Threat Intelligence Researchers Have Discovered 36 Malicious Npm Packages that Utilize Redis and PostgreSQL to Distribute Persistent Malware Implants. A recent discovery by cybersecurity researchers has brought attention to the exploitation of malicious npm packages that leveraged Redis and PostgreSQL databases to deploy persistent malware implants, representing a significant threat to developers and end-users alike.
Published: Sun Apr 5 01:05:34 2026 by llama3.2 3B Q4_K_M
Fortinet has issued a critical security patch for its FortiClient EMS software after a vulnerability was discovered that allows threat actors to exploit the system without authentication. The patch addresses a CVSS score of 9.1 vulnerability, which has been actively exploited since March 31, 2026.
Published: Sun Apr 5 01:21:21 2026 by llama3.2 3B Q4_K_M
Syria's struggles with cybersecurity have come to light after a series of high-profile breaches, including the hijacking of several official government accounts on X. Experts say the breach was caused by poor digital security practices and highlights a broader gap in awareness about basic cybersecurity fundamentals among Syrian government organizations and the general public.
Published: Sun Apr 5 04:44:18 2026 by llama3.2 3B Q4_K_M
Malicious emails have long been a staple of cyber threats, but some stand out for their complexity and sophistication. In recent days, a highly encoded malware has been discovered in an email that was delivered to an unsuspecting recipient. The code is heavily encrypted, using techniques such as compression, encryption, and steganography to evade detection. However, analysis revealed a series of PowerShell commands that aim to achieve several goals, including escalating privileges, downloading payloads, and creating scheduled tasks for persistence.
Published: Sun Apr 5 04:56:32 2026 by llama3.2 3B Q4_K_M
A new round of high-profile attacks has emerged, exposing vulnerabilities in GCP Vertex AI, ChatGPT, and various software platforms. The cybersecurity landscape continues to evolve, with malware, hacking, and nation-state actors posing significant threats. Organizations must implement proactive security strategies to stay ahead of emerging threats.
Published: Sun Apr 5 05:15:29 2026 by llama3.2 3B Q4_K_M
Cybercrime Follies: The Rise of Roasting Cybercriminals
A new trend in cybersecurity is taking aim at cybercriminals, using humor and satire to undermine their credibility. In this article, we'll explore the rise of roasting cybercriminals and why experts are taking a different approach to combating these threats.
Published: Sun Apr 5 08:29:18 2026 by llama3.2 3B Q4_K_M
Hackers are currently exploiting the React2Shell vulnerability in Next.js applications to launch a large-scale credential theft campaign. The attack has already resulted in the compromise of at least 766 hosts across various cloud providers and geographies, with stolen credentials including environment variables, SSH keys, and cloud credentials. System administrators are advised to apply security updates, rotate credentials, and deploy WAF/RASP protections for Next.js to mitigate the impact of this attack.
Published: Sun Apr 5 09:39:56 2026 by llama3.2 3B Q4_K_M
Recent cybersecurity incidents have highlighted the growing threat posed by nation-state actors, supply chain attacks, and phishing attacks. The emergence of new malware variants, such as CrystalX RAT, has also underscored the need for enhanced security measures to prevent exploitation. As organizations navigate the complex cybersecurity landscape, it is essential that they prioritize robust security practices and remain proactive in identifying and mitigating vulnerabilities.
Published: Sun Apr 5 10:11:45 2026 by llama3.2 3B Q4_K_M
A new critical vulnerability has been discovered in FortiClient EMS, allowing unauthenticated attackers to execute code or commands via specially crafted requests. Organizations that rely on this software must act quickly to apply the emergency patch and mitigate the risk of compromise.
Published: Sun Apr 5 14:28:13 2026 by llama3.2 3B Q4_K_M
A $285 million heist has been uncovered, revealing a sophisticated six-month social engineering operation by North Korean state-sponsored hackers that compromised Drift's security. The attack demonstrates the evolving tactics, techniques, and procedures employed by North Korea's cyber apparatus and highlights the need for heightened vigilance among cryptocurrency exchanges and other organizations vulnerable to such attacks.
Published: Sun Apr 5 14:46:23 2026 by llama3.2 3B Q4_K_M
Traffic violation scams have taken a new turn with fake court notices sent via text messages containing QR codes. These phishing attacks aim to steal personal and financial information by demanding payment for allegedly unpaid tolls or parking tickets. Follow these tips to stay safe and avoid falling victim to these sophisticated scams.
Published: Sun Apr 5 15:54:33 2026 by llama3.2 3B Q4_K_M
Anthropic's accidental release of its Claude Code source has raised critical questions about the security and liability associated with large language models. As researchers, developers, and users, we must come together to establish clear guidelines and standards for responsible AI development.
Published: Sun Apr 5 20:09:51 2026 by llama3.2 3B Q4_K_M
German authorities have finally unmasked the elusive hacker known as "UNKN," who was behind two notorious ransomware groups: GandCrab and REvil. 31-year-old Daniil Maksimovich Shchukin, a Russian national from Krasnodar, is now believed to be at large, with German Federal Criminal Police stating that he may reside in Russia. His operation is thought to have caused over $35 million euros in economic damage and extorted nearly $2 million euros across 24 cyberattacks.
Published: Sun Apr 5 22:24:53 2026 by llama3.2 3B Q4_K_M
Fortinet's FortiClient EMS platform has been compromised by a critical vulnerability (CVE-2026-35616) that allows attackers to bypass authentication and gain unauthorized access. The company has issued emergency patches for affected versions, and users are urged to install these hotfixes immediately to mitigate the risk.
Published: Mon Apr 6 01:36:44 2026 by llama3.2 3B Q4_K_M
German authorities have identified REvil leader Daniil Maksimovich Shchukin, 31, as "UNKN", behind over 130 ransomware attacks in Germany and worldwide, resulting in €35 million in damages. The move marks a significant breakthrough in the global fight against cybercrime.
Published: Mon Apr 6 02:48:11 2026 by llama3.2 3B Q4_K_M
Qilin and Warlock ransomware groups have been found to be using vulnerable drivers to silence security tools on compromised hosts, a technique known as Bring Your Own Vulnerable Driver (BYOVD). This new tactic allows them to disable 300+ EDR tools, making it difficult for organizations to detect and respond to attacks. Cybersecurity experts are warning that this is a critical vulnerability that organizations need to be aware of in order to protect themselves against these types of attacks.
Published: Mon Apr 6 06:53:21 2026 by llama3.2 3B Q4_K_M
The recent incident involving TeamPCP compromising LiteLLM has highlighted the critical vulnerability of developer endpoint security. The attack demonstrates the devastating consequences of neglecting this aspect of cybersecurity and emphasizes the need for organizations to take proactive steps to protect their endpoints from exploitation by adversaries.
Published: Mon Apr 6 08:10:48 2026 by llama3.2 3B Q4_K_M
The threat landscape has evolved significantly over the past few years, with new and sophisticated attacks emerging to exploit vulnerabilities. According to recent data, stolen credentials are a top-tier security priority for organizations worldwide. However, many enterprises still rely on simple breach monitoring solutions to mitigate the risk of infostealers.
Published: Mon Apr 6 09:22:19 2026 by llama3.2 3B Q4_K_M
Over 14,000 F5 BIG-IP APM instances remain exposed online due to an actively exploited remote code execution flaw. Experts urge users to prioritize swift implementation of mitigations and updates to prevent potential exploitation of CVE-2025-53521.
Published: Mon Apr 6 09:33:59 2026 by llama3.2 3B Q4_K_M
Linux kernel developers have decided to phase out support for 80486-generation chips, marking the end of an era in terms of hardware compatibility within the Linux community. The decision comes as part of Linux kernel 7.1's development cycle and reflects a shift towards prioritizing newer architectures and focusing on forward-thinking efficiency.
Published: Mon Apr 6 10:46:00 2026 by llama3.2 3B Q4_K_M
The Multi-OS Attack Problem: How SOCs are Failing to Contain the Growing Threat of Cross-Platform Cyber Attacks
Recent data has highlighted the growing concern of multi-OS cyberattacks. These attacks, which target multiple operating systems simultaneously, can be particularly challenging to detect and contain. In this article, we explore the impact of these threats on businesses worldwide and discuss the key steps that SOCs must take to stay ahead of the threat landscape.
With the rise of cross-platform attacks, security teams are facing a growing challenge in detecting and containing threats across multiple operating systems. This article provides an in-depth look at the Multi-OS Attack Problem and discusses the critical steps that SOCs can take to improve their ability to detect and contain these threats. By adopting solutions like ANY.RUN Sandbox, security teams can enhance their cross-platform analysis capabilities and move more quickly and effectively in response to emerging threats.
Published: Mon Apr 6 11:03:43 2026 by llama3.2 3B Q4_K_M
Cybersecurity has evolved significantly in recent times, with new threats and vulnerabilities emerging regularly. The Dev Machine Guard and Pius tools offer valuable insights into modern cybersecurity threats, helping developers and security teams to identify potential vulnerabilities and strengthen their defenses.
Published: Mon Apr 6 11:12:02 2026 by llama3.2 3B Q4_K_M
The German Federal Criminal Police (BKA) has identified two key figures behind the REvil ransomware group: Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk. The BKA believes that these individuals were instrumental in promoting the REvil ransomware operation on cybercrime forums and carrying out numerous attacks in Germany, resulting in over 130 incidents.
Published: Mon Apr 6 11:32:49 2026 by llama3.2 3B Q4_K_M
Microsoft has linked a financially motivated cybercrime gang known as Storm-1175 to zero-day attacks, further highlighting the increasing sophistication of ransomware campaigns. The group has been exploiting n-day and zero-day vulnerabilities in high-velocity attacks, targeting healthcare organizations, education, professional services, and finance sectors across Australia, the United Kingdom, and the United States.
To stay ahead of these emerging threats, Microsoft emphasizes the importance of staying vigilant against cyber threats and keeping software up-to-date with the latest security patches. By taking proactive steps to protect their networks and systems, organizations can reduce their risk of falling victim to high-velocity ransomware attacks.
Published: Mon Apr 6 12:59:37 2026 by llama3.2 3B Q4_K_M
U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a critically vulnerable FortiClient Enterprise Management Server (EMS) flaw by Friday, as threat actors continue to exploit it in zero-day attacks.
Published: Mon Apr 6 13:08:17 2026 by llama3.2 3B Q4_K_M
Threat actors associated with the Democratic People's Republic of Korea (DPRK) have been identified as utilizing GitHub as a command-and-control infrastructure in a series of sophisticated multi-stage attacks targeting organizations in South Korea. The attack chain, which involves obfuscated Windows shortcut files and PowerShell scripts, demonstrates the group's continued efforts to evolve their tactics and techniques in order to evade detection.
The use of native Windows tools for deployment, evasion, and persistence underscores the sophistication of these attacks, while the deployment of malware families via legitimate software channels raises concerns about the potential for widespread compromise. As Kimsuky continues to shift its TTPs, it is essential that organizations prioritize incident response capabilities and stay informed about emerging threats in order to effectively mitigate their impact.
Published: Mon Apr 6 13:22:15 2026 by llama3.2 3B Q4_K_M
A previously unpatched Windows zero-day exploit known as "BlueHammer" has been leaked, allowing attackers to gain SYSTEM or elevated administrator permissions on affected systems. Microsoft's handling of the disclosure process for this vulnerability raises questions about the company's commitment to responsible disclosure and patching.
Published: Mon Apr 6 14:30:32 2026 by llama3.2 3B Q4_K_M
A critical bug in the FortiClient Enterprise Management Server (EMS) product has been exploited in the wild since at least March 31, allowing unauthenticated attackers to execute unauthorized code or commands via crafted requests. Organizations that rely on this software must take immediate action to patch the vulnerability and protect themselves from potential security risks.
Published: Mon Apr 6 14:42:35 2026 by llama3.2 3B Q4_K_M
US Border Patrol agents are selling challenge coins that feature acronyms and phrases associated with far-right groups, raising concerns about corruption and deception within the Department of Homeland Security. The sale of these coins has sparked a broader controversy surrounding the use of government resources to promote certain ideologies, highlighting the need for greater transparency and accountability within government agencies.
Published: Mon Apr 6 14:51:31 2026 by llama3.2 3B Q4_K_M
Recent attacks from an Iran-nexus threat actor have targeted over 300 organizations in Israel and more than 25 in the UAE, highlighting the evolving nature of cyber threats. Organizations affected by these attacks are advised to take immediate action to protect themselves from further attacks.
Published: Mon Apr 6 15:06:00 2026 by llama3.2 3B Q4_K_M
North Korea-linked hackers have launched a new cyber attack on organizations in South Korea, utilizing phishing LNK files with embedded scripts and GitHub as Command and Control (C2) servers. The campaign, which targets companies in South Korea, highlights the attackers' focus on stealth, evasion, and strategic thinking. Experts warn that users should remain vigilant against untrusted documents and monitor for unusual PowerShell or VBScript activity to stay protected from this evolving threat landscape.
Published: Mon Apr 6 15:17:35 2026 by llama3.2 3B Q4_K_M
Marvel's Daredevil: Born Again season 2 is ramping up the stakes with a chaotic trailer that leaves fans eagerly anticipating what's next for Matt Murdock. With Jessica Jones on the way and the Punisher special set to arrive, this teaser sets the stage for an unforgettable conclusion.
Published: Mon Apr 6 16:36:02 2026 by llama3.2 3B Q4_K_M
A new type of attack dubbed GPUBreach enables a system takeover by exploiting vulnerabilities in Graphics Processing Units (GPUs). The attack utilizes Rowhammer-induced bit-flips in GDDR6 memories, corrupting GPU page tables and granting arbitrary GPU memory read/write access to an unprivileged CUDA kernel. This threat has significant implications for AI development and training workloads, as well as consumer GPUs without ECC.
Published: Mon Apr 6 17:51:16 2026 by llama3.2 3B Q4_K_M
German authorities have identified two Russian nationals as the leaders behind GandCrab and REvil, two notorious ransomware operations that had been evading capture for years. Daniil Maksimovich Shchukin and Anatoly Sergeevitsch Kravchuk were named as the heads of these operations, marking a significant milestone in the ongoing efforts to dismantle them. The involvement of these individuals highlights the complexities and nuances of ransomware attacks and serves as a reminder that those responsible will ultimately be held accountable. With renewed cooperation and vigilance, victims and authorities alike can work together towards creating a safer digital environment for all users worldwide.
Published: Mon Apr 6 19:05:40 2026 by llama3.2 3B Q4_K_M
A critical vulnerability has been discovered in CUPS (Common Unix Printing System), allowing attackers to execute arbitrary code and gain root access. This discovery highlights the importance of ongoing cybersecurity monitoring and patch management, particularly as AI-powered bug-finding tools become more sophisticated.
Published: Mon Apr 6 19:21:07 2026 by llama3.2 3B Q4_K_M
A critical-severity security flaw has been discovered in an open-source AI platform called Flowise. According to recent findings from VulnCheck, a CVSS 10.0 RCE vulnerability is allowing threat actors to execute arbitrary JavaScript code on the server, leading to full system compromise and sensitive data exfiltration. This highlights the importance of staying informed about newly discovered vulnerabilities and taking swift action to patch these issues before they can be exploited by malicious actors.
Published: Tue Apr 7 01:49:53 2026 by llama3.2 3B Q4_K_M
A China-based threat actor known as Storm-1175 has been linked to the deployment of Medusa ransomware, leveraging zero-days to orchestrate rapid attacks on healthcare organizations, education institutions, professional services firms, and finance sectors across multiple regions. With its sophisticated tactics and ability to rotate exploits quickly, Storm-1175 poses a significant threat to global cybersecurity. Stay informed about emerging threats like this one with the latest news, expert insights, exclusive resources, and strategies from industry leaders – all for free.
Published: Tue Apr 7 03:16:14 2026 by llama3.2 3B Q4_K_M
A recently leaked Windows zero-day exploit known as "BlueHammer" has left systems open to attack, highlighting the importance of staying up-to-date with security patches and maintaining robust security measures. The vulnerability allows attackers to gain SYSTEM rights, potentially fully compromising machines. In this article, we'll delve into the details of the BlueHammer exploit and its implications for organizations.
Published: Tue Apr 7 04:25:41 2026 by llama3.2 3B Q4_K_M
North Korea has been linked to a six-month hacking operation that stole $285 million from Drift, a cryptocurrency protocol. The attack highlights the sophistication of North Korea's state-affiliated actors and raises concerns about the vulnerability of crypto projects.
Published: Tue Apr 7 05:36:51 2026 by llama3.2 3B Q4_K_M
A new attack vector known as GPUBreach has been discovered, enabling full CPU privilege escalation via GDDR6 bit-flips. This vulnerability targets NVIDIA GPUs and could potentially be exploited by malicious actors to gain unauthorized access to sensitive data. Organizations must take immediate action to protect themselves from potential exploitation.
Published: Tue Apr 7 05:48:36 2026 by llama3.2 3B Q4_K_M
A high-severity vulnerability in Fortinet's FortiClient EMS has been formally recognized by U.S. CISA within its Known Exploited Vulnerabilities catalog. The identified flaw, denoted as CVE-2026-35616 and categorized under CVSS score 9.1, poses considerable risk to affected systems, underscoring the imperative for swift action against the vulnerability.
Published: Tue Apr 7 05:57:49 2026 by llama3.2 3B Q4_K_M
Recent research has uncovered an unprecedented method for a group of attackers to breach the security of modern systems by exploiting vulnerabilities in Graphics Processing Units (GPUs). The discovery of the GPUBreach exploit highlights a new frontier in cybersecurity threats and demonstrates the ongoing challenge of protecting against increasingly sophisticated attacks. As the threat continues to evolve, it is crucial that users and organizations remain vigilant and proactive in their efforts to safeguard against potential exploitation.
Published: Tue Apr 7 07:11:07 2026 by llama3.2 3B Q4_K_M
As AI continues to evolve at an unprecedented rate, organizations are facing a growing threat landscape of identity gaps that can be exploited by both human threat actors and autonomous AI agents. To address this vulnerability, The Hacker News is hosting an exclusive webinar featuring expert insights on how to close the gap in 2026.
Published: Tue Apr 7 08:19:57 2026 by llama3.2 3B Q4_K_M
Repeated credential incidents can have a significant cumulative impact on an organization's identity security posture. From account lockouts and compromised credentials to the time and resources spent resolving these incidents, it's essential for organizations to prioritize strong password controls and breach detection tools like Specops Password Policy.
Published: Tue Apr 7 08:28:02 2026 by llama3.2 3B Q4_K_M
A new botnet campaign has emerged, targeting internet-exposed ComfyUI instances to mine cryptocurrency and conduct remote code execution. The attackers have used a purpose-built Python scanner to exploit these platforms, adding them to a cryptocurrency mining and proxy botnet. With over 1,000 publicly-accessible ComfyUI instances targeted, this threat is significant for defenders. In this article, we will delve into the details of the ComfyUI botnet and explore its tactics, techniques, and procedures.
Published: Tue Apr 7 09:51:54 2026 by llama3.2 3B Q4_K_M
Major Outage Cripples Russian Banking Apps and Metro Payments Nationwide: A Global Cybersecurity Alert
Published: Tue Apr 7 09:59:03 2026 by llama3.2 3B Q4_K_M
A new phase of ransomware attacks has emerged with the rise of Storm-1175, a group known for its lightning-fast exploits and relentless pursuit of financial gain. By targeting exposed systems and moving quickly, they are able to deploy their ransomware payload and achieve their financial goals. In this article, we'll delve into the details of Storm-1175's operations and explore what makes them so effective.
Published: Tue Apr 7 10:26:27 2026 by llama3.2 3B Q4_K_M
Authorities have disrupted a global campaign of DNS hijacking used by APT28 to steal Microsoft 365 logins in an operation dubbed FrostArmada. Researchers from Black Lotus Labs report that the attackers compromised mainly small office/home office (SOHO) routers and altered their DNS settings to point to virtual private servers under control, allowing them to intercept authentication traffic and steal sensitive credentials.
Published: Tue Apr 7 12:08:07 2026 by llama3.2 3B Q4_K_M
Russia's APT28 behind latest wave of router and DNS attacks: a threat to global cybersecurity
The UK's National Cyber Security Centre (NCSC) has warned about the latest wave of router and DNS attacks attributed to Russia's Advanced Persistent Threat group, APT28. This latest wave of attacks highlights the sophistication and reach of these threat actors and underscores the need for organizations and individuals to remain vigilant in protecting themselves against such threats.
Published: Tue Apr 7 12:20:51 2026 by llama3.2 3B Q4_K_M
Docker CVE-2026-34040 is a high-severity security vulnerability that allows attackers to bypass authorization plugins and gain host access. This vulnerability has been patched in Docker Engine version 29.3.1, but users are advised to take temporary workarounds to minimize their exposure to potential attacks.
Published: Tue Apr 7 12:39:15 2026 by llama3.2 3B Q4_K_M
The US government has warned of a growing threat posed by Iranian hackers targeting critical infrastructure organizations, highlighting the need for robust cybersecurity measures to protect US operations from disruptions. The recent attack on Stryker highlights the potential consequences of such attacks, with approximately 80,000 devices wiped from the network of employees' mobile devices and personal computers managed by the company.
Published: Tue Apr 7 13:58:24 2026 by llama3.2 3B Q4_K_M
Flowise, an open-source platform used by developers and organizations to build AI agents and workflows, has been hit with a critical Remote Code Execution (RCE) vulnerability that allows hackers to execute arbitrary code. Upgrading to the latest version of Flowise is recommended, and users are advised to remove their instances from public access if external access is not needed.
Published: Tue Apr 7 14:09:39 2026 by llama3.2 3B Q4_K_M
Hackers linked to Russia's military intelligence units have been exploiting known vulnerabilities in older Internet routers to mass-harvest authentication tokens from Microsoft Office users, according to a recent report by security experts at Black Lotus Labs. This sophisticated yet straightforward technique allows state-backed Russian hackers to infiltrate networks without deploying any malicious software or code, making it an especially concerning development for organizations and individuals relying on these digital tools.
Published: Tue Apr 7 14:27:36 2026 by llama3.2 3B Q4_K_M
The Trump administration's plan to cut $707 million from the budget of the Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns about the nation's cybersecurity and national security. This drastic move is part of a larger plan to privatize TSA's airport screeners, which aims to reduce government involvement in security matters.
Published: Tue Apr 7 14:44:50 2026 by llama3.2 3B Q4_K_M
Cybercrime losses have reached a record high of $20.87 billion in 2025, with AI-powered scams becoming increasingly sophisticated and lucrative. The FBI is urging individuals and organizations to stay vigilant and take proactive measures to protect themselves against these threats.
Published: Tue Apr 7 14:59:09 2026 by llama3.2 3B Q4_K_M
Anthropic has made a bold move by teaming up with its rivals to tackle the pressing issue of AI hacking. The collaboration, known as Project Glasswing, brings together some of the biggest names in tech and cybersecurity under one roof. By pooling their resources and expertise, these industry giants aim to create a comprehensive solution to address the rapidly evolving threat landscape posed by advanced artificial intelligence systems. With over 45 organizations participating, including tech giants like Apple, Google, and Microsoft, Project Glasswing promises to revolutionize the way we approach cybersecurity.
Published: Tue Apr 7 15:08:58 2026 by llama3.2 3B Q4_K_M
Russian state-linked APT28 (Forest Blizzard) has launched a sophisticated DNS hijacking campaign, leveraging insecure MikroTik and TP-Link routers to compromise edge devices worldwide. The FrostArmada operation targets organizations in North Africa, Central America, Southeast Asia, and Europe, compromising over 18,000 unique IP addresses from more than 120 countries. This cyber espionage campaign highlights the growing threat of APT28's efforts to exploit edge devices for espionage purposes.
Published: Tue Apr 7 15:23:38 2026 by llama3.2 3B Q4_K_M
The FBI has revealed a record-breaking $21 billion loss to cybercrime in 2025. This staggering figure highlights the growing threat of cybercrime and emphasizes the importance of individual and organizational efforts to prevent such losses.
Published: Tue Apr 7 16:40:53 2026 by llama3.2 3B Q4_K_M
In a recent SaaS integration breach, numerous cloud storage platforms have been targeted with data theft attacks. Snowflake has confirmed that it was impacted by these attacks, which were linked to Anodot's security incident in November 2025. The ShinyHunters cybercrime gang is demanding ransom payments from the affected companies in exchange for the release of stolen data. This attack highlights the growing threat of cloud-based cybercrime and the need for robust cybersecurity measures to protect personal data.
Published: Tue Apr 7 16:49:20 2026 by llama3.2 3B Q4_K_M
A devastating campaign of AI-driven Microsoft device code phishing attacks has been uncovered, compromising hundreds of organizations daily. The attackers use advanced techniques such as compromised domains and dynamic device code generation to bypass MFA and gain unauthorized access to corporate email inboxes. With the link to a new Microsoft device-code phishing kit, it is clear that these attacks are having a significant impact on global cybersecurity.
Published: Tue Apr 7 17:07:24 2026 by llama3.2 3B Q4_K_M
Iranian hackers have been targeting industrial control systems across the United States, including energy and water utilities, with devastating effects. As tensions between the US and Iran continue to escalate, it is clear that a new era of cyber warfare has dawned on the global stage. The Iranian government's use of cyber warfare against the US poses a significant threat to national security, and it is essential that policymakers take immediate action to address this threat.
Published: Tue Apr 7 18:10:10 2026 by llama3.2 3B Q4_K_M
A critical vulnerability in Flowise has been actively exploited by attackers, exposing systems to full compromise. This flaw allows remote code execution and file system access due to improper validation of user-supplied JavaScript. Understanding the threat is essential for defenders to prioritize patching the vulnerability.
Published: Tue Apr 7 18:23:20 2026 by llama3.2 3B Q4_K_M
A revolutionary breakthrough in cybersecurity: an AI model capable of generating zero-day vulnerabilities has been developed by Anthropic. The company is providing a limited preview version to select industry partners and is offering significant financial incentives to encourage participation.
Published: Tue Apr 7 19:35:17 2026 by llama3.2 3B Q4_K_M
Hackers have discovered a critical vulnerability in the Ninja Forms File Uploads plugin for WordPress, allowing them to execute arbitrary code remotely and deploy web shells. With over 600,000 downloads, this widely used plugin poses a significant threat to users who rely on it for file uploads. To avoid potential risks, including data breaches and site takeovers, users are urged to upgrade to the latest version.
Published: Tue Apr 7 19:44:05 2026 by llama3.2 3B Q4_K_M
Pro-Iran hackers have been identified as a major threat to U.S. critical infrastructure, according to a recent advisory issued by CISA and several other federal agencies. The warning comes as tensions between the United States and Iran escalate, with President Donald Trump announcing his intention to suspend bombing and attacks on Iran for a period of two weeks.
Published: Tue Apr 7 19:51:39 2026 by llama3.2 3B Q4_K_M
Iranian-affiliated actors have escalated intrusions targeting critical US water and energy facilities, with the FBI and American cyber defense agencies issuing a joint alert warning of escalating intrusions. The threat posed by these attacks is significant, as PLCs are used to control and monitor industrial equipment in critical facilities.
Published: Tue Apr 7 20:06:31 2026 by llama3.2 3B Q4_K_M
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
The recent surge in cyber attacks orchestrated by Iranian hacking groups against U.S. organizations has resulted in significant disruptions in critical infrastructure, including programmable logic controllers (PLCs). The attacks have led to diminished PLC functionality, manipulation of display data, operational disruption, and financial loss.
To combat the threat, organizations are advised to take steps to prevent remote modification, implement multi-factor authentication (MFA), and erect a firewall or network proxy in front of the PLC. Additionally, keeping PLC devices up-to-date, disabling any unused authentication features, and monitoring for unusual traffic are also recommended.
The recent escalation in cyber attacks against U.S. organizations has significant implications for defenders, according to JUMPSEC. "The adoption of a Russian criminal MaaS by an Iranian state actor has direct implications for defenders," JUMPSEC said in a report shared with The Hacker News. "Organizations targeted by MuddyWater, especially in the defense, aerospace, energy, and government sectors, now face threats that combine state-level targeting with commercially developed offensive tools."
Published: Wed Apr 8 02:13:14 2026 by llama3.2 3B Q4_K_M
Microsoft, one of the world's leading technology companies, has announced that it will reevaluate its datacenter design in response to escalating cyber threats in the Middle East. The move reflects a shift towards prioritizing security and adhering to strong international rules to promote the protection of civilian infrastructure.
Published: Wed Apr 8 03:35:15 2026 by llama3.2 3B Q4_K_M
A Global Epidemic of Online Harassment: The Dark Side of Telegram
Thousands of men are sharing nonconsensual images of women and girls, buying spyware, and engaging in doxing and sexual abuse on Telegram. A new report by AI Forensics reveals the extent of this problem and highlights the need for greater regulation and oversight of online platforms like Telegram to prevent further exploitation.
Published: Wed Apr 8 03:46:35 2026 by llama3.2 3B Q4_K_M
North Korean hackers have expanded their malicious package campaign across multiple open-source ecosystems, compromising developer environments for espionage and financial gain. With more than 1,700 identified packages linked to this activity, the attack serves as a reminder of the evolving nature of cyber threats. Stay informed with our latest news and expert insights on the world of cybersecurity.
Published: Wed Apr 8 04:05:19 2026 by llama3.2 3B Q4_K_M
Iran-linked actors have been targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure networks across the United States, resulting in operational disruptions and financial losses for several U.S.-based organizations. The attacks are linked to groups such as CyberAv3ngers, associated with Iran's IRGC, and other known Iranian-affiliated APT actors.
Published: Wed Apr 8 04:15:12 2026 by llama3.2 3B Q4_K_M
The Immigration and Customs Enforcement (ICE) agency has confirmed its use of notorious Graphite spyware, raising concerns about individual freedoms and government surveillance. This disturbing admission highlights a critical need for greater transparency and oversight in the handling of sensitive technologies like Graphite, which could have severe implications for civil liberties and national security.
Published: Wed Apr 8 05:36:17 2026 by llama3.2 3B Q4_K_M
NHS Scotland-Linked Domains Hijacked to Serve Malicious Content
In a shocking revelation, multiple domains linked to NHS Scotland have been hijacked and are now being used to push links to adult content and illegal sports streams. The incident highlights the need for increased vigilance and awareness among healthcare organizations in Scotland, and raises serious concerns about the security posture of these organizations.
Published: Wed Apr 8 05:53:44 2026 by llama3.2 3B Q4_K_M
Anthropic has unveiled its groundbreaking AI-powered cybersecurity initiative, Claude Mythos, which promises to revolutionize the way vulnerabilities are discovered and addressed. Thousands of previously unknown flaws have been uncovered across major operating systems and web browsers using this cutting-edge technology. As Anthropic partners with industry leaders to secure critical software, the question remains – can human oversight effectively tame the power of AI in cybersecurity?
Published: Wed Apr 8 06:01:48 2026 by llama3.2 3B Q4_K_M
A prominent Dutch healthcare software vendor, ChipSoft, has fallen victim to a ransomware attack on April 7, 2026, leaving 11 hospitals offline. The company provides patient record software to hospitals across the Netherlands with around 80 percent of all facilities using their services. The attack has highlighted the need for robust cybersecurity measures and preparedness among healthcare organizations.
Published: Wed Apr 8 07:11:07 2026 by llama3.2 3B Q4_K_M
The modern enterprise is facing an unprecedented threat landscape, with identity-based attacks becoming increasingly sophisticated and relentless. To address this concern, Gartner has introduced the Identity Visibility and Intelligence Platform (IVIP), a fundamental 'System of Systems' that provides an independent layer of oversight above access management and governance.
Published: Wed Apr 8 07:20:21 2026 by llama3.2 3B Q4_K_M
Anthropic's Project Glasswing aims to revolutionize cybersecurity by harnessing the power of artificial intelligence (AI) to detect and fix vulnerabilities in critical software before hackers can exploit them. This initiative is part of a larger effort to address the growing threat of cyberattacks on critical infrastructure, including banking, healthcare, energy, and government systems.
Published: Wed Apr 8 07:31:19 2026 by llama3.2 3B Q4_K_M
APT28 has been found to be hijacking thousands of consumer routers in 120 countries, targeting unsuspecting users with espionage campaigns. The attackers exploited vulnerabilities in older router models to gain control over these devices and intercept sensitive information. To avoid falling victim to this attack, it is crucial to stay informed about the latest security threats and take necessary precautions such as replacing end-of-life routers and being cautious when encountering browser warnings.
Published: Wed Apr 8 08:54:13 2026 by llama3.2 3B Q4_K_M
Signature Healthcare, a non-profit community teaching hospital in Massachusetts, has been hit by a cyberattack that has disrupted patient care and pharmacy services. Despite efforts to minimize the impact on patient safety, patients who rely on pharmacy services were unable to receive their prescribed medication due to a disruption in the dispensing process.
Published: Wed Apr 8 10:10:19 2026 by llama3.2 3B Q4_K_M
Apt28's Operation Prismex: The Sophisticated Russian Espionage Campaign Targeting Ukraine and NATO Allies
In this in-depth article, we explore the details of APT28's Operation Prismex, a complex spear-phishing campaign targeting Ukraine and its allies. Learn how APT28 has utilized zero-day exploits and developed a previously undocumented malware suite known as PRISMEX to compromise supply chains and disrupt operations.
Published: Wed Apr 8 11:45:58 2026 by llama3.2 3B Q4_K_M
A previously unknown remote code execution (RCE) vulnerability has been discovered in Apache ActiveMQ Classic, a widely deployed open-source message broker, which can be exploited to execute arbitrary commands by attackers. The vulnerability, tracked as CVE-2026-34197, was uncovered using the Claude AI assistant and affects versions of Apache ActiveMQ/Broker before 5.19.4, and all versions from 6.0.0 up to 6.2.3. Researchers recommend that organizations running ActiveMQ treat this as a high priority due to its repeated targeting by real-world attackers.
Published: Wed Apr 8 12:57:08 2026 by llama3.2 3B Q4_K_M
Data Leakage Vulnerability Patched in OpenSSL
RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years
FBI: Cybercrime Losses Neared $21 Billion in 2025
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
Evasive Masjesu DDoS Botnet Targets IoT Devices
Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking
Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks
Anthropic Unveils ‘Claude Mythos’ A Cybersecurity Breakthrough That Could Also Supercharge Attacks
The New Rules of Engagement: Matching Agentic Attack Speed
CISA Issues Updated RESURGE Malware Analysis Highlighting a Stealthy but Active Threat
Immediate Action Required: CISA Issues Emergency Directive to Secure Cisco SD-WAN Systems
CISA Announces New Town Halls to Engage with Stakeholders on Cyber Incident Reporting for Critical Infrastructure
CISA’s 2025 Year in Review: Driving Security and Resilience Across Critical Infrastructure
CISA Releases Guide to Help Critical Infrastructure Users Adopt More Secure Communication
CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats
CISA Urges Critical Infrastructure Organizations to Take Action Against Insider Threats
CISA Releases Product Categories List to Propel Post-Quantum Cryptography Adoption Pursuant to President Trump’s Executive Order 14306
CISA, UK NCSC, FBI Unveil Principles to Combat Cyber Risks in OT
CISA Retires Ten Emergency Directives, Marking an Era in Federal Cybersecurity
The End is Just the Beginning of Better Security: Enhanced Vulnerability Management with OpenEoX
Super Bowl LX: Strengthening Preparation, Building Resilience, Fostering Partnerships
NCSWIC releases the “‘What is a PACE Plan” video
CISA Urges Critical Infrastructure to Be Air Aware
Helping OT Organizations to Establish Defensible Architecture and More Resilient Operations
The Mandate, Mission, and Momentum to lead the CVE Program into the Future belongs to CISA
The Joint SAFECOM-NCSWIC Project 25 (P25) User Needs Working Group (UNWG) releases the UNWG Video Series
Tackling the National Gap in Software Understanding
Securing Core Cloud Identity Infrastructure: Addressing Advanced Threats through Public-Private Collaboration
SAFECOM Releases the Emergency Communications System Lifecycle Planning Guide Suite Refresh
Mitsubishi Electric GENESIS64 and ICONICS Suite products
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
Hitachi Energy Ellipse
Siemens SICAM 8 Products
Yokogawa CENTUM VP
CISA Adds One Known Exploited Vulnerability to Catalog
Anritsu Remote Spectrum Monitor
PX4 Autopilot
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
OpenCode Systems OC Messaging and USSD Gateway
WAGO GmbH & Co. KG Industrial Managed Switches
PTC Windchill Product Lifecycle Management
CISA Adds One Known Exploited Vulnerability to Catalog
CISA Adds One Known Exploited Vulnerability to Catalog
Grassroots DICOM (GDCM)
Schneider Electric EcoStruxure Foxboro DCS
Schneider Electric Plant iT/Brewmaxx
Pharos Controls Mosaic Show Controller
Russian Intelligence Services Target Commercial Messaging Application Accounts
CISA Adds Five Known Exploited Vulnerabilities to Catalog
Schneider Electric EcoStruxure Automation Expert
Mitsubishi Electric CNC Series
IGL-Technologies eParking.fi
Schneider Electric Modicon M241, M251, and M262
CTEK Chargeportal
Schneider Electric EcoStruxure PME and EPO
CISA Adds One Known Exploited Vulnerability to Catalog
[webapps] FortiWeb 8.0.2 - Remote Code Execution
[local] 7-Zip 24.00 - Directory Traversal
[webapps] xibocms 3.3.4 - RCE
[local] SQLite 3.50.1 - Heap Overflow
[local] Microsoft MMC MSC EvilTwin - Local Admin Creation
[webapps] Horilla v1.3 - RCE
[local] is-localhost-ip 2.0.0 - SSRF
[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
[local] Windows Kernel - Elevation of Privilege
[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
[webapps] ASP.net 8.0.10 - Bypass
[webapps] Grafana 11.6.0 - SSRF
[webapps] Zhiyuan OA - arbitrary file upload leading
[webapps] WBCE CMS 1.6.4 - Remote Code Execution
[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
[webapps] WordPress Madara - Local File Inclusion
[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
[webapps] mailcow 2025-01a - Host Header Password Reset Poisoning
[webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow
[webapps] WeGIA 3.5.0 - SQL Injection
[webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)
[webapps] motionEye 0.43.1b4 - RCE
[remote] Windows 10.0.17763.7009 - spoofing vulnerability
[local] glibc 2.38 - Buffer Overflow
[remote] windows 10/11 - NTLM Hash Disclosure Spoofing
[remote] Redis 8.0.2 - RCE
[webapps] OctoPrint 1.11.2 - File Upload
[remote] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
[webapps] aiohttp 3.9.1 - directory traversal PoC
[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
[webapps] Piranha CMS 12.0 - Stored XSS in Text Block
[webapps] RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)
[hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
[webapps] RPi-Jukebox-RFID 2.8.0 - Remote Command Execution
[webapps] Siklu EtherHaul Series EH-8010 - Arbitrary File Upload
[webapps] Siklu EtherHaul Series EH-8010 - Remote Command Execution
[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
[webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
[webapps] esm-dev 136 - Path Traversal
[webapps] Pluck 4.7.7-dev2 - PHP Code Execution
[webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery(CSRF)
[webapps] phpMyFAQ 2.9.8 - Cross-Site Request Forgery (CSRF)
[webapps] MaNGOSWebV4 4.0.6 - Reflected XSS
[webapps] Django 5.1.13 - SQL Injection
[webapps] phpMyFaq 2.9.8 - Cross Site Request Forgery (CSRF)
[webapps] MobileDetect 2.8.31 - Cross-Site Scripting (XSS)
[webapps] phpIPAM 1.4 - SQL-Injection
SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI
SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library
Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility
[KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability
[CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability
APPLE-SA-03-24-2026-10 Xcode 26.4
APPLE-SA-03-24-2026-9 Safari 26.4
APPLE-SA-03-24-2026-8 visionOS 26.4
APPLE-SA-03-24-2026-7 watchOS 26.4
APPLE-SA-03-24-2026-6 tvOS 26.4
APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5
APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5
APPLE-SA-03-24-2026-3 macOS Tahoe 26.4
APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7
APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4
Re: systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue
Re: [EXTERN] Re: [oss-security] Multiple CVEs disclosed in CUPS
CVE-2026-5083: Ado::Sessions versions through 0.935 for Perl generates insecure session ids
CVE-2026-5082: Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id
Re: Axios Supply-Chain Attack [v1.14.1] [0.30.4] --> plain-crypto-js [4.2.0][4.2.1]
Fwd: [siren] Severity: High Potential Malicious Campaign Underway Targeting Open Source Developers via Slack
Re: Multiple CVEs disclosed in CUPS
Multiple CVEs disclosed in CUPS
systemd-journald in systemd 259 does not escape characters in emerg messages that are wall'd to other user's terminals
Re: libcap-2.77 (since libcap-2.04) has TOCTOU privilege escalation issue
[vim-security] Netbeans command injection in Vim < v9.2.0316
[OSSA-2026-005] Keystone: Restricted application credentials can create EC2 credentials (CVE-2026-33551)
OpenSSL Security Advisory
Django CVE-2026-3902, CVE-2026-4277, CVE-2026-4292, CVE-2026-33033, and CVE-2026-33034