News

Cyber Security News
cybersecuritynews.com > multiple-splunk-enterprise-vulnerabilities-patched > amp

Multiple Splunk Enterprise Vulnerabilities Enable Path Traversal and Information Disclosure Attacks

2+ hour, 17+ min ago  (503+ words) Splunk has released security updates addressing multiple vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These flaws could lead to issues such as path traversal, disclosure of stored credential hashes, and arbitrary execution of SPL (Search Processing Language) searches. Three…...

Google News
cybersecuritynews.com > new-tuxbot-v3-iot-botnet-uses-llm-generated-code

New TuxBot v3 IoT Botnet Uses LLM-Generated Code to Hijack Devices and Launch DDoS Attacks

1+ hour, 46+ min ago  (634+ words) The malware can run across a wide range of device architectures, creating a broad risk for routers, cameras, and other exposed Linux-based equipment. TuxBot uses several paths to gain access, including Telnet password guessing, SSH scanning, HTTP-based probing, Android Debug…...

Cyber Security News
cybersecuritynews.com > gpt-5-6-sol-chrome-exploit-chain

GPT-5.6 Sol Ultra Builds Full Chrome Exploit Chain From Security Patches

16+ hour, 22+ min ago  (336+ words) OpenAI’s GPT-5.6 Sol Ultra model independently constructed a complete, working exploit chain for Google Chrome, using nothing but publicly available security patch commits as its starting point. Researchers from Hacktron tasked three frontier AI models, GPT-5.6 Sol Medium, Sol Ultra,…...

Cyber Security News
cybersecuritynews.com > chinese-hackers-ai-attacks

Chinese Hackers Embed Claude Code and DeepSeek in AI-Powered Government Cyberattacks

1+ day, 2+ hour ago  (252+ words) Rather than acting as peripheral research tools, Claude Code and DeepSeek-v4-pro were embedded directly into the core execution flows of a China-linked cyber espionage campaign. The operation uncovered by Hunt researchers pivoted off known TencShell command-and-control (C2) infrastructure originally documented…...

Cyber Security News
cybersecuritynews.com > notepad-vulnerabilities-command-injection

Multiple Notepad++ Vulnerabilities Enable PowerShell Command Injection Attacks

1+ day, 5+ hour ago  (244+ words) The update resolves five distinct issues spanning path traversal, buffer overflow, and authentication bypass weaknesses, reinforcing the security posture of one of the most widely used Windows text editors. The most severe issue fixed in this release involves an install-time…...

Cyber Security News
cybersecuritynews.com > game-fake-cheats-remote-access

Gamers Download Fake Cheats and Hand Attackers a Live Remote Control of Their Windows PCs

1+ day, 3+ hour ago  (403+ words) New research uncovered 11 malicious NuGet packages disguised as game cheats, bots, and management panels for popular online titles. The campaign targets gaming communities playing titles such as Albion Online, GTA5RP, GrandRP, Majestic RP, and Throne and Liberty. Once installed, these packages…...

Cyber Security News
cybersecuritynews.com > active-directory-services-0-day-exploited

Microsoft Active Directory Services 0-Day Vulnerability Actively Exploited in the Wild

1+ day, 5+ hour ago  (453+ words) This flaw allows an authenticated local attacker with low privileges to gain administrator-level access on affected systems. CVE-2026-56155 stems from insufficient granularity in access control within AD FS, a Microsoft service commonly utilized by organizations for single sign-on and federated…...

Google News
cybersecuritynews.com > fortisandbox-vulnerability-vnc-server

FortiSandbox Vulnerability Allows Attackers to Access VNC Servers of VMs

1+ day, 17+ hour ago  (311+ words) Fortinet has disclosed a high-severity vulnerability in FortiSandbox that could allow unauthenticated attackers to access the VNC servers of virtual machines used for malware scanning. Tracked as CVE-2026-59835, the flaw is classified as an Exposure of Resource to Wrong Sphere…...

Cyber Security News
cybersecuritynews.com > hackers-spoof-oauth-client-ids

Hackers Spoof 3.7 Million OAuth Client IDs to Stealthily Enumerate 2 Million Entra ID Users

1+ day, 17+ hour ago  (468+ words) Threat actors are increasingly exploiting spoofed OAuth client IDs to enumerate Microsoft Entra ID accounts and identify potentially valid credentials while evading traditional detection methods, according to recent research from Proofpoint. Microsoft Entra ID typically logs this information in sign-in…...

Cyber Security News
cybersecuritynews.com > fortinet-patches-seven-vulnerabilities

Fortinet Patches Seven Vulnerabilities Across FortiOS, FortiProxy, FortiPAM, and FortiSandbox

1+ day, 16+ hour ago  (352+ words) Fortinet disclosed seven new security advisories on July 14, 2026, affecting FortiOS, FortiProxy, FortiPAM, and FortiSandbox. The flaws range from low-severity header injection bugs to medium-severity buffer overflows and a notably concerning unauthenticated VNC exposure in FortiSandbox. While none carry a critical…...