Security News

  • New Januscape Linux flaw allows VM escape on Intel, AMD devices

    Januscape is a 16-year-old Linux kernel vulnerability, tracked as CVE-2026-53359, that lets attackers escape a KVM virtual machine and execute code as root on the host. The flaw affects multi-tenant cloud environments and can be chained with Dirty Frag to achieve full compromise on unpatched systems. #Januscape #CVE-2026-53359 #KVM #DirtyFrag

  • Webinar tomorrow: Why modern email attacks require a new approach to defense

    Organizations are still facing persistent phishing, business email compromise, and account takeover attacks even after investing in secure email gateways, MFA, and identity protection. A BleepingComputer webinar with Abnormal AI and Novant Health will show how behavioral AI can help detect abnormal communication patterns, automate investigations, and improve response to Device Code phishing and trusted sender impersonation. #BleepingComputer #AbnormalAI #NovantHealth #DeviceCodePhishing

  • The GitHub Actions Attack Pattern Your CI Security Scanners Miss

    Cordyceps exposed a CI/CD weakness in GitHub Actions where individually valid workflows combined into exploitable privilege chains, leaving many “green” pipelines vulnerable despite passing scans. The article highlights real cases at Microsoft, Google, and Apache, and argues that AI-generated workflows are accelerating governance gaps that scanners alone cannot catch. #Cordyceps #Microsoft #AzureSentinel #Google #Apache #GitHubActions

  • Spain arrests suspected member of pro-Russian hacktivist groups

    Spain’s National Police arrested a man in Palencia suspected of supporting the pro-Russian hacktivist groups CyberArmy of Russia Reborn (CARR) and Z-Pentest. Investigators say he helped a CARR-linked hacker evade capture, coordinated via encrypted apps, and was tied to operations associated with NoName057(16) and attacks on critical infrastructure. #CyberArmyofRussiaReborn #CARR #ZPentest #NoName05716 #APT44 #Sandworm

  • DEBULL Tooling Abuses Microsoft Device-Code Flow to Target M365 Accounts

    A Microsoft 365 device code phishing campaign observed in late June and early July 2026 used collaboration-themed lures and a compromised Croatian rental website to trick victims into authorizing attacker sessions through Microsoft’s legitimate device login flow. ZeroBEC and Cisco Talos linked the activity to reusable tooling and PhaaS ecosystems including…

  • Critical Adobe ColdFusion Vulnerability Exploited in Attacks

    Threat actors are exploiting CVE-2026-48282, a maximum-severity path traversal flaw in Adobe ColdFusion that can lead to arbitrary code execution. Adobe released emergency updates for ColdFusion 2025 and 2023, but exploitation reportedly began within two hours of public disclosure. #AdobeColdFusion #CVE-2026-48282 #KEVIntel #CanadianCentreforCyberSecurity…

  • CISA Reportedly Using Anthropic’s Mythos to Scan Government Software for Flaws

    CISA is reportedly using Anthropic’s Mythos AI model to scan federal code repositories for security vulnerabilities, with the goal of finding and fixing flaws before adversaries can exploit them. The effort has allegedly already uncovered many bugs, while Anthropic’s broader relationship with US agencies has also faced tension over model safeguards…

  • Linux Kernel Vulnerability Allows VM Escape on Intel and AMD Systems

    A newly disclosed Linux kernel flaw, tracked as CVE-2026-53359 and nicknamed Januscape, can let an attacker escape a KVM virtual machine and execute code on the host. The issue affects shadow MMU code, threatens multi-tenant public clouds, and was demonstrated by Hyunwoo Kim as a zero-day in Google kvmCTF. #CVE-2026-53359 #Januscape…

  • CISO Conversations: Tarah Wheeler, Cybersecurity Leader, Thought Leader and Original Thinker

    Tarah Wheeler, CISO at TPO Group, describes a cybersecurity career shaped by social science, writing, and broad hands-on experience across red team, SecOps, compliance, and policy work. She warns that the field lacks reliable ground truth and benchmarks, making it hard to separate facts from hype while leaders like NIST face…

  • Iran-Linked Hackers Using Modular C&C Framework in Cyberattacks

    An Iran-linked APT tracked as Cavern Manticore is targeting organizations in Israel with a modular C&C framework that uses .NET compilation formats as an anti-analysis layer. The group, likely tied to Iran’s MOIS and possibly the OilRig subgroup Lyceum, abuses SysAid updates, RMM tools, and remote desktop features to move laterally…

  • Cybersecurity News | Daily Recap [06 Jul 2026]

    Daily Recap, Agentic ransomware techniques were documented for the first time as Sysdig tracked JADEPUFFER, while prompt injection attacks demonstrated how AI agents can be manipulated into making crypto payments. North Korean actors continued supply-chain pressure by targeting open source developers, and researchers also flagged trojanized PoC repos and malicious PyPI packages. #JADEPUFFER #Sysdig #NorthKorea #PoC #PyPI

  • Microsoft testing new Cloud Rebuild Windows 11 recovery feature

    Microsoft is testing Cloud Rebuild in Windows 11 Insider Preview builds, a recovery feature that can remotely reinstall the operating system from the cloud when a device is broken or won’t boot. The feature is part of Microsoft’s Windows Resiliency Initiative and joins Point-in-Time Restore, Quick Machine Recovery, and a new post-BSOD memory scan recommendation to improve Windows 11 recovery and reliability. #CloudRebuild #Windows11 #WinRE #QuickMachineRecovery #PointInTimeRestore

  • BeyondTrust warns of critical flaws in remote access software

    BeyondTrust has patched two critical authentication bypass flaws in its Remote Support and Privileged Remote Access products, warning that exposed instances could let unauthenticated attackers access protected appliances under specific configurations. The company also fixed two high-severity issues, while prior BeyondTrust flaws have been used in attacks against U.S. government systems and linked to #SilkTyphoon and #CVE-2026-1731.

  • Microsoft to enable Windows settings backup by default for orgs

    Microsoft will enable the Windows settings backup and restore tool by default on eligible Microsoft Entra-joined and Microsoft Entra hybrid-joined enterprise devices starting with Windows 11 26H2. The change applies only when admins have not already set a policy, while restore remains disabled by default and must still be explicitly configured by IT. #MicrosoftEntra #Windows11 #WindowsBackup

  • Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities

    China-aligned attackers breached U.S. and Canadian university networks to steal sensitive data and maintain persistent access through webshells and backdoors. The campaign targeted physics and engineering departments and used Roundcube flaws CVE-2024-42009 and CVE-2025-49113 to gain access, with evidence pointing to the threat cluster UNK_MassTraction and the use of VShell. #UNK_MassTraction #Roundcube #VShell #CVE-2024-42009 #CVE-2025-49113

  • BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

    BeyondTrust has patched four critical flaws in Remote Support and Privileged Remote Access that could let attackers bypass access controls, trigger denial-of-service conditions, or reach unauthorized data under certain configurations. The company said the issues were found internally during security assessments, and users should update immediately to RS 25.3.3 or later…

  • CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

    CERT/CC warned that several Tenda firmware versions contain an undocumented authentication backdoor tracked as CVE-2026-11405, allowing attackers to bypass password checks and gain full administrative access to the web management interface. The flaw is still unpatched, and users are advised to disable remote management and change the default LAN IP address…

  • US Army websites defaced with pro-Kurdish sentiments, insults to Trump

    Multiple U.S. Army subdomains, including oil.army.mil and ai2c.army.mil, were defaced in a 404 hijacking campaign that displayed pro-Kurdistan messages and insults aimed at President Donald Trump and U.S. Ambassador Tom Barrack. The Army says the affected pages were hosted on a legacy third-party platform and has secured them while investigators continue to examine how the defacement occurred. #U.S.Army #oil.army.mil #ai2c.army.mil #TomBarrack #DonaldTrump

  • Major medical device manufacturer notifies nearly 4 million of breach

    Medtronic has notified more than 3.8 million people that their data may have been exposed in an attack reportedly linked to ShinyHunters, with accessed information including Social Security numbers, health-related data, names, contact details, and dates of birth. The company says there is no evidence the data was publicly posted and…

  • Attackers vote themselves $20 million in BONK cryptocurrency

    BonkDAO said attackers drained $20 million worth of BONK through a malicious governance proposal that exploited large token holdings to redirect coins into their wallets. The organization notified law enforcement and is working to recover funds, while Upbit temporarily suspended BONK deposits and withdrawals after the incident. #BonkDAO #BONK #Upbit #Solana…

Click here to access All News

Cybersecurity News Sources

This site will aggregate Cybersecurity News from this sources:

Reference for Security News

Sorted by estimated “Number of Articles” per week. a/w = articles / week.

Check this also :

Update November 2024

“I have launched several social media platforms for updates on Security News”