Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Illinois man charged with hacking Snapchat accounts to steal nude photos
U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online. Between May 2020 and February 2021, 26-year-old defendant Kyle Svara allegedly used various social engineering tactics to obtain victims’ emails, phone numbers, and […]
CISA retires 10 emergency cyber orders in rare bulk closure
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has retired 10 Emergency Directives issued between 2019 and 2024, saying that the required actions have been completed or are now covered by Binding Operational Directive 22-01. CISA said this is the largest number of Emergency Directives it has closed at one time. “By statute, CISA issues […]
New China-linked hackers breach telcos using edge device exploits
A sophisticated threat actor that uses Linux-based malware to target telecommunications providers has recently broadened its operations to include organizations in Southeastern Europe. Tracked internally by Cisco Talos as UAT-7290, the actor shows strong China nexus indicators and typically focuses on telcos in South Asia in cyber-espionage operations. Active since at least 2022, the UAT-7290 group also serves […]
FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs
The North Korean state-sponsored hacker group Kimsuki is using malicious QR codes in spearphishing campaigns that target U.S. organizations, the Federal Bureau of Investigation warns in a flash alert. The observed activity targets organizations involved in North Korea-related policy, research, and analysis, including non-governmental organizations, think tanks, academic institutions, strategic advisory firms, and government entities in […]
VMware ESXi zero-days likely exploited a year before disclosure
Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. In attacks from December 2025 analyzed by Huntress, managed security company, the hackers used a sophisticated virtual machine (VM) escape that likely exploited three VMware […]
Cisco switches hit by reboot loops due to DNS client bug
Multiple Cisco switch models are suddenly experiencing reboot loops after logging fatal DNS client errors, according to reports seen by GeekFeed. Starting at approximately 2 AM, what appears to be a firmware bug in the switches’ internal DNS client service began treating DNS lookup failures as fatal errors, causing affected devices to reboot repeatedly. Switches […]
Texas court blocks Samsung from tracking TV viewing, then vacates order
The State of Texas obtained a short-lived, temporary restraining order (TRO) against Samsung that prohibited the South Korean company from collecting audio and visual data about what Texas consumers are watching on their TVs. Like other major TV manufacturers, Samsung employs Automated Content Recognition (ACR) technology to capture periodic screenshots, analyze viewing activity, and identify users’ […]
Microsoft to enforce MFA for Microsoft 365 admin center sign-ins
Microsoft will start enforcing multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting next month. While MFA requirements for the admin center began rolling out in February 2025, Microsoft will now enforce this for all users and block those without MFA enabled from signing in to the Microsoft 365 administrative portal […]
Cisco warns of Identity Service Engine flaw with exploit code
Cisco has patched a vulnerability in its Identity Services Engine (ISE) network access control solution, with public proof-of-concept exploit code, that can be abused by attackers with admin privileges. Enterprise admins use Cisco ISE to manage endpoint, user, and device access to network resources while enforcing a zero-trust architecture. The security flaw (CVE-2026-20029) affects Cisco […]
CISA tags max severity HPE OneView flaw as actively exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. HPE’s OneView infrastructure management software helps IT admins automate the management of storage, servers, and networking devices from a centralized interface. Tracked as CVE-2025-37164, this critical security flaw was reported by Vietnamese security researcher Nguyen Quoc […]