News

Palo Alto Networks has alerted organizations about active exploitation of a critical authentication bypass vulnerability in its PAN-OS GlobalProtect VPN service, identified as CVE-2026-0257. Threat actors are leveraging this flaw to bypass login protections and gain unauthorized access to corporate networks. The vulnerability allows attackers to circumvent standard authentication mechanisms, potentially enabling them to infiltrate sensitive systems and data. Organizations using Palo Alto's GlobalProtect VPN are advised to apply security patches immediately and monitor their networks for suspicious access attempts. This active exploitation underscores the importance of timely security updates for enterprise infrastructure. Source: Palo Alto Networks.

A newly identified vulnerability called 'CIFSwitch' in the Linux kernel poses a significant security risk across multiple Linux distributions. The flaw enables local privilege escalation by allowing attackers to manipulate CIFS authentication key descriptions and misuse the kernel's key request mechanism. This exploitation could grant attackers root-level access to affected systems. The vulnerability affects various Linux distributions and requires immediate attention from system administrators and users. Patching and updating systems is recommended to mitigate potential threats. Source: Cybersecurity News.

Various industrial sectors across India are experiencing increased cyber threats and attacks. Organizations are confronting sophisticated security challenges that compromise their digital infrastructure and operational continuity. Cybercriminals are targeting businesses through multiple vectors, exploiting vulnerabilities in systems and networks. The attacks impact productivity, data security, and financial stability. Industries need to strengthen their cybersecurity posture through robust defense mechanisms, employee training, and incident response planning. Experts recommend implementing multi-layered security approaches and staying updated on emerging threats. Organizations should conduct regular security audits and maintain backup systems to mitigate risks. The rising threat landscape underscores the importance of proactive cyber defense strategies for business resilience. Source: varindia.com.

The US Cybersecurity and Infrastructure Security Agency (CISA) has identified three vulnerabilities being actively exploited by cyber attackers: CVE-2026-8398 in Daemon Tools Lite, CVE-2026-45321 in TanStack, and CVE-2026-48027 in Nx Console. All three contain embedded malicious code or unspecified security issues. CISA maintains a Known Exploited Vulnerabilities catalog to track threats affecting government systems. While federal agencies must patch these flaws urgently, CISA recommends all organizations prioritize fixing these vulnerabilities as part of their security practices. Regular monitoring and timely updates remain critical for protecting networks from active cyber threats. Source: CISA.

Cybercrime insurance policies are being examined for their effectiveness against Mythos-related threats. As cyber attacks evolve, businesses in India are questioning whether existing insurance coverage adequately protects against emerging malware variants and sophisticated cyber threats. Insurance providers are reassessing policy terms and coverage limits to address modern cybersecurity challenges. Understanding policy exclusions and claim procedures is crucial for Indian organizations seeking comprehensive protection. Experts recommend reviewing coverage details and working with insurers to ensure adequate protection against current threats. Source: Forbes India.

Microsoft is testing automatic device isolation in Defender for Endpoint to help security teams rapidly contain ongoing cyberattacks. The feature acts as a quick network disconnection to prevent attackers from maintaining control and stealing data. However, SANS Institute research warns that misconfigured settings could allow attackers to disable user accounts. Security experts emphasize that such automated defense tools are essential since modern ransomware and malware operate at machine speed, faster than human response. The feature is particularly valuable for under-resourced security teams and helps limit damage spread. Still, these automation capabilities require careful tuning and testing to prevent misuse. No production release date has been announced yet. Source: SecurityWeek.

Microsoft has identified a cryptojacking campaign exploiting SEO poisoning techniques to direct users to malicious websites that hijack GPU resources for cryptocurrency mining. The attackers abuse ScreenConnect remote access software and Microsoft .NET utilities to establish control over high-performance computers. The campaign also leverages AI chatbots to distribute malicious links, expanding its reach. Victims unknowingly allow their systems' processing power to be used for unauthorized mining operations, degrading performance and increasing electricity consumption. Source: Microsoft Security Blog.

Attackers have exploited a critical zero-day vulnerability in KnowledgeDeliver, a learning management system, to deploy Godzilla web shells on compromised servers. This vulnerability allows unauthorized access and control over affected systems. Organizations using KnowledgeDeliver should immediately patch their systems and monitor for suspicious activity. Web shells enable attackers to execute commands remotely, potentially leading to data theft or further system compromise. Educational institutions and enterprises relying on this LMS platform are advised to check their infrastructure for signs of exploitation and implement security updates as soon as they become available. Source: Original Report.

A critical vulnerability has been discovered in a widely-used open-source software package that poses significant risks to millions of artificial intelligence agents deployed globally. The flaw could potentially be exploited by threat actors to compromise AI systems and the applications they support. Security experts have warned organizations using this package to apply patches immediately. The vulnerability highlights the importance of maintaining updated software dependencies and conducting regular security audits of open-source components used in critical infrastructure. Developers are urged to review their systems and implement necessary security measures to protect their AI deployments from potential exploitation. Source: Ars Technica.

A malware campaign called 'Megalodon' has infected thousands of GitHub repositories in a rapid six-hour attack. The attackers injected malicious code commits into over 5,500 repositories, targeting developers and organizations. The malware was designed to steal sensitive credentials, developer secrets, and other valuable data from compromised accounts. This mass-scale attack demonstrates the vulnerability of popular code-sharing platforms to sophisticated threats. GitHub users are advised to review their repository activity, check for unauthorized commits, and secure their authentication tokens immediately. Source: Cybersecurity news outlet.

TeamPCP, the hacking group behind the Shai-Hulud worm, has inflicted substantial damage on the open source software ecosystem. Security experts debate whether their success stems primarily from technical expertise or fortunate circumstances. The worm's impact highlights vulnerabilities in widely-used open source projects that developers rely on globally. Analysts suggest that while the attackers demonstrated capability in deploying the malware, their effectiveness may also reflect gaps in security practices within the open source community. This incident underscores the importance of robust security measures and rapid patching protocols for critical software infrastructure. Source: Cybersecurity News.

MuddyWater, an Iranian-linked hacking group, has conducted a coordinated espionage campaign affecting at least nine organizations across multiple continents during early 2026. The campaign targeted diverse sectors including manufacturing, electronics, education, government agencies, finance, and professional services firms. Security researchers from Symantec and Carbon Black identified the group's use of DLL side-loading techniques—a method that exploits legitimate system processes to execute malicious code. This approach allows attackers to evade detection while maintaining access to sensitive systems. Organizations across multiple countries remain at risk from this sophisticated threat. Source: Symantec Threat Hunter Team.