ZCyberNews
中文

Articles

432 articles

FISA Section 702 Reauthorization Debate Intensifies Amid Privacy and SecurityINFORMATIONAL
Industry News

FISA Section 702 Reauthorization Debate Intensifies Amid Privacy and Security

The U.S. Congress is debating the reauthorization of FISA Section 702, a surveillance authority that allows warrantless collection of foreign communications but also sweeps in American data, pitting national security claims against privacy concerns.

4 min read
Legitify Open-Source Tool Scans GitHub, GitLab for Security MisconfigurationsINFORMATIONAL
Tools & Techniques

Legitify Open-Source Tool Scans GitHub, GitLab for Security Misconfigurations

Legit Security releases Legitify, an open-source scanner that identifies security misconfigurations in GitHub and GitLab organizations, repositories, and CI/CD runners to combat software supply chain risks.

4 min read
Major Tech Giants Ignore Legally Mandated Privacy Opt-Out SignalsHIGH
Industry News

Major Tech Giants Ignore Legally Mandated Privacy Opt-Out Signals

A forensic audit finds Google, Microsoft, and Meta systematically ignore the Global Privacy Control signal, setting tracking cookies after users opt out, violating California privacy law.

3 min read
Microsoft Patches Defender Zero-Day Allowing Local Privilege EscalationHIGH
Vulnerabilities

Microsoft Patches Defender Zero-Day Allowing Local Privilege Escalation

Microsoft patches CVE-2026-33825, an 'Important' zero-day flaw in the Microsoft Defender Antimalware Platform that allows local attackers to escalate privileges to SYSTEM. The vulnerability was publicly disclosed on April 14, 2026.

CVE-2026-33825
4 min read
Microsoft Confirms Active Exploitation of SharePoint Zero-Day Spoofing FlawHIGH
Vulnerabilities

Microsoft Confirms Active Exploitation of SharePoint Zero-Day Spoofing Flaw

Microsoft warns that a critical spoofing vulnerability, CVE-2026-32201, in SharePoint Server is being actively exploited. The flaw allows attackers to bypass authentication and access sensitive data.

CVE-2026-32201
4 min read
Mirax Android RAT Evolves with Proxy Network and Data Theft CapabilitiesHIGH
Malware

Mirax Android RAT Evolves with Proxy Network and Data Theft Capabilities

The Mirax Android RAT is being offered as a Malware-as-a-Service to Russian-speaking affiliates, ensnaring devices in Europe into a residential proxy network while stealing credentials and sensitive data.

5 min read
Signed Adware Tool Disables Antivirus with SYSTEM PrivilegesHIGH
Malware

Signed Adware Tool Disables Antivirus with SYSTEM Privileges

A digitally signed adware tool, 'PC App Store', has been abused to deploy scripts that disable antivirus software with SYSTEM privileges, impacting thousands of endpoints in sectors like education and government.

3 min read
CISA Flags Six Actively Exploited Flaws in Fortinet, Microsoft, AdobeHIGH
Vulnerabilities

CISA Flags Six Actively Exploited Flaws in Fortinet, Microsoft, Adobe

CISA added six vulnerabilities in Fortinet, Microsoft, and Adobe software to its Known Exploited Vulnerabilities catalog, warning of active in-the-wild attacks requiring urgent patching.

CVE-2026-21643
3 min read
CISA Warns of Actively Exploited Windows, Adobe Acrobat VulnerabilitiesHIGH
Vulnerabilities

CISA Warns of Actively Exploited Windows, Adobe Acrobat Vulnerabilities

CISA adds two new vulnerabilities to its KEV catalog: a Windows SmartScreen bypass (CVE-2024-21412) and an Adobe Acrobat Reader code execution flaw (CVE-2024-20662), both under active exploitation.

CVE-2024-21412CVE-2024-20662
4 min read
Fake Ledger Live App on Apple App Store Steals $9.5M in CryptocurrencyHIGH
Malware

Fake Ledger Live App on Apple App Store Steals $9.5M in Cryptocurrency

A malicious Ledger Live app distributed via Apple's official App Store for macOS stole approximately $9.5 million from 50 victims by harvesting recovery phrases.

4 min read
Janela RAT Campaign Targets Latin American Finance with Fake MSI InstallersHIGH
Malware

Janela RAT Campaign Targets Latin American Finance with Fake MSI Installers

A new campaign deploying the Janela RAT uses fake MSI installers and malicious browser extensions to target financial and cryptocurrency entities in Latin America for data theft.

3 min read
Malicious Chrome Extensions Hijack OAuth Tokens, Deploy BackdoorsHIGH
Malware

Malicious Chrome Extensions Hijack OAuth Tokens, Deploy Backdoors

Over 100 malicious extensions in the official Chrome Web Store are stealing Google OAuth2 tokens, deploying backdoors, and committing ad fraud, impacting millions of users.

3 min read
← PrevPage 33 of 36Next →