Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Security
n8n Hit Again: Critical RCE Flaw Lets Attackers Hijack Servers by Chaining Three Harmless-Looking Nodes

n8n Hit Again: Critical RCE Flaw Lets Attackers Hijack Servers by Chaining Three Harmless-Looking Nodes

Security researcher Fatih Çelik has disclosed yet another critical remote code execution (RCE) vulnerability in n8n, the popular open-source workflow…
Chinese Hackers Hid Spy Commands Inside Google Sheets to Infiltrate 53 Telecoms Across 42 Countries

Chinese Hackers Hid Spy Commands Inside Google Sheets to Infiltrate 53 Telecoms Across 42 Countries

For nearly a decade, a suspected Chinese state-backed hacking group quietly burrowed into the world's phone networks — and they did it hiding in …
Chinese AI Labs Ran 16 Million Fake Conversations With Claude to Steal Its Capabilities

Chinese AI Labs Ran 16 Million Fake Conversations With Claude to Steal Its Capabilities

Anthropic has uncovered one of the most sophisticated AI theft operations to date — and the evidence points directly at three Chinese labs. In a disc…
PayPal's Loan App Bug Leaked SSNs for Six Months — And Nobody Noticed

PayPal's Loan App Bug Leaked SSNs for Six Months — And Nobody Noticed

A software coding error — not a hacker — is behind PayPal's latest data breach disclosure. The company began sending formal breach notification l…
Your New Android Tablet May Have Been Compromised Before You Even Opened the Box

Your New Android Tablet May Have Been Compromised Before You Even Opened the Box

A new Android backdoor called Keenadu was shipped inside tablet firmware before devices ever reached consumers' hands — and it's already clai…
Critical Flaws Exposed in zkLogin: Zero-Knowledge Proofs Can't Fix Broken Authentication

Critical Flaws Exposed in zkLogin: Zero-Knowledge Proofs Can't Fix Broken Authentication

Brave Software researchers have disclosed critical vulnerabilities in zkLogin, a widely-deployed blockchain authentication system used across the Sui…
Hackers Are Now Calling AI to Write Malware On-the-Fly, Google Warns

Hackers Are Now Calling AI to Write Malware On-the-Fly, Google Warns

Nation-state hackers have crossed a troubling threshold: they're now weaponising commercial AI to generate malicious code dynamically during acti…
Credential-Stealing Flaw in Ivanti EPM Lets Hackers Waltz Past Authentication

Credential-Stealing Flaw in Ivanti EPM Lets Hackers Waltz Past Authentication

Ivanti just patched a critical authentication bypass in its Endpoint Manager that hands attackers stored credentials on a silver platter—no login req…
Critical RCE Flaw in Popular Manga Translation Tool Exposes Thousands to Takeover

Critical RCE Flaw in Popular Manga Translation Tool Exposes Thousands to Takeover

A critical security vulnerability in manga-image-translator, a widely used open-source OCR tool with over 9,300 GitHub stars, allows attackers to exe…
New Notepad Flaw That Lets Hackers Execute Code via Markdown Files

New Notepad Flaw That Lets Hackers Execute Code via Markdown Files

Microsoft patched a serious security hole in Windows Notepad this week that could allow attackers to remotely execute malicious code on victims' …
5 Best AI AppSec Tools in 2026

5 Best AI AppSec Tools in 2026

Application security did not become harder because organisations lack tools. It became harder because risk no longer lives in one place. Modern appli…
AI Discovers Critical Zero-Click Flaw Threatening 8,500 Enterprise Remote Access Systems

AI Discovers Critical Zero-Click Flaw Threatening 8,500 Enterprise Remote Access Systems

Thousands of organisations running BeyondTrust's remote access tools face immediate risk after an AI security system uncovered a critical pre-aut…
Flickr Data Breach Exposes User Information Through Third-Party Email Provider Vulnerability

Flickr Data Breach Exposes User Information Through Third-Party Email Provider Vulnerability

Photo-sharing platform Flickr has disclosed a security incident involving unauthorised access to user information through a vulnerability in one of i…
NGINX Servers Exposed: Response Injection Flaw Puts Millions of Web Applications at Risk

NGINX Servers Exposed: Response Injection Flaw Puts Millions of Web Applications at Risk

A newly disclosed vulnerability in NGINX web servers could allow attackers positioned between servers and upstream systems to manipulate data flowing…
Chinese State Hackers Turned Notepad++'s Own Update System Against Users for Six Months

Chinese State Hackers Turned Notepad++'s Own Update System Against Users for Six Months

The popular text editor Notepad++ has confirmed what security researchers feared: Chinese state-sponsored hackers successfully hijacked its update me…
Mass VPS Provider Ransomware Attack Linked to Stolen Credentials from Virtualizor Support Breach

Mass VPS Provider Ransomware Attack Linked to Stolen Credentials from Virtualizor Support Breach

UPDATE (February 3, 2026): Virtualizor has released an official statement clarifying the attack vector. The company confirms there is no …
AI Hacks AI: Security Tool Finds One-Click RCE in OpenClaw Assistant

AI Hacks AI: Security Tool Finds One-Click RCE in OpenClaw Assistant

In a watershed moment for AI security, an autonomous hacking agent has successfully exploited another AI system, exposing a critical vulnerability in…
Windows 11's New Security Feature Had 9 Vulnerabilities: Researcher Details the Flaws

Windows 11's New Security Feature Had 9 Vulnerabilities: Researcher Details the Flaws

Microsoft's flagship security upgrade for Windows 11 had a close call: a researcher found nine different ways to bypass it during testing. Google…
Critical Unauthenticated RCE Flaw Exposes SolarWinds Web Help Desk to Instant Takeover

Critical Unauthenticated RCE Flaw Exposes SolarWinds Web Help Desk to Instant Takeover

Security researchers at Horizon3.ai have uncovered a chain of critical vulnerabilities in SolarWinds Web Help Desk (WHD) that allows unauthenticated …
WinRAR Flaw Becomes Hacker Gold Mine: State Spies and Cybercriminals Still Exploiting Six-Month-Old Bug

WinRAR Flaw Becomes Hacker Gold Mine: State Spies and Cybercriminals Still Exploiting Six-Month-Old Bug

Six months after a critical WinRAR vulnerability was patched, hackers from Russia, China, and cybercrime groups continue to exploit it—turning a fixe…