-
A critical XML External Entity (XXE) vulnerability has been disclosed in the Syncope identity management console. The flaw could allow administrators to expose sensitive user data and compromise session security inadvertently. The vulnerability, tracked as CVE-2026-23795, affects multiple versions of the platform and requires immediate patching. The improper restriction of XML External Entity references in […] The post Apache Syncope Vulnerability Let Attackers Hijack User Sessions appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
APT28, the Russia-linked advanced persistent threat group, has launched a sophisticated campaign targeting Central and Eastern Europe using a zero-day vulnerability in Microsoft Office. The threat actors leveraged specially crafted Microsoft Rich Text Format (RTF) files to exploit the vulnerability and deliver malicious backdoors through a multi-stage infection chain. The campaign, tracked as Operation Neusploit, […] The post APT28 Hackers Exploiting Microsoft Office 0-Day in the Wild to Deploy Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
In March 2025, the Ricochet Chollima APT group, widely recognized as APT37 and linked to North Korean state-sponsored operations, launched a targeted spear-phishing campaign against activists focused on North Korean affairs. The threat actors initiated…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Mozilla has rolled out comprehensive AI controls in Firefox 148, launching February 24, 2026, allowing users to globally disable all generative AI features across the browser. The update addresses growing user concerns about AI integration while mainta…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new Android spyware campaign that uses romance scams and fake chat profiles to spy on users in Pakistan. The malicious app, named GhostChat and detected as Android/Spy.GhostChat.A, disguises itself as a dating chat platform but is actually built for …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hundreds of malicious skills are distributed through OpenClaw’s marketplace, transforming the popular AI agent ecosystem into a new supply chain attack vector. Threat actors are weaponizing the platform’s extensibility features to deliver d…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A dangerous banking malware called Anatsa has been discovered spreading through the Google Play Store, reaching more than fifty thousand downloads before detection. The malicious application was cleverly hidden as a document reader, making it appear harmless to unsuspecting users searching for legitimate file management tools. This discovery highlights how cybercriminals continue to exploit official […] The post Malicious App on The Google Play with 50K+ Downloads Deploy Anatsa Banking Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical authenticated command execution vulnerability has been disclosed affecting multiple Hikvision Wireless Access Point (WAP) models. The flaw, tracked as CVE-2026-0709, stems from insufficient input validation in device firmware, potentially allowing attackers with valid credentials to execute arbitrary commands on affected systems. The vulnerability carries a CVSS v3.1 base score of 7.2, indicating a […] The post Hikvision Wireless Access Points Vulnerability Enables Malicious Command Execution appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hundreds of malicious skills designed to deliver trojans, infostealers, and backdoors disguised as legitimate automation tools. VirusTotal has uncovered a significant malware distribution campaign targeting OpenClaw, a rapidly growing personal AI agent ecosystem. OpenClaw, previously known as Clawdbot and briefly as Moltbot, is a self-hosted AI agent that executes real system actions, including shell commands, […] The post OpenClaw AI Agent Skills Abused by Threat Actors to Deliver Malware appeared first on Cyber Security News.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A malicious application on the Google Play Store masquerading as a legitimate document reader. The deceptive application, which has accumulated over 50,000 downloads, functions as a dropper for the notorious Anatsa banking trojan, a sophisticated malwa…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
