A large-scale spear-phishing campaign distributing a VIP Keylogger variant sold as Malware-as-a-Service (MaaS). The campaign employs steganography, in-memory execution, and modular payload design to evade defenses while…
Apache ZooKeeper, a centralized service used for maintaining configuration information and naming in distributed systems, has received critical security updates. The Apache Software Foundation recently…
A highly sophisticated cyber espionage group, designated as CL-UNK-1068, has been actively targeting critical infrastructure across South, Southeast, and East Asia since at least 2020.…
Philadelphia, PA, United States, March 9th, 2026, CyberNewswire Security Risk Advisors (SRA) is proud to announce the release of its inaugural report, The Purple Perspective 2026.…
Iran-linked threat actors are escalating cyber operations against U.S. and allied networks, with Seedworm recently deploying new backdoors against critical infrastructure and high-value organizations amid…
Hackers are abusing a fake CleanMyMac download page to infect macOS users with SHub Stealer. This powerful infostealer drains crypto wallets and hijacks sensitive data. Instead…
A new Windows stealer dubbed BoryptGrab is being distributed through a large, ongoing campaign abusing fake GitHub repositories that pose as free tools, game cheats, and popular…
Two high-severity vulnerabilities have been discovered in Vaultwarden, a widely used alternative Bitwarden server implementation written in Rust. These security flaws, tracked as CVE-2026-27803 and…
ClipXDaemon is a new Linux malware family that hijacks cryptocurrency clipboard data in X11 sessions, operating fully offline without any command‑and‑control (C2) infrastructure. It reuses…
A wave of fraudulent account registrations to a cybercrime ecosystem operating out of Vietnam. These fake accounts are not just spam; they underpin large-scale financial…
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in ZITADEL, a popular open-source identity and access management platform. Tracked as CVE-2026-29191 with a Critical…
A critical security flaw has been discovered in Nginx UI that allows unauthenticated threat actors to download and decrypt complete system backups. Tracked as CVE-2026-27944,…
