A new malicious package on the Python Package Index (PyPI), named sympy-dev, has been caught impersonating the widely used SymPy library to deliver cryptomining malware. SymPy is a popular symbolic mathematics library that sees tens of millions of downloads every month,…
Tag: Cyber Security News
New AI-Android Malware that Auto Clicks Ads from the Infected Devices
A dangerous Android malware campaign has emerged, targeting users through mobile games and pirated streaming app modifications. The threat, known as Android.Phantom, employs machine learning technology to perform automated ad-click fraud on infected smartphones. Over 155,000 downloads of compromised games…
Critical Chainlit AI Vulnerabilities Let Hackers Gain Control Over Cloud Environments
Cybersecurity researchers have uncovered two critical security flaws in Chainlit, a widely used open-source AI framework with over 700,000 monthly downloads. The vulnerabilities allow attackers to steal sensitive cloud credentials, leak database files, and take control of enterprise AI environments…
Critical Vulnerability in Binary-Parser Library for Node.js Allows Malicious Code injection
A critical code-injection vulnerability has been identified in the Node.js binary-parser library, affecting all versions before 2.3.0. The flaw allows attackers to execute arbitrary JavaScript code if untrusted input is used to construct parser definitions, potentially compromising application integrity and…
New Multi-Stage Windows Malware Disables Microsoft Defender Before Dropping Malicious Payloads
Security researchers have identified a sophisticated multi-stage malware campaign targeting Windows systems through social engineering and weaponized cloud services. The attack employs business-themed documents as deceptive entry points, luring users into extracting compressed archives containing malicious shortcuts that execute PowerShell…
BIND 9 Vulnerability Allow Attackers to Crash Server by Sending Malicious Records
A high-severity vulnerability has been disclosed in BIND 9, the widely used DNS server software responsible for domain name resolution across millions of internet services. The vulnerability, tracked as CVE-2025-13878, enables remote attackers to crash DNS servers by sending specially…
New ClearFake Campaign Leveraging Proxy Execution to Run PowerShell Commands via Trusted Window Feature
ClearFake has entered a new and more dangerous phase, turning a familiar fake CAPTCHA scam into a highly evasive malware delivery chain. Across hundreds of hacked websites, visitors now see what looks like a routine verification challenge, but behind the…
Fortinet SSO Vulnerability Actively Exploited to Hack Firewalls and Gain Admin Access
A critical vulnerability in Fortinet’s Single Sign-On (SSO) feature for FortiGate firewalls, tracked as CVE-2025-59718, is under active exploitation. Attackers are leveraging it to create unauthorized local admin accounts, granting full administrative access to internet-exposed devices. Multiple users have reported…
Cisco Unified Communications 0-day RCE Vulnerability Exploited in the Wild to Gain Root Access
Cisco has disclosed a critical zero-day remote code execution (RCE) vulnerability, CVE-2026-20045, actively exploited in the wild. Affecting key Unified Communications products, this flaw allows unauthenticated attackers to run arbitrary commands on the underlying OS, potentially gaining root access. The…
Hackers Weaponized 2,500+ Security Tools to Terminate Endpoint Protection Before Deploying Ransomware
A large-scale campaign is turning a trusted Windows security driver into a weapon that shuts down protection tools before ransomware and remote access malware are dropped. The attacks abuse truesight.sys, a kernel driver from Adlice Software’s RogueKiller antivirus, and use…
Microsoft Investigating Issue Impacting Exchange Online, Teams, and M365 Suite
Microsoft has confirmed it is actively investigating a new service incident affecting multiple core services within the Microsoft 365 ecosystem. The company acknowledged the disruption on Wednesday evening, following reports of connectivity issues and service degradation for users relying on…
New AI Malware Era Begins as Advanced VoidLink Malware Emerges as the First Fully AI-Driven Threat Framework
The cybersecurity landscape has entered a dangerous new chapter with the discovery of VoidLink, the first documented advanced malware framework built almost entirely by artificial intelligence. Unlike earlier attempts where inexperienced hackers used AI to create basic malicious tools, VoidLink…
Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants
LockBit, one of the most dangerous ransomware groups in the world, has released its newest version despite facing serious law enforcement actions. The group’s operations continue moving forward, displaying fresh variants that target different computer systems and platforms. Recently, leaked…
LastPass Warns of Fake Maintenance Message Tracking Users to Steal Master Passwords
A critical security alert regarding an active phishing campaign that commenced on January 19, 2026. The malicious actors are impersonating LastPass support staff and sending fraudulent emails claiming urgent vault backup requirements to harvest master passwords from unsuspecting users. The…
Multiple GitLab Vulnerabilities Enables 2FA Bypass and DoS Attacks
Critical security patches addressing five vulnerabilities across versions 18.8.2, 18.7.2, and 18.6.4 for both Community Edition (CE) and Enterprise Edition (EE). The patches resolve issues ranging from high-severity authentication flaws to denial-of-service conditions affecting core platform functionality. Critical 2FA Bypass…
ErrTraffic Fueling ClickFix by Breaking the Page Visually and Turns Attack to GlitchFix
A new social engineering technique called GlitchFix has emerged, powered by ErrTraffic—a specialized traffic distribution system designed to trick website visitors into downloading malware through visually broken web pages. The attack platform costs around $800 and offers cybercriminals a complete…
Threat Actors Hiding stealthy PURELOGS Payload Within a Weaponized PNG File
A newly discovered attack campaign has exposed a sophisticated delivery method for the PURELOGS infostealer, a commodity malware sold as a service on underground forums. Threat actors are using weaponized PNG files hosted on legitimate infrastructure to deliver the payload…
Critical Zoom Command Injection Vulnerability Enables Remote Code Execution
A critical command injection vulnerability in Node Multimedia Routers (MMRs) could allow meeting participants to execute arbitrary code on affected systems. The vulnerability, tracked as CVE-2026-22844, carries a CVSS severity rating of 9.9, the highest possible score, indicating an extremely…
New PixelCode Attack Smuggles Malware via Image Pixel Encoding
A novel malware delivery technique dubbed “PixelCode” has been demonstrated, showing how malicious executables can be encoded directly into video frames. The approach allows threat actors to host these videos on legitimate platforms such as YouTube, helping the malware evade…
NVIDIA NSIGHT Graphics for Linux Vulnerability Allows Code Execution Attacks
An urgent security update addressing a critical vulnerability in NSIGHT Graphics for Linux that could allow attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-33206, has been rated as High severity with a CVSS score of…