2026 January(387) February(431) March(447) April(182) May(0) June(0) July(0) August(0) September(0) October(0) November(0) December(0)
DATE |
NAME |
Info |
CATEG. |
WEB |
| 13.4.26 | CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads | Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor | Virus | The Hacker News |
| 13.4.26 | Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 | Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The | Vulnerebility | The Hacker News |
| 12.4.26 | Over 20,000 crypto fraud victims identified in international crackdown | An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. | Cryptocurrency | |
| 12.4.26 | Nearly 4,000 US industrial devices exposed to Iranian cyberattacks | The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. | APT | BleepingComputer |
| 12.4.26 | Analysis of one billion CISA KEV remediation records exposes limits of human-scale security | Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. | Vulnerebility | |
| 12.4.26 | CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads | Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. | Attack | |
| 12.4.26 | Microsoft: Canadian employees targeted in payroll pirate attacks | A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. | Hack | |
| 12.4.26 | Google rolls out Gmail end-to-end encryption on mobile devices | Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. | Safety | BleepingComputer |
| 12.4.26 | New ‘LucidRook’ malware used in targeted attacks on NGOs, universities | A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. | Virus | |
| 12.4.26 | New VENOM phishing attacks steal senior executives' Microsoft logins | Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. | Phishing | BleepingComputer |
| 12.4.26 | Healthcare IT solutions provider ChipSoft hit by ransomware attack | Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. | Ransom | |
| 12.4.26 | Google Chrome adds infostealer protection against session cookie theft | Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. | Virus | |
| 12.4.26 | Smart Slider updates hijacked to push malicious WordPress, Joomla versions | Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. | Hack | |
| 12.4.26 | When attackers already have the keys, MFA is just another door to open | Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass | Phishing | BleepingComputer |
| 12.4.26 | Eurail says December data breach impacts 300,000 individuals | Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. | Incindent | |
| 12.4.26 | Hackers exploiting Acrobat Reader zero-day flaw since December | Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. | Exploit | |
| 12.4.26 | Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot | Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. | Cryptocurrency | BleepingComputer |
| 12.4.26 | Microsoft suspends dev accounts for high-profile open source projects | Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Windows users. | Hack | |
| 12.4.26 | Hackers use pixel-large SVG trick to hide credit card stealer | A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image | Hack | |
| 12.4.26 | Google: New UNC6783 hackers steal corporate Zendesk support tickets | A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. | Hack | |
| 12.4.26 | New macOS stealer campaign uses Script Editor in ClickFix attack | A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. | Virus | BleepingComputer |
| 12.4.26 | CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday | CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. | Vulnerebility | |
| 12.4.26 | 13-year-old bug in ActiveMQ lets hackers remotely execute commands | Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands | Vulnerebility | |
| 12.4.26 | Is a $30,000 GPU Good at Password Cracking? | A $30,000 AI GPU doesn't outperform consumer GPUs at password cracking. Specops explains why attackers don't need exotic hardware to break weak passwords. | Hack | |
| 12.4.26 | Microsoft rolls out fix for broken Windows Start Menu search | Microsoft has pushed a server-side fix for a known issue that broke the Windows Start Menu search feature on some Windows 11 23H2 devices. | OS | BleepingComputer |
| 12.4.26 | Hackers exploit critical flaw in Ninja Forms WordPress plugin | A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. | Exploit | |
| 11.4.26 | Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data | Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use | Mobil | The Hacker News |
| 11.4.26 | GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs | Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to | Virus | The Hacker News |
| 11.4.26 | Obfuscated JavaScript or Nothing | I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS” (SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as malicious by 15 AV’s on | Hack | SANS |
| 11.4.26 | Number Usage in Passwords: Take Two | In a previous diary, we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It is often seen that years and seasons are used in passwords, especially | Security | SANS |
| 11.4.26 | FBI: Americans lost a record $21 billion to cybercrime last year | U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. | CyberCrime | |
| 11.4.26 | Snowflake customers hit in data theft attacks after SaaS integrator breach | Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. | Hack | BleepingComputer |
| 11.4.26 | US warns of Iranian hackers targeting critical infrastructure | Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. | ICS | |
| 11.4.26 | Max severity Flowise RCE vulnerability now exploited in attacks | Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. | Exploit | |
| 11.4.26 | Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins | An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. | Hack | |
| 11.4.26 | German authorities identify REvil and GandCrab ransomware bosses | The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. | BigBrothers | BleepingComputer |
| 11.4.26 | New GPUBreach attack enables system takeover via GPU rowhammer | A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. | Attack | |
| 11.4.26 | Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit | Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. | Exploit | |
| 11.4.26 | Microsoft fixes Classic Outlook bug causing email delivery issues | Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. | OS | BleepingComputer |
| 11.4.26 | Microsoft removes Support and Recovery Assistant from Windows | Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. | OS | |
| 11.4.26 | Microsoft links Medusa ransomware affiliate to zero-day attacks | Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. | Ransom | |
| 11.4.26 | Drift $280M crypto theft linked to 6-month in-person operation | The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." | Cryptocurrency | BleepingComputer |
| 11.4.26 | CISA orders feds to patch exploited Fortinet EMS flaw by Friday | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. | Exploit | |
| 11.4.26 | Why Simple Breach Monitoring is No Longer Enough | Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. | Virus | BleepingComputer |
| 11.4.26 | Adobe Reader zero-day vulnerability in active exploitation | On April 7, 2026, a security researcher described an Adobe Reader zero-day vulnerability that has been exploited since at least December 2025. The vulnerability allows threat actors to execute privileged Acrobat APIs via specially crafted malicious PDF files that execute obfuscated JavaScript when opened. Exploitation allows attackers to steal sensitive user and system data and to potentially launch additional attacks and remotely execute code. | Exploit blog | SOPHOS |
| 11.4.26 | We let OpenClaw loose on an internal network. Here’s what it found | “Even the most ‘risk-on’ organizations with deep AI and security experience, will likely find it challenging to configure OpenClaw in a way that effectively mitigates the risk of compromise or data loss, while still retaining any productivity value.” | AI blog | SOPHOS |
| 11.4.26 | Axios npm package compromised to deploy malware | On March 30, 2026, a supply chain security attack targeted Axios, a widely used JavaScript HTTP client for web and Node.js applications. Third-party researchers identified that Axios versions 1.14.1 and 0.30.4 published to the npm registry were compromised following the apparent takeover of a legitimate maintainer account. An attacker published unauthorized package updates that appeared legitimate. | Incident blog | SOPHOS |
| 11.4.26 | FCC Bans Routers Made Outside USA. But What IS a Router? | The FCC recently announced a ban on the sale of consumer-grade internet routers manufactured outside the United States. More specifically, the FCC received a National Security Determination that caused them to update their “Covered List,” to include all foreign-made consumer-grade routers. | BigBrother blog | Eclypsium |
| 11.4.26 | Eclypsium Detects F5 BIG-IP Remote Code Execution Vulnerability (CVE-2025-53521) | A vulnerability in F5 BIG-IP systems that allows unauthenticated remote code execution by attackers has been added to the CISA Known Exploited Vulnerabilities catalog. CVE-2025-53521 was disclosed on October 15, 2025, but only added to the KEV on March 27, 2026. The vulnerability was originally given a severity score of 7.5, but was adjusted upward to 9.8 when new information emerged in March. | Vulnerebility blog | Eclypsium |
| 11.4.26 | When Geopolitical Conflict Spills into Cyberspace — How US Organizations Should Respond | The 2026 Iran-US-Israel escalation shows how cyber warfare attacks are reshaping conflict, merging cyber warfare attacks with kinetic operations AI. | AI blog | Cyble |
| 11.4.26 | The Week in Vulnerabilities: OpenClaw, FreeBSD, F5 BIG-IP, and Critical ICS Bugs | Vulnerabilities in OpenClaw, FreeBSD, F5 BIG-IP, and industrial control systems show risks growing across enterprise and critical infrastructure environments. | Vulnerebility blog | Cyble |
| 11.4.26 | Dual-Brain Architecture: The Cybersecurity AI Innovation That Changes Everything | Agentic AI architecture enables dual-brain cybersecurity with predictive intelligence, autonomous response, and faster, smarter threat defense. | AI blog | Cyble |
| 11.4.26 | UK Businesses Are Being Targeted Through Their Middle East Supply Chains — What to Do Now | Middle East supply chain risk is exposing UK businesses to indirect cyber threats through vendors, dependencies, and geopolitical tensions. | BigBrother blog | Cyble |
| 11.4.26 | Remus: Unmasking The 64-bit Variant of the Infamous Lumma Stealer | When the security industry talks about information stealers, Lumma Stealer, without a doubt, has become the notorious icon of this landscape. Not only could it count itself among the most sophisticated, technically advanced, and widespread stealers-as-a-service in the world, but it was also described in a variety of blog posts from basically everyone in the industry, including us. | Malware blog | GENDIGITAL |
| 11.4.26 | Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees | Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. | Hacking blog | Microsoft blog |
| 11.4.26 | SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks | Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and small-office internet equipment like routers, then modifying their settings in ways that turn them into part of the actor’s malicious infrastructure. | BigBrother blog | Microsoft blog |
| 11.4.26 | Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations | The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware. | Ransom blog | Microsoft blog |
| 11.4.26 | Mitigating the Axios npm supply chain compromise | On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. | Hacking blog | Microsoft blog |
| 11.4.26 | TrendAI Insight: New U.S. National Cyber Strategy | TrendAI reviews the White House National Cyber Strategy, outlining six pillars to strengthen U.S. cybersecurity—from deterrence and regulation to federal modernization, critical infrastructure protection, AI leadership, and workforce development. | AI blog | Trend Micro |
| 11.4.26 | Claude Code Packaging Error Remains a Lure in an Active Campaign: What Defenders Should Do | Threat actors leveraged Anthropic’s Claude Code npm release packaging error to distribute Vidar, GhostSocks, and PureLog Stealer. This blog details immediate steps organizations can take and best practices to prevent further risk. | Malware blog | Trend Micro |
| 11.4.26 | U.S. Public Sector Under Siege: Threat Intelligence for Q1 2026 | The first quarter of 2026 has reinforced a hard truth: U.S. government agencies and educational institutions are operating in the most hostile cyber threat environment ever recorded. | BigBrother blog | Trend Micro |
| 11.4.26 | n8n Expression Sandbox Bypass RCE | n8n AI Workflow Automation Expression Sandbox Bypass to Remote Code Execution Vulnerability (CVE-2026-1470) | ICS blog | SonicWall |
| 11.4.26 | Unpacking the Nursultan Client PyInstaller Telegram Malware | The SonicWall Capture Labs threat research team identified a PyInstaller-packed Windows executable distributed as "NursultanClient" — a full-featured Telegram RAT targeting Windows systems. | Malware blog | SonicWall |
| 11.4.26 | GPT Academic Pickle Deserialization Remote Code Execution | GPT Academic Pickle Deserialization Remote Code Execution(CVE-2026-0763) | AI blog | SonicWall |
| 11.4.26 | Double Agents: Exposing Security Blind Spots in GCP Vertex AI | Artificial intelligence (AI) agents are quickly advancing into powerful autonomous systems that can perform complex tasks. These agents can be integrated into enterprise workflows, interact with various services and make decisions with a degree of independence. Google Cloud Platform’s Vertex AI, with its Agent Engine and Application Development Kit (ADK), provides a comprehensive platform for developers to build and deploy these sophisticated agents. | AI blog | Palo Alto |
| 11.4.26 | When an Attacker Meets a Group of Agents: Navigating Amazon Bedrock's Multi-Agent Applications | Multi-agent AI systems extend beyond single-agent architectures by enabling groups of specialized agents to collaborate on complex tasks. This approach improves functionality and scalability, but it also expands the attack surface, introducing new pathways for exploitation through inter-agent communication and orchestration. | AI blog | Palo Alto |
| 11.4.26 | Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets | Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. The flaw stems from the abuse of TrueConf’s updater validation mechanism, allowing an attacker who controls the on-premises TrueConf server to distribute and execute arbitrary files across all connected endpoints. | Cyber blog | CHECKPOINT |
| 11.4.26 | From the field to the report and back again: How incident responders can use the Year in Review | The Year in Review distills Talos IR's observations into structured intelligence, but defenders should also be feeding this report back into their own preparation cycles. Here's how. | Incident blog | CISCO TALOS |
| 11.4.26 | New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations | Cisco Talos uncovered a cluster of activity we track as UAT-10362 conducting spear-phishing campaigns against Taiwanese non-governmental organizations (NGOs) and suspected universities to deliver a newly identified malware family, “LucidRook.” | Malware blog | CISCO TALOS |
| 11.4.26 | The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines | Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. | Phishing blog | CISCO TALOS |
| 11.4.26 | Year in Review: Vulnerabilities old and new and something React2 | The year was characterized by an unending beat-down on infrastructure that relied on older enmeshed dependencies (e.g., Log4j and PHPUnit), while React2Shell rocketed to the highest percentage of attacks for the entire year within the last three weeks of 2025. | Vulnerebility blog | CISCO TALOS |
| 11.4.26 | [Video] The TTP Ep. 22: The Collapse of the Patch Window | In this episode of The Talos Threat Perspective, we discuss how vulnerability exploitation is accelerating, and why attacker speed, AI, and exposed systems are affecting the patch window. | Cyber blog | CISCO TALOS |
| 11.4.26 | The threat hunter’s gambit | Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors. | Cyber blog | CISCO TALOS |
| 11.4.26 | Talos Takes: 2025's ransomware trends and zombie vulnerabilities | In this episode of Talos Takes, Amy and Pierre Cadieux unpack the ransomware and vulnerability trends that defined 2025. | Cyber blog | CISCO TALOS |
| 11.4.26 | Do not get high(jacked) off your own supply (chain) | In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. If we are all building on such shaky foundation, what can we do to keep safe? | Hacking blog | CISCO TALOS |
| 11.4.26 | Axios NPM supply chain incident | Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure. | Incident blog | CISCO TALOS |
| 11.4.26 | Recovery scammers hit you when you’re down: Here’s how to avoid a second strike | If you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse. | Spam blog | Eset |
| 11.4.26 | As breakout time accelerates, prevention-first cybersecurity takes center stage | Threat actors are using AI to supercharge tried-and-tested TTPs. When attacks move this fast, cyber-defenders need to rethink their own strategy. | AI blog | Eset |
| 11.4.26 | Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion | Masjesu Botnet: Deep dive into the commercially-run IoT threat, its stealth, multi-XOR evasion, and expanded architecture targets. Secure your network! | BotNet blog | Trelix |
| 10.4.26 | Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows | Google has made Device Bound Session Credentials ( DBSC ) generally available to all Windows users of its Chrome web browser, months after it | Safety | The Hacker News |
| 10.4.26 | Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers | Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. | Virus | The Hacker News |
| 10.4.26 | EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs | Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called | Cryptocurrency | The Hacker News |
| 10.4.26 | UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns | A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental | APT | The Hacker News |
| 10.4.26 | Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 | Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least | Exploit | The Hacker News |
| 10.4.26 | Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region | An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and | APT | The Hacker News |
| 10.4.26 | New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy | Cybersecurity researchers have flagged a new variant ofmalware called Chaos that'scapable of hitting misconfigured cloud deployments, marking an | Virus | The Hacker News |
| 10.4.26 | Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices | Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu , the | BotNet | The Hacker News |
| 9.4.26 | APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies | The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine | APT | The Hacker News |
| 9.4.26 | Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems | Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new | AI | The Hacker News |
| 9.4.26 | N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust | The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, | APT | The Hacker News |
| 8.4.26 | Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs | Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable | APT | The Hacker News |
| 8.4.26 | Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign | The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP- | APT | The Hacker News |
| 8.4.26 | Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access | A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins ( AuthZ ) under | Vulnerebility | The Hacker News |
| 8.4.26 | Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign | An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a | Cryptocurrency | The Hacker News |
| 8.4.26 | New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips | New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to | Attack | The Hacker News |
| 8.4.26 | China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware | A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day | APT | The Hacker News |
| 8.4.26 | Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed | Threat actors are exploiting a maximum-severity security flaw in Flowise , an open-source artificial intelligence (AI) platform, according to new findings | AI | The Hacker News |
| 8.4.26 | Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations | An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. | APT | The Hacker News |
| 8.4.26 | DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea | Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) | APT | The Hacker News |
| 8.4.26 | Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools | Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver ( BYOVD ) technique | Ransom | The Hacker News |
| 8.4.26 | BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks | Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identities of two of the key figures associated with the | BigBrothers | The Hacker News |
| 8.4.26 | $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation | Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously | APT | The Hacker News |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments | This is the sixth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 005 covered developments through April 1, including the first confirmed victim disclosure (Mercor AI), Wiz's post-compromise cloud enumeration findings, DPRK attribution of the axios compromise, and LiteLLM's release resumption after Mandiant's forensic audit. This update covers intelligence from April 1 through April 3, 2026. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows | This is the fifth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 004 covered developments through March 30, including the Databricks investigation, dual ransomware operations, and AstraZeneca data release. This update consolidates two days of intelligence through April 1, 2026. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 004 - Databricks Investigating Alleged Compromise, TeamPCP Runs Dual Ransomware Operations, and AstraZeneca Data Released | This is the fourth update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 003 covered developments through March 28, including the first 48-hour pause in new compromises and the campaign's shift to monetization. This update consolidates intelligence from March 28-30, 2026 -- two days since our last update. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 003 - Operational Tempo Shift as Campaign Enters Monetization Phase With No New Compromises in 48 Hours | This is the third update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 002 covered developments through March 27, including the Telnyx PyPI compromise and Vect ransomware partnership. This update covers developments from March 27-28, 2026. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 002 - Telnyx PyPI Compromise, Vect Ransomware Mass Affiliate Program, and First Named Victim Claim | This is the second update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). Update 001 covered developments through March 26. This update covers developments from March 26-27, 2026. | Incindent | SANS |
| 6.4.26 | TeamPCP Supply Chain Campaign: Update 001 - Checkmarx Scope Wider Than Reported, CISA KEV Entry, and Detection Tools Available | This is the first update to the TeamPCP supply chain campaign threat intelligence report, "When the Security Scanner Became the Weapon" (v3.0, March 25, 2026). That report covers the full campaign from the February 28 initial access through the March 24 LiteLLM PyPI compromise. This update covers developments since publication. | Incindent | SANS |
| 6.4.26 | Traffic violation scams switch to QR codes in new phishing texts | Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. | Phishing | |
| 6.4.26 | New FortiClient EMS flaw exploited in attacks, emergency patch released | Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. | Vulnerebility | BleepingComputer |
| 6.4.26 | Hackers exploit React2Shell in automated credential theft campaign | Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. | Vulnerebility | |
| 6.4.26 | Device code phishing attacks surge 37x as new kits spread online | Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. | Phishing | |
| 6.4.26 | LinkedIn secretly scans for 6,000+ Chrome extensions, collects data | A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. | Social | |
| 6.4.26 | Hims & Hers warns of data breach after Zendesk support ticket breach | Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. | Incindent | BleepingComputer |
| 6.4.26 | Die Linke German political party confirms data stolen by Qilin ransomware | The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. | Ransom | |
| 6.4.26 | Evolution of Ransomware: Multi-Extortion Ransomware Attacks | Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. | Ransom | |
| 6.4.26 | Microsoft still working to fix Exchange Online mailbox access issues | Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. | OS | BleepingComputer |
| 6.4.26 | Man admits to locking thousands of Windows devices in extortion plot | A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. | OS | BleepingComputer |
| 6.4.26 | Microsoft now force upgrades unmanaged Windows 11 24H2 PCs | Starting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. | OS | |
| 6.4.26 | CERT-EU: European Commission hack exposes data of 30 EU entities | The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. | Incindent | BleepingComputer |
| 6.4.26 | Claude Code leak used to push infostealer malware on GitHub | Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. | AI | BleepingComputer |
| 6.4.26 | Drift loses $280 million as North Korean hackers seize Security Council powers | The Drift Protocol lost at least $280 million after a threat actor took control of its Security Council administrative powers in a planned, sophisticated operation. | APT | BleepingComputer |
| 6.4.26 | Residential proxies evaded IP reputation checks in 78% of 4B sessions | Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users. | Security | |
| 6.4.26 | Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime | Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. | Exploit | BleepingComputer |
| 6.4.26 | New Progress ShareFile flaws can be chained in pre-auth RCE attacks | Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. | Vulnerebility | |
| 6.4.26 | Medtech giant Stryker fully operational after data-wiping attack | Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. | Hack | BleepingComputer |
| 5.4.26 | 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants | Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different | Exploit | The Hacker News |
| 5.4.26 | Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS | Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, | Vulnerebility | The Hacker News |
| 5.4.26 | Critical Cisco IMC auth bypass gives attackers Admin access | Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access. | Vulnerebility | |
| 5.4.26 | Microsoft links Classic Outlook issue to email delivery problems | Microsoft links Classic Outlook issue to email delivery problems | OS | |
| 5.4.26 | Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks | Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. | Vulnerebility | |
| 5.4.26 | New CrystalRAT malware adds RAT, stealer and prankware features | A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities. | Virus | BleepingComputer |
| 5.4.26 | Apple expands iOS 18 updates to more iPhones to block DarkSword attacks | Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. | OS | |
| 5.4.26 | Hackers exploit TrueConf zero-day to push malicious software updates | Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. | Exploit | |
| 5.4.26 | New EvilTokens service fuels Microsoft device code phishing attacks | A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks | Virus | |
| 5.4.26 | 'NoVoice' Android malware on Google Play infected 2.3 million devices | A new Android malware dubbed NoVoice exploited known vulnerabilities to gain root access and has been distributed through more than 50 apps on Google Play Store, with at least 2.3 million downloads. | Virus | BleepingComputer |
| 5.4.26 | Routine Access Is Powering Modern Intrusions, a New Threat Report Finds | Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. | Exploit | |
| 5.4.26 | FBI warns against using Chinese mobile apps due to privacy risks | The U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers. | APT | |
| 5.4.26 | Google fixes fourth Chrome zero-day exploited in attacks in 2026 | Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year. | Exploit | BleepingComputer |
| 5.4.26 | Google Drive ransomware detection now on by default for paying users | Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users. | Ransom | BleepingComputer |
| 5.4.26 | New Windows 11 emergency update fixes preview update install issues | Microsoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues. | OS | |
| 5.4.26 | Claude Code source code accidentally leaked in NPM package | Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. | AI | BleepingComputer |
| 4.4.26 | Proton launches new "Meet" privacy-focused conferencing platform | Proton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams. | Security | BleepingComputer |
| 4.4.26 | GIGABYTE Control Center vulnerable to arbitrary file write flaw | The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. | Vulnerebility | |
| 4.4.26 | Claude AI finds Vim, Emacs RCE bugs that trigger on file open | Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. | AI | |
| 4.4.26 | Cisco source code stolen in Trivy-linked dev environment breach | Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. | Incindent | BleepingComputer |
| 4.4.26 | How to Categorize AI Agents and Prioritize Risk | AI agent risk isn't equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first. | AI | |
| 4.4.26 | Hackers compromise Axios npm package to drop cross-platform malware | Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. | Virus | |
| 4.4.26 | Hacker charged with stealing $53 million from Uranium crypto exchange | U.S. prosecutors have charged a Maryland man with stealing more than $53 million after hacking the Uranium Finance crypto exchange twice and laundering the proceeds through a cryptocurrency mixer. | Cryptocurrency | |
| 4.4.26 | Dutch Finance Ministry takes treasury banking portal offline after breach | The Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago. | BigBrothers | BleepingComputer |
| 4.4.26 | CISA orders feds to patch actively exploited Citrix flaw by Thursday | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. | Exploit | |
| 4.4.26 | Healthcare tech firm CareCloud says hackers stole patient data | Healthcare IT firm CareCloud has disclosed a data breach incident that exposed sensitive data and caused a network disruption lasting approximately eight hours. | Incindent | |
| 4.4.26 | New RoadK1ll WebSocket implant used to pivot on breached networks | A newly identified malicious implant named RoadK1ll is enabling threat actors to quietly move from a compromised host to other systems on the network. | Incindent | BleepingComputer |
| 4.4.26 | Critical Citrix NetScaler memory flaw actively exploited in attacks | Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. | Vulnerebility | BleepingComputer |
| 4.4.26 | China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing | A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of | APT | The Hacker News |
| 4.4.26 | Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers | Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, | Hack | The Hacker News |
| 4.4.26 | Building on recent BRICKSTORM research from Google Threat Intelligence Group (GTIG), this post explores the evolving threats facing virtualized environments. These operations directly target the VMware vSphere ecosystem, specifically the vCenter Server Appliance (VCSA) and ESXi hypervisors. To help organizations stay ahead of these risks, we will focus on the essential hardening strategies and mitigating controls necessary to secure these critical assets. | Malware blog | GTI | |
| 4.4.26 | Google Threat Intelligence Group (GTIG) is tracking an active software supply chain attack targeting the popular Node Package Manager (NPM) package "axios." Between March 31, 2026, 00:21 and 03:20 UTC, an attacker introduced a malicious dependency named "plain-crypto-js" into axios NPM releases versions 1.14.1 and 0.30.4. Axios is the most popular JavaScript library used to simplify HTTP requests, and these packages typically have over 100 million and 83 million weekly downloads, respectively. | APT blog | GTI | |
| 4.4.26 | Eclypsium Detects F5 BIG-IP Remote Code Execution Vulnerability (CVE-2025-53521) | A vulnerability in F5 BIG-IP systems that allows unauthenticated remote code execution by attackers has been added to the CISA Known Exploited Vulnerabilities catalog. CVE-2025-53521 was disclosed on October 15, 2025, but only added to the KEV on March 27, 2026. | Vulnerebility blog | Eclypsium |
| 4.4.26 | Operation DualScript – A Multi-Stage PowerShell Malware Campaign Targeting Cryptocurrency and Financial Activity | Operation DualScript – A Multi-Stage PowerShell Malware Campaign Targeting Cryptocurrency and Financial Activity Introduction During our investigation, we identified a multi-stage malware infection leveraging Scheduled Task persistence, VBScript launchers, and PowerShell-based execution. The attack operates through two parallel chains:... | Cyber blog | Seqrite |
| 4.4.26 | The Week in Vulnerabilities: AI Frameworks, VMware, and Critical ICS Exposure | Critical vulnerabilities in AI frameworks, VMware environments, EV charging platforms, and ICS systems show growing risks across enterprise and industrial ecosystems. | Cyber blog | Cyble |
| 4.4.26 | How Cyble Blaze AI Predicts Cyber Threats 6 Months in Advance Using Agentic Intelligence | Predictive Cybersecurity with Cyble Blaze AI uses agentic AI to forecast threats months ahead and automate faster, smarter responses. | AI blog | Cyble |
| 4.4.26 | Professional Networks Under Attack: Vietnam-Linked Actors Deploy PXA Stealer in Global Infostealer Campaign | Cyble dissects a LinkedIn job‑lure campaign, exposing its multi‑stage PXA Stealer tactic that hijacks accounts and steals sensitive data. | APT blog | Cyble |
| 4.4.26 | Hybrid Warfare 2026: When Cyber Operations and Kinetic Attacks Converge | In 2026, hybrid warfare blends cyberattacks and physical strikes, disrupting infrastructure and shaping global security dynamics. | Cyber blog | Cyble |
| 4.4.26 | Mitigating the Axios npm supply chain compromise | On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages for version updates to download from command and control (C2) that Microsoft Threat Intelligence has attributed to the North Korean state actor Sapphire Sleet. | Incident blog | Microsoft blog |
| 4.4.26 | TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM | Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows. | Hacking blog | Trend Micro |
| 4.4.26 | Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads | A supply chain attack hit Axios when attackers used stolen npm credentials to publish malicious versions containing a phantom dependency. This triggered a cross-platform RAT during installation and replaced its files with clean decoys, making detection challenging. | Incident blog | Trend Micro |
| 4.4.26 | Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads | A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing AI-themed campaign to spread Vidar and GhostSocks. | AI blog | Trend Micro |
| 4.4.26 | Three Decades for a 3-Line Fix: The Critical telnetd Bug Hiding in Plain Sight (CVE-2026-32746) | The SonicWall Capture Labs threat research team became aware of an out-of-bounds write vulnerability in the Telnet server shipped with GNU Inetutils, assessed its impact and developed mitigation measures. Telnetd hardly needs an introduction. It is one of the oldest and most widely distributed network utilities on Linux systems. | Vulnerebility blog | SonicWall |
| 4.4.26 | GPT Academic Pickle Deserialization Remote Code Execution | SonicWall Capture Labs threat research team became aware of the threat CVE-2026-0763, assessed its impact, and developed mitigation measures for this vulnerability. The flaw, also tracked as ZDI-26-029, is a critical unauthenticated remote code execution vulnerability affecting GPT Academic in versions 3.91 and earlier. | AI blog | SonicWall |
| 4.4.26 | Double Agents: Exposing Security Blind Spots in GCP Vertex AI | Artificial intelligence (AI) agents are quickly advancing into powerful autonomous systems that can perform complex tasks. These agents can be integrated into enterprise workflows, interact with various services and make decisions with a degree of independence. Google Cloud Platform’s Vertex AI, with its Agent Engine and Application Development Kit (ADK), provides a comprehensive platform for developers to build and deploy these sophisticated agents. | AI blog | Palo Alto |
| 4.4.26 | ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime | Sensitive data shared with ChatGPT conversations could be silently exfiltrated without the user’s knowledge or approval. | AI blog | CHECKPOINT |
| 4.4.26 | Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets | Check Point Research identified a zero-day vulnerability in the TrueConf client application, tracked as CVE-2026-3502, with a CVSS score of 7.8. The flaw stems from the abuse of TrueConf’s updater validation mechanism, allowing an attacker who controls the on-premises TrueConf server to distribute and execute arbitrary files across all connected endpoints. | Hacking blog | CHECKPOINT |
| 4.4.26 | UAT-10608: Inside a large-scale automated credential harvesting operation targeting web applications | Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we currently track as UAT-10608. The campaign is primarily leveraging a collection framework dubbed “NEXUS Listener.” | Hacking blog | CISCO TALOS |
| 4.4.26 | Qilin EDR killer infection chain | This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems. | Hacking blog | CISCO TALOS |
| 4.4.26 | Inside the Talos 2025 Year in Review: A discussion on what the data means for defenders | A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defenders should prioritize now. | Cyber blog | CISCO TALOS |
| 4.4.26 | An overview of ransomware threats in Japan in 2025 and early detection insights from Qilin cases | There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024. | Ransom blog | CISCO TALOS |
| 4.4.26 | Do not get high(jacked) off your own supply (chain) | In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. If we are all building on such shaky foundation, what can we do to keep safe? | Hacking blog | CISCO TALOS |
| 4.4.26 | Axios NPM supply chain incident | Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure. | Incident blog | CISCO TALOS |
| 4.4.26 | The democratisation of business email compromise fraud | This week, Martin tells the story of a crime he encountered and how it shows that the threat landscape is changing. | BigBrother blog | CISCO TALOS |
| 4.4.26 | [Video] The TTP Ep 21: When Attackers Become Trusted Users | An episode of the Talos Threat Perspective on the 2025 Year in Review trends. We explore how identity is being used to gain, extend, and maintain access inside environments. | Cyber blog | CISCO TALOS |
| 4.4.26 | Ransomware in 2025: Blending in is the strategy | A summary of the top ransomware trends from the Talos 2025 Year in Review, with a focus on identity, attacker tactics, and practical defenses. | Ransom blog | CISCO TALOS |
| 4.4.26 | Digital assets after death: Managing risks to your loved one’s digital estate | Fraudsters often target the accounts of the deceased or their grieving relatives. Here’s how to keep the scammers at bay. | Spam blog | Eset |
| 4.4.26 | This month in security with Tony Anscombe – March 2026 edition | The past four weeks have seen a slew of new cybersecurity wake-up calls that showed why every organization needs a well-thought-out cyber-resilience plan | Cyber blog | Eset |
| 3.4.26 | UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack | The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign | APT | The Hacker News |
| 3.4.26 | New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images | Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after | OS | The Hacker News |
| 3.4.26 | Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK | Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that | APT | The Hacker News |
| 3.4.26 | Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials | A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database | Exploit | The Hacker News |
| 2.4.26 | Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise | Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an | Vulnerebility | The Hacker News |
| 2.4.26 | Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners | A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and | Virus | The Hacker News |
| 2.4.26 | WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action | Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La | Social | The Hacker News |
| 2.4.26 | Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit | Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a | OS | The Hacker News |
| 1.4.26 | Apple adds macOS Terminal warning to block ClickFix attacks | Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. | OS | |
| 1.4.26 | How to Evaluate AI SOC Agents: 7 Questions Gartner Says You Should Be Asking | AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype. | AI | |
| 1.4.26 | Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now | F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. | Vulnerebility | |
| 1.4.26 | Microsoft pulls KB5079391 Windows update over install issues | Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. | OS | BleepingComputer |
| 1.4.26 | Critical Fortinet Forticlient EMS flaw now exploited in attacks | Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused. | Vulnerebility | |
| 1.4.26 | European Commission confirms data breach after Europa.eu hack | The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. | Incindent | |
| 1.4.26 | FBI confirms hack of Director Patel's personal email inbox | The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. | Incindent | |
| 1.4.26 | File read flaw in Smart Slider plugin impacts 500K WordPress sites | A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. | Vulnerebility | BleepingComputer |
| 1.4.26 | New Infinity Stealer malware grabs macOS data via ClickFix lures | A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. | Virus | BleepingComputer |
| 1.4.26 | CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself | BigBrothers | The Hacker News |
| 1.4.26 | Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass | Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, | Virus | The Hacker News |
| 1.4.26 | Block the Prompt, Not the Work: The End of "Doctor No" | There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its | Cyber | The Hacker News |
| 1.4.26 | Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures | A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking | Phishing | The Hacker News |
| 1.4.26 | New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released | Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been | Exploit | The Hacker News |
| 1.4.26 | Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 | Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity | APT | The Hacker News |
| 1.4.26 | Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms | Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently | AI | The Hacker News |
| 1.4.26 | Android Developer Verification Rollout Begins Ahead of September Enforcement | Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful | OS | The Hacker News |
| 1.4.26 | TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks | A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign | Exploit | The Hacker News |