Hundreds of businesses have had their Microsoft cloud accounts compromised by a sophisticated phishing campaign that researchers believe is leveraging artificial intelligence tools and the cloud-hosting service Railway. The campaign, detected by Huntress, has rapidly scaled in recent weeks, demonstrating a new level of efficiency and evasion in cyberattacks. Rich…

A sophisticated, multi-stage espionage campaign leveraging the publicly available AsyncRAT remote access Trojan has targeted critical Libyan infrastructure. Between November 2025 and February 2026, a Libyan oil refinery, a telecommunications organization, and a state institution were compromised in attacks that highlight growing cybersecurity concerns for the nation’s vital assets. The…

A sophisticated new Android threat, dubbed Oblivion RAT, is operating as a fully functional malware-as-a-service (MaaS) platform, exploiting fake Google Play Store updates to deploy a potent spyware operation. This alarming development, detailed by cybersecurity researchers, highlights a growing trend of advanced, ready-to-use malicious tools being offered on underground cybercrime…

Voice-based phishing tactics surged in 2025, becoming a significant entry point for cyberattacks, according to Mandiant’s annual M-Trends report. This method, where attackers impersonate trusted individuals to gain network access, accounted for 11% of all incidents investigated by Mandiant last year, indicating a concerning shift in threat actor strategies and…

The cybersecurity landscape continues to be a battleground of evolving threats and persistent vulnerabilities, as highlighted by a recent surge in attacks targeting crucial software supply chains and IoT devices. This past week has seen significant breaches, with attackers exploiting basic security oversights and demonstrating increased patience and creativity. From…

Amazon’s Bedrock platform empowers developers to build sophisticated AI applications by providing access to foundation models and seamless integration with enterprise data and systems. This connectivity, while powerful, also presents a significant attack surface. XM Cyber’s threat research team has identified eight distinct attack vectors that exploit this connectivity within…

A sophisticated malware campaign dubbed CanisterWorm is exploiting the npm ecosystem, a critical hub for JavaScript developers, by compromising legitimate publisher accounts to distribute malicious code. This supply chain attack, attributed to a threat actor group known as “TeamPCP,” stealthily injects credential-stealing malware into widely used packages, turning trusted development…

Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following a sophisticated supply chain attack targeting the popular open-source vulnerability scanner, Trivy. This incident, attributed to a threat actor known as TeamPCP, highlights the escalating risks to developer environments and the widening blast radius of compromised software dependencies. The…

A sophisticated new malware campaign is deploying the PureLog Stealer, a potent information-stealing tool, by leveraging convincing copyright violation notices. Organizations within the healthcare, government, education, and hospitality sectors are being targeted. This campaign, identified in March 2026, relies on social engineering rather than exploiting software vulnerabilities, making traditional patching…

Quest KACE SMA Vulnerability Exploited, Threatening Full System Takeover Threat actors are suspected of actively exploiting a critical security vulnerability in Quest KACE Systems Management Appliance (SMA) after it was left unpatched by some organizations. Cybersecurity firm Arctic Wolf reported observing malicious activity consistent with the exploitation of CVE-2025-32975 on…

Oracle has issued critical security updates to patch a severe vulnerability, CVE-2026-21992, affecting its Identity Manager and Web Services Manager products. This flaw, with a high CVSS score of 9.8 out of 10, allows for remote code execution without authentication, posing a significant risk to organizations utilizing these Oracle solutions.…

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five critical vulnerabilities, including flaws in Apple software, Craft CMS, and Laravel Livewire, to its Known Exploited Vulnerabilities (KEV) catalog. This directive mandates federal agencies to implement necessary patches by April 3, 2026, aiming to bolster defenses against ongoing cyber…