Fake Captcha Ecosystem Exploits Trusted Web Infrastructure to Deliver Malware
A new wave of web-based malware campaigns is using fake verification pages to trick users into installing dangerous software. These attacks copy the look and…
Category: CyberSecurityNews
New Windows Notepad and Paint Update Brings More Useful AI Features
Artificial intelligence (AI) features have been added to Windows 11 Notepad and Paint for Canary and Dev Channel users, turning them into cloud-connected tools that…
New Watering Hole Attacking EmEditor Users with Stealer Malware
A major security threat has emerged targeting developers who use EmEditor, a popular text editor favored by Japanese programming communities. In late December 2025, the…
Microsoft to Add Brand Impersonation Protection Warning to Teams Calls
A new security feature for Teams Calling now alerts users to suspicious external calls that try to impersonate trusted organizations. The feature will begin deployment…
MacSync macOS Infostealer Leverage ClickFix-style Attack to Trick Users Pasting a Single Terminal Command
A sophisticated macOS malware called MacSync has emerged as a dangerous new threat targeting cryptocurrency users through deceptive social engineering tactics. The infostealer operates as…
Node.js Updated HackerOne Program to Require a Signal of 1.0 or Higher to Submit Vulnerability Reports
Node.js has updated its HackerOne vulnerability disclosure program to require a minimum Signal score of 1.0, aiming to reduce low-quality submissions and improve processing efficiency.…
Hackers Can Use GenAI to Change Loaded Clean Page Into Malicious within Seconds
A new and alarming threat has emerged in the cybersecurity landscape where attackers combine artificial intelligence with web-based attacks to transform innocent-looking webpages into dangerous…
New Phishing Kit As-a-service Attacking Google, Microsoft, and Okta Users
A dangerous new generation of phishing kits designed specifically for voice-based attacks has emerged as a growing threat to enterprise users across major technology platforms.…
Fortinet Confirms Active Exploitation of FortiCloud SSO Authentication Bypass Vulnerability
Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass vulnerability, with a new automated campaign targeting even fully patched FortiGate devices. Cybersecurity firm Arctic…
TrustAsia Revoked 143 Certificates Following LiteSSL ACME Service Vulnerability
TrustAsia has revoked 143 SSL/TLS certificates following the discovery of a vulnerability in its LiteSSL ACME service. The flaw allowed for the improper reuse of…
HPE Alletra and Nimble Storage Vulnerability Grants Admin Access to Remote Attacker
A critical privilege escalation vulnerability affecting multiple storage platforms could allow remote attackers to gain administrative access without physical interaction. The flaw, tracked as CVE-2026-23594,…
North Korean Hackers Adopted AI to Generate Malware Attacking Developers and Engineering Teams
North Korea–aligned hackers have launched a new campaign that turns artificial intelligence into a weapon against software teams. Using AI-written PowerShell code, the group known…