The U.S. Cybersecurity and Infrastructure Security Agency has added a newly disclosed VMware vulnerability to its Known Exploited Vulnerabilities catalog after reports indicated real world abuse. The flaw, tracked as CVE-2026-22719, affects Broadcom VMware Aria Operations and carries a CVSS score of 8.1, classifying it as high severity. Command Injection Risk Enables Remote Code Execution According to […]
Google-owned researchers and independent intelligence teams have uncovered fresh details about an artificial intelligence driven campaign targeting Fortinet FortiGate devices worldwide. Investigators now confirm that the attackers relied on an open-source offensive platform known as CyberStrikeAI to automate and scale their operations. AI Tool Identified in Mass Exploitation Campaign Threat analysts at Team Cymru traced the infrastructure
Open Source CyberStrikeAI Used in AI Powered FortiGate Attacks Spanning 55 Countries Read More »
Cybersecurity researchers have uncovered a powerful new phishing toolkit named Starkiller that leverages adversary in the middle technology to bypass multi factor authentication protections. The phishing suite is being promoted by a cybercrime group calling itself Jinkusu. It is marketed as a phishing as a service platform that provides subscribers with a centralized dashboard to
Microsoft has issued a security warning about ongoing phishing campaigns that misuse OAuth URL redirection mechanisms to bypass traditional email and browser based phishing defenses. According to the Microsoft Defender Security Research Team, the attacks primarily target government and public sector organizations. Instead of stealing authentication tokens or exploiting software vulnerabilities, the campaigns manipulate legitimate
Microsoft Alerts on OAuth Redirect Abuse Used to Deliver Malware to Government Targets Read More »
Google has confirmed that a high severity vulnerability affecting a Qualcomm open source component used in Android devices is being actively exploited in targeted attacks. The flaw, tracked as CVE-2026-21385 with a CVSS score of 7.8, impacts the Graphics component and involves a buffer over read issue that may lead to memory corruption. Qualcomm Advisory
Google Confirms Active Exploitation of CVE-2026-21385 in Qualcomm Android Component Read More »
The cyber threat cluster identified as SloppyLemming has been linked to a new wave of targeted attacks against government institutions and critical infrastructure organizations in Pakistan and Bangladesh, according to fresh research from Arctic Wolf. The activity reportedly occurred between January 2025 and January 2026 and involved two separate malware delivery chains. These attack paths
Cybersecurity researchers have revealed technical details about a recently patched Google Chrome vulnerability that could have enabled malicious browser extensions to escalate privileges and access sensitive system resources. The flaw, identified as CVE-2026-0628 with a CVSS score of 8.8, stemmed from insufficient policy enforcement in Chrome’s WebView tag. Google addressed the issue in early January
New Chrome Flaw Allows Malicious Extensions to Gain Elevated Access Through Gemini Panel Read More »
Google has unveiled a new initiative within its Chrome browser aimed at strengthening HTTPS security against the long term threat of quantum computing. The move represents a significant step toward building a quantum-resistant internet without sacrificing speed or scalability. In a statement from the Chrome Secure Web and Networking Team, Google clarified that it does
Google Introduces Merkle Tree Certificates to Support Quantum Resistant HTTPS in Chrome Read More »
A high severity Microsoft vulnerability patched during February 2026 Patch Tuesday may have been actively exploited by the Russia linked threat group APT28, according to new research from Akamai. The flaw, tracked as CVE-2026-21513 with a CVSS score of 8.8, affects the MSHTML Framework and enables attackers to bypass key Windows security protections. Microsoft described
APT28 Linked to CVE-2026-21513 MSHTML Zero Day Exploited Ahead of Feb 2026 Patch Tuesday Read More »
Cybersecurity researchers have uncovered a fresh wave of the ongoing Contagious Interview campaign, revealing that North Korean threat actors uploaded 26 malicious packages to the npm registry. These packages were disguised as legitimate developer utilities but secretly delivered credential stealing malware and a cross platform remote access trojan, RAT. The activity, tracked by Socket and