Yazoul Security - Cyber News

Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

Yazoul Security (contact@yazoul.net) — Fri, 17 Apr 2026 00:00:00 GMT

CRITICAL - vulnerability

CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw

Yazoul Security (contact@yazoul.net) — Mon, 13 Apr 2026 00:00:00 GMT

CRITICAL - vulnerability

Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. [...]

Sources: 1 correlated source

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Weekly Threat Roundup: 2026-04-06 to 2026-04-12

Yazoul Security (contact@yazoul.net) — Sun, 12 Apr 2026 00:00:00 GMT

CRITICAL - roundup

Cybersecurity roundup for 2026-04-06 to 2026-04-12. 10 CVE advisories, 2 breach reports, 4 threat news stories.

Sources: 0 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Yazoul Security (contact@yazoul.net) — Thu, 09 Apr 2026 00:00:00 GMT

MEDIUM - vulnerability

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign

Yazoul Security (contact@yazoul.net) — Tue, 07 Apr 2026 00:00:00 GMT

HIGH - threat-actor

An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

Yazoul Security (contact@yazoul.net) — Mon, 06 Apr 2026 00:00:00 GMT

HIGH - malware

Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

Yazoul Security (contact@yazoul.net) — Mon, 06 Apr 2026 00:00:00 GMT

MEDIUM - vulnerability

A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Hackers exploit React2Shell in automated credential theft campaign

Yazoul Security (contact@yazoul.net) — Sun, 05 Apr 2026 00:00:00 GMT

CRITICAL - vulnerability

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]

Sources: 1 correlated source

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms

Yazoul Security (contact@yazoul.net) — Wed, 01 Apr 2026 00:00:00 GMT

MEDIUM - breach

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Critical Citrix NetScaler memory flaw actively exploited in attacks

Yazoul Security (contact@yazoul.net) — Mon, 30 Mar 2026 00:00:00 GMT

CRITICAL - vulnerability

Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. [...]

Sources: 1 correlated source

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

DeepLoad Malware Uses ClickFix and WMI Persistence to Steal Browser Credentials

Yazoul Security (contact@yazoul.net) — Mon, 30 Mar 2026 00:00:00 GMT

MEDIUM - breach

Healthcare IT firm CareCloud has disclosed a data breach incident that exposed sensitive data and caused a network disruption lasting approximately eight hours. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking

Yazoul Security (contact@yazoul.net) — Mon, 30 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels

Yazoul Security (contact@yazoul.net) — Mon, 30 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation

Yazoul Security (contact@yazoul.net) — Sat, 28 Mar 2026 00:00:00 GMT

CRITICAL - vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) c

Sources: 1 correlated source

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

Yazoul Security (contact@yazoul.net) — Fri, 27 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Windows 11 KB5079391 update rolls out Smart App Control improvements

Yazoul Security (contact@yazoul.net) — Fri, 27 Mar 2026 00:00:00 GMT

HIGH - malware

Microsoft has released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, which includes 29 changes, such as Smart App Control and Display improvements. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks

Yazoul Security (contact@yazoul.net) — Thu, 26 Mar 2026 00:00:00 GMT

CRITICAL - vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework

Sources: 3 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Device Code Phishing Hits 340+ Microsoft 365 Orgs Across Five Countries via OAuth Abuse

Yazoul Security (contact@yazoul.net) — Wed, 25 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. [...]

Sources: 4 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

PolyShell attacks target 56% of all vulnerable Magento stores

Yazoul Security (contact@yazoul.net) — Wed, 25 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns

Yazoul Security (contact@yazoul.net) — Tue, 24 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

The Federal Communications Commission has updated its Covered List to include all consumer routers made in foreign countries, banning the sale of new models in the U.S. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

Yazoul Security (contact@yazoul.net) — Tue, 24 Mar 2026 00:00:00 GMT

HIGH - breach

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular 'LiteLLM' Python package on PyPI and claiming to have stolen data from hundreds of thousands of dev

Sources: 3 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

Yazoul Security (contact@yazoul.net) — Mon, 23 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Microsoft is working to address an ongoing service issue that has intermittently prevented some users from accessing their cloud-based Exchange Online mailboxes via Outlook mobile and Mac desktop clie

Sources: 3 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

The Hidden Cost of Cybersecurity Specialization: Losing Foundational Skills

Yazoul Security (contact@yazoul.net) — Mon, 23 Mar 2026 00:00:00 GMT

MEDIUM - breach

Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage

Yazoul Security (contact@yazoul.net) — Mon, 23 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026

Yazoul Security (contact@yazoul.net) — Sat, 21 Mar 2026 00:00:00 GMT

CRITICAL - vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catal

Sources: 1 correlated source

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams

Yazoul Security (contact@yazoul.net) — Fri, 20 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

The Importance of Behavioral Analytics in AI-Enabled Cyber Attacks

Yazoul Security (contact@yazoul.net) — Fri, 20 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Geopolitical tensions are driving destructive cyberattacks designed to disrupt operations, not demand ransom. CISOs must limit lateral movement and contain breaches to reduce the impact of wiper campa

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

Yazoul Security (contact@yazoul.net) — Thu, 19 Mar 2026 00:00:00 GMT

CRITICAL - vulnerability

A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. [...]

Sources: 3 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Yazoul Security (contact@yazoul.net) — Thu, 19 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

A new Android malware called Perseus is checking user-curated notes to steal sensitive information, like passwords, recovery phrases, or financial data. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Yazoul Security (contact@yazoul.net) — Wed, 18 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

Yazoul Security (contact@yazoul.net) — Wed, 18 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since lat

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader

Yazoul Security (contact@yazoul.net) — Tue, 17 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and Typ

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths

Yazoul Security (contact@yazoul.net) — Mon, 16 Mar 2026 00:00:00 GMT

CRITICAL - vulnerability

CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

Yazoul Security (contact@yazoul.net) — Mon, 16 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Last week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8

Yazoul Security (contact@yazoul.net) — Fri, 13 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

INTERPOL Dismantles 45,000 Malicious IPs, Arrests 94 in Global Cybercrime

Yazoul Security (contact@yazoul.net) — Fri, 13 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

An international law enforcement action codenamed 'Operation Synergia III' has sinkholed tens of thousands of IP addresses and seized servers linked to cybercrime operations worldwide. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Yazoul Security (contact@yazoul.net) — Fri, 13 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Microsoft is investigating a new issue affecting some Samsung laptops running Windows 11 after installing the February 2026 security updates, in which users lose access to their C:\ drive and are

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit

Yazoul Security (contact@yazoul.net) — Thu, 12 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed

Yazoul Security (contact@yazoul.net) — Thu, 12 Mar 2026 00:00:00 GMT

CRITICAL - vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of ac

Sources: 1 correlated source

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks

Yazoul Security (contact@yazoul.net) — Thu, 12 Mar 2026 00:00:00 GMT

HIGH - malware

A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware a

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation

Yazoul Security (contact@yazoul.net) — Thu, 12 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for

Sources: 3 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution

Yazoul Security (contact@yazoul.net) — Thu, 12 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited

Yazoul Security (contact@yazoul.net) — Tue, 10 Mar 2026 00:00:00 GMT

CRITICAL - vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. Th

Sources: 1 correlated source

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Yazoul Security (contact@yazoul.net) — Tue, 10 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

For more than a year, a Russian-speaking threat actor targeted human resource (HR) departments with malware that delivers a new EDR killer named BlackSanta. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet

Yazoul Security (contact@yazoul.net) — Tue, 10 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

A newly discovered botnet malware called KadNap is targeting ASUS routers and other edge networking devices to turn them into proxies for malicious traffic. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days

Yazoul Security (contact@yazoul.net) — Tue, 10 Mar 2026 00:00:00 GMT

HIGH - vulnerability

Microsoft has released the Windows 10 KB5078885 extended security update to fix the March 2026 Patch Tuesday vulnerabilities, including 2 zero-days and an issue that prevent some devices from shutting

Sources: 3 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

New 'LeakyLooker' Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries

Yazoul Security (contact@yazoul.net) — Tue, 10 Mar 2026 00:00:00 GMT

HIGH - malware

A new Android malware named BeatBanker can hijack devices and tricks users into installing it by posing as a Starlink app on websites masquerading as the official Google Play Store. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Threat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool

Yazoul Security (contact@yazoul.net) — Tue, 10 Mar 2026 00:00:00 GMT

HIGH - threat-actor

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations. [...]

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials

Yazoul Security (contact@yazoul.net) — Mon, 09 Mar 2026 00:00:00 GMT

MEDIUM - vulnerability

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

Sources: 2 correlated sources

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News

Hikvision and Rockwell Automation CVSS 9.8 Flaws Added to CISA KEV Catalog

Yazoul Security (contact@yazoul.net) — Fri, 06 Mar 2026 00:00:00 GMT

CRITICAL - vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Hikvision and Rockwell Automation products to its Known Exploited Vulnerabilities (KEV)

Sources: 1 correlated source

Read the full article on Yazoul Security

Published by Yazoul Security - Cyber News