Cyber Security News

WatchGuard has released urgent security updates to address multiple high-severity vulnerabilities affecting the WatchGuard Agent on Windows. The most critical of these flaws allows authenticated local attackers to escalate their privileges to the highest system level, granting them complete control over the compromised machine. Additional vulnerabilities discovered in the software include network-based buffer overflows that The post WatchGuard Agent Vulnerabilities Let Attackers Grant Full SYSTEM Privileges on Windows appeared first on Cyber Security News.

Five dangerous vulnerabilities in Redis expose Redis Cloud, Redis Software, and all open-source community editions to potential remote code execution, giving authenticated attackers a direct path to compromise affected systems. All require authenticated access to exploit, but successful exploitation can lead to arbitrary code execution, full system compromise, data exfiltration, or service disruption. The advisory, The post Critical Redis Vulnerabilities Enables Remote Code Execution Attacks appeared first on Cyber Security News.

A critical zero-day vulnerability in Palo Alto Networks PAN-OS software has been actively exploited by a likely state-sponsored threat actor since at least April 2026, the company revealed in a security advisory published on May 6, 2026. Tracked as CVE-2026-0300, the flaw is a buffer overflow vulnerability residing in the User-ID Authentication Portal, also known The post Palo Alto Networks Firewall Zero-Day RCE Vulnerability Exploited in the Wild Since April appeared first on Cyber Security News.

Hackers are using fake Google ads to steal login credentials from ManageWP users, GoDaddy’s popular platform for managing WordPress websites from a single dashboard. The campaign, which researchers have dubbed “WrongPress,” plants a fraudulent sponsored search result directly above the real ManageWP listing, trapping users before they even realize something is wrong. ManageWP is widely The post Hackers Abuse Google Ads to Steal Users GoDaddy ManageWP login Credentials appeared first on Cyber Security News.

A new wave of fraudulent Android apps quietly racked up millions of downloads on Google Play before being taken down. These apps, now tracked under the name CallPhantom, promised users something irresistible: the ability to look up the call history of any phone number. What they actually delivered was nothing more than fake data and The post 28 Fake Call History Apps on Google Play with 7.3M+ Downloads Trick Users to Steal Payments appeared first on Cyber Security News.

A fresh wave of malicious packages has been quietly spreading through the NuGet ecosystem, one of the most widely used registries in the .NET developer world. Five rogue packages have been discovered posing as legitimate Chinese software libraries, secretly stealing browser credentials, SSH private keys, and cryptocurrency wallet data. The attack takes a clever approach. The post Malicious NuGet Packages Target Browser Credentials, SSH Keys, and Crypto Wallets appeared first on Cyber Security News.

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky 

VM2 has been hit by 11 critical vulnerabilities, putting countless applications that rely on it at risk of executing untrusted code. Affecting all versions up to 3.11.1, each flaw provides attackers with a clear path out of the sandbox and into the host system, with full command execution capabilities. Worse, two of the eleven remain The post Critical vm2 Node.js Library Vulnerabilities Enables Arbitrary Code Execution Attacks appeared first on Cyber Security News.

A new threat intelligence report has revealed that an unknown group of hackers used a commercial AI tool to target the systems of a municipal water and drainage utility in Monterrey, Mexico. The attack, which took place in January 2026, marks one of the earliest known real-world cases where an adversary used AI to identify The post Hackers Used Claude AI to Attack on Water and Drainage Utility Systems appeared first on Cyber Security News.

A major security flaw has placed Ollama, one of the most widely used platforms for running local AI models, at risk of a high-profile exposure event. The issue, dubbed “Bleeding Llama,” allows unauthenticated attackers to access the Ollama process and extract sensitive data directly from memory, putting roughly 300,000 internet-facing servers worldwide at risk. With The post Critical Ollama Memory Leak Vulnerability Exposes 300,000 Servers Globally appeared first on Cyber Security News.

Microsoft is expanding interoperability in its mobile communication ecosystem by allowing Microsoft Teams users on Android devices to join third-party meetings via the Session Initiation Protocol (SIP). Recently detailed on the Microsoft 365 roadmap, this upcoming feature addresses a major enterprise demand for seamless cross-platform communication. With SIP, Android users will no longer be locked The post Microsoft Teams for Android Allow Users to Join Third-Party Meetings via SIP appeared first on Cyber Security News.

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code inside a secure sandbox by intercepting and proxying JavaScript objects to prevent sandboxed code from accessing the host

Authors of the VoidStealer Trojan uncovered a way to get around Google's App-Bound Encryption (ABE), opening the door to infostealers.

ShinyHunters' attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors.

Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks. Hunt.io, which detailed the malware, said it made the discovery after identifying an exposed directory on a Netherlands-hosted