Follow Cyber Kendra on Google News! | WhatsApp | Telegram

Add as a preferred source on Google
Security
Adobe Acrobat Zero-Day CVE-2026-34621 Under Active Attack

Adobe Acrobat Zero-Day CVE-2026-34621 Under Active Attack

Adobe has confirmed that attackers have been quietly exploiting a critical zero-day vulnerability in Adobe Acrobat and Reader since at least December…
CPU-Z & HWMonitor Site Hacked to Push Malware

CPU-Z & HWMonitor Site Hacked to Push Malware

If you downloaded CPU-Z or HWMonitor from cpuid.com between April 9 and 10, 2026, you may have gotten far more than a hardware monitoring tool. The w…
React2DoS Flaw Can Crash Servers with One Request

React2DoS Flaw Can Crash Servers with One Request

A newly disclosed vulnerability in React Server Components can bring production servers to a complete halt using nothing more than a single, c…
Linux's Print System Has a Zero-Click Root Hole — and No Fix Yet

Linux's Print System Has a Zero-Click Root Hole — and No Fix Yet

If your Linux server runs a shared PostScript print queue, a remote attacker with no credentials whatsoever can — right now — execute arbitrary code …
Your Router Is Spying on You — And Russia's APT28 Is Behind It

Your Router Is Spying on You — And Russia's APT28 Is Behind It

Your home router may already be working for Russian military intelligence — and you'd have no idea. In a rare coordinated disclosure, both the UK…
Why Cloud and Endpoint Security Can’t Be Treated Separately Anymore

Why Cloud and Endpoint Security Can’t Be Treated Separately Anymore

Many companies still think about security in buckets. One team worries about laptops and employee devices. Another focuses on cloud workloads, storag…
Fortinet Rushes Emergency Patch After Zero-Day in FortiClient EMS Caught Mid-Exploitation

Fortinet Rushes Emergency Patch After Zero-Day in FortiClient EMS Caught Mid-Exploitation

A critical zero-day vulnerability in Fortinet's FortiClient Endpoint Management Server (EMS) was already being weaponized by attackers when resea…
Progress ShareFile Storage Zone Controller Hit With Critical Pre-Auth RCE Chain — Patch Now

Progress ShareFile Storage Zone Controller Hit With Critical Pre-Auth RCE Chain — Patch Now

Offensive security firm watchTowr has disclosed a critical two-vulnerability chain in Progress ShareFile's on-premises Storage Zone Controller (S…
AI Found Three Critical Microsoft RCEs on Its Own — And Got the CVEs to Prove It

AI Found Three Critical Microsoft RCEs on Its Own — And Got the CVEs to Prove It

For the first time in the history of vulnerability research, an autonomous AI system has been formally credited with discovering critical remote co…
North Korean Hackers Behind Axios npm Attack — Says Google

North Korean Hackers Behind Axios npm Attack — Says Google

The same North Korean threat group that deployed AI-generated deepfakes to trick cryptocurrency executives into handing over system access has now pu…
Chrome's WebGPU Engine Is Becoming Hackers' Favorite Target — Update Now

Chrome's WebGPU Engine Is Becoming Hackers' Favorite Target — Update Now

Google has patched a zero-day vulnerability in Chrome that attackers are already exploiting — and this time, the target isn't JavaScript or the b…
Opening a Single File in Vim Can Hand Attackers Full Control of Your System

Opening a Single File in Vim Can Hand Attackers Full Control of Your System

A two-bug chain quietly sitting in Vim since version 9.1.1391 lets a malicious file execute arbitrary shell commands the moment you open it — no plug…
Axios Hack Alert: Malicious npm Versions Drop RAT on macOS, Windows, and Linux

Axios Hack Alert: Malicious npm Versions Drop RAT on macOS, Windows, and Linux

Developers relying on axios — the JavaScript HTTP client installed over 300 million times weekly — woke up Tuesday to a nightmare scenario: two versi…
Telegram 0-Day: One Sticker Could Hack You — Telegram Calls It Fake

Telegram 0-Day: One Sticker Could Hack You — Telegram Calls It Fake

[Updated: March 30, 2026 — Score revised from 9.8 to 7.0. Original story below.] On Sunday, Telegram's official account dismissed a newly disclos…
ShinyHunters Claims 350GB EU Commission Breach — Databases, Emails, and Contracts Up for Leak

ShinyHunters Claims 350GB EU Commission Breach — Databases, Emails, and Contracts Up for Leak

The European Commission confirmed on Friday that its public-facing web infrastructure was hit by a cyberattack discovered on March 24 — and now a th…
The LiteLLM Hack Was Just the Opening Move. Now 300K Dark Web Users Are Being Armed With Ransomware

The LiteLLM Hack Was Just the Opening Move. Now 300K Dark Web Users Are Being Armed With Ransomware

What started as a poisoned Python package has evolved into something with far darker implications — a coordinated alliance between supply chain hacke…
Hackers Are Actively Exploiting a Critical Microsoft SharePoint Flaw — Patch Now

Hackers Are Actively Exploiting a Critical Microsoft SharePoint Flaw — Patch Now

Attackers are exploiting a critical remote code execution (RCE) vulnerability in Microsoft SharePoint that Microsoft patched two months ago but many …
Hackers Poisoned a Python Package Trusted by 95 Million Monthly Installs — and It Stole Everything

Hackers Poisoned a Python Package Trusted by 95 Million Monthly Installs — and It Stole Everything

The Python package that quietly powers AI infrastructure for thousands of organizations — routing API calls across OpenAI, Anthropic, Bedrock, and 10…
10 Top AI Tools for Red Teaming in 2026

10 Top AI Tools for Red Teaming in 2026

Red teaming has traditionally been defined by creativity, unpredictability, and human intuition. Unlike vulnerability assessments, red team operation…
Magento's REST API Has Let Anyone Upload Malicious Files Since Day One

Magento's REST API Has Let Anyone Upload Malicious Files Since Day One

A security flaw hiding in Magento's codebase since its very first release has finally surfaced — and it's bad.  Researchers at Sansec disclos…