Blogs

A severe MongoDB vulnerability (CVE-2026-8053) enables attackers to execute arbitrary code on affected servers, risking full system takeover and data theft. Self-hosted deployments must patch immediately to prevent potential exploitation.

A newly disclosed Windows zero-day vulnerability named MiniPlasma affects the Cloud Files Mini Filter Driver (cldflt.sys), allowing attackers to gain SYSTEM privileges on fully patched Windows systems. The flaw is reportedly still unpatched despite prior fixes and can be reliably exploited under certain conditions.

Dell confirms a SupportAssist update is causing blue-screen crashes and random reboots on Windows 10 and Windows 11 systems. Users are advised to remove the affected service.

Microsoft warns of a new Microsoft Teams Android vulnerability that could allow spoofing attacks on local devices. Update immediately to stay protected.

Cybersecurity researchers have discovered fake GitHub repositories impersonating DeepSeek TUI to deliver malware. The campaign uses compressed archives and multi-stage payloads to bypass detection, disable Windows Defender, and establish persistent access on infected systems.

Cybersecurity researchers uncovered 28 fake Android apps on Google Play Store with over 7.3 million downloads that falsely promised call history access. Instead, the apps tricked users into subscriptions and generated fake data, leading to financial losses, mainly targeting users in India and APAC.

A data breach involving NVIDIA GeForce NOW provider GFN.AM exposed user personal information, raising concerns over phishing and identity fraud attacks.

Hackers are using fake Claude AI installer pages and Google Ads to spread malware, steal credentials, and infect Windows and macOS systems.

Hackers compromised official DAEMON Tools installers with malware in a major supply chain attack affecting users worldwide. Learn how to stay protected.

A critical PAN-OS vulnerability (CVE-2026-0300) in the User-ID Captive Portal allows unauthenticated remote code execution with root privileges. Limited exploitation has been linked to state-sponsored activity involving log tampering, Active Directory enumeration, and deployment of tunneling tools like EarthWorm and ReverseSocks5.

Claude Mythos AI is redefining cyber threats by discovering zero-day vulnerabilities and generating exploits faster than ever. Learn how businesses can stay protected.

A sophisticated phishing campaign uses fake compliance emails and AiTM attacks to steal authentication tokens and bypass MFA across thousands of organizations.

Google patches CVE-2026-0073, a critical Android zero-click flaw enabling remote shell access without user interaction. Update devices immediately.

A critical cPanel authentication bypass (CVE-2026-41940) was exploited in a cyber espionage campaign targeting government and military systems. Attackers gained root access, used SQL injection and custom malware tools, and exfiltrated over 4GB of sensitive data including defense and financial records.

Researchers reveal a phishing campaign using Google AppSheet emails to steal 30,000 Facebook accounts through fake Meta Support alerts and login pages

New fake CAPTCHA scam tricks users into sending international SMS messages, causing hidden phone bill charges through SMS pumping fraud.

Microsoft patches CVE-2026-32202, a Windows zero-click flaw exploited by APT28 hackers to bypass Defender SmartScreen and steal authentication hashes.

Microsoft introduces major Windows Update changes that let users shut down or restart without forced updates, pause updates longer, and gain better control over installations.

Cybercriminals exploit React2Shell vulnerability using Telegram bots and automation to hack 900+ companies and steal sensitive data from web apps.

RedSun zero-day exploits Windows Defender to gain SYSTEM access. Learn how NPAV EPS protects against zero-day and privilege escalation attacks.