Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Bitwarden introduces ‘Cupid Vault’ for secure password sharing
Bitwarden has launched a new system called ‘Cupid Vault’ that allows users to safely share passwords with trusted email addresses. Cupid Vault works by allowing users of the free version of Bitwarden to create a 2-person shared vault called an ‘Organization’. Other users can access the logins inside the Organization space with credentials assigned by the owner […]
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. Tracked as CVE-2026-1731 and assigned a near-maximum CVSS score of 9.9, the flaw affects BeyondTrust Remote Support versions 25.3.1 and earlier and Privileged Remote Access versions 24.3.4 […]
Microsoft: New Windows LNK spoofing issues aren’t vulnerabilities
Today, at Wild West Hackin’ Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. Beukema documented four previously unknown techniques for manipulating Windows LNK shortcut files to hide malicious targets from users inspecting file properties. LNK shortcuts were introduced with Windows 95 and use a complex […]
Romania’s oil pipeline operator Conpet confirms data stolen in attack
Romania’s national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. In a press release the day following the incident, the company said that the threat actor breached its corporate IT infrastructure, but operations remained unaffected. Conpet S.A. published an update today about the incident, saying that […]
Odido data breach exposes personal info of 6.2 million customers
Dutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers. Odido is one of the largest mobile and telecommunications providers in the Netherlands, offering mobile, broadband, and television services to millions of customers nationwide. The company was formed in 2023 through the rebranding of T-Mobile […]
WordPress plugin with 900k installs vulnerable to critical RCE flaw
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication. The security issue is tracked as CVE-2026-1357 and received a severity score of 9.8. It impacts all versions of the plugin up to 0.9.123 and could lead […]
Fake AI Chrome extensions with 300K users steal credentials, emails
A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information. Some of the extensions are still present in the Chrome Web Store and have been installed by tens of thousands of users, while others show a […]
Google says hackers are abusing Gemini AI for all attacks stages
State-backed hackers are using Google’s Gemini AI model to support all stages of an attack, from reconnaissance to post-compromise actions. Bad actors from China (APT31, Temp.HEX), Iran (APT42), North Korea (UNC2970), and Russia used Gemini for target profiling and open-source intelligence, generating phishing lures, translating text, coding, vulnerability testing, and troubleshooting. Cybercriminals are also showing increased interest […]
Apple fixes zero-day flaw used in ‘extremely sophisticated’ attacks
Apple has released security updates to fix a zero-day vulnerability that was exploited in an “extremely sophisticated attack” targeting specific individuals. Tracked as CVE-2026-20700, the flaw is an arbitrary code execution vulnerability in dyld, the Dynamic Link Editor used by Apple operating systems, including iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. Apple’s security bulletin warns […]
Windows 11 Notepad flaw let files execute silently via Markdown links
Microsoft has fixed a “remote code execution” vulnerability in Windows 11 Notepad that allowed attackers to execute local or remote programs by tricking users into clicking specially crafted Markdown links, without displaying any Windows security warnings. With the release of Windows 1.0, Microsoft introduced Notepad, a simple, easy-to-use text editor that, over the years, became popular […]