Hackers Earned $516,500 for 37 Unique 0-day Vulnerabilities
Day One of Pwn2Own Automotive 2026, which delivered $516,500 USD for 37 zero-days, the event has now accumulated $955,750 USD across 66 unique vulnerabilities, demonstrating…
Category: CyberSecurityNews
Attackers Infrastructure Exposed Using JA3 Fingerprinting Tool
A new powerful method to detect and trace attacker infrastructure using JA3 fingerprinting, a technique that identifies malicious tools through network communication patterns. While many…
Researchers Detailed r1z Initial Access Broker OPSEC Failures
U.S. authorities have pulled back the curtain on “r1z,” an initial access broker who quietly sold gateways into corporate networks around the world. Operating across…
Malicious PyPI Package Mimic as Popular Sympy-Dev to Attack Millions of Users
A new malicious package on the Python Package Index (PyPI), named sympy-dev, has been caught impersonating the widely used SymPy library to deliver cryptomining malware. SymPy…
New ClickFix Campaign Hijacks Facebook Sessions Using Fake Verification Pages
Attackers have launched a widespread campaign called ClickFix that steals Facebook account credentials by tricking users into handing over their session tokens. Rather than using…
Critical Vivotek Vulnerability Allows Remote Users to Inject Arbitrary Code
A critical remote code injection vulnerability in Vivotek legacy firmware that enables unauthenticated attackers to execute arbitrary commands with root privileges. The vulnerability, tracked as…
FortiGate Firewalls Hacked in Automated Attacks to Steal Configurations Data
A new cluster of automated malicious activity targeting FortiGate firewall devices. Beginning January 15, 2026, threat actors have been observed executing unauthorized configuration changes, establishing…
CISA Warns of Cisco Unified CM 0-Day RCE Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert after confirming active exploitation of a zero-day remote code execution (RCE) vulnerability…
Critical Vulnerability in Binary-Parser Library for Node.js Allows Malicious Code Injection
A critical code-injection vulnerability has been identified in the Node.js binary-parser library, affecting all versions before 2.3.0. The flaw allows attackers to execute arbitrary JavaScript…
New Multi-Stage Windows Malware Disables Microsoft Defender Before Dropping Malicious Payloads
Security researchers have identified a sophisticated multi-stage malware campaign targeting Windows systems through social engineering and weaponized cloud services. The attack employs business-themed documents as…
BIND 9 Vulnerability Allow Attackers to Crash Server by Sending Malicious Records
A high-severity vulnerability has been disclosed in BIND 9, the widely used DNS server software responsible for domain name resolution across millions of internet services.…
New AI-Android Malware that Auto Clicks Ads from the Infected Devices
A dangerous Android malware campaign has emerged, targeting users through mobile games and pirated streaming app modifications. The threat, known as Android.Phantom, employs machine learning…