Fortinet begins rolling out fixes for critical FortiOS zero-day
The flaw (CVE-2026-24858) was actively exploited in the wild by two malicious FortiCloud accounts.
Cybersecurity News - Page 29
Recent WinRAR flaw now widely exploited by state hackers and cybercrime groups
The flaw, tracked as CVE-2025-8088, allows attackers to place malicious files on a victim’s system by tricking users into opening specially crafted RAR archives.
Indian government entities targeted in new Pakistan-linked cyber campaigns
The campaigns, dubbed ‘Gopher Strike’ and ‘Sheet Attack,’ were discovered in September 2025.
New Stanley MaaS pushes phishing via Chrome extensions
Stanley is marketed as an easy-to-use phishing platform that works by hijacking user navigation and overlaying a full-screen iframe with attacker-controlled content.
China-linked APT groups deploy PeckBirdy JScript-based framework
PeckBirdy is JScript-based, which allows it to run across different environments using legitimate system tools.
Malicious Chrome extensions masquerade as ChatGPT tools to steal user accounts
The extensions share a common mechanism that hijacks ChatGPT session authentication tokens and sends them to a third-party backend.
New ClickFix сampaign abuses Microsoft App-V to deliver Amatera infostealer
The attack begins with a fake CAPTCHA verification that instructs victims to manually paste and run a command using the Windows Run dialog.
Microsoft rolls out emergency fix for actively exploited Office zero-day
Patches are currently available for most supported versions, but updates for Office 2016 and Office 2019 have not yet been released.
Zimbra, VMware flaws actively exploited in the wild
CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.
North Korean Konni hackers deploy AI-Generated PowerShell malware against blockchain devs
The attack chain begins with a Discord-hosted link that delivers a ZIP archive containing a PDF lure and a malicious Windows shortcut (LNK).
Showing elements 281 - 290