Nginx-poolslip Vulnerability Enables DoS and Code Execution Attacks — Patch Now!
A newly disclosed flaw in one of the world’s most widely deployed web servers is forcing administrators into another emergency patch cycle. Tracked as CVE-2026-9256…
Category: CyberSecurityNews
Hackers Compromised 233 Versions of Laravel-Lang Packages by Hacking 700 GitHub Repos
A highly sophisticated supply chain attack has compromised the Laravel-Lang ecosystem, injecting credential-stealing remote code execution backdoors into 233 package versions across 700 GitHub repositories.…
Hackers Abuse Middle East Telecom Networks for Large-Scale Command-and-Control Operations
Hackers are using telecom networks and hosting providers across the Middle East as a foundation for massive command-and-control operations, turning trusted infrastructure into a launchpad…
Russian Threat Groups Use RDP, VPN, Supply Chain Attacks, and Social Engineering for Initial Access
Russian state-sponsored threat groups significantly stepped up their cyber operations in 2025, using a range of methods to break into targeted systems. From exploiting remote…
LiteSpeed cPanel Plugin 0-Day Exploited in the wild to Gain Server Root Access
LiteSpeed has disclosed and patched a critical 0‑day privilege escalation flaw in its user-end cPanel plugin that is already being actively exploited to gain root…
Hackers Hide Malware Payloads Inside Nested macOS-Like Folders to Evade Scanning
Hackers are quietly hiding Windows malware inside nested folders that imitate macOS system paths, making dangerous payloads look like harmless archives to the untrained eye.…
Hackers Can Weaponize Lenovo Driver to Terminate EDR Processes
Hackers can weaponize a legitimately signed Lenovo driver to terminate security processes, highlighting a dangerous Bring Your Own Vulnerable Driver (BYOVD) attack vector that can…
Discord Announces End-to-End Encryption by Default for Video and Voice Messages
Discord has officially rolled out end-to-end encryption (E2EE) for all voice and video communications across its platform, marking a major milestone in secure real-time communication.…
Hackers Use Fake Microsoft Teams Downloads to Deploy ValleyRAT Malware
Hackers have been caught running a deceptive campaign that uses fake Microsoft Teams download websites to trick users into installing ValleyRAT, a remote access trojan…
Critical Chrome Vulnerabilities Enables Remote Code Execution Attacks
Google has released an urgent security update for Chrome, addressing 16 vulnerabilities including two rated Critical that could allow attackers to execute arbitrary code on…
Flipper Unveils New Flipper One Modular Linux Cyberdeck
Flipper Devices has unveiled Flipper One, a modular Linux cyberdeck aimed at becoming a fully open, mainline-first ARM platform for hackers, researchers, and makers The…
WantToCry Ransomware Abuses SMB Services to Remotely Encrypt Files
A ransomware strain called WantToCry has been targeting businesses by abusing a widely used file-sharing protocol to encrypt files without dropping any malware on the…