Aggregator

You must login to view this content

Security updates addressing critical cross-site scripting (XSS) vulnerabilities in Foxit PDF Editor Cloud that could allow attackers to execute arbitrary JavaScript code in users’ browsers. The vulnerabilities were discovered in the application’s File Attachments list and Layers panel, where insufficient input validation and improper output encoding create pathways for malicious code execution. Two related cross-site […]

The post Foxit PDF Editor Vulnerabilities Let Attackers Execute Arbitrary JavaScript appeared first on Cyber Security News.

Russian state-sponsored hackers Fancy Bear (aka APT 28) are exploiting CVE-2026-21509, a Microsoft Office vulnerability for which Microsoft released an emergency fix last week. The exploitation CVE-2026-21509 allows unauthorized attackers to bypass a security feature (OLE mitigations in Microsoft 365 and Microsoft Office) locally, by creating and tricking targets into opening booby-trapped Office files. On January 29, 2026 – three days after Microsoft released the aforementioned fix – Zscaler researchers flagged an email phishing campaign … More →

The post Russian hackers are exploiting recently patched Microsoft Office vulnerability (CVE-2026-21509) appeared first on Help Net Security.

There is a comforting illusion in cybersecurity leadership: when things get noisy, you add more people. More analysts. More shifts. More headcount. It feels decisive. It looks responsible. It even photographs well for internal reports.  But SOC inefficiency is rarely a staffing problem. It is a signal problem.  When More People Don’t Mean Better Security  Across industries, security […]

The post Stronger Incident Prevention Takes Just One CISO Decision  appeared first on Cyber Security News.

Gremlin, the proactive reliability platform, launched Disaster Recovery Testing: a new product built to safely and efficiently test zone, region, and datacenter evacuations and failovers. These large-scale tests ensure businesses maintain digital resilience and business continuity when faced with cloud migrations, compliance concerns, and catastrophic events. There were multiple high-profile cloud outages in 2025, such as the AWS us-east-1 zone outage in October 2025 impacting 70,000 companies and incurring losses estimated at $581 million, that … More →

The post Gremlin launches Disaster Recovery Testing for zone, region, and datacenter failovers appeared first on Help Net Security.

A sophisticated phishing campaign targeting macOS users has emerged, using fake compliance emails as a delivery mechanism for advanced malware. Chainbase Lab recently detected this campaign, which impersonates legitimate audit and compliance notifications to deceive users. The attack chain combines social engineering with multi-stage fileless payloads designed to steal credentials and establish persistent remote access […]

The post Beware of New Compliance Emails Weaponizing Word/PDF Files to Steal Sensitive Data appeared first on Cyber Security News.