Beware of Fake WinRAR Website That Delivers Malware with WinRAR Installer
A newly discovered malware campaign is using fake WinRAR download sites to deliver the dangerous Winzipper malware directly to unsuspecting users. The attack emerged from…
Category: CyberSecurityNews
FBI Warns of Kimsuky Actors Leverage Malicious QR Codes to Target U.S. Organizations
North Korean state‑sponsored group Kimsuky is running new spearphishing campaigns that abuse QR codes to compromise U.S. organizations. The FBI warns that think tanks, NGOs,…
Microsoft Defender’s Blocks Legitimate MAS Amid Fake Script Hunt
In a classic “Microsoft moment,” Windows Defender has started blocking the popular open-source Microsoft Activation Scripts (MAS) tool while targeting fake impostors, without verifying whether…
OWASP CRS Vulnerability Allows Attackers to Bypass Charset Validation
A critical vulnerability in the OWASP Core Rule Set (CRS) has been discovered that allows attackers to bypass important security protections designed to prevent charset-based…
Trend Micro Apex Central Vulnerabilities Enables Remote Code Execution Attacks
Critical security patches to address three severe vulnerabilities affecting Apex Central (on-premise) that could allow remote attackers to execute malicious code or launch denial-of-service attacks…
Undertow HTTP Server Used in Java Apps Vulnerability Allow Attackers to Hijack Sessions
A critical security flaw has been discovered in the Undertow HTTP server core, a widely used component in Java applications such as WildFly and JBoss…
New Ghost Tapped Attack Uses Your Android Device to Drain Your Bank Account
Chinese threat actors have developed a dangerous new way to steal money directly from bank accounts using specially crafted Android applications. Known as Ghost Tapped,…
SmarterTools SmarterMail Vulnerability Enables Remote Code Execution Attack
A critical pre-authentication remote code execution vulnerability, identified as CVE-2025-52691, has been discovered in SmarterTools’ SmarterMail solution. The flaw received a maximum CVSS score of…
Hackers Actively Exploiting AI Deployments
Security researchers have identified over 91,000 attack sessions targeting AI infrastructure between October 2025 and January 2026, exposing systematic campaigns against large language model deployments.…
Cisco Small Business Switches Face Global DNS Crash Outage
Network administrators worldwide reported widespread crashes in Cisco small business switches on January 8, 2026, triggered by fatal errors in the DNS client service. Devices…
New OAuth-Based Attack Let Hackers Bypass Microsoft Entra Authentication Flows to Steal Keys
The security landscape faced a significant challenge just before the year’s end with the emergence of ConsentFix, an ingenious OAuth-based attack that exploits legitimate authentication…
Microsoft Enforces Mandatory MFA for Microsoft 365 Admin Center Logins
Microsoft is ramping up security measures for its enterprise customers, mandating multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center. The policy…