Daily Cyber News

Trivy GitHub Actions Compromised, 75 Tags Hijacked to Steal CI CD Secrets

A major supply chain security incident has affected the widely used open-source vulnerability scanner Trivy, maintained by Aqua Security. Attackers compromised its GitHub Actions ecosystem and manipulated version tags to distribute malware designed to steal sensitive CI/CD secrets. The attack targeted repositories including aquasecurity/trivy-action and aquasecurity/setup-trivy, which are commonly used in CI/CD pipelines to scan […]

Trivy GitHub Actions Compromised, 75 Tags Hijacked to Steal CI CD Secrets Read More »

Critical Langflow Vulnerability CVE-2026-33017 Exploited Within 20 Hours of Disclosure

A newly disclosed critical vulnerability in the open-source AI platform Langflow has already been actively exploited within just 20 hours of its public announcement, demonstrating how quickly attackers weaponize newly discovered security flaws. The vulnerability, tracked as CVE-2026-33017 with a CVSS score of 9.3, is caused by a combination of missing authentication and unsafe code

Critical Langflow Vulnerability CVE-2026-33017 Exploited Within 20 Hours of Disclosure Read More »

Google Introduces 24 Hour Delay for Unverified App Sideloading to Curb Malware and Scams

Google has unveiled a new security measure aimed at reducing malware infections and online scams on Android devices. The update introduces an “advanced flow” for sideloading apps, requiring users to wait 24 hours before installing applications from unverified developers. This move is designed to strengthen user protection while still preserving Android’s flexibility and openness. The

Google Introduces 24 Hour Delay for Unverified App Sideloading to Curb Malware and Scams Read More »

DoJ Takes Down 3 Million Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks

The U.S. Department of Justice has announced a major cybersecurity operation that successfully disrupted the command-and-control infrastructure used by multiple large-scale Internet of Things botnets, including AISURU, Kimwolf, JackSkid, and Mossad. This coordinated law enforcement effort, carried out under court authorization, also involved international cooperation with authorities from Canada and Germany. Several leading technology and

DoJ Takes Down 3 Million Device IoT Botnets Behind Record 31.4 Tbps Global DDoS Attacks Read More »

Apple Alerts That Older iPhones Are Vulnerable to Coruna and DarkSword Exploit Kit Attacks

Apple has released an urgent security advisory, cautioning users who are still operating older versions of iOS to immediately update their devices. The warning highlights active cyberattacks carried out using advanced exploit kits such as Coruna and DarkSword, which are targeting outdated iPhones through malicious web content. These exploit kits are designed to take advantage

Apple Alerts That Older iPhones Are Vulnerable to Coruna and DarkSword Exploit Kit Attacks Read More »

Speagle Malware Compromises Cobra DocGuard to Steal Data via Infected Servers

Cybersecurity experts have identified a newly discovered malware strain named Speagle, which manipulates the features and infrastructure of a legitimate document security tool, Cobra DocGuard, to carry out covert data theft operations. According to a recent report by Symantec and Carbon Black researchers, the malware quietly collects sensitive data from infected systems and transfers it

Speagle Malware Compromises Cobra DocGuard to Steal Data via Infected Servers Read More »

54 EDR Killers Leverage BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security

A new cybersecurity analysis has revealed that dozens of endpoint detection and response (EDR) killer tools are actively exploiting trusted system components to disable security protections. Researchers have identified 54 such tools leveraging the Bring Your Own Vulnerable Driver (BYOVD) technique by abusing at least 35 signed but vulnerable drivers. According to ESET, these tools

54 EDR Killers Leverage BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security Read More »

New Perseus Android Banking Malware Monitors Notes Apps to Steal Sensitive Data

Cybersecurity researchers have identified a new Android malware strain called Perseus, which is actively being deployed to perform device takeover (DTO) and financial fraud. The malware is designed to compromise Android devices, steal sensitive information, and enable attackers to control infected systems remotely. According to ThreatFabric, Perseus builds upon earlier malware families like Cerberus and

New Perseus Android Banking Malware Monitors Notes Apps to Steal Sensitive Data Read More »

CISA Warns of Zimbra and SharePoint Exploits as Cisco Zero Day Targeted in Ransomware Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding the active exploitation of critical vulnerabilities affecting Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint. The agency has urged organizations, especially government entities, to immediately apply security patches to mitigate risks. Actively Exploited Vulnerabilities The two vulnerabilities highlighted by CISA include: CISA

CISA Warns of Zimbra and SharePoint Exploits as Cisco Zero Day Targeted in Ransomware Attacks Read More »

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs via Fake Remote Jobs

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned six individuals and two entities linked to a North Korean IT worker network that defrauds companies to fund the nation’s weapons of mass destruction (WMD) programs. Secretary of the Treasury Scott Bessent stated, “The North Korean regime targets American companies through

OFAC Sanctions DPRK IT Worker Network Funding WMD Programs via Fake Remote Jobs Read More »