*Total Post : 16663 Cybersecurity News (auto update every day)
-
Hidden backdoor in Tenda router firmware grants admin access
A hidden authentication backdoor in multiple Tenda router firmware versions can let an attacker gain full administrative access to the web management panel by supplying a special password. CERT/CC says CVE-2026-11405 affects several Tenda routers, no patch is available yet, and users are advised to disable remote web management and reduce LAN exposure. #Tenda #CVE-2026-11405 #CERTCC
-
Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese hackers tracked as UAT-7810 are expanding their Operational Relay Box infrastructure by compromising internet-facing routers, especially unpatched Ruckus devices, to proxy traffic through legitimate-looking regional systems. Cisco Talos found new tools in the campaign, including LONGLEASH, DOGLEASH, JARLEASH, and LEASHTEST, alongside exploitation of multiple router vulnerabilities. #UAT-7810 #LONGLEASH #SHORTLEASH #DOGLEASH #JARLEASH #LEASHTEST #Ruckus #ASUSAiCloud #UAT-5918
-
New Januscape Linux flaw allows VM escape on Intel, AMD devices
Januscape is a 16-year-old Linux kernel vulnerability, tracked as CVE-2026-53359, that lets attackers escape a KVM virtual machine and execute code as root on the host. The flaw affects multi-tenant cloud environments and can be chained with Dirty Frag to achieve full compromise on unpatched systems. #Januscape #CVE-2026-53359 #KVM #DirtyFrag
-
Webinar tomorrow: Why modern email attacks require a new approach to defense
Organizations are still facing persistent phishing, business email compromise, and account takeover attacks even after investing in secure email gateways, MFA, and identity protection. A BleepingComputer webinar with Abnormal AI and Novant Health will show how behavioral AI can help detect abnormal communication patterns, automate investigations, and improve response to Device Code phishing and trusted sender impersonation. #BleepingComputer #AbnormalAI #NovantHealth #DeviceCodePhishing
-
The GitHub Actions Attack Pattern Your CI Security Scanners Miss
Cordyceps exposed a CI/CD weakness in GitHub Actions where individually valid workflows combined into exploitable privilege chains, leaving many “green” pipelines vulnerable despite passing scans. The article highlights real cases at Microsoft, Google, and Apache, and argues that AI-generated workflows are accelerating governance gaps that scanners alone cannot catch. #Cordyceps #Microsoft #AzureSentinel #Google #Apache #GitHubActions
-
Spain arrests suspected member of pro-Russian hacktivist groups
Spain’s National Police arrested a man in Palencia suspected of supporting the pro-Russian hacktivist groups CyberArmy of Russia Reborn (CARR) and Z-Pentest. Investigators say he helped a CARR-linked hacker evade capture, coordinated via encrypted apps, and was tied to operations associated with NoName057(16) and attacks on critical infrastructure. #CyberArmyofRussiaReborn #CARR #ZPentest #NoName05716 #APT44 #Sandworm
-
DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts
A Microsoft 365 device code phishing campaign observed in late June and early July 2026 used collaboration-themed lures and a compromised Croatian rental website to trick victims into authorizing attacker sessions through Microsoft’s legitimate device login flow. ZeroBEC and Cisco Talos linked the activity to reusable tooling and PhaaS ecosystems including…
-
Critical Adobe ColdFusion Vulnerability Exploited in Attacks
Threat actors are exploiting CVE-2026-48282, a maximum-severity path traversal flaw in Adobe ColdFusion that can lead to arbitrary code execution. Adobe released emergency updates for ColdFusion 2025 and 2023, but exploitation reportedly began within two hours of public disclosure. #AdobeColdFusion #CVE-2026-48282 #KEVIntel #CanadianCentreforCyberSecurity…
-
CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws
CISA is reportedly using Anthropic’s Mythos AI model to scan federal code repositories for security vulnerabilities, with the goal of finding and fixing flaws before adversaries can exploit them. The effort has allegedly already uncovered many bugs, while Anthropic’s broader relationship with US agencies has also faced tension over model safeguards…
-
Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems
A newly disclosed Linux kernel flaw, tracked as CVE-2026-53359 and nicknamed Januscape, can let an attacker escape a KVM virtual machine and execute code on the host. The issue affects shadow MMU code, threatens multi-tenant public clouds, and was demonstrated by Hyunwoo Kim as a zero-day in Google kvmCTF. #CVE-2026-53359 #Januscape…
-
CISO Conversations: Tarah Wheeler, Cybersecurity Leader, Thought Leader and Original Thinker
Tarah Wheeler, CISO at TPO Group, describes a cybersecurity career shaped by social science, writing, and broad hands-on experience across red team, SecOps, compliance, and policy work. She warns that the field lacks reliable ground truth and benchmarks, making it hard to separate facts from hype while leaders like NIST face…
-
Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks
An Iran-linked APT tracked as Cavern Manticore is targeting organizations in Israel with a modular C&C framework that uses .NET compilation formats as an anti-analysis layer. The group, likely tied to Iran’s MOIS and possibly the OilRig subgroup Lyceum, abuses SysAid updates, RMM tools, and remote desktop features to move laterally…
-
Cybersecurity News | Daily Recap [06 Jul 2026]
Daily Recap, Agentic ransomware techniques were documented for the first time as Sysdig tracked JADEPUFFER, while prompt injection attacks demonstrated how AI agents can be manipulated into making crypto payments. North Korean actors continued supply-chain pressure by targeting open source developers, and researchers also flagged trojanized PoC repos and malicious PyPI packages. #JADEPUFFER #Sysdig #NorthKorea #PoC #PyPI
-
Microsoft testing new Cloud Rebuild Windows 11 recovery feature
Microsoft is testing Cloud Rebuild in Windows 11 Insider Preview builds, a recovery feature that can remotely reinstall the operating system from the cloud when a device is broken or won’t boot. The feature is part of Microsoft’s Windows Resiliency Initiative and joins Point-in-Time Restore, Quick Machine Recovery, and a new post-BSOD memory scan recommendation to improve Windows 11 recovery and reliability. #CloudRebuild #Windows11 #WinRE #QuickMachineRecovery #PointInTimeRestore
-
BeyondTrust warns of critical flaws in remote access software
BeyondTrust has patched two critical authentication bypass flaws in its Remote Support and Privileged Remote Access products, warning that exposed instances could let unauthenticated attackers access protected appliances under specific configurations. The company also fixed two high-severity issues, while prior BeyondTrust flaws have been used in attacks against U.S. government systems and linked to #SilkTyphoon and #CVE-2026-1731.
-
Microsoft to enable Windows settings backup by default for orgs
Microsoft will enable the Windows settings backup and restore tool by default on eligible Microsoft Entra-joined and Microsoft Entra hybrid-joined enterprise devices starting with Windows 11 26H2. The change applies only when admins have not already set a policy, while restore remains disabled by default and must still be explicitly configured by IT. #MicrosoftEntra #Windows11 #WindowsBackup
-
Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities
China-aligned attackers breached U.S. and Canadian university networks to steal sensitive data and maintain persistent access through webshells and backdoors. The campaign targeted physics and engineering departments and used Roundcube flaws CVE-2024-42009 and CVE-2025-49113 to gain access, with evidence pointing to the threat cluster UNK_MassTraction and the use of VShell. #UNK_MassTraction #Roundcube #VShell #CVE-2024-42009 #CVE-2025-49113
-
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
BeyondTrust has patched four critical flaws in Remote Support and Privileged Remote Access that could let attackers bypass access controls, trigger denial-of-service conditions, or reach unauthorized data under certain configurations. The company said the issues were found internally during security assessments, and users should update immediately to RS 25.3.3 or later…
-
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
CERT/CC warned that several Tenda firmware versions contain an undocumented authentication backdoor tracked as CVE-2026-11405, allowing attackers to bypass password checks and gain full administrative access to the web management interface. The flaw is still unpatched, and users are advised to disable remote management and change the default LAN IP address…
-
US Army websites defaced with pro-Kurdish sentiments, insults to Trump
Multiple U.S. Army subdomains, including oil.army.mil and ai2c.army.mil, were defaced in a 404 hijacking campaign that displayed pro-Kurdistan messages and insults aimed at President Donald Trump and U.S. Ambassador Tom Barrack. The Army says the affected pages were hosted on a legacy third-party platform and has secured them while investigators continue to examine how the defacement occurred. #U.S.Army #oil.army.mil #ai2c.army.mil #TomBarrack #DonaldTrump
Cybersecurity News Sources
This site will aggregate Cybersecurity News from this sources:
- securityonline.info
- bleepingcomputer.com
- thehackernews.com
- darkreading.com
- + News from Cyware (Currated by Cyware)
- + Latest 100 cyberattacks referenced by Valéry Marchive
- + News from Immuniweb (Cybercrime Investigation and Prosecution)
- + Other hundreds of News Portal

Reference for Security News
Sorted by estimated “Number of Articles” per week. a/w = articles / week.
- malware.news (260 a/w)
- securityboulevard.com (140 a/w)
- ScMagazine.com (70 a/w)
- DarkReading.com (58 a/w)
- BankInfoSecurity.com (48 a/w)
- bleepingcomputer.com (47 a/w)
- CySecurity.news (40 a/w)
- SecurityWeek.com (40 a/w)
- BleepingComputer.com (40 a/w)
- Thecyberexpress.com (34 a/w)
- TheHackerNews.com.com (32 a/w)
- HelpNetSecurity.com (32 a/w)
- PacketStormSecurity.org (30 a/w)
- SecurityAffairs.com (29 a/w)
- Therecord.media (29 a/w)
- TheRegister.com (28 a/w)
- Infosecurity-Magazine.com (26 a/w)
- Securityonline.info (69 a/w)
- Csoonline.com/asean/security/ (19 a/w)
- Hackread.com (19 a/w)
- MalwareBytes.org (14 a/w)
- Cybersecuritydive.com (12 a/w)
- CyberScoop.com (11 a/w)
- Techrepublic.com/topic/security/ (11 a/w)
- ITSecurityGuru.org (9 a/w)
- Zdnet.com/topic/security/ (8 a/w)
- TripWire.com (6 a/w)
- Arstechnica.com/security/ (5 a/w)
- Latesthackingnews.com (5 a/w)
- Asec.ahnlab.com (4 a/w)
- Blog.polyswarm.io (3 a/w)
- Kroll.com/en/ (3 a/w)
- Mandiant.com (2 a/w)
- Bitdefender.com/blog/labs/ (1 a/w)
Check this also :
Update November 2024
“I have launched several social media platforms for updates on Security News”