
Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Cyber Security News is an Independent news platform which covers all the happenings in the Cyber World. Here We cover Ongoing threats, Research papers, Vulnerability, Data breaches and more.
New Spirals Ransomware Uses IIS Web Shell and PsExec to Encrypt IT Firm in Under 24 Hours
A previously unseen ransomware family dubbed “Spirals” struck an IT services company in South Asia in June 2026. Symantec’s Threat Hunter Team reports that the attackers moved from the initial breach to full network encryption in under 24 hours. The Rust-based payload appears (…)
Citrix Secure Access and Endpoint Client for Windows Vulnerability Enables Privilege Escalation
Cloud Software Group has disclosed two security vulnerabilities affecting Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows, with one flaw allowing low-privileged attackers to gain full SYSTEM access on affected machines. The more severe (…)
New wp2shell RCE Vulnerability Hits Millions of WordPress Sites, Emergency Patch Released
A critical pre-authentication remote code execution (RCE) vulnerability dubbed “wp2shell” has been discovered in WordPress Core, putting an estimated 500 million+ websites at risk of full takeover by unauthenticated attackers. Security researcher Adam Kues of Searchlight (…)
OpenSSL “HollowByte” Vulnerability Lets Hackers Crash Servers With Just 11 Bytes
A newly disclosed vulnerability in OpenSSL, dubbed “HollowByte,” allows a remote, unauthenticated attacker to trigger a denial-of-service (DoS) condition using a malicious payload as small as 11 bytes. Discovered by the Okta Red Team, the flaw exploits how OpenSSL (…)
Ransomware Attack on Coca-Cola-Owned Fairlife Halts Production Across the United States
Coca-Cola has reported a ransomware attack affecting its dairy subsidiary, Fairlife, resulting in a temporary shutdown of production operations across the United States. This incident was disclosed in a Form 8-K filing submitted to the U.S. Securities and Exchange Commission (…)
EY Data Breach – Hackers Gain Access to IT Support System and Download Documents
Ernst & Young LLP (EY) is notifying clients that an unauthorized third party breached a support ticket platform used by its IT staff, downloading documents containing client tax data during a roughly two-week window this spring. The Big Four accounting and consulting (…)
PentestCode – New AI Agent That Automates Penetration Testing with 18 Specialized Tools
A new open-source tool is bringing autonomous AI agents into offensive security workflows. PentestCode, a hard fork of OpenCode rebuilt specifically for penetration testing, runs security tools, analyzes their output, and makes tactical decisions all from a terminal (…)
New Windows LegacyHive 0-Day Vulnerability Allows Hackers to Gain Admin Access
A Windows zero-day vulnerability, dubbed LegacyHive (MSNightmare), abuses the User Profile Service to enable local privilege escalation, tampering with administrator accounts, and admin-level code execution. LegacyHive targets the Windows User Profile Service (ProfSvc), which (…)
AWS Cost Explorer Bug Shows Trillion-Dollar Billing Estimates
AWS customers worldwide were startled after the AWS Billing and Cost Management Console and Cost Explorer began displaying extraordinarily high projected cloud costs. Some organizations reported estimated monthly bills reaching trillions of dollars, triggering budget alerts (…)
New ClickLock macOS Stealer Kills Every App to Force Password Entry
A newly discovered macOS malware dubbed ClickLock is raising alarms in the cybersecurity community for its aggressive and deceptive credential-harvesting techniques. According to researchers at Group-IB, the stealer employs a highly disruptive tactic that forcibly terminates (…)