Cyber Security News

📰

Security Affairs HIGH

21m

CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

A critical FortiClient Endpoint Management Server (EMS) vulnerability patched in April has been exploited in fresh attacks to deploy information-stealing malware, Arctic Wolf reports. The flaw, tracke...

Read more →

📰

Infosecurity Magazine LOW

57m

Attackers Move Past Typosquatting to Realistic Package Impersonation

Most malicious open source packages now mimic real code rather than rely on typosquatting

Read more →

📰

Security Affairs LOW

57m

Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem

Microsoft and Resecurity disrupted Fox Tempest, a malware-signing service that used fake Microsoft certificates to make malware look legitimate. Resecurity supported Microsoft’s Digital Crimes Unit ...

Read more →

📰

The Hacker News HIGH

1h

Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer

Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign a...

Read more →

📰

SecurityWeek LOW

1h

Carnival Data Breach Exposed 6 Million People

Data breach leaves nearly 6 million Carnival customers navigating identity theft risks. The post Carnival Data Breach Exposed 6 Million People appeared first on SecurityWeek.

Read more →

📰

Bleeping Computer LOW

2h

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. [...]

Read more →

📰

Bleeping Computer LOW

2h

How SIEM helps MSPs reduce noise and stop threats faster

MSPs don't lack security data. They struggle to separate real threats from alert noise. Kaseya explains how SIEM helps MSPs improve visibility, reduce fatigue, and respond faster. [...]

Read more →

📰

The Hacker News LOW

2h

Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal

Microsoft has come out strongly in favor of Coordinated Vulnerability Disclosure (CVD), urging the research community to share their findings and give affected vendors an opportunity to better underst...

Read more →

📰

The Hacker News LOW

2h

ThreatsDay Bulletin: Claude Security Plugin, Azure Priv-Esc, Kali365 MFA Bypass, FIFA Scams +15 More

Every time you think the industry has finally stopped doing some reckless, low-effort crap, somebody spins up a fresh box full of sketchy loaders, fake installers, recycled social-engineering bait, an...

Read more →

📰

Security Affairs HIGH

3h

U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructur...

Read more →

📰

SecurityWeek LOW

3h

New BTMOB Android Malware Enables Full Device Takeover

Delivered via phishing lures, the malware combines financial theft with data exfiltration and remote access. The post New BTMOB Android Malware Enables Full Device Takeover appeared first on SecurityW...

Read more →

📰

CyberScoop LOW

3h

Zapier fixes bug chain that researchers say risked widespread account takeover

A five-step flaw chain in the popular automation service, now patched, could have let a single attacker act as any signed-in user across thousands of connected apps. The post Zapier fixes bug chain th...

Read more →