Cybersecurity
138 articles RSS
Google Patches Two Actively Exploited Chrome Zero-Days Affecting Skia and V8 Engines
Google releases emergency Chrome 146 update to fix two high-severity zero-days in the Skia graphics library and V8 JavaScript engine, both confirmed exploited in the wild.
Microsoft March 2026 Patch Tuesday Fixes 84 Vulnerabilities Including Two Public Zero-Days and a Critical AI-Discovered Flaw
Microsoft's March 2026 security update addresses 84 vulnerabilities across Windows, Office, Azure, SQL Server, and .NET, with two publicly disclosed zero-days, eight critical-rated flaws, and a 9.8-severity remote code execution bug discovered by an autonomous AI agent.
Iran-Linked Hackers Weaponize Microsoft Intune to Wipe 200,000 Stryker Devices in Retaliatory Cyberattack
Pro-Iran hacktivist group Handala hijacked Stryker's Microsoft Intune tenant to remotely wipe over 200,000 systems across 79 countries, crippling the medical device giant and threatening global hospital supply chains.
ShinyHunters Claims Mass Data Theft From Hundreds of Salesforce Customers Using Weaponized Open-Source Tool
The ShinyHunters cybercrime group says it exploited misconfigured Salesforce Experience Cloud guest accounts to steal data from nearly 400 organizations using a modified version of Mandiant's AuraInspector tool.
OpenClaw Surpasses React as GitHub's Most-Starred Project, Then Triggers a Cascading Security Crisis
The open-source AI agent went from zero to 250,000 GitHub stars in four months, but critical vulnerabilities exposed over 135,000 instances across 82 countries.
Government-Grade iPhone Exploit Kit 'Coruna' Proliferated from Spy Tool to Cryptocurrency Heist in Under a Year
Google and iVerify reveal Coruna, a 23-exploit iOS framework that moved from a surveillance vendor to Russian spies to Chinese cybercriminals in months.
Google Patches Qualcomm Zero-Day Exploited in Targeted Android Attacks as March Update Fixes 129 Vulnerabilities
Google's March 2026 Android security update addresses 129 vulnerabilities including an actively exploited Qualcomm graphics flaw affecting 235 chipsets and a critical remote code execution bug in Android 16.
LexisNexis Confirms AWS Cloud Breach After Hackers Exploit Unpatched React Vulnerability and Leak 2 GB of Data Including Federal Judge Records
Threat actor FulcrumSec exploited the React2Shell vulnerability in LexisNexis AWS infrastructure, exfiltrating 3.9 million records and claiming access to 400,000 user profiles including U.S. government personnel.
Self-Propagating JavaScript Worm Vandalized Nearly 4,000 Wikipedia Pages in 23 Minutes Before Engineers Contained the Spread
A dormant malicious script planted on Russian Wikipedia in 2024 was inadvertently activated during a Wikimedia security review, modifying thousands of pages and 85 user scripts before engineers locked down editing across all projects.
CISA Adds Actively Exploited VMware Aria Operations Flaw to KEV Catalog, Gives Federal Agencies Three Weeks to Patch
A command injection vulnerability in Broadcom's VMware Aria Operations is under active exploitation, prompting CISA to set a March 24 federal remediation deadline.
Pakistan-Linked APT36 Deploys AI-Generated 'Vibeware' Against Indian Government in First Documented Nation-State Use of Vibe-Coded Malware
Bitdefender documents APT36 using LLMs to mass-produce malware in Nim, Zig, and Crystal at a daily cadence, flooding Indian government networks with disposable implants in a strategy researchers call 'Distributed Denial of Detection.'
Claude Code Vulnerabilities Let Attackers Run Arbitrary Commands and Steal API Keys by Cloning a Repository
Check Point Research disclosed two CVEs in Anthropic's Claude Code that turned project configuration files into attack vectors, enabling remote code execution and API key exfiltration before users could approve a trust dialog.