Security news.
Today's security news highlights critical vulnerabilities being actively exploited, ongoing nation-state cyber campaigns targeting vital infrastructure, and new privacy features for popular messaging apps. Developers and IT teams should pay close attention to patches for widely used software and be aware of evolving th
Critical SimpleHelp Flaw Exploited to Deploy New Stealer Malware
Threat actors are actively exploiting CVE-2026-48558 in SimpleHelp to deploy Djinn Stealer, a new cross-platform information stealer affecting Windows, macOS, and Linux.
Hackers Now Exploit Critical Oracle E-Business Flaw in Attacks
A critical vulnerability, CVE-2026-46817, in the Oracle E-Business Suite (EBS) financial application is now being actively exploited by attackers.
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw
A public proof-of-concept is available for CVE-2026-55200, a critical libssh2 flaw that allows a malicious SSH server to trigger memory corruption and potential code execution on connecting clients without user interaction.
Iran, Russia, China Target Water Systems for Sabotage
Nation-state attackers are breaching water systems primarily through weak passwords, exposed PLCs, and poor network segmentation, rather than sophisticated malware.
Malicious Perplexity Chrome Extension Intercepted Searches and Address Bar Input
Microsoft discovered a malicious Chrome extension posing as the AI search engine Perplexity that logged user searches and address bar input, routing data through an attacker-controlled server.
Amazon Q VS Extension Flaw Leads to Cloud Credential Theft
A vulnerability in the Amazon Q VS Extension could allow adversaries to plant a malicious repository to execute arbitrary code and steal cloud credentials, highlighting growing supply chain risks.
WhatsApp Rolls Out Usernames to Help Users Hide Their Phone Number
WhatsApp is introducing usernames, an optional privacy feature that allows users to connect with others without sharing their phone numbers.
U.S. Offers $10 Million for Hackers Targeting WhatsApp, Signal Users
The U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of members of the Russian-linked UNC5792 and UNC4221 hacker groups.