Backup request is actually a phishing campaign, LastPass warns
LastPass on Tuesday warned of a phishing campaign with false claims that the company is conducting maintenance and asking customers to back up their vaults…
Latest Cybersecurity News — Page 895
View all →
Black Basta’s alleged ringleader identified as authorities raid homes of other members
Law enforcement agencies from multiple European countries are still pursuing leads on people involved in the Black Basta ransomware group, nearly a year after the…
GitLab warns of high-severity 2FA bypass, denial-of-service flaws
GitLab has patched a high-severity two-factor authentication bypass impacting community and enterprise editions of its software development platform. Tracked as CVE-2026-0723, this vulnerability stems from…
Researchers Uncovered LockBit’s 5.0 Latest Affiliate Panel and Encryption Variants
LockBit, one of the most dangerous ransomware groups in the world, has released its newest version despite facing serious law enforcement actions. The group’s operations…
ErrTraffic Exploits Visual Page Breaks to Fuel ClickFix Attacks, Rebranding Exploits as “GlitchFix”
ErrTraffic is a Traffic Distribution System (TDS) designed to power ClickFix social engineering attacks. Unlike traditional fake update prompts, ErrTraffic deliberately breaks website visuals creating garbled text,…
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Ravie LakshmananJan 21, 2026Vulnerability / Network Security Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in…
ACME Flaw in Cloudflare allowed attackers to reach origin servers
ACME flaw in Cloudflare allowed attackers to reach origin servers Pierluigi Paganini January 21, 2026 Cloudflare fixed a flaw in its ACME validation logic that…
CFOs, CISOs clash over cybersecurity spending as threats mount: Expel
Dive Brief: CFOs and chief information security officers are significantly misaligned when it comes to cybersecurity investment goals and priorities, a survey by cybersecurity firm…
Hackers exploit security testing apps to breach Fortune 500 firms
Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access…
New Magecart Attack Inject Malicious JavaScript to Skim Payment Data
A new Magecart-style campaign has emerged, targeting online shoppers through malicious JavaScript code designed to steal payment information directly from ecommerce websites. The attack works…
First Fully AI-Driven Malware Signals a New Era of Cyber Threats
A sophisticated Linux malware framework developed almost entirely through artificial intelligence, marking the beginning of a new era in AI-powered threats. Unlike previous AI-generated malware…
Microsoft shares workaround for Outlook freezes after Windows update
Microsoft shared a temporary workaround for customers experiencing Outlook freezes after installing this month’s Windows security updates. As explained one week ago, when Microsoft acknowledged…