybersecurity
- Cybersecurity Newsletter
- Data Security
- Endpoint Security
- Identity and Access Management
- Information Security
- Network Security
- News
- Phishing
- Podcasts
- Product Reviews
- Ransomware
- Ransomware Victims
- Resources
- Security Spotlight
- Sponsored
- Threat Actors
- Threat Actors
- Threat Detection Tools
DPRK npm Packages Use Hugging Face to Exfiltrate Developer Credentials
OX Security found DPRK-linked npm packages using postinstall hooks to deploy a keylogging infostealer that exfiltrates credentials via the Hugging Face API.
Deleted Google API Keys Stay Active for Up to 23 Minutes
Aikido Security found deleted Google API legacy keys stay functional up to 23 minutes after revocation, a significant window during active incident response.
Chromium Service Worker PoC Exploit Published for 42-Month-Old Bug
Google published PoC exploit code for an unpatched 42-month Chromium Service Worker flaw enabling persistent JavaScript execution after the browser is closed.
Texas AG Sues Meta Over WhatsApp Encryption Claims
Texas AG Ken Paxton sued Meta and WhatsApp in May 2026, alleging the companies falsely claimed end-to-end encryption while retaining private message access.
Banana RAT Hijacks Brazil Pix QR Codes via NF-e Lures
SHADOW-WATER-063 deploys Banana RAT via fraudulent Brazilian NF-e invoice lures, hijacking Pix QR codes to redirect instant payments to attacker-held accounts.
UNG0002 Hides Cobalt Strike in macOS Folder Structures
Seqrite Labs exposed UNG0002 hiding Cobalt Strike inside macOS-style nested folder structures to evade Windows scanners while targeting Changzhou University.
INJ3CTOR3 Deploys JOMANGY Webshell in FreePBX Campaign
CRIL documented INJ3CTOR3 deploying new JOMANGY webshell alongside a six-layer self-healing persistence mechanism against FreePBX VoIP systems for toll fraud.
Operation Dragon Whistle Uses VS Code Tunnels as C2
Operation Dragon Whistle abuses Visual Studio Code Remote Tunnels as a C2 channel, targeting Pakistani surveillance infrastructure and a Chinese university.
Cisco Secure Workload CVE-2026-20223 Earns CVSS 10.0
CVE-2026-20223 lets unauthenticated remote attackers gain full Site Admin access to Cisco Secure Workload; no credentials or user interaction are required.
NGINX 1.31.0 Zero-Day nginx-poolslip Bypasses ASLR
Researcher Vega publicly disclosed nginx-poolslip, an unpatched RCE zero-day in NGINX 1.31.0 that bypasses ASLR and threatens tens of millions of servers.
WantToCry Ransomware Hits SMB Ports, Evades EDR Tools
Sophos CTU analysis reveals WantToCry ransomware encrypts files off-device via brute-forced SMB sessions, leaving no local binary for EDR tools to detect.
DOJ Secures Guilty Pleas From Tech-Support Fraud Executives
Two U.S. telecom executives pleaded guilty to concealing a six-year tech-support fraud scheme that cost Americans an estimated $2.1 billion annually.
BadIIS Malware-as-a-Service Hijacks IIS Servers for SEO Fraud
Cisco Talos exposed BadIIS, a Chinese-speaking MaaS platform hijacking IIS servers to redirect traffic and manipulate search rankings since 2021.
GhostTree Exploit Hangs Windows Defender With NTFS Junctions
Varonis Threat Labs disclosed GhostTree, an NTFS junction loop technique that causes Windows Defender to hang and fail to detect hidden malware files.
SilverFox APT Spreads ValleyRAT via Fake Microsoft Teams Sites
K7 Security Labs found SilverFox APT serving ValleyRAT via trojanized Teams installers on teams-securecall.com, targeting credentials and crypto wallets.
TamperedChef Hides Malware Inside Signed Apps
Palo Alto's Unit 42 documented TamperedChef, a signed-app malware campaign with 12,000 global infections using digitally signed certificates to evade detection.
Chrome 148 Patches Critical WebRTC Use-After-Free
Google patched 16 Chrome vulnerabilities including critical CVE-2026-9111, a WebRTC use-after-free enabling drive-by exploitation without user interaction.
P2PInfect Botnet Infiltrates Kubernetes Clusters via Redis
FortiGuard found P2PInfect enrolled enterprise GKE Kubernetes clusters for six months undetected via exposed Redis instances and a 2022 CVSS 10.0 flaw.
Group-IB Exposes Five Brokers Fabricating Breach Alerts From Old Leaks
Group-IB identified five dark web brokers posting 500–1,000 fake corporate breach ads monthly using recycled Facebook 2021, Eatigo, and Truecaller leak data.
NYC Health + Hospitals Breach Exposes 1.8M Patients’ Fingerprints
Hackers spent 77 days inside NYC Health + Hospitals via a vendor breach, stealing fingerprints, medical records, and SSNs from 1.8 million patients.