Nasir Security Group Targets Energy Companies in the Middle East

170/69 Wednesday, March 25, 2026 Cybersecurity firm Resecurity has reported the discovery of threat activity linked to a cyber threat group known as Nasir Security, which is targeting energy sector organizations across the Middle East. The activity comes amid heightened regional security tensions, particularly within Gulf Cooperation Council (GCC) countries. The energy sector remains a […]

sittisak mintaboon

March 25, 2026

New “CanisterWorm” Malware Targets Kubernetes via npm, Deploys Kamikaze Wiper to Destroy Systems

169/69 Wednesday, March 25, 2026 Security researchers have identified a rapidly spreading new worm named CanisterWorm, active since March 20, 2026. The campaign is attributed to the hacker group TeamPCP, which leveraged a software supply chain attack by embedding malicious code into more than 45 npm packages. The compromise is believed to stem from stolen […]

sittisak mintaboon

March 25, 2026

CISA Adds Apple, Laravel Livewire, and Craft CMS Vulnerabilities to KEV Catalog Following Active Exploitation

168/69 Tuesday, March 24, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation. These vulnerabilities carry CVSS scores ranging from 7.8 to 10.0 and include issues such as buffer overflow, improper locking, and […]

sittisak mintaboon

March 24, 2026

Oracle Fixes Critical Vulnerability CVE-2026-21992, Risk of System Takeover via Identity Manager

167/69 Tuesday, March 24, 2026 Oracle has released security updates to address a critical vulnerability tracked as CVE-2026-21992 (CVSS score: 9.8), affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw allows unauthenticated attackers to exploit the systems remotely over HTTP, potentially leading to Remote Code Execution (RCE). Successful exploitation could result in full […]

sittisak mintaboon

March 24, 2026

Hackers Launch Mass Attacks on Over 7,500 Magento Websites Worldwide, Impacting Major Brands and Government Entities

166/69 Tuesday, March 24, 2026 Since February 27, 2026, cybersecurity researchers from Netcraft have identified a large-scale attack campaign targeting websites running the popular e-commerce platform Magento. More than 7,500 domains have been compromised through website defacement, affecting over 15,000 hostnames globally. The attack involves uploading simple text files (.txt) directly into website infrastructures, impacting […]

sittisak mintaboon

March 24, 2026

WorldLeaks Claims Breach of Los Angeles, Steals Over 160 GB of Data; Foster City Declares Emergency After Ransomware Attack

165/69 Monday, March 23, 2026 The ransomware group WorldLeaks added the City of Los Angeles to its leak site on March 20, 2026, claiming it had stolen approximately 159.9 GB of data across 779 files. The group operates as a cybercriminal network focused on data exfiltration and extortion, pressuring victims to pay in exchange for […]

sittisak mintaboon

March 23, 2026

“PolyShell” Vulnerability in Magento and Adobe Commerce Allows Unauthenticated Malicious File Uploads

164/69 Monday, March 23, 2026 Cybersecurity firm Sansec has disclosed a vulnerability in the REST API of Magento and Adobe Commerce that allows attackers to upload malicious files to affected systems without authentication. The flaw, dubbed PolyShell, impacts versions from the earliest releases up to 2.4.9-alpha2. In older versions (below 2.3.5), the issue may also […]

sittisak mintaboon

March 23, 2026

Google Introduces Advanced Flow for Sideloaded APK Installations to Enhance Android Security

163/69 Monday, March 23, 2026 Google has announced a new security feature called Advanced Flow for Android users who install applications from external sources (APK sideloading) or from unverified developers. This measure is designed to address the growing threat of cyber scams and malware. According to the Global Anti-Scam Alliance (GASA), global losses from scams […]

sittisak mintaboon

March 23, 2026

DarkSword iOS Exploit Kit Used in iPhone Data Theft Campaign

162/69 Friday, March 20, 2026 Security researchers have identified a new iOS exploit kit named DarkSword, which leverages six vulnerabilities-CVE-2025-31277, CVE-2025-43529, CVE-2026-20700, CVE-2025-14174, CVE-2025-43510, and CVE-2025-43520-to bypass sandbox restrictions, escalate privileges, and execute remote code on iPhones. The attack chain begins through the Safari browser, combining multiple exploits to gain kernel read/write access before deploying […]

sittisak mintaboon

March 20, 2026

Intuitive Discloses Data Breach Following Targeted Phishing Attack on Employee Account

161/69 Friday, March 20, 2026 Intuitive has disclosed a data breach caused by a targeted phishing attack, in which threat actors successfully compromised an employee account and used it to gain access to internal systems. As a result, certain data was accessed without authorization, including customer contact information, employee data, and corporate business information. The […]

sittisak mintaboon

March 20, 2026
1 2 3 82