Google patches a high-severity vulnerability tracked as CVE-2026-1504 in the latest Chrome Stable update, issued on January 28. The new release—version 144.0.7559.109/110 for Windows and macOS, and 144.0.7559.109 for Linux—targets a flaw involving the Background Fetch API. This security issue could allow malicious actors to exploit browser behavior and potentially compromise user data. The vulnerability […]
Fortinet blocks an exploited FortiCloud single sign-on (SSO) vulnerability as it works to develop and release a permanent fix. The company confirmed that threat actors have already taken advantage of the zero-day flaw, identified as CVE-2026-24858, which allows authentication bypass in FortiCloud SSO. In response, Fortinet has disabled SSO connections from devices running affected firmware, […]
WhatsApp enables a lockdown feature designed to defend high-risk users from sophisticated cyber threats, according to an announcement from Meta. The new “Strict Account Settings” option empowers users to apply the most restrictive privacy controls with just a few taps. Once activated, the feature blocks attachments and silences calls from unknown contacts, limiting potential attack […]
A China-linked cyberespionage group, dubbed Salt Typhoon, is accused of infiltrating mobile devices belonging to aides of UK prime ministers, according to reports. The attackers allegedly gained access to handsets used by senior government personnel, raising alarms over the potential compromise of sensitive communications. Salt Typhoon, suspected to operate under state direction, allegedly conducted the […]
Cybercriminals and advanced threat actors linked to nation-states are actively leveraging a WinRAR defect exploited for over six months to launch targeted attacks. The flaw has become a reliable entry point in espionage campaigns against military, government, and technology organizations, according to new threat intelligence reports. These malicious actors use the vulnerability to gain persistent […]
A newly uncovered phishing campaign has seen Microsoft Teams hijacked by cybercriminals using the platform’s native guest-invite feature to deploy malicious content under the guise of trusted Microsoft services. Attackers create fake teams with alarming financial references and invite victims via legitimate Teams email addresses, bypassing standard security checks like SPF, DKIM, and DMARC. One […]