Cyber Security News

A high-severity security vulnerability has been discovered in Google Chrome’s integrated Gemini AI assistant, exposing users to unauthorized camera and microphone access, local file theft, and phishing attacks, all without requiring any user interaction beyond launching the browser’s built-in AI panel. Tracked as CVE-2026-0628, the flaw was uncovered by researchers at Palo Alto Networks’ Unit The post Chrome Gemini Vulnerability Lets Attackers Access Victims’ Camera and Microphone Remotely appeared first on Cyber Security News.

A critical local privilege escalation (LPE) vulnerability affecting Microsoft Windows has recently come to light following the public release of a Proof-of-Concept (PoC) exploit. Tracked as CVE-2026-20817, this security flaw resides within the Windows Error Reporting (WER) service. The vulnerability allows an authenticated user with low-level privileges to execute arbitrary malicious code with full SYSTEM The post PoC Exploit Released for Windows Error Reporting ALPC Privilege Escalation appeared first on Cyber Security News.

A critical Universal Cross-Site Scripting (UXSS) vulnerability was recently discovered in the DuckDuckGo Android browser. This flaw allowed untrusted, cross-origin iframes to execute arbitrary JavaScript in the top-level origin, tracked with a high-severity CVSS score of 8.6. The vulnerability was originally detailed in a Medium post by security researcher Dhiraj Mishra. The vulnerability stems from The post DuckDuckGo Browser UXSS Flaw in Auto Consent JS Bridge Enables Cross-Origin Code Execution appeared first on Cyber Security News.

A zero-day vulnerability in the Microsoft HTML (MSHTML) framework was actively exploited in the wild. The vulnerability, tracked as CVE-2026-21513, allows attackers to bypass security features and execute arbitrary files. With a CVSS score of 8.8, it impacts all Windows versions. Security researchers at Akamai discovered that the Russian state-sponsored threat group APT28 was targeting The post MSHTML Framework 0-Day Exploited by APT28 Hackers Before Feb 2026’s Patch Tuesday Update appeared first on Cyber Security News.

On March 2, 2026, Anthropic’s artificial intelligence assistant, Claude, experienced a significant global outage that disrupted workflows for users and developers worldwide. Organizations relying on the AI model for daily threat intelligence reporting, code generation, and automated security analysis faced temporary operational downtime as the platform struggled with elevated error rates. The technical difficulties initiated The post Claude AI Suffers Global Outage: Elevated Errors Disrupt Web Interface and APIs appeared first on Cyber Security News.

Torrance, United States / California, March 2nd, 2026, CyberNewswire March 23–26, 2026 | Booth N-6555, Moscone Center, San Francisco Criminal IP, an AI-powered cybersecurity platform specializing in Attack Surface Management (ASM) and Cyber Threat Intelligence (CTI), will participate in the RSAC 2026 Conference, taking place from March 23 to 26 at the Moscone Center in The post Criminal IP to Present Decision-Ready Threat Intelligence at RSAC™ 2026 appeared first on Cyber Security News.

A new phishing campaign called GTFire is abusing two of Google’s most trusted services — Firebase and Google Translate — to harvest login credentials from victims around the world. What makes this campaign dangerous is its ability to hide malicious activity behind legitimate Google-owned domains, allowing phishing links to pass through email filters and web The post GTFire Phishing Scheme Abuses Google Services to Evade Detection and Steal Credentials appeared first on Cyber Security News.

Frankfurt am Main, Germany, March 2nd, 2026, CyberNewswire Link11 has published its European Cyber Report 2026, revealing that DDoS attacks reached a new level in 2025 and have become a permanent stress factor for digital infrastructures. The report shows that the number of documented attacks in the Link11 network rose by 75% in 2025, following The post Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat appeared first on Cyber Security News.

A large-scale reconnaissance campaign is actively targeting SonicWall firewalls across the internet, with attackers using more than 4,000 unique IP addresses to map vulnerable devices before launching exploitation attempts. Between February 22 and February 25, 2026, threat actors generated 84,142 scanning sessions against SonicWall SonicOS infrastructure, originating from 4,305 distinct IP addresses across 20 autonomous The post Hackers Attacking SonicWall Firewalls from 4,000+ unique IP Addresses to Exploit Vulnerabilities appeared first on Cyber Security News.

A newly identified botnet trojan campaign, dubbed OCRFix, has been discovered combining social engineering tricks with blockchain-based command infrastructure to quietly build a network of compromised machines. The campaign blends the well-known ClickFix phishing technique with EtherHiding — a method that stores attacker instructions directly on a public blockchain, making takedowns nearly impossible.​ The attack The post OCRFix Botnet Trojan Leveraging ClickFix Phishing and EtherHiding to Conceal Blockchain-Based Command Infrastructure appeared first on Cyber Security News.