Cyber Security News

A sophisticated supply chain attack targeting the official Trivy GitHub Action (aquasecurity/trivy-action) has compromised continuous integration and continuous deployment (CI/CD) pipelines globally. Disclosed in late March 2026, this incident marks the second distinct compromise affecting the Trivy ecosystem within a single month. Threat actors successfully force-pushed 75 out of 76 existing version tags to distribute […]

The post Hackers Compromise Trivy Scanner to Inject malicious Scripts and Steal Login Credentials appeared first on Cyber Security News.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have recently released a joint cybersecurity advisory regarding a widespread phishing campaign. The alert warns that Russian Intelligence Services are actively targeting users of encrypted messaging applications, primarily Signal. The attackers are bypassing the platform’s robust end-to-end encryption by hijacking user […]

The post FBI, CISA Warn Russian Hackers Are Targeting High-Value Individuals Through Signal appeared first on Cyber Security News.

Google has released a substantial security update for its Chrome web browser, addressing 26 distinct vulnerabilities that could allow unauthenticated attackers to execute malicious code remotely. The latest Stable channel update rolls out versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS, while Linux users will receive version 146.0.7680.153. This critical patch cycle is designed to […]

The post Chrome Security Update Fixes 26 Vulnerabilities Allowing Remote Code Execution appeared first on Cyber Security News.

Oracle has issued an out-of-band Security Alert addressing a critical remote code execution (RCE) vulnerability, CVE-2026-21992, affecting two widely deployed Fusion Middleware components, Oracle Identity Manager and Oracle Web Services Manager. The vulnerability carries a CVSS 3.1 base score of 9.8, placing it among the most severe classifications in Oracle’s risk framework. CVE-2026-21992 is an […]

The post Oracle Issues Urgent Security Update for Critical RCE Flaw in Identity Manager and Web Services Manager appeared first on Cyber Security News.

Anthropic is expanding Claude Cowork Desktop with a new Projects feature designed to keep files, instructions, and task context organized inside a single workspace. For paid users, the update makes it easier to start from scratch, import an existing chat, or connect a local folder so Claude can continue work without losing the thread between […]

The post Anthropic Launches Projects Feature for Claude Cowork Desktop appeared first on Cyber Security News.

Microsoft has acknowledged a significant bug introduced by its March 2026 cumulative update that is preventing users from signing into Microsoft Teams Free, OneDrive, and several other Microsoft applications on Windows 11 devices. The issue, tied to the KB5079473 update released on March 10, 2026, has left affected users locked out of their accounts despite […]

The post Windows 11 March Update Breaks Microsoft Teams and OneDrive Sign-Ins appeared first on Cyber Security News.

A sweeping cyberattack campaign has compromised more than 7,500 Magento-powered e-commerce websites since late February 2026, with attackers uploading hidden malicious files into publicly accessible web directories across thousands of domains. The attack has spread to over 15,000 hostnames, affecting commercial brands, government agencies, universities, and non-profit organizations spanning multiple countries, making it one of […]

The post Hackers Compromised 7,500+ Magento Websites to Upload Hidden Malicious Files and Steal Data appeared first on Cyber Security News.

A newly identified variant of the VoidStealer infostealer has drawn serious attention from the security community after it became the first malware known to bypass Google Chrome’s Application-Bound Encryption (ABE) without requiring code injection or elevated system privileges. The variant, introduced in VoidStealer version 2.0 on March 13, 2026, uses a debugger-based technique to silently […]

The post New VoidStealer Variant Bypasses Chrome ABE Without Injection or Privilege Escalation appeared first on Cyber Security News.

A new Android banking trojan named Perseus has emerged in the wild, representing the next step in the ongoing evolution of mobile malware. Built on the leaked source code of Cerberus and drawing directly from the Phoenix codebase, Perseus refines and extends the capabilities of its predecessors. It combines credential theft, real-time device monitoring, and […]

The post Perseus Android Malware Steals User Notes and Enables Full Device Takeover appeared first on Cyber Security News.

The fraud rarely announces itself. It begins with a friendly message on social media, a wrong-number text that turns into a conversation, or a romantic connection that slowly builds over weeks. For tens of thousands of Americans, those innocent interactions have ended in financial ruin — savings wiped out, retirement funds emptied, and assets scattered […]

The post FBI, Thai Partners Target Southeast Asia Scam Centers Behind Cyber Fraud on Americans appeared first on Cyber Security News.

Microsoft has officially announced the general availability of new Microsoft Teams optimizations for the Windows App on both iOS and Android platforms. Released on March 18, 2026, this update introduces the WebRTC Redirector Service to mobile users connecting to Azure Virtual Desktop and Windows 365 environments. For IT administrators and security teams managing distributed workforces, […]

The post Microsoft Unveils New Teams Optimizations for Windows App on iOS & Android appeared first on Cyber Security News.

An urgent warning highlights a critical zero-day in Cisco products, now added to the CISA Known Exploited Vulnerabilities Catalog after active exploitation in ransomware campaigns. Network defenders and security administrators are urged to take immediate action. The rapid exploitation of this vulnerability by financially motivated threat actors highlights the severe risk it poses to enterprise […]

The post CISA Warns of Cisco Secure Firewall Management Center 0-Day Exploited in Ransomware Attacks appeared first on Cyber Security News.

Ransomware attackers have widened their approach to defeating endpoint security, moving well past the technique of exploiting vulnerable drivers. For years, the Bring Your Own Vulnerable Driver (BYOVD) method was the primary way attackers disabled security tools before launching their file-encrypting payloads. Today, that picture has grown much more complex, with threat actors now deploying […]

The post Ransomware Actors Expand EDR Killer Tactics Beyond Vulnerable Drivers appeared first on Cyber Security News.

A critical security advisory addressing multiple high-severity vulnerabilities in Jenkins core and the LoadNinja plugin. Issued on March 18, 2026, the alert warns that these flaws could allow attackers to execute arbitrary code and fully compromise continuous integration and continuous deployment pipelines.​ The most severe flaw, tracked as CVE-2026-33001, stems from how Jenkins handles symbolic […]

The post Critical Jenkins Vulnerabilities Expose CI/CD Servers to RCE Attacks appeared first on Cyber Security News.

A Russian state-linked threat actor has launched a targeted cyberattack against a Ukrainian government agency, exploiting a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite to steal credentials and sensitive email data. Dubbed “Operation GhostMail,” the campaign stands out for its complete absence of traditional attack indicators — no malicious file attachments, no suspicious links, […]

The post Russian APT Exploits Zimbra XSS to Target Ukrainian Government in ‘Operation GhostMail’ appeared first on Cyber Security News.

Authorities have successfully dismantled the command-and-control (C2) infrastructure powering four massive Internet of Things (IoT) botnets. The U.S. Justice Department, collaborating closely with Canadian and German agencies, targeted the administrators and architecture behind the Aisuru, KimWolf, JackSkid, and Mossad botnets. Together, these malicious networks infected over three million devices globally and launched catastrophic Distributed Denial […]

The post Authorities Disrupt IoT Botnet Infrastructure Behind Record-Breaking 30 Tbps DDoS Attacks appeared first on Cyber Security News.

CISA has added a high-severity vulnerability affecting the Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2025-66376, this security flaw is currently facing active exploitation in the wild. Organizations utilizing Zimbra must urgently prioritize remediation to prevent unauthorized access and potential data compromise. The vulnerability is a stored cross-site scripting […]

The post CISA Warns of Zimbra Collaboration Suite Vulnerability Exploited in Attacks appeared first on Cyber Security News.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert urging organizations to harden their endpoint management system configurations following a cyberattack on Stryker Corporation, a U.S.-based medical technology firm, on March 11, 2026. The attack targeted Stryker’s Microsoft environment and has prompted CISA to coordinate with the Federal Bureau of Investigation […]

The post CISA Urges Organizations to Secure Microsoft Intune Environments Following Stryker Breach appeared first on Cyber Security News.

Austin, United States, March 19th, 2026, CyberNewswire Cybersecurity has entered a new phase, one defined less by reactive controls and more by continuous, intelligence-driven operations. As attack surfaces expand and adversaries increasingly leverage AI, the modern CISO is tasked with orchestrating resilience at scale. Amid this shift, CISO Whisperer has released its list of “Cybersecurity […]

The post CISO Whisperer Names 11 Vendors Leading the Shift from Tools to Outcomes at RSA Conference 2026 appeared first on Cyber Security News.

Ubiquiti has disclosed two critical-to-high severity vulnerabilities in its widely deployed UniFi Network Application, including a maximum-severity flaw that could allow unauthenticated attackers to seize full control of underlying systems. Organizations running affected versions are urged to patch immediately. CVE-2026-22557: Path Traversal Enables Full System Compromise The more severe of the two flaws, tracked as […]

The post Critical Ubiquiti UniFi Vulnerabilities Allow Attackers to Seize Full Control of Underlying Systems appeared first on Cyber Security News.