Microsoft’s recent analysis tying a Medusa ransomware affiliate to a campaign that leveraged zero-day vulnerabilities has put a renewed spotlight on the evolving tactics of extortion groups and the threat posed by previously unknown software flaws. For security teams and executives, the announcement is a reminder that threat actors are combining rapid vulnerability exploitation with tried-and-true ransomware playbooks to increase
Category: Cybersecurity
Zero-Day, APT, Exfiltration, Lateral-Movement, Privilege-Escalation, Botnet, Rootkit, Backdoor, Keylogger, Smishing, Vishing, Spear-Phishing, Social-Engineering, MITM, SQL-Injection, XSS, CSRF, Path-Traversal, Buffer-Overflow, Honeypot, CVE, CVSS, Red-Team, Blue-Team, Threat-Hunting, Malware-Analysis, MITRE-ATT&CK, Insider-Threat, Jailbreak, Shellcode, Exploit-Kit, LFI, RFI, Obfuscation, Payload, security advisory, vulnerability disclosure, CWE, OWASP, cybersecurity news, threat intelligence, SOC, SIEM, cryptotheft, evasion, CVE Security
Microsoft strips EXIF metadata from Teams images to protect employee privacy
On March 2026’s feature rollout, Microsoft updated Teams to automatically remove EXIF metadata from images shared in chats and channels. The change aims to prevent accidental leaks of GPS coordinates, device details, and time stamps—data that can be exploited for targeted attacks or unwanted location disclosure. The move is part of a broader push to bake privacy and security into
Anthropic’s Claude Leak: 8,000 Takedown Requests After an Accidental Source-Code Exposure
Anthropic has scrambled to contain the fallout after an accidental exposure of the complete source code for its Claude family of AI tools. The company issued roughly 8,000 copyright takedown requests to remove copies and adaptations circulating on code-hosting sites and mirrors, responding to a wave of reposts and forks that appeared within hours of the initial disclosure. Although Anthropic
PNG parsing flaws in libpng let attackers crash processes, leak data, and risk code execution
Two high-severity vulnerabilities discovered in libpng—the widely used reference library for reading and writing PNG images—create a sweeping risk for any software that parses images. The flaws can trigger process crashes, leak sensitive heap contents, and, on some platforms, enable arbitrary code execution. Because image handling is baked into web applications, server-side processing pipelines, mobile and embedded systems, and desktop
Hackers Weaponize Legitimate Windows Tools to Kill Antivirus — What Defenders Must Do Now
Ransomware gangs have evolved from noisy mass campaigns into precise, surgical operators. A growing and dangerous trend is the abuse of legitimate Windows utilities — tools built to help administrators troubleshoot and repair systems — as the first step in modern ransomware operations. By repurposing utilities such as Process Hacker, IOBit Unlocker, PowerRun, AuKill and TDSSKiller, attackers can silently neutralize
Google Lets You Change Your @gmail.com Address — Here’s How to Do It Safely
For more than twenty years, the email address you chose when creating a Google Account was effectively permanent. That meant awkward childhood handles, name changes after marriage, or simply wanting a cleaner, more professional address often required creating a brand-new Google Account and manually migrating data. Google has quietly changed that rule: users with @gmail.com addresses can now replace their