4+ hour, 50+ min ago  (213+ words) In a significant move to enhance corporate privacy and operational security, Microsoft has announced an important update for its Teams platform. As part of the March 2026 feature rollout, Microsoft Teams will now automatically remove EXIF metadata from all images shared…...

4+ hour, 25+ min ago  (526+ words) A critical security flaw has been disclosed in the Nginx-UI backup restore mechanism, tracked as CVE-2026-33026. This vulnerability allows threat actors to tamper with encrypted backup archives and inject malicious configurations during the restoration process. With a public Proof-of-Concept (PoC)…...

23+ hour, 34+ min ago  (541+ words) Two high-severity vulnerabilities have been discovered in libpng, the widely used reference library for reading and writing PNG images. These flaws allow attackers to trigger process crashes, leak sensitive information, and potentially execute arbitrary code by convincing a system to…...

20+ hour ago  (446+ words) Security researcher Dominic Alvieri detailed that on ShinyHunters" data leak site, which flagged Cisco with a "FINAL WARNING" notice, demanding the company reach out before April 3, 2026, or face public data exposure. The listing, updated March 31, 2026, indicates a record count of…...

13+ hour, 42+ min ago  (566+ words) A sophisticated and long-running Magecart campaign has been quietly operating for over 24 months, infecting e-commerce websites across at least 12 countries using more than 100 malicious domains to steal payment card data in real time and banks, not merchants, are bearing the…...

18+ hour, 1+ min ago  (390+ words) Google has released an emergency security update for its Chrome browser, patching a zero-day vulnerability that is already being actively exploited in the wild. The Stable channel has been updated to version 146.0.7680.177/178 for Windows and Mac, and 146.0.7680.177 for Linux, with…...

18+ hour, 34+ min ago  (601+ words) A sophisticated backdoor called EtherRAT is actively targeting organizations across multiple sectors by hiding its command infrastructure inside the Ethereum blockchain " a move that makes it uniquely hard to track and shut down. The malware runs on Node.js and…...

22+ hour, 59+ min ago  (479+ words) Instead, it launches a two-stage attack capable of stealing browser credentials, hijacking active sessions, and giving attackers live remote access to a victim's screen, microphone, and webcam. The package (version 2.0.0) delivers two payloads that work in parallel. The first is…...

17+ hour, 57+ min ago  (488+ words) A newly disclosed Russian-linked remote access toolkit called "CTRL" is being used to hijack Remote Desktop Protocol sessions and steal credentials from Windows systems. According to Censys ARC, the malware is a custom .NET framework that combines phishing, keylogging, reverse…...

19+ hour, 19+ min ago  (629+ words) A new and dangerous piece of malware has surfaced and is being marketed openly to cybercriminals through private Telegram channels. Named CrystalX, this Malware-as-a-Service (MaaS) platform combines a remote access trojan (RAT), credential stealer, keylogger, clipboard hijacker, spyware, and an…...