Blogs

Hackers are using fake Claude Code installation pages to distribute a fileless .NET infostealer that steals credentials and bypasses traditional security defenses.

Researchers discovered a Google Gemini vulnerability that allowed malicious WhatsApp, Slack, and SMS notifications to manipulate the AI assistant and trigger unauthorized actions on Android devices.

Telangana CID arrested 11 suspects involved in a large cyber fraud and online betting racket using mule accounts, fake identities, and money laundering networks across multiple Indian states.

A vulnerability in Instagram's Meta AI-powered account recovery system allegedly allowed attackers to obtain password reset codes and hijack high-value accounts by bypassing identity verification checks.

Cybercriminals are using Telegram channels to sell verified bank accounts, fintech wallets, and crypto exchange accounts for money laundering operations powered by AI-generated identities and deepfake KYC bypass techniques.

CERT-In has issued new guidelines requiring organizations to patch critical internet-facing vulnerabilities within 12 hours, warning that AI-powered cyberattacks are drastically reducing exploitation timeframes and increasing cyber risk.

Security researchers discovered that WhatsApp chat histories may be stored unencrypted on macOS and iOS devices, potentially allowing local access to decrypted messages through shared app containers.

The Megalodon supply chain attack compromised over 5,500 GitHub repositories within six hours by injecting malicious GitHub Actions workflows designed to steal cloud credentials, API keys, SSH keys, and CI/CD secrets.

A newly disclosed Linux kernel vulnerability, CVE-2026-46333, allows attackers to steal SSH private keys and gain root access through a local privilege escalation flaw affecting Linux systems for nearly nine years.

A supply chain attack called Mini Shai-Hulud compromised multiple npm packages in the @antv ecosystem, injecting credential-stealing malware. Developers using affected packages risk stolen tokens, data exfiltration, and persistent malware infections.

A severe MongoDB vulnerability (CVE-2026-8053) enables attackers to execute arbitrary code on affected servers, risking full system takeover and data theft. Self-hosted deployments must patch immediately to prevent potential exploitation.

A newly disclosed Windows zero-day vulnerability named MiniPlasma affects the Cloud Files Mini Filter Driver (cldflt.sys), allowing attackers to gain SYSTEM privileges on fully patched Windows systems. The flaw is reportedly still unpatched despite prior fixes and can be reliably exploited under certain conditions.

Dell confirms a SupportAssist update is causing blue-screen crashes and random reboots on Windows 10 and Windows 11 systems. Users are advised to remove the affected service.

Microsoft warns of a new Microsoft Teams Android vulnerability that could allow spoofing attacks on local devices. Update immediately to stay protected.

Cybersecurity researchers have discovered fake GitHub repositories impersonating DeepSeek TUI to deliver malware. The campaign uses compressed archives and multi-stage payloads to bypass detection, disable Windows Defender, and establish persistent access on infected systems.

Cybersecurity researchers uncovered 28 fake Android apps on Google Play Store with over 7.3 million downloads that falsely promised call history access. Instead, the apps tricked users into subscriptions and generated fake data, leading to financial losses, mainly targeting users in India and APAC.

A data breach involving NVIDIA GeForce NOW provider GFN.AM exposed user personal information, raising concerns over phishing and identity fraud attacks.

Hackers are using fake Claude AI installer pages and Google Ads to spread malware, steal credentials, and infect Windows and macOS systems.

Hackers compromised official DAEMON Tools installers with malware in a major supply chain attack affecting users worldwide. Learn how to stay protected.

A critical PAN-OS vulnerability (CVE-2026-0300) in the User-ID Captive Portal allows unauthenticated remote code execution with root privileges. Limited exploitation has been linked to state-sponsored activity involving log tampering, Active Directory enumeration, and deployment of tunneling tools like EarthWorm and ReverseSocks5.