no alarms and no surprises please..
-
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability Shortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there’s been zero-day activity for at least a month. Rob Wright Go to gbhackers.com
-
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia
Silver Fox Springs Tax-Themed Attacks on Orgs in India, Russia More than 1,600 socially engineered messages from the China-backed advanced persistent threat (APT) group target various sectors to deliver the previously undocumented ABCDoor backdoor, ValleyRAT, and other malware. Elizabeth Montalbano Go to gbhackers.com
-
How Dark Reading Lifted Off the Launchpad in 2006
How Dark Reading Lifted Off the Launchpad in 2006 Twenty years ago, this media brand didn’t have a print edition to attract eyeballs and sponsors. Top-notch content and editorial talent did the heavy lifting. Terry Sweeney Go to gbhackers.com
-
Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers
Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers New research has uncovered a Mirai-derived botnet called xlabs_v1 that turns Android devices with exposed Android Debug Bridge (ADB) into a distributed attack platform for knocking… Delivered by PolitePaul service Go to gbhackers.com
-
276 Arrested as Authorities Dismantle Crypto Scam Centers Targeting Americans
276 Arrested as Authorities Dismantle Crypto Scam Centers Targeting Americans In an unprecedented international law enforcement operation, authorities have dismantled at least nine overseas cryptocurrency scam centers, resulting in the arrest of 276 individuals. The… Delivered by PolitePaul service Go to gbhackers.com
-
CISA Flags Linux Kernel Vulnerability as Threat Actors Launch Attacks
CISA Flags Linux Kernel Vulnerability as Threat Actors Launch Attacks The Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity Linux kernel vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as… Delivered by PolitePaul service Go to gbhackers.com
-
New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks
New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks The Apache MINA project has issued urgent security updates to address two severe vulnerabilities. These security flaws could allow malicious actors to execute unauthorized… Delivered by PolitePaul service Go to gbhackers.com
-
DOJ Sentences Two Americans for ALPHV BlackCat Ransomware Attacks
DOJ Sentences Two Americans for ALPHV BlackCat Ransomware Attacks The U.S. Department of Justice (DOJ) has sentenced two American cybersecurity professionals to prison for their involvement in ALPHV BlackCat ransomware attacks that targeted… Delivered by PolitePaul service Go to gbhackers.com
-
Instructure confirms data breach, ShinyHunters claims attack
Instructure confirms data breach, ShinyHunters claims attack Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. […] Lawrence Abrams Go to bleepingcomputer
-
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha
Microsoft Defender wrongly flags DigiCert certs as Trojan:Win32/Cerdigent.A!dha Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. […] Lawrence Abrams Go to bleepingcomputer
-
Telegram Mini Apps abused for crypto scams, Android malware delivery
Telegram Mini Apps abused for crypto scams, Android malware delivery Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram’s Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. […] Lawrence Abrams Go to bleepingcomputer
-
CISA Warns of cPanel & WHM Vulnerability Exploited in Attacks
CISA Warns of cPanel & WHM Vulnerability Exploited in Attacks The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw affecting widely used web hosting management platforms. CISA recently added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, indicating that threat actors are actively abusing it…
-
Critical MOVEit Vulnerabilities Enables Authentication Bypass
Critical MOVEit Vulnerabilities Enables Authentication Bypass Progress Software has issued a critical security bulletin for its MOVEit Automation platform. This April 2026 alert warns of two highly severe vulnerabilities that could allow attackers to bypass security checkpoints and gain full system control. MOVEit Automation is widely used by enterprises to manage and automate secure file…
-
Threat Actors Use AI to Automate 0-Day Discovery and Exploitation at Machine Speed
Threat Actors Use AI to Automate 0-Day Discovery and Exploitation at Machine Speed The way cyberattacks are launched has fundamentally changed. Threat actors are no longer spending months hunting for software flaws by hand. With artificial intelligence in their toolkit, they can now discover and exploit zero-day vulnerabilities in minutes, placing organizations across every sector…
-
FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as Root
FreeBSD DHCP Client Vulnerability Enables Remote Code Execution as Root The FreeBSD Project has released a critical security advisory addressing a severe flaw in its default IPv4 DHCP client. Tracked as CVE-2026-42511, this vulnerability allows a local network attacker to execute arbitrary code as root, granting them complete control over the compromised machine. Discovered by Joshua…
-
Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks
Email Bombing and Fake IT Support Calls Fuel New Microsoft Teams Phishing Attacks A new wave of cyberattacks is targeting employees through a combination of inbox flooding and fake IT support contacts on Microsoft Teams, tricking users into handing over remote access to their own devices. These attacks have been growing steadily since the start…
-
TR-26-0143 (Linux Kernel Güvenlik Bildirimi)
TR-26-0143 (Linux Kernel Güvenlik Bildirimi) Go to usom.gov
-
TR-26-0142 (Tegsoft Yönetim ve Bilişim – Canlı Destek Uygulaması Güvenlik Bildirimi)
TR-26-0142 (Tegsoft Yönetim ve Bilişim – Canlı Destek Uygulaması Güvenlik Bildirimi) Go to usom.gov
-
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M
Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was led by the Dubai Police,…
-
ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)
ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Wireshark 4.6.5 Released, (Sun, May 3rd)
Wireshark 4.6.5 Released, (Sun, May 3rd) Wireshark release 4.6.5 fixes 43 vulnerabilities (38 CVEs) and 35 bugs. This high number of fixes is due to AI: “This release fixes quite a few vulnerabilities. This is due to to a recent trend in AI-assisted vulnerability reports.“ Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm…
-
Critrical cPanel flaw mass-exploited in “Sorry” ransomware attacks
Critrical cPanel flaw mass-exploited in “Sorry” ransomware attacks A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in “Sorry” ransomware attacks. […] Lawrence Abrams Go to bleepingcomputer
-
ConsentFix v3 attacks target Azure with automated OAuth abuse
ConsentFix v3 attacks target Azure with automated OAuth abuse A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. […] Bill Toulas Go to bleepingcomputer
-
Trellix Source Code Breach – Hackers Gain Unauthorized Access to Repository
Trellix Source Code Breach – Hackers Gain Unauthorized Access to Repository Cybersecurity giant Trellix has disclosed a significant security incident involving unauthorized access to a portion of its source code repository. The company confirmed the breach in an official statement published on its website, stating it immediately engaged leading forensic experts upon discovering the intrusion.…
-
Hackers Breach Government and Military Servers by Exploiting cPanel Vulnerability
Hackers Breach Government and Military Servers by Exploiting cPanel Vulnerability A sophisticated adversarial campaign targeting South-East Asian government and military infrastructure, combining rapid exploitation of a critical cPanel authentication bypass with a custom zero-day exploit chain against an Indonesian defense-sector portal and ultimately pivoting to exfiltrate over 4GB of sensitive Chinese railway documents. The campaign’s…
-
Multiple Exim Mail Server Vulnerabilities Leads to Crash with Malicious DNS data
Multiple Exim Mail Server Vulnerabilities Leads to Crash with Malicious DNS data The Exim development team has released version 4.99.2 to address four newly discovered security vulnerabilities affecting their mail server software. These flaws allow attackers to potentially crash servers, corrupt memory, or leak sensitive information. Because Exim is one of the most widely used…
-
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV
CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2026-31431 (CVSS score: 7.8), is…
-
Proof-of-concept exploit available for Linux ‘Copy Fail’ vulnerability (CVE-2026-31431)
Proof-of-concept exploit available for Linux ‘Copy Fail’ vulnerability (CVE-2026-31431) Categories: Threat Research Tags: advisory, Linux, Copy Fail Go to sophos
-
Massive Facebook Phishing Operation Leverages AppSheet, Netlify, and Telegram
Massive Facebook Phishing Operation Leverages AppSheet, Netlify, and Telegram Cybersecurity researchers at Guardio Labs have uncovered a massive phishing operation dubbed AccountDumpling that has compromised more than 30,000 Facebook accounts worldwide. Unlike conventional… Delivered by PolitePaul service Go to gbhackers.com
-
cPanelSniper PoC Exploit Disclosed as 44,000 Servers Reportedly Compromised
cPanelSniper PoC Exploit Disclosed as 44,000 Servers Reportedly Compromised A critical zero-day vulnerability in cPanel and WebHost Manager (WHM) is under massive active exploitation following the public release of a sophisticated proof-of-concept exploit…. Delivered by PolitePaul service Go to gbhackers.com
-
EtherRAT Uses SEO Poisoning and Fake GitHub Pages to Target Enterprise Admins
EtherRAT Uses SEO Poisoning and Fake GitHub Pages to Target Enterprise Admins A newly uncovered cyber campaign dubbed “EtherRAT” is raising concerns across enterprise environments, as attackers combine SEO poisoning, GitHub abuse, and blockchain-based infrastructure to… Delivered by PolitePaul service Go to gbhackers.com
-
Microsoft tests modern Windows Run, says it’s faster than legacy dialog
Microsoft tests modern Windows Run, says it’s faster than legacy dialog Microsoft has confirmed that Windows 11 is getting a new modern Run dialog with dark mode support and faster performance in a new preview build. […] Mayank Parmar Go to bleepingcomputer
-
Edu tech firm Instructure discloses cyber incident, probes impact
Edu tech firm Instructure discloses cyber incident, probes impact Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. […] Lawrence Abrams Go to bleepingcomputer
-
15-year-old detained over French govt agency data breach
15-year-old detained over French govt agency data breach French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country’s agency for issuing and managing administrative documents. […] Ionut Ilascu Go to bleepingcomputer
-
Story retracted
Story retracted BleepingComputer initially published a story about a new data breach at Instructure. Shortly after publication, we determined that the information was incorrect and primarily based on outdated details from a prior incident. The article has been retracted, and we regret the error. […] BleepingComputer Go to bleepingcomputer
-
Attackers Deploy AiTM Phishing Pages to Access SharePoint, HubSpot, and Google Workspace
Attackers Deploy AiTM Phishing Pages to Access SharePoint, HubSpot, and Google Workspace Threat actors are rapidly shifting their intrusion tradecraft toward high-speed, SaaS-centric attacks that completely bypass traditional endpoint security. Since October 2025, security researchers have tracked two distinct adversaries, identified as CORDIAL SPIDER and SNARKY SPIDER, conducting aggressive data theft campaigns. These groups operate…
-
Attackers Abuse Google AppSheet, Netlify, and Telegram in Facebook Phishing Campaign
Attackers Abuse Google AppSheet, Netlify, and Telegram in Facebook Phishing Campaign A sophisticated cybercriminal operation dubbed “AccountDumpling” has compromised approximately 30,000 Facebook accounts worldwide. Discovered by Guardio Labs, this Vietnamese-linked campaign abuses Google’s AppSheet platform to bypass traditional email security filters. By routing fully authenticated phishing lures through legitimate channels, the attackers successfully harvest credentials…
-
cPanelSniper – PoC Exploit Disclosed for cPanel Vulnerability, 44,000 Servers Compromised
cPanelSniper – PoC Exploit Disclosed for cPanel Vulnerability, 44,000 Servers Compromised A weaponized proof-of-concept (PoC) exploit framework dubbed “cPanelSniper” has been publicly released for CVE-2026-41940, a maximum-severity authentication bypass in cPanel & WHM that has already led to the compromise of tens of thousands of servers worldwide with attack activity traced as far back as…
-
Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations
Criminal IP and Securonix ThreatQ Collaborate to Enhance Threat Intelligence Operations Torrance, United States / California, May 1st, 2026, CyberNewswire Criminal IP partners with Securonix to integrate Criminal IP’s Threat Intelligence into ThreatQ, allowing organizations to incorporate external IP intelligence into their existing workflows, helping security teams accelerate analysis and response with more actionable context.…
-
EtherRAT Campaign Uses SEO Poisoning and GitHub Facades to Target Enterprise Admins
EtherRAT Campaign Uses SEO Poisoning and GitHub Facades to Target Enterprise Admins A new and well-planned malware campaign has been actively targeting enterprise administrators, DevOps engineers, and security analysts by hijacking their everyday search habits. Rather than using mass phishing or broad spam waves, threat actors behind this operation have carefully crafted a delivery chain…
-
Trellix Confirms Source Code Breach With Unauthorized Repository Access
Trellix Confirms Source Code Breach With Unauthorized Repository Access Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a “portion” of its source code. It said it “recently identified” the compromise of its source code repository and that it began working with “leading forensic experts” to resolve the matter…
-
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign
30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a “phishing relay” to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the stolen accounts back through an illicit…
-
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackFile, CL-CRI-1116, O-UNC-045, and UNC6671) and Snarky Spider…
-
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists
China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the activity to a threat activity cluster it tracks under the…
-
Top Five Sales Challenges Costing MSPs Cybersecurity Revenue
Top Five Sales Challenges Costing MSPs Cybersecurity Revenue The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs leave revenue on the table because their go-to-market strategy fails to connect technical expertise with business needs.…
-
A Ransomware Negotiator Was Working for a Ransomware Gang
A Ransomware Negotiator Was Working for a Ransomware Gang Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients. Bruce Schneier Go to bruce schneier
-
Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st)
Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st) Introduction As macbooks and mac minis become more popular, we’re seeing more campaigns targeting these macOS hosts. Malicious ads have popped up in search results that can lead potential victims to pages that present themselves as legitimate malware but instead are malware. This diary…
-
76% of All Crypto Stolen in 2026 Is Now in North Korea
76% of All Crypto Stolen in 2026 Is Now in North Korea North Korean threat actors are pulling off historic cryptocurrency heists on a yearly, sometimes weekly basis now. AI might be helping them. Nate Nelson Go to gbhackers.com
-
If AI’s So Smart, Why Does It Keep Deleting Production Databases?
If AI’s So Smart, Why Does It Keep Deleting Production Databases? The issue isn’t artificial intelligence, but rather an industry adding AI agent integrations into production environments before proper security testing. Alexander Culafi Go to gbhackers.com
-
Name That Toon: Mark of (Security) Progress
Name That Toon: Mark of (Security) Progress Feeling creative? Have something to say about the last 20 years of cybersecurity? Our editors will award the best cybersecurity-related caption with a $20 gift card. John Klossner Go to gbhackers.com
-
20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage
20 Years in Cyber: Dark Reading Marks Milestone With Month of Special Coverage On this day in 2006, Dark Reading went live. We have a celebration planned that spans our two decades of covering the industry, and you, dear readers, are invited. Kelly Jackson Higgins Go to gbhackers.com
-
New Android Spyware Platform Enables Rebranding and Resale
New Android Spyware Platform Enables Rebranding and Resale A newly discovered Android spyware platform is raising concerns among cybersecurity researchers by introducing a business model that allows buyers to rebrand and resell… Delivered by PolitePaul service Go to gbhackers.com
-
CAPTCHA and ClickFix Abuse Fuels Credential Theft Surge
CAPTCHA and ClickFix Abuse Fuels Credential Theft Surge Attackers are increasingly combining QR codes, fake CAPTCHA gates, and ClickFix-style tricks to steal credentials at scale, even as major phishing-as-a-service (PhaaS) platforms face… Delivered by PolitePaul service Go to gbhackers.com
-
Multiple Exim Mail Server Vulnerabilities Could Trigger Crashes via Malicious DNS Data
Multiple Exim Mail Server Vulnerabilities Could Trigger Crashes via Malicious DNS Data The developers of the Exim mail server have officially rolled out version 4.99.2 to address four newly discovered security vulnerabilities. This critical update patches… Delivered by PolitePaul service Go to gbhackers.com
-
DDoS Malware Targets Jenkins to Hit Valve Game Servers
DDoS Malware Targets Jenkins to Hit Valve Game Servers A new DDoS botnet that abuses exposed Jenkins servers to launch powerful attacks against Valve Source Engine game infrastructure, including servers hosting titles like… Delivered by PolitePaul service Go to gbhackers.com
-
Multiple Wireshark Vulnerabilities Allow Arbitrary Code Execution via Malformed Packets
Multiple Wireshark Vulnerabilities Allow Arbitrary Code Execution via Malformed Packets The Wireshark Foundation has released version 4.6.5 of its widely used network protocol analyzer, addressing a massive wave of security vulnerabilities. This urgent update… Delivered by PolitePaul service Go to gbhackers.com
-
Windows 11 KB5083631 update released with 34 changes and fixes
Windows 11 KB5083631 update released with 34 changes and fixes Microsoft has released the KB5083631 optional cumulative update for Windows 11, which includes 34 changes, such as a new Xbox mode for Windows PCs, enhanced security and performance for batch files, and performance improvements for launching startup apps. […] Sergiu Gatlan Go to bleepingcomputer
-
US ransomware negotiators get 4 years in prison over BlackCat attacks
US ransomware negotiators get 4 years in prison over BlackCat attacks Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. […] Sergiu Gatlan Go to bleepingcomputer
-
New Bluekit phishing service includes an AI assistant, 40 templates
New Bluekit phishing service includes an AI assistant, 40 templates A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for generating campaign drafts. […] Bill Toulas Go to bleepingcomputer
-
Romanian leader of online swatting ring gets 4 years in prison
Romanian leader of online swatting ring gets 4 years in prison A Romanian national who led an online swatting ring that targeted more than 75 public officials, multiple journalists, and four religious institutions was sentenced to 4 years in federal prison. […] Sergiu Gatlan Go to bleepingcomputer
-
FBI links cybercriminals to sharp surge in cargo theft attacks
FBI links cybercriminals to sharp surge in cargo theft attacks The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. […] Sergiu Gatlan Go to bleepingcomputer
-
China-Aligned Attackers Use ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign
China-Aligned Attackers Use ShadowPad, IOX Proxy, and WMIC in Multi-Stage Espionage Campaign A China-aligned threat group has been carrying out a carefully planned espionage campaign against government agencies and critical infrastructure across Asia. The group, tracked under the temporary designation SHADOW-EARTH-053, has been active since at least December 2024, quietly targeting organizations in at least…
-
New Fake CAPTCHA Campaign Uses SMS Pumping Fraud to Run Up Victims’ Phone Bills
New Fake CAPTCHA Campaign Uses SMS Pumping Fraud to Run Up Victims’ Phone Bills A newly documented scam campaign is using fake CAPTCHA pages to silently trigger dozens of international SMS messages from victims’ mobile phones, leaving them with unexpected charges on their phone bills. What looks like a routine “prove you’re human” step online…
-
Critical Wireshark Vulnerabilities Let Attackers Execute Arbitrary Code Via Malformed Packets
Critical Wireshark Vulnerabilities Let Attackers Execute Arbitrary Code Via Malformed Packets Wireshark, the world’s most widely used open-source network protocol analyzer, has released a major security update addressing over 40 vulnerabilities, several of which enable arbitrary code execution through malformed packet injection or malicious capture files. Organizations and individuals relying on Wireshark for network monitoring,…
-
Anthropic Launches Claude Security in Public Beta for Enterprise Customers
Anthropic Launches Claude Security in Public Beta for Enterprise Customers Anthropic has opened Claude Security to public beta for Claude Enterprise customers, bringing AI-powered vulnerability detection directly into production codebases without the need for custom tooling or API integrations. Claude Security leverages the Opus 4.7 model to perform end-to-end security analysis across your codebase. The…
-
Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications
Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software, triggering an MS-DEFCON level 3 advisory from security patch analyst Susan Bradley at AskWoody. The problematic update, KB5083769, applies to Windows 11 versions 24H2…
-
This month in security with Tony Anscombe – April 2026 edition
This month in security with Tony Anscombe – April 2026 edition Warnings about helpdesk impersonation scams and Iran-linked hackers targeting critical sectors in the US, plus the most damaging scams of 2025 – here’s some of what made the headlines this month Go to eset
-
TR-26-0141 (MeWare Yazılım – PDKS Güvenlik Bildirimi)
TR-26-0141 (MeWare Yazılım – PDKS Güvenlik Bildirimi) Go to usom.gov
-
TR-26-0140 (cPanel Güvenlik Bildirimi)
TR-26-0140 (cPanel Güvenlik Bildirimi) Go to usom.gov
-
TR-26-0139 (Dell Disk Library/iDRAC10 Güvenlik Bildirimi)
TR-26-0139 (Dell Disk Library/iDRAC10 Güvenlik Bildirimi) Go to usom.gov
-
TR-26-0138 (Elastic Package Registry Güvenlik Bildirimi)
TR-26-0138 (Elastic Package Registry Güvenlik Bildirimi) Go to usom.gov
-
TR-26-0137 (Wazuh Güvenlik Zafiyeti)
TR-26-0137 (Wazuh Güvenlik Zafiyeti) Go to usom.gov
-
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2…
-
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It…
-
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. “The intrusion chain begins with execution of a batch script (‘install_obf.bat’)…
-
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order…
-
New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions
New Linux ‘Copy Fail’ Vulnerability Enables Root Access on Major Distributions Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fail by Xint.io and Theori. “An unprivileged local…
-
‘Mini Shai-Hulud’ supply chain attack targets SAP npm packages
‘Mini Shai-Hulud’ supply chain attack targets SAP npm packages Categories: Threat Research Tags: advisory, NPM, SAP Go to sophos
-
Fast16 Malware
Fast16 Malware Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: “…the Fast16 malware was designed to carry out the most subtle form of sabotage ever seen in an in-the-wild malware tool: By automatically spreading across networks and then…
-
ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914, (Fri, May 1st)
ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914, (Fri, May 1st) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Go to isc.sans.edu
-
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm’s chief executive says the malicious activity resulted from a…
-
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. Read more in my article on the Hot for Security blog. Graham Cluley Go to grahamcluley
-
TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack
TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack Several npm packages for SAP’s cloud application development ecosystem have been compromised as TeamPCP’s supply chain attacks broaden. Rob Wright Go to gbhackers.com
-
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug The proof-of-concept exploit code runs only 10 lines long, but luckily, a patch is already available. Nate Nelson Go to gbhackers.com
-
Anthropic’s Mythos Has Landed: Here’s What Comes Next for Cyber
Anthropic’s Mythos Has Landed: Here’s What Comes Next for Cyber In this latest installment of the Reporters’ Notebook video series, we discuss how the new AI model threatens to completely upend cybersecurity, and what industry leaders are telling the press. Becky Bracken, Kristina Beek Go to gbhackers.com
-
Oracle Red Bull Racing Team Revs Up Automation to Boost Security
Oracle Red Bull Racing Team Revs Up Automation to Boost Security While drivers race to shave off seconds on the track, the team’s IT and engineering staff are speeding up how they deliver security. Arielle Waldman Go to gbhackers.com
-
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP… Delivered by PolitePaul service Go to gbhackers.com
-
OpenAI Unveils Cyber Defense Roadmap Focused on AI-Powered Security
OpenAI Unveils Cyber Defense Roadmap Focused on AI-Powered Security OpenAI has released a comprehensive cyber defense roadmap titled “Cybersecurity in the Intelligence Age” to responsibly equip defenders with AI-powered security tools faster than… Delivered by PolitePaul service Go to gbhackers.com
-
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release
Attackers Exploit cPanel Authentication Bypass 0-Day After PoC Release A critical zero-day vulnerability, tracked as CVE-2026-41940, is currently being actively exploited across the web hosting industry. This CVSS 9.8 flaw allows unauthenticated remote… Delivered by PolitePaul service Go to gbhackers.com
-
Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs
Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs The Jenkins project released a critical security advisory addressing seven vulnerabilities across multiple widely used plugins. The disclosed flaws include high-severity path traversal and… Delivered by PolitePaul service Go to gbhackers.com
-
Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery
Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery A long-dormant backdoor has been uncovered in the “Quick Page/Post Redirect Plugin,” a popular WordPress add-on with over 70,000 active installations. The tampered plugin,… Delivered by PolitePaul service Go to gbhackers.com
-
Official SAP npm packages compromised to steal credentials
Official SAP npm packages compromised to steal credentials Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers’ systems. […] Lawrence Abrams Go to bleepingcomputer
-
Popular WordPress redirect plugin hid dormant backdoor for years
Popular WordPress redirect plugin hid dormant backdoor for years The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users’ sites. […] Bill Toulas Go to bleepingcomputer
-
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. […] Bill Toulas Go to bleepingcomputer
-
Hackers arrested for hijacking and selling 610,000 Roblox accounts
Hackers arrested for hijacking and selling 610,000 Roblox accounts The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. […] Bill Toulas Go to bleepingcomputer
-
cPanel, WHM emergency update fixes critical auth bypass bug
cPanel, WHM emergency update fixes critical auth bypass bug A critical vulnerability affecting all but the latest versions of cPanel and the WebHost Manager (WHM) dashboard could be exploited to obtain access to the control panel without authentication. […] Bill Toulas Go to bleepingcomputer
-
OpenAI Releases 5-Point Action Plan to Strengthen AI-Powered Cyber Defense
OpenAI Releases 5-Point Action Plan to Strengthen AI-Powered Cyber Defense OpenAI has published a comprehensive cybersecurity action plan titled “Cybersecurity in the Intelligence Age: An Action Plan for Democratizing AI-Powered Cyber Defense,” outlining a five-pillar strategy to equip trusted defenders with advanced AI capabilities while preventing adversarial misuse. Artificial intelligence is fundamentally reshaping the cybersecurity…
-
CVE MCP Server Turns Claude Into a Fully Capable Security Analyst With 27 Tools Across 21 APIs
CVE MCP Server Turns Claude Into a Fully Capable Security Analyst With 27 Tools Across 21 APIs A new open-source project called CVE MCP Server is redefining how security teams triage vulnerabilities, transforming Anthropic’s Claude AI into a fully capable security analyst by giving it direct, correlated access to 27 intelligence tools spanning 21 external…
-
Claude-Generated Commit Adds PromptMink Malware to Crypto Trading Agent
Claude-Generated Commit Adds PromptMink Malware to Crypto Trading Agent A new threat has quietly taken root in the software development world, using an AI coding assistant as an unknowing participant in a supply chain attack. A malicious npm package campaign called PromptMink surfaced after being introduced into an open-source autonomous crypto trading project through a…
-
Qinglong Task Scheduler RCE Vulnerabilities Exploited in the Wild
Qinglong Task Scheduler RCE Vulnerabilities Exploited in the Wild In early 2026, two critical authentication bypass vulnerabilities in the popular open-source Qinglong task scheduler were actively exploited by hackers. According to Snyk security reports, unauthenticated attackers breached publicly accessible panels, achieving remote code execution to install a hidden, resource-draining cryptominer named .fullgc. Qinglong is a self-hosted…