Cyber News & Updates
Breaking news, security alerts, and trending stories from across the cybersecurity landscape.
-
Veeam patches critical Backup & Replication flaws that allow remote code execution
Veeam has released security updates for Backup & Replication to fix multiple vulnerabilities, including critical flaws that could let authenticated domain users execute code remotely on affected servers.
-
Qualys details nine CrackArmor flaws in AppArmor that enable root escalation
Qualys says nine vulnerabilities in Linux AppArmor, collectively named CrackArmor, let unprivileged local users bypass protections, escalate to root, and break container isolation on affected systems.
-
CISA flags actively exploited n8n RCE flaw as KEV entry
CISA has added CVE-2025-68613, a critical remote code execution flaw in n8n, to its Known Exploited Vulnerabilities catalog after evidence of active exploitation, with fixes available in patched releases published by n8n.
-
Google fixes two Chrome zero-days exploited in the wild affecting Skia and V8
Google has released Chrome security updates to fix two high-severity zero-days, CVE-2026-3909 and CVE-2026-3910, that were exploited in the wild and later added to CISA’s Known Exploited Vulnerabilities catalog.
-
Threat actors mass-scan Salesforce Experience Cloud using modified AuraInspector tool
Salesforce says threat actors are increasingly targeting publicly accessible Experience Cloud sites with a customized AuraInspector tool to exploit overly permissive guest-user configurations and gain access to sensitive information.
-
Hikvision and Rockwell Automation CVSS 9.8 flaws added to CISA KEV catalog
CISA has added two CVSS 9.8 vulnerabilities affecting Hikvision IP cameras and Rockwell Automation ThinManager to its Known Exploited Vulnerabilities catalog, giving federal agencies until March 26, 2026, to apply mitigations or discontinue use.
-
Microsoft says ClickFix campaign used Windows Terminal to deploy Lumma Stealer
Microsoft says a widespread ClickFix campaign observed in February 2026 used Windows Terminal instead of the Run dialog to launch a multi-stage attack chain that downloaded payloads, set scheduled-task persistence, added Defender exclusions, and injected Lumma Stealer into Chrome and Edge.
-
Chrome extensions turned malicious after ownership transfer, pushing code injection and fake updates
Two Chrome extensions, QuickLens and ShotBird, turned malicious after ownership changes, enabling attackers to inject arbitrary code, strip security headers, display fake Chrome update prompts, and steal sensitive data from downstream users.
-
AppsFlyer Web SDK hijacked to deliver crypto-stealing JavaScript in supply-chain attack
The AppsFlyer Web SDK was temporarily hijacked to deliver malicious JavaScript that replaced cryptocurrency wallet addresses with attacker-controlled ones, in what AppsFlyer says was a domain registrar incident affecting the Web SDK on a segment of customer websites.
-
Stryker Cyberattack: Iran-Linked Handala Claims Wiper Attack
Iran-linked Handala claims a wiper attack on Stryker, with early reports pointing to possible Microsoft Intune abuse and major operational disruption.