Archives: News
News articles and updates
Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries
Microsoft has detailed a phishing campaign that targeted 35,000 users in 26 countries. The company tracked the operation through its threat intelligence efforts and shared findings on the scope and methods used by the attackers. Campaign Scope The phishing effort reached users in multiple regions, affecting 35,000 accounts in total. Microsoft detected the activity spanning...
China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
A threat actor tracked as UAT-8302, linked to China, has targeted government entities in multiple regions with shared advanced persistent threat (APT) malware, cybersecurity researchers report. The group deploys the same malware samples against official networks in Asia, Europe, and the Middle East. This activity points to coordinated operations spanning borders, according to a recent...
MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks
Security researchers have confirmed active exploitation of CVE-2026-29014 in MetInfo CMS, enabling remote code execution on affected servers. Attackers have targeted unpatched installations worldwide since early May 2026, according to multiple threat intelligence reports released this week. Attack Details The vulnerability resides in MetInfo CMS, an open-source content management system used by thousands of websites....
We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
Researchers scanned one million exposed AI services and found widespread security failures. The assessment, detailed in a report released this week, shows many services lack basic protections against unauthorized access. Scan Details The team examined publicly accessible AI endpoints, including inference servers and model hosting platforms. They identified over 1 million instances running without authentication....
Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
Microsoft Edge keeps user passwords in process memory during browser sessions, security researchers have found. This practice exposes enterprise networks to potential attacks from malware and memory-scraping tools. Discovery Details Researchers identified that Edge retains credentials in plain text within its memory space. Tools like Process Hacker and custom memory dump analyzers can extract these...
Physical Cargo Theft Gets a Boost From Cybercriminals
Reports from logistics security firms indicate cybercriminals now assist physical cargo theft rings by providing real-time tracking data and access codes, leading to a sharp rise in incidents across major shipping routes in early 2026. Recent Incidents Cargo theft cases involving cyber elements have increased by double digits in the first quarter of 2026, according...
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
Palo Alto Networks announced plans to release a patch for a zero-day vulnerability in its firewalls that threat actors have exploited in targeted attacks. The company confirmed active exploitation and urged customers to apply updates as soon as they become available. Details of the Vulnerability The zero-day flaw affects certain Palo Alto Networks firewalls, allowing...
How the Story of a USB Penetration Test Went Viral
A tale of a simple USB drive used in a penetration test has spread rapidly across social media platforms and cybersecurity forums in recent weeks. The incident, shared initially on X (formerly Twitter), drew millions of views and sparked debates on physical security practices among organizations. Incident Details The story centers on a security consultant...
Critical Bug Could Expose 300,000 Ollama Deployments to Information Theft
A critical security flaw in Ollama, a popular tool for running large language models locally, puts around 300,000 deployments at risk of information theft, security researchers reported this week. The vulnerability allows attackers to access sensitive data from systems running Ollama. Researchers identified the issue in the software’s default configuration, which exposes an unauthenticated endpoint....
Hacker News Opens Cybersecurity Stars Awards 2026
The Hacker News launched the Cybersecurity Stars Awards 2026, opening submissions for cybersecurity achievements. Nominations are accepted via online portal.