New
CISA flags new SD-WAN flaw as actively exploited in attacks
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks.
CISA flags new SD-WAN flaw as actively exploited in attacks
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks.
Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete.
European Commission investigating breach after Amazon cloud account hack
The European Commission, the European Union’s main executive body, is investigating a security breach after a threat actor gained access to the Commission’s Amazon cloud environment.
Crunchyroll probes breach after hacker claims to steal 6.8M users’ data
Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people.
Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse
Cybersecurity researchers are calling attention to an active device code phishing campaign that’s targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and Germany. The activity, per Huntress, was first spotted on.
The phone call is the new phishing email
Voice-based phishing was at the root of multiple attack sprees Mandiant responded to last year, reflecting a concerning shift in tactics. The post The phone call is the new phishing email appeared first on CyberScoop .
Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper
Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious.
VoidStealer malware steals Chrome master key via debugger trick
An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser.
FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks
Threat actors affiliated with Russian Intelligence Services are conducting phishing campaigns to compromise commercial messaging applications (CMAs) like WhatsApp and Signal to seize control of accounts belonging to individuals with high intelligence value, the U.S.
Musician admits to $10M streaming royalty fraud using AI bots
North Carolina musician Michael Smith has pleaded guilty to collecting over $10 million in royalty payments through a massive streaming royalty fraud scheme on Spotify, Apple Music, Amazon Music, and YouTube Music.
New Android malware hiding in streaming apps to spy on users’ personal notes
A newly discovered Android malware is masking itself within television streaming apps in order to steal users’ passwords and banking data and spy on their personal notes, researchers have found.