Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
CISA flags actively exploited n8n RCE flaw as KEV entry
CISA has added CVE-2025-68613, a critical remote code execution flaw in n8n, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, with fixes available in patched releases published by n8n.
-
Google fixes two Chrome zero-days exploited in the wild affecting Skia and V8
Google has released Chrome security updates to fix two high-severity zero-days, CVE-2026-3909 and CVE-2026-3910, that were exploited in the wild and later added to CISA’s Known Exploited Vulnerabilities catalog.
-
Threat actors mass-scan Salesforce Experience Cloud using modified AuraInspector tool
Salesforce says threat actors are increasingly targeting publicly accessible Experience Cloud sites with a customized AuraInspector tool to exploit overly permissive guest-user configurations and gain access to sensitive information.
-
Hikvision and Rockwell Automation CVSS 9.8 flaws added to CISA KEV catalog
CISA has added two CVSS 9.8 vulnerabilities affecting Hikvision IP cameras and Rockwell Automation ThinManager to its Known Exploited Vulnerabilities catalog, giving federal agencies until March 26, 2026, to apply mitigations or discontinue use.
-
Microsoft says ClickFix campaign used Windows Terminal to deploy Lumma Stealer
Microsoft says a widespread ClickFix campaign observed in February 2026 used Windows Terminal instead of the Run dialog to launch a multi-stage attack chain that downloaded payloads, set scheduled-task persistence, added Defender exclusions, and injected Lumma Stealer into Chrome and Edge.
-
Chrome extensions turned malicious after ownership transfer, pushing code injection and fake updates
Two Chrome extensions, QuickLens and ShotBird, turned malicious after ownership changes, enabling attackers to inject arbitrary code, strip security headers, display fake Chrome update prompts, and steal sensitive data from downstream users.
-
AppsFlyer Web SDK hijacked to deliver crypto-stealing JavaScript in supply-chain attack
The AppsFlyer Web SDK was temporarily hijacked to deliver malicious JavaScript that replaced cryptocurrency wallet addresses with attacker-controlled ones, in what AppsFlyer says was a domain registrar incident affecting the Web SDK on a segment of customer websites.
-
Stryker Cyberattack: Iran-Linked Handala Claims Wiper Attack
Iran-linked Handala claims a wiper attack on Stryker, with early reports pointing to possible Microsoft Intune abuse and major operational disruption.
-
MCP Vulnerabilities and AI Security Risks
MCP vulnerabilities are emerging as a new cybersecurity risk as attackers exploit the Model Context Protocol to automate reconnaissance, privilege escalation, and AI-driven cyberattacks.
-
ChatGPT ‘Limit of File Uploads’ Error Reported by Plus Users
ChatGPT users report a ‘limit of file uploads’ error despite minimal activity. The incident suggests a possible platform bug affecting ChatGPT Plus accounts.