Cyber Security News
55.8K subscribers
195 photos
3 videos
113K links
Be Cyber Aware. Subscribe.

Our chat: t.me/cybersecuritynewschat

Our vacancies channel: @CyberSecurityJobs

LinkedIn: https://www.linkedin.com/company/securitynews/

📩 Collab: cybersecnewsinfo@gmail.com

Paid Ads: @cybersecadmin
Download Telegram
California Water Utility Investigates Iran-Linked Breach Claim

A California water utility is investigating claims that an Iran-linked hacking group breached its systems.

The incident renews concerns about state-sponsored intrusions into US critical infrastructure.

Authorities are assessing the scope and whether operational technology was affected.

@Cyber_Security_Channel
👍31👎1
Tata Electronics Confirms Cybersecurity Incident Exposing Confidential Data

As a subsidiary of the Tata Group, Tata Electronics has acknowledged a breach affecting its systems.

The group known as World Leaks has claimed responsibility for the incident, alleging it has exfiltrated over 200,000 files, amounting to approximately 630 gigabytes of sensitive information.

Cyber_Security_Channel
🤩4👍3
FBI Dismantles China-Based Cybercrime Network Tied to $1.9B in Losses

Federal authorities, working with Google and Lumen, took down a sprawling cybercrime operation based in China.

The group is linked to roughly $1.9 billion in documented victim losses worldwide.

The takedown disrupted infrastructure used for fraud, account compromise, and money laundering across multiple campaigns.

@Cyber_Security_Channel
4🔥3👍1👎1
Microsoft Ties Mastra AI npm Supply Chain Attack to North Korea

Microsoft attributed a supply chain attack on the Mastra AI ecosystem to Sapphire Sleet, a North Korean group also known as BlueNoroff.

Attackers compromised more than 140 npm packages to plant malicious dependencies in downstream developer projects.

The campaign extends a pattern of DPRK targeting of Web3 and AI developer pipelines.

@Cyber_Security_Channel
6👍3🔥1
From Last Week: Klue Breach Cascades Into Multiple Cybersecurity Firms

Attackers breached market-intelligence platform Klue and pivoted into the Salesforce environments of several of its cybersecurity-firm customers.

Disclosed downstream victims include HackerOne, Huntress, Recorded Future, Snyk, and Tanium.

The incident underscores how SaaS supply-chain access can turn one vendor compromise into a sector-wide breach.

@Cyber_Security_Channel
‘DirtyClone’ Linux Kernel Vulnerability Leads to Root Access

At a high level, the vulnerabilities exist because the kernel does not separate the page cache used for executables and files from packet data processed via zero-copy paths, and in-place transformations such as encryption/decryption that write back to the same buffer.

Cyber_Security_Channel
👍83
US Offers $10M for Info on Russia-Linked Hackers Behind Signal and WhatsApp Attacks

The State Department announced a $10 million reward for information on UNC5792 and UNC4221, two Russia-linked groups accused of hijacking the Signal and WhatsApp accounts of government officials.

The operations abused legitimate «linked device» features via phishing pages.

Officials working on Ukraine-related policy were among the primary targets.

@Cyber_Security_Channel
3👍2🔥2😁1
«Bad Epoll» 0-Day in Linux Kernel Grants Root on Linux Servers and Android Devices

Researchers disclosed CVE-2026-46242, a use-after-free race condition in the Linux kernel's epoll subsystem that lets a local unprivileged user escalate to root.

The exploit reportedly achieves ~99% reliability and is reachable from the Chrome renderer sandbox, opening a browser-to-kernel escalation chain.

Epoll cannot be disabled, so patching is the only mitigation — a fix landed roughly two months after initial disclosure.

@Cyber_Security_Channel
👍31👀1
🔍 What if the Most Dangerous part of a Phishing Page Never Appears in Your URL Scanner?

That's exactly how EvilTokens works.

Its AES-GCM encrypted "ghost" code stays invisible until the browser decrypts and renders it, leaving static URL analysis with only part of the story.

Meanwhile, attackers abuse Microsoft's legitimate Device Code flow to take over Microsoft 365 accounts without stealing passwords.

ANY.RUN's latest research shows how browser-level inspection uncovers:

👻 Hidden decrypted HTML and DOM changes

🌐 The requests powering the phishing flow

🎯 IOCs and detection opportunities for threat hunting

Evidence that speeds up SOC triage and response

If your investigation stops at the initial HTTP response, you may be missing the attack.

Read the full analysis: tap here to access the article.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel
👍63
Medtronic Data Breach Hits 3.8 Million People — ShinyHunters Suspected of Ransom Payment

Medtronic confirmed that ShinyHunters accessed its corporate IT systems in April 2026 and stole personal and medical data on 3,834,294 people — including names, dates of birth, Social Security numbers and health details.

The group listed Medtronic on its leak site on April 17 claiming 9 million records, then removed it, suggesting a possible ransom payment.

Affected individuals are being offered 24 months of credit and dark-web monitoring plus identity theft restoration.

@Cyber_Security_Channel
3
FortiBleed Credential-Harvesting Op Tied to INC and Lynx Ransomware Groups

Researchers linked FortiBleed, a Golang-based tool that intercepts authentication traffic on Fortinet devices, to INC and Lynx ransomware operations — an operator was found logged into negotiation panels for both.

Traffic-sniffing was observed on ~19,000 Fortinet devices; attackers gained admin access on 409 targets, fully compromised 354, and deployed ransomware on 12 — encrypting hundreds of endpoints.

Some intrusions also leveraged a suspected zero-day in Nextcloud; no CVE has been assigned yet.

@Cyber_Security_Channel
👀43