ZCyberNews
中文

Articles

432 articles

Polymarket Gamblers Threaten Journalist Over Event VerificationHIGH
Industry News

Polymarket Gamblers Threaten Journalist Over Event Verification

Polymarket gamblers threatened a journalist whose story was used to verify a real-world event for betting settlements, highlighting oracle manipulation risks on the prediction…

3 min read
Pro-Orbán Media Firm Mediaworks Breached by Ransomware GroupHIGH
Industry News

Pro-Orbán Media Firm Mediaworks Breached by Ransomware Group

Ransomware group claims breach of Mediaworks, a pro-Orbán Hungarian media conglomerate. The firm confirmed unauthorized access and potential data exfiltration on Friday.

2 min readLockBit
Weaver E-cology Zero-Day CVE-2026-22679 Exploited Since MarchCRITICAL
Vulnerabilities

Weaver E-cology Zero-Day CVE-2026-22679 Exploited Since March

CVE-2026-22679 (CVSS 9.8) in Weaver E-cology OA has been exploited in the wild since mid-March 2026. Attackers run discovery commands post-exploit. No patch available.

CVE-2026-22679
3 min read
Instructure Data Breach: ShinyHunters Claims TheftHIGH
Industry News

Instructure Data Breach: ShinyHunters Claims Theft

ShinyHunters claims to have stolen data from Instructure, the edtech firm behind Canvas LMS. Instructure confirms a breach involving unauthorized access to certain systems and…

2 min readShinyHunters
Microsoft Defender False Positives Flag DigiCert Certs as TrojansMEDIUM
Industry News

Microsoft Defender False Positives Flag DigiCert Certs as Trojans

Microsoft Defender is flagging legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, triggering false-positive alerts and certificate removal on Windows systems.

2 min read
Flowise RCE Vulnerability CVE-2026-41265 Carries CVSS 9.8CRITICAL
Vulnerabilities

Flowise RCE Vulnerability CVE-2026-41265 Carries CVSS 9.8

CVE-2026-41265 in Flowise Airtable_Agent allows unauthenticated remote code execution with CVSS 9.8. ZDI advisory details code injection in default installations.

CVE-2026-41265
3 min read
Instructure Probes Cyber Incident Impacting Canvas PlatformHIGH
Industry News

Instructure Probes Cyber Incident Impacting Canvas Platform

Instructure, maker of the Canvas LMS used by over 30 million students, disclosed a cybersecurity incident and is investigating potential data exposure across its infrastructure.

2 min read
Poisoned Ruby Gems, Go Modules Hijack CI/CD PipelinesHIGH
Malware

Poisoned Ruby Gems, Go Modules Hijack CI/CD Pipelines

BufferZoneCorp account published malicious Ruby gems and Go modules that steal credentials, tamper with GitHub Actions, and establish SSH persistence in CI pipelines.

2 min readBufferZoneCorp
Trellix Breach: Source Code Repository CompromisedHIGH
Industry News

Trellix Breach: Source Code Repository Compromised

Trellix confirmed attackers accessed a portion of its source code repository. The firm engaged forensic experts and notified law enforcement. No customer data impact disclosed.

2 min read
AI Agents Wreck Production Databases Due to Poor Access ControlsHIGH
Industry News

AI Agents Wreck Production Databases Due to Poor Access Controls

Dark Reading reports AI agents are deleting production databases because organizations deploy agent integrations without proper security testing or access controls.

2 min read
Deep#Door Python Backdoor Targets Windows Systems for EspionageHIGH
Malware

Deep#Door Python Backdoor Targets Windows Systems for Espionage

Deep#Door Python backdoor deploys persistent Windows implant for espionage — uses encrypted C2 channels, file exfiltration, and remote shell. No patch available.

2 min readDeep#Door
Ex-Incident Responders Sentenced to 4 Years for Ransomware AttacksHIGH
Industry News

Ex-Incident Responders Sentenced to 4 Years for Ransomware Attacks

Two cybersecurity incident responders who abused client access to deploy ransomware were sentenced to 4 years in prison — a rare case of responders turning attackers.

2 min read
← PrevPage 16 of 36Next →