Security Brief Daily

Episode 47 — 05 May 2026 1. Weaver E-cology critical bug exploited in attacks since March Source: Bleeping Computer Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks... 2. Amazon SES increasingly abused in phishing to evade detection Source: Bleeping Computer The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, the... 3. Trellix discloses data breach after source code repository hack Source: Bleeping Computer Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000... 4. Progress warns of critical MOVEit Automation auth bypass flaw Source: Bleeping Computer Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a... 5. Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Source: The Hacker News Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign,... 6. Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks Source: The Hacker News A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting... 7. Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools Source: The Hacker News An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has... 8. 2026: The Year of AI-Assisted Attacks Source: The Hacker News On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young...

Episode 46 — 04 May 2026 1. Instructure confirms data breach, ShinyHunters claims attack Source: Bleeping Computer Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. Instructure is a U.S.-based education technology company best known for developing Canvas, a widely used learning management... 2. Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks Source: Bleeping Computer A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks. This week, an emergency update for WHM and cPanel was released to fix a critical authentication bypass flaw that allows attackers... 3. CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The... 4. Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M Source: The Hacker News A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was...

Episode 44 — 02 May 2026 1. Trellix Confirms Source Code Breach With Unauthorized Repository Access Source: The Hacker News Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to... 2. 15-year-old detained over French govt agency data breach Source: Bleeping Computer French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country’s agency for issuing and managing administrative documents. The government agency confirmed the breach and the authenticity of the data... 3. US ransomware negotiators get 4 years in prison over BlackCat attacks Source: Bleeping Computer Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. 40-year-old Ryan Clifford Goldberg (a former Sygnia incident response... 4. FBI links cybercriminals to sharp surge in cargo theft attacks Source: Bleeping Computer The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. This represents a 60% surge in losses... 5. Edu tech firm Instructure discloses cyber incident, probes impact Source: Bleeping Computer Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. The U.S.-based education technology company is best known for developing Canvas, a widely used... 6. 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign Source: The Hacker News A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the... 7. Anti-DDoS Firm Heaped Attacks on Brazilian ISPs Source: Krebs on Security A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The... 8. Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft Source: The Hacker News A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account...

Episode 43 — 01 May 2026 1. US ransomware negotiators get 4 years in prison over BlackCat attacks Source: Bleeping Computer Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. 40-year-old Ryan Clifford Goldberg (a former Sygnia incident response... 2. Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining Source: Bleeping Computer Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. Exploitation started in early February, before the security issues were disclosed publicly at the end of the month,... 3. FBI links cybercriminals to sharp surge in cargo theft attacks Source: Bleeping Computer The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. This represents a 60% surge in losses... 4. New Linux ‘Copy Fail’ flaw gives hackers root on major distros Source: Bleeping Computer An exploit has been published for a local privilege escalation vulnerability dubbed “Copy Fail” that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions. The vulnerability is tracked as CVE-2026-31431 and was discovered... 5. Anti-DDoS Firm Heaped Attacks on Brazilian ISPs Source: Krebs on Security A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The... 6. PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials Source: The Hacker News In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious... 7. New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs Source: The Hacker News Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility... 8. Hackers arrested for hijacking and selling 610,000 Roblox accounts Source: Bleeping Computer The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. The arrests were made by the police in Lviv after conducting ten searches on targeted locations, seizing $35,000 in cash, 37 mobile...

Episode 42 — 30 Apr 2026 1. Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining Source: Bleeping Computer Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. Exploitation started in early February, before the security issues were disclosed publicly at the end of the month,... 2. GitHub fixes RCE flaw that gave access to millions of private repos Source: Bleeping Computer In early March, GitHub patched a critical remote code execution vulnerability ( CVE-2026-3854 ) that could have allowed attackers to access millions of private repositories. The flaw was reported on March 4, 2026, by researchers at cybersecurity firm Wiz through GitHub's bug... 3. CISA orders feds to patch Windows flaw exploited as zero-day Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. Tracked as CVE-2026-32202 , this security flaw was reported by cybersecurity firm Akamai, which... 4. Learning from the Vercel breach: Shadow AI & OAuth sprawl Source: Bleeping Computer Learning from the Vercel breach: Shadow AI & OAuth sprawl Sponsored by Push Security April 29, 2026 09:05 AM 0 Most organizations are rightly nervous about employees adopting unapproved AI tools. Shadow AI use in the form of LLMs, where users upload sensitive data to ChatGPT,... 5. SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack Source: The Hacker News Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz,... 6. CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities... 7. Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is... 8. New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs Source: The Hacker News Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility...

Episode 41 — 29 Apr 2026 1. CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities... 2. Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854... 3. US reportedly charges Scattered Spider hacker arrested in Finland Source: Bleeping Computer A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. According to temporarily unsealed court records obtained by... 4. Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is... 5. LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure Source: The Hacker News In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The... 6. Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data Source: Bleeping Computer Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. Although the investigation is ongoing, Checkmarx believes that the access vector was the Trivy supply-chain attack attributed to the... 7. Broken VECT 2.0 ransomware acts as a data wiper for large files Source: Bleeping Computer Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. VECT has been advertised on one of the latest BreachForums iterations, inviting registered... 8. Video service Vimeo confirms Anodot breach exposed user data Source: Bleeping Computer Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. The video platform says that the threat actor accessed email addresses for some of its...

Episode 40 — 28 Apr 2026 1. Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 Source: The Hacker News Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that... 2. PyPI package with 1.1M monthly downloads hacked to push infostealer Source: Bleeping Computer An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, and it extended to the Docker image due to the package's workflow that... 3. American utility firm Itron discloses breach of internal IT network Source: Bleeping Computer Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack. The company states that it activated its cybersecurity response plan when detecting the activity last month, notified law... 4. Alleged Silk Typhoon hacker extradited to US for cyberespionage Source: Bleeping Computer A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges. According to a DOJ announcement, Xu Zewei is alleged to be a contract hacker for China's... 5. Robinhood account creation flaw abused to send phishing emails Source: Bleeping Computer Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. Starting last night, Robinhood customers began receiving "Your... 6. Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack Source: The Hacker News Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub... 7. Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware Source: The Hacker News Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of... 8. ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More Source: The Hacker News חZË_ՋŚ?ܼ|?>w%2~^:_g\ x>|̿k/;7_Fvfqz#$un׎Rc|D<@?_&\m&Vf/1d ;/vlNN=X٭ f97|[=ܨ<S[;Q|m} }...

Episode 39 — 27 Apr 2026 1. American utility firm Itron discloses breach of internal IT network Source: Bleeping Computer Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack. The company states that it activated its cybersecurity response plan when detecting the activity last month, notified law... 2. Threat actor uses Microsoft Teams to deploy new “Snow” malware Source: Bleeping Computer A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named “Snow,” which includes a browser extension, a tunneler, and a backdoor. Their goal is to steal sensitive data after deep network compromise through credential theft and...

Episode 38 — 26 Apr 2026 1. ADT confirms data breach after ShinyHunters leak threat Source: Bleeping Computer Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. In a statement shared today, the company said it detected unauthorized access to customer and prospective customer data on April... 2. Firestarter malware survives Cisco firewall updates, security patches Source: Bleeping Computer Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. The backdoor has been attributed... 3. New BlackFile extortion group linked to surge of vishing attacks Source: Bleeping Computer A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. The group, also tracked as CL-CRI-1116, UNC6671 , and Cordial Spider , is... 4. Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks Source: Bleeping Computer Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver. Zimbra is a popular email and collaboration software suite... 5. FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with a new malware called FIRESTARTER.... 6. CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active... 7. Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 Source: The Hacker News Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.... 8. Threat actor uses Microsoft Teams to deploy new “Snow” malware Source: Bleeping Computer A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named “Snow,” which includes a browser extension, a tunneler, and a backdoor. Their goal is to steal sensitive data after deep network compromise through credential theft and...

Episode 37 — 25 Apr 2026 1. ADT confirms data breach after ShinyHunters leak threat Source: Bleeping Computer Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. In a statement shared today, the company said it detected unauthorized access to customer and prospective customer data on April... 2. Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks Source: Bleeping Computer Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver. Zimbra is a popular email and collaboration software suite... 3. Firestarter malware survives Cisco firewall updates, security patches Source: Bleeping Computer Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. The backdoor has been attributed... 4. CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active... 5. New BlackFile extortion group linked to surge of vishing attacks Source: Bleeping Computer A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. The group, also tracked as CL-CRI-1116, UNC6671 , and Cordial Spider , is... 6. Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 Source: The Hacker News Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.... 7. CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks Source: CISA News Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on... 8. UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware Source: The Hacker News A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on...

Episode 36 — 24 Apr 2026 1. LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure Source: The Hacker News A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5),... 2. CISA orders feds to patch BlueHammer flaw exploited as zero-day Source: Bleeping Computer CISA has given U.S. government agencies two weeks to secure their Windows systems against a Microsoft Defender privilege escalation vulnerability that has been exploited in zero-day attacks. Tracked as CVE-2026-33825 , this high-severity security flaw allows low-privileged... 3. Hackers exploit file upload bug in Breeze Cache WordPress plugin Source: Bleeping Computer Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. The security issue is tracked as CVE-2026-3844 and has been leveraged in more than 170 exploitation... 4. CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks Source: CISA News Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on... 5. Cosmetics giant Rituals discloses data breach affecting customers Source: Bleeping Computer Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. The company revealed the security incident in a Wednesday notice, saying that the breach was... 6. New GopherWhisper APT group abuses Outlook, Slack, Discord for comms Source: Bleeping Computer A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. Active since at least 2023, the hackers have been linked... 7. CISA Warns of FIRESTARTER Malware Targeting Cisco ASA including Firepower and Secure Firewall Products Source: CISA News Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on... 8. Vercel Finds More Compromised Accounts in Context.ai-Linked Breach Source: The Hacker News Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation...

Episode 35 — 23 Apr 2026 1. New Mirai campaign exploits RCE flaw in EoL D-Link routers Source: Bleeping Computer A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. CVE-2025-29635 allows an attacker to execute arbitrary commands on remote devices by... 2. Microsoft releases emergency patches for critical ASP.NET flaw Source: Bleeping Computer Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated... 3. Kyber ransomware gang toys with post-quantum encryption on Windows Source: Bleeping Computer A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. Cybersecurity firm Rapid7 retrieved and analyzed two distinct Kyber variants in March 2026 during an... 4. Apple fixes bug that let the FBI recover deleted Signal messages Source: Bleeping Computer Article updated with statement from Signal thanking Apple for addressing the vulnerability . Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on... 5. SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation Source: The Hacker News Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to... 6. NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs Source: The Hacker News Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with... 7. Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain Source: The Hacker News Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags,... 8. Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape Source: The Hacker News A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium...

Episode 34 — 22 Apr 2026 1. Microsoft releases emergency patches for critical ASP.NET flaw Source: Bleeping Computer Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated... 2. Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks Source: Bleeping Computer Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. The security flaw, tracked as CVE-2026-32201 , affects SharePoint Enterprise Server 2016,... 3. CISA flags new SD-WAN flaw as actively exploited in attacks Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. Catalyst SD-WAN Manager (formerly known as... 4. Actively exploited Apache ActiveMQ flaw impacts 6,400 servers Source: Bleeping Computer Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. Apache ActiveMQ is the most popular open-source multi-protocol message broker... 5. Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape Source: The Hacker News A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium... 6. ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty Source: Krebs on Security A 24-year-old British national and senior member of the cybercrime group “ Scattered Spider ” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022... 7. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Source: The Hacker News A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case... 8. Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles Source: The Hacker News Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell...

Episode 33 — 21 Apr 2026 1. China's Apple App Store infiltrated by crypto-stealing wallet apps Source: Bleeping Computer A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency assets. The threat actor used multiple methods to imitate official products,... 2. CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of... 3. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Source: The Hacker News A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case... 4. Seiko USA website defaced as hacker claims customer data theft Source: Bleeping Computer The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. Visitors to the "Press Lounge" section of the site were shown a page titled "HACKED,"... 5. Vercel confirms breach as hackers claim to be selling stolen data Source: Bleeping Computer Update 4/19/26: Added additional information from Vercel that was disclosed after publishing. Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud... 6. Microsoft: Teams increasingly abused in helpdesk impersonation attacks Source: Bleeping Computer Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. The hackers impersonate IT or helpdesk staff to contact employees through cross-tenant... 7. Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Source: The Hacker News Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used... 8. Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems Source: The Hacker News Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence,...

Episode 32 — 20 Apr 2026 1. Vercel confirms breach as hackers claim to be selling stolen data Source: Bleeping Computer Update 4/19/26: Added additional information from Vercel that was disclosed after publishing. Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud... 2. Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Source: The Hacker News Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used... 3. Payouts King ransomware uses QEMU VMs to bypass endpoint security Source: Bleeping Computer The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. QEMU is an open-source CPU emulator and system virtualization tool that allows users to run operating systems... 4. Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Source: The Hacker News Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires... 5. Grinex exchange blames "Western intelligence" for $13.7M crypto hack Source: Bleeping Computer Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies. The funds were stolen from cryptocurrency wallets belonging to Russian users, as the platform enables crypto-ruble... 6. Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet Source: The Hacker News Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices... 7. Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems Source: The Hacker News Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence,... 8. $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims Source: The Hacker News Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a...

Episode 28 — 16 Apr 2026 1. US nationals behind DPRK IT worker 'laptop farm' sent to prison Source: Bleeping Computer Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. 42-year-old Kejia Wang and 39-year-old Zhenxing... 2. New AgingFly malware used in attacks on Ukraine govt, hospitals Source: Bleeping Computer A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. The attacks were spotted in Ukraine by the country's CERT team last month. Based on... 3. Critical Nginx UI auth bypass flaw now actively exploited in the wild Source: Bleeping Computer A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. The flaw, tracked as CVE-2026-33032, is caused by nginx-ui leaving the ‘/mcp_message’ endpoint unprotected,... 4. CISA flags Windows Task Host vulnerability as exploited in attacks Source: Bleeping Computer CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. Task Host is a core Windows system component that serves as a container for DLL-based processes,... 5. UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign Source: The Hacker News The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from... 6. n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Source: The Hacker News Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted... 7. Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover Source: The Hacker News A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that... 8. April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More Source: The Hacker News A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business...

Episode 27 — 15 Apr 2026 1. Critical flaw in wolfSSL library enables forged certificate use Source: Bleeping Computer A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. Researchers warn that an attacker could exploit the issue to... 2. McGraw-Hill confirms data breach following extortion threat Source: Bleeping Computer Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. The company assured that the breach did not affect its Salesforce accounts, customer databases, or internal... 3. Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover Source: The Hacker News A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that... 4. Microsoft adds Windows protections for malicious Remote Desktop files Source: Bleeping Computer Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. RDP files are commonly used in enterprise environments to connect to remote... 5. Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Source: The Hacker News Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are... 6. European Gym giant Basic-Fit data breach affects 1 million members Source: Bleeping Computer Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. The company operates the largest gym chain in Europe, owning more than 1,700 clubs and over 430 franchises in 12 countries,... 7. 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Source: The Hacker News Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting... 8. CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score:...

Episode 25 — 13 Apr 2026 1. Critical Marimo pre-auth RCE flaw now under active exploitation Source: Bleeping Computer Hackers started exploiting a critical vulnerability in the Marimo open-source reactive Python notebook platform just 10 hours after its public disclosure. The flaw allows remote code execution without authentication in Marimo versions 0.20.4 and earlier. It tracked as... 2. Over 20,000 crypto fraud victims identified in international crackdown Source: Bleeping Computer An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. Dubbed "Operation Atlantic," this joint action took place last month, and... 3. OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident Source: The Hacker News OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that... 4. Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Source: The Hacker News Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the... 5. CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads Source: The Hacker News Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan...

Episode 23 — 11 Apr 2026 1. Nearly 4,000 US industrial devices exposed to Iranian cyberattacks Source: Bleeping Computer The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. According to a joint advisory issued by... 2. Eurail says December data breach impacts 300,000 individuals Source: Bleeping Computer Eurail B.V., a European travel operator that provides digital passes covering 33 national railways, says attackers stole the personal information of over 300,000 individuals in a December 2025 data breach. Eurail is a Netherlands-based company that sells Interrail and Eurail... 3. Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure Source: The Hacker News A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a... 4. Microsoft: Canadian employees targeted in payroll pirate attacks Source: Bleeping Computer A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. The attackers used malicious Microsoft 365 sign-in pages to steal victims' authentication tokens and session... 5. When attackers already have the keys, MFA is just another door to open Source: Bleeping Computer When attackers already have the keys, MFA is just another door to open Sponsored by Token April 9, 2026 10:02 AM 0 The Figure breach exposed 967,200 email records without a single exploit. Understanding what that enables — and why your MFA cannot contain it — is an... 6. GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs Source: The Hacker News Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovered in... 7. Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region Source: The Hacker News An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and... 8. CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads Source: Bleeping Computer Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. The two utilities have millions of users who rely on them for tracking the physical health of...

Episode 22 — 10 Apr 2026 1. Hackers exploiting Acrobat Reader zero-day flaw since December Source: Bleeping Computer Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. The attacks have been discovered by security researcher Haifei Li (the founder of the sandbox-based exploit-detection platform EXPMON), who... 2. Healthcare IT solutions provider ChipSoft hit by ransomware attack Source: Bleeping Computer Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. ChipSoft is a large provider of Electronic Health Record (EHR) systems in the... 3. Smart Slider updates hijacked to push malicious WordPress, Joomla versions Source: Bleeping Computer Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. The developer says that only the Pro version 3.5.1.35 of the plugin is affected and recommends switching immediately to the... 4. Hackers use pixel-large SVG trick to hide credit card stealer Source: Bleeping Computer A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate... 5. Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region Source: The Hacker News An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and... 6. Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices Source: The Hacker News Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of... 7. APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies Source: The Hacker News The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography,... 8. New ‘LucidRook’ malware used in targeted attacks on NGOs, universities Source: Bleeping Computer A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. Cisco Talos researchers attribute the malware to a threat group tracked internally as UAT-10362, who they describe as a...

Episode 21 — 09 Apr 2026 1. Hackers use pixel-large SVG trick to hide credit card stealer Source: Bleeping Computer A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate... 2. CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday Source: Bleeping Computer CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. Tracked as CVE-2026-1340 , this critical-severity code injection flaw... 3. 13-year-old bug in ActiveMQ lets hackers remotely execute commands Source: Bleeping Computer Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. The flaw was uncovered using the Claude AI assistant, which identified an exploit... 4. Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins Source: Bleeping Computer An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. The Russian threat group APT28,... 5. Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices Source: The Hacker News Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of... 6. APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies Source: The Hacker News 7. Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs Source: The Hacker News Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to... 8. Russia Hacked Routers to Steal Microsoft Office Tokens Source: Krebs on Security Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon...

Episode 20 — 08 Apr 2026 1. Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins Source: Bleeping Computer An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. The Russian threat group APT28,... 2. Max severity Flowise RCE vulnerability now exploited in attacks Source: Bleeping Computer Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. The flaw allows injecting JavaScript code without any security checks and was... 3. US warns of Iranian hackers targeting critical infrastructure Source: Bleeping Computer Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. The warning came earlier today in the form of a joint advisory authored by the FBI, CISA, NSA, the... 4. Hackers exploit critical flaw in Ninja Forms WordPress plugin Source: Bleeping Computer A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. Identified as CVE-2026-0740, the issue is currently exploited in attacks. According to... 5. Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs Source: The Hacker News Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to... 6. Russia Hacked Routers to Steal Microsoft Office Tokens Source: Krebs on Security Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon... 7. Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access Source: The Hacker News A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incomplete fix for... 8. N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust Source: The Hacker News The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer tooling [...], while...

Episode 18 — 06 Apr 2026 1. New FortiClient EMS flaw exploited in attacks, emergency patch released Source: Bleeping Computer Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. Tracked as CVE-2026-35616, the flaw is an improper access control vulnerability that allows... 2. Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab Source: Krebs on Security An elusive hacker who went by the handle “ UNKN ” and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least... 3. Hackers exploit React2Shell in automated credential theft campaign Source: Bleeping Computer Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. At least 766 hosts across various cloud providers and geographies have been compromised to collect database and AWS... 4. Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Source: The Hacker News Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading... 5. BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks Source: The Hacker News Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. The threat actor, who went by the alias UNKN,... 6. Axios npm hack used fake Teams error fix to hijack maintainer account Source: Bleeping Computer The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign linked to North Korean hackers. This follows the threat actors compromising a maintainer account to... 7. Traffic violation scams switch to QR codes in new phishing texts Source: Bleeping Computer Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. This is... 8. $285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation Source: The Hacker News Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of...

Episode 17 — 05 Apr 2026 1. Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS Source: The Hacker News Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading... 2. Axios npm hack used fake Teams error fix to hijack maintainer account Source: Bleeping Computer The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign linked to North Korean hackers. This follows the threat actors compromising a maintainer account to... 3. Evolution of Ransomware: Multi-Extortion Ransomware Attacks Source: Bleeping Computer Evolution of Ransomware: Multi-Extortion Ransomware Attacks Sponsored by Penta Security April 3, 2026 10:05 AM 0 Ransomware's Real-World Impact Across Industries In February 2026, the University of Mississippi Medical Center (UMMC) fell victim to a ransomware attack. The... 4. 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants Source: The Hacker News Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent... 5. Die Linke German political party confirms data stolen by Qilin ransomware Source: Bleeping Computer The Qilin ransomware group has stolen data from Die Linke, a German democratic socialist political party, and is threatening to leak it. On March 27, a day after the threat actor compromised its network, the party disclosed a cyber incident but stopped short of confirming a... 6. Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Source: The Hacker News Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL... 7. LinkedIn secretly scans for 6,000+ Chrome extensions, collects data Source: Bleeping Computer A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. According to a report by Fairlinked e.V., which claims to be an association of... 8. UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack Source: The Hacker News The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their...

Episode 16 — 04 Apr 2026 1. Critical Cisco IMC auth bypass gives attackers Admin access Source: Bleeping Computer Cisco has released security updates to address several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that allows attackers to gain Admin access. Also known as CIMC, Cisco IMC is a hardware module embedded... 2. Claude Code leak used to push infostealer malware on GitHub Source: Bleeping Computer Threat actors are exploiting the recent Claude Code source code leak by using fake GitHub repositories to deliver Vidar information-stealing malware. Claude Code is a terminal-based AI agent from Anthropic, designed to execute coding tasks directly in the terminal and act as... 3. Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers Source: The Hacker News Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL... 4. Hims & Hers warns of data breach after Zendesk support ticket breach Source: Bleeping Computer Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. Hims & Hers is an American telehealth company specializing in the direct-to-consumer healthcare space, providing... 5. Medtech giant Stryker fully operational after data-wiping attack Source: Bleeping Computer Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group. The Fortune 500 medtech giant has over... 6. China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing Source: The Hacker News nBO}~'Znz8qB9hF[~C OjlA }].| eMDނ[|#\C^oŔxvdِߒb BuBuBAhHOV/ k U\:#^ٽIgp5-^L("Pq=)Gqw'jT7)A5n... 7. New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images Source: The Hacker News Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within... 8. Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise Source: The Hacker News >bZ/[m J5~fhcּhSre#M 51}IKFx5hm73fq~&x(}#6* 3^uR/F"' :\k\꾶n:juksUpMAy1M @8MT=* z3j-Vwfȥk<zQ[MQ 1 S lȦB|1SBD y...

Episode 15 — 03 Apr 2026 1. Critical Cisco IMC auth bypass gives attackers Admin access Source: Bleeping Computer Cisco has released security updates to address several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that allows attackers to gain Admin access. Also known as CIMC, Cisco IMC is a hardware module embedded... 2. Apple expands iOS 18 updates to more iPhones to block DarkSword attacks Source: Bleeping Computer Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates... 3. CERT-EU: European Commission hack exposes data of 30 EU entities Source: Bleeping Computer The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. The European Commission publicly disclosed the incident on... 4. New Progress ShareFile flaws can be chained in pre-auth RCE attacks Source: Bleeping Computer Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments. Progress ShareFile is a document sharing and collaboration product typically used by large and... 5. Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise Source: The Hacker News Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated privileges. The... 6. New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Source: The Hacker News Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in... 7. Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials Source: The Hacker News A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub... 8. WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action Source: The Hacker News Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majority of the...

Episode 14 — 02 Apr 2026 1. Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks Source: Bleeping Computer Internet threat-monitoring non-profit Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. BIG-IP APM (short for Access Policy Manager) is F5's centralized access... 2. Apple expands iOS 18 updates to more iPhones to block DarkSword attacks Source: Bleeping Computer Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit. "We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates... 3. Hackers exploit TrueConf zero-day to push malicious software updates Source: Bleeping Computer Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. The flaw is tracked as CVE-2026-3502 and received a medium severity score. It stems from a missing... 4. Google fixes fourth Chrome zero-day exploited in attacks in 2026 Source: Bleeping Computer Google released emergency updates to fix another Chrome zero-day vulnerability exploited in attacks, marking the fourth such security flaw patched since the start of the year. "Google is aware that an exploit for CVE-2026-5281 exists in the wild," Google said in a security... 5. New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released Source: The Hacker News Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in... 6. Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass Source: The Hacker News Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for establishing... 7. Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures Source: The Hacker News A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a Brazilian... 8. CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails Source: The Hacker News The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the threat actors,...

Episode 13 — 01 Apr 2026 1. Cisco source code stolen in Trivy-linked dev environment breach Source: Bleeping Computer Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers. A source, who asked to remain anonymous,... 2. Claude Code source code accidentally leaked in NPM package Source: Bleeping Computer Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed. While Anthropic pledges support to the open-source community, Claude Code has always remained closed source, at... 3. Claude AI finds Vim, Emacs RCE bugs that trigger on file open Source: Bleeping Computer Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file. The assistant also created multiple versions of proof-of-concept (PoC) exploits, refined them, and provided... 4. GIGABYTE Control Center vulnerable to arbitrary file write flaw Source: Bleeping Computer The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. The hardware maker says that successful exploitation could potentially lead to code execution on the underlying... 5. Silver Fox Expands Asia Cyber Campaign with AtlasCross RAT and Fake Domains Source: The Hacker News Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. "The operation covers VPN clients, encrypted messengers, video... 6. TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks Source: The Hacker News A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502 (CVSS score:... 7. Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069 Source: The Hacker News Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as UNC1069," John... 8. Vertex AI Vulnerability Exposes Google Cloud Data and Private Artifacts Source: The Hacker News Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organization's cloud...

Episode 12 — 31 Mar 2026 1. CISA orders feds to patch actively exploited Citrix flaw by Thursday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. Multiple cybersecurity companies flagged the flaw (CVE-2026-3055) as posing an... 2. Critical Citrix NetScaler memory flaw actively exploited in attacks Source: Bleeping Computer Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. Citrix initially disclosed CVE-2026-3055 in a security bulletin on March 23, alongside a high-severity race... 3. Dutch Finance Ministry takes treasury banking portal offline after breach Source: Bleeping Computer The Dutch Ministry of Finance took some of its systems offline, including the digital portal for treasury banking, while investigating a cyberattack detected two weeks ago. When it disclosed the incident last week, the ministry said the March 19 security breach didn't affect... 4. Hackers exploiting critical F5 BIG-IP flaw in attacks, patch now Source: Bleeping Computer ​Cybersecurity firm F5 Networks has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. BIG-IP APM (short for Access Policy... 5. Axios Supply Chain Attack Pushes Cross-Platform RAT via Compromised npm Account Source: The Hacker News The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4 of Axios have been found to inject "plain-crypto-js" version 4.2.1 as a fake... 6. OpenAI Patches ChatGPT Data Exfiltration Flaw and Codex GitHub Token Vulnerability Source: The Hacker News A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. "A single malicious prompt could turn an otherwise ordinary conversation into a covert... 7. Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign Source: The Hacker News Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN... 8. Russian CTRL Toolkit Delivered via Malicious LNK Files Hijacks RDP via FRP Tunnels Source: The Hacker News Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various...

Episode 11 — 30 Mar 2026 1. Critical Fortinet Forticlient EMS flaw now exploited in attacks Source: Bleeping Computer Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused. Tracked as CVE-2026-21643 , this SQL injection vulnerability allows unauthenticated threat actors to execute arbitrary code... 2. European Commission confirms data breach after Europa.eu hack Source: Bleeping Computer The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. BleepingComputer first reported on Friday that this breach affects at least one of the Commission's AWS (Amazon Web... 3. Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign Source: The Hacker News Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN... 4. FBI confirms hack of Director Patel's personal email inbox Source: Bleeping Computer The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. The FBI has confirmed the compromise, saying that the stolen data was not recent and did not include any government data. ​On... 5. Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug Source: The Hacker News A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input... 6. New Infinity Stealer malware grabs macOS data via ClickFix lures Source: Bleeping Computer A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix technique, presenting a fake CAPTCHA that mimics Cloudflare’s human verification... 7. Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack Source: The Hacker News Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach,... 8. File read flaw in Smart Slider plugin impacts 500K WordPress sites Source: Bleeping Computer A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. An authenticated attacker could use it to access sensitive files, such as wp-config.php ,...

Episode 9 — 28 Mar 2026 1. New Infinity Stealer malware grabs macOS data via ClickFix lures Source: Bleeping Computer A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. The attack uses the ClickFix technique, presenting a fake CAPTCHA that mimics Cloudflare’s human verification... 2. Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug Source: The Hacker News A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input... 3. CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in... 4. European Commission investigating breach after Amazon cloud account hack Source: Bleeping Computer The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to the Commission's Amazon cloud environment. Although the EU's executive cabinet has yet to disclose the incident publicly,... 5. Anti-piracy coalition takes down AnimePlay app with 5 million users Source: Bleeping Computer The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. Backed by more than 50 major television networks and film studios, including Disney, Paramount, Sony Pictures, Warner Bros,... 6. Backdoored Telnyx PyPI package pushes malware hidden in WAV audio Source: Bleeping Computer TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. The supply-chain attack was observed by application security firms Aikido , Socket , and Endor... 7. LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks Source: The Hacker News Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that... 8. Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits Source: The Hacker News Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting...

Episode 8 — 27 Mar 2026 1. European Commission investigating breach after Amazon cloud hack Source: Bleeping Computer The European Commission, the European Union's main executive body, is investigating a security breach after a threat actor gained access to its Amazon cloud infrastructure. Although the EU's executive cabinet has yet to disclose the incident publicly, BleepingComputer has... 2. Anti-piracy coalition takes down AnimePlay app with 5 million users Source: Bleeping Computer The Alliance for Creativity and Entertainment (ACE) announced the shutdown of AnimePlay, a major anime streaming platform with over 5 million users. Backed by more than 50 major television networks and film studios, including Disney, Paramount, Sony Pictures, Warner Bros,... 3. CISA: New Langflow flaw actively exploited to hijack AI workflows Source: Bleeping Computer The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. The security issue received a critical score of 9.3... 4. Bearlyfy Hits 70+ Russian Firms with Custom GenieLocker Ransomware Source: The Hacker News ?ԻYJg yu׋W`0*Z/Ң555Fd~)eU4_11C"Ȝ Ll;}Ç|}*‰J81DWzVl4y= K n7/YZqaRK٫YyZ*-v^[88Xp! * mT@^GL{C)8 _&Y,,¢9T98pX@3yNZMZp4... 5. Dutch Police discloses security breach after phishing attack Source: Bleeping Computer The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn't affected citizens' data. It also stated that the incident is still under investigation by the agency's security experts and that the... 6. LangChain, LangGraph Flaws Expose Files, Secrets, Databases in Widely Used AI Frameworks Source: The Hacker News Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation history. Both LangChain and LangGraph are open-source frameworks that... 7. WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites Source: The Hacker News Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data... 8. Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website Source: The Hacker News Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if...

Episode 7 — 26 Mar 2026 1. TP-Link warns users to patch critical router auth bypass flaw Source: Bleeping Computer TP-Link has patched several vulnerabilities in its Archer NX router series, including a critical-severity flaw that may allow attackers to bypass authentication and upload new firmware. Tracked as CVE-2025-15517 , this security flaw affects Archer NX200, NX210, NX500, and... 2. Coruna iOS exploit framework linked to Triangulation attacks Source: Bleeping Computer The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits. The software has been expanded to target modern hardware, specifically including Apple's A17 and M3... 3. Citrix urges admins to patch NetScaler flaws as soon as possible Source: Bleeping Computer Citrix has patched two vulnerabilities affecting NetScaler ADC networking appliances and NetScaler Gateway secure remote access solutions, one of which is very similar to the CitrixBleed and CitrixBleed2 flaws exploited in zero-day attacks in recent years. The critical... 4. Bubble AI app builder abused to steal Microsoft account credentials Source: Bleeping Computer Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps. Because the web app is hosted on a legitimate platform, email security solutions do not flag the... 5. BIND Updates Patch High-Severity Vulnerabilities Source: Security Week Specially crafted domains could be used to cause out-of-memory conditions, leading to memory leaks in the BIND resolvers. The post BIND Updates Patch High-Severity Vulnerabilities 6. Cisco Patches Multiple Vulnerabilities in IOS Software Source: Security Week The high- and medium-severity flaws could lead to denial-of-service, secure boot bypass, information disclosure, and privilege escalation. The post Cisco Patches Multiple Vulnerabilities in IOS Software 7. WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites Source: The Hacker News Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively bypassing security controls. "Instead of the usual HTTP requests or image beacons, this malware uses WebRTC data... 8. Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website Source: The Hacker News Cybersecurity researchers have disclosed a vulnerability in Anthropic's Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by visiting a web page. The flaw "allowed any website to silently inject prompts into that assistant as if...

Episode 6 — 25 Mar 2026 1. PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug Source: Bleeping Computer PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. The security issue, identified as CVE-2026-4681, could be leveraged through the deserialization of... 2. Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks Source: The Hacker News Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) -... 3. FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns Source: The Hacker News The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing "unacceptable" risks to cyber and national security. The action was designed to safeguard Americans and the underlying communications... 4. Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner Source: The Hacker News An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered... 5. Tax Search Ads Deliver ScreenConnect Malware Using Huawei Driver to Disable EDR Source: The Hacker News A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers for ConnectWise ScreenConnect that drop a tool named HwAudKiller to blind security programs using the... 6. Extortion Group Claims It Hacked AstraZeneca Source: Security Week The Lapsus$ hackers allegedly compromised internal code repositories, credentials, and employee data. The post Extortion Group Claims It Hacked AstraZeneca 7. Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool Source: Security Week The role of Israel’s hijacking of Iran’s street cameras in the killing of the country’s supreme leader underscores how surveillance systems are increasingly being targeted by adversaries in wartime. The post Iran Built a Vast Camera Network to Control Dissent. Israel Turned... 8. U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage Source: The Hacker News A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations....

Episode 5 — 24 Mar 2026 1. Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks Source: The Hacker News Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application. The vulnerabilities are listed below - CVE-2026-3055 (CVSS score: 9.3) -... 2. Tycoon2FA phishing platform returns after recent police disruption Source: Bleeping Computer The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels. Microsoft led the technical disruption, which involved seizing 330 domains part of Tycoon2FA’s backbone... 3. 3.1 Million Impacted by QualDerm Data Breach Source: Security Week Hackers stole personal, medical, and health insurance information from the company’s internal systems. The post 3.1 Million Impacted by QualDerm Data Breach 4. U.S. Sentences Russian Hacker to 6.75 Years for Role in $9M Ransomware Damage Source: The Hacker News A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major cybercrime groups, including the Yanluowang ransomware crew, in conducting numerous attacks against U.S. companies and other organizations.... 5. ‘CanisterWorm’ Springs Wiper Attack Targeting Iran Source: Krebs on Security A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran’s time zone or have Farsi set as the default... 6. Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials Source: The Hacker News Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user... 7. Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware Source: Security Week The semiconductor company says hackers deployed file-encrypting ransomware on the network of a subsidiary in Singapore. The post Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware 8. CISA orders feds to patch DarkSword iOS flaws exploited attacks Source: Bleeping Computer CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. [...]

Episode 4 — 23 Mar 2026 1. CISA orders feds to patch DarkSword iOS flaws exploited attacks Source: Bleeping Computer CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit. As Google Threat Intelligence Group (GTIG) and iVerify researchers revealed last week , the DarkSword delivery... 2. Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems Source: The Hacker News Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to Arctic Wolf. The cybersecurity company said it observed malicious activity starting the week of March 9, 2026, in customer... 3. Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability Source: Security Week CVE-2026-21992 can be used without authentication for remote code execution and it may have been exploited in the wild. The post Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability 4. Trivy Hack Spreads Infostealer via Docker, Triggers Worm and Kubernetes Wiper Source: The Hacker News Cybersecurity researchers have uncovered malicious artifacts distributed via Docker Hub following the Trivy supply chain attack, highlighting the widening blast radius across developer environments. The last known clean release of Trivy on Docker Hub is 0.69.3. The malicious...

Episode 2 — 21 Mar 2026 1. Oracle pushes emergency fix for critical Identity Manager RCE flaw Source: Bleeping Computer Update: Added that Oracle declined to comment on whether the vulnerability has been exploited. Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as... 2. CISA orders feds to patch max-severity Cisco flaw by Sunday Source: Bleeping Computer The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity vulnerability, CVE-2026-20131, in Cisco Secure Firewall Management Center (FMC) by Sunday, March 22. Cisco published a security bulletin about the flaw on... 3. Police take down 373,000 fake CSAM sites in Operation Alice Source: Bleeping Computer An international law enforcement action called Operation Alice has shut down over 373,000 dark web sites that offered fake CSAM packages. The investigation, led by Germany and supported by Europol, began in mid-2021 and focused on a platform called “Alice with Violence CP,”... 4. CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog, urging federal agencies to patch them by April 3, 2026. The... 5. FBI links Signal phishing attacks to Russian intelligence services Source: Bleeping Computer The FBI has issued a public service announcement warning that Russian intelligence-linked threat actors are actively targeting users of encrypted messaging apps such as Signal and WhatsApp in phishing campaigns that have already compromised thousands of accounts. The FBI's... 6. Trivy Supply Chain Attack Triggers Self-Spreading CanisterWorm Across 47 npm Packages Source: The Hacker News The threat actors behind the supply chain attack targeting the popular Trivy scanner are suspected to be conducting follow-on attacks that have led to the compromise of a large number of npm packages with a previously undocumented self-propagating worm dubbed CanisterWorm.... 7. Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover Source: The Hacker News Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the... 8. US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites Source: Security Week The US has seized several domains used by Handala in cyber-enabled psychological operations. The post US Confirms Handala Link to Iran Government Amid Takedown of Hackers’ Sites

Episode 1 — 20 Mar 2026 1. International joint action disrupts world’s largest DDoS botnets Source: Bleeping Computer Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices. The joint law enforcement action also targeted virtual... 2. Russian hackers exploit Zimbra flaw in Ukrainian govt attacks Source: Bleeping Computer Hackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. This high-severity security flaw (tracked as... 3. Microsoft: March Windows updates break Teams, OneDrive sign-ins Source: Bleeping Computer Microsoft says the March Windows 11 update breaks sign-ins with Microsoft accounts across multiple Microsoft apps, including Teams and OneDrive. These sign-in issues appear after installing the KB5079473 cumulative update Microsoft released last week as part of this month's... 4. FBI seizes Handala data leak site after Stryker cyberattack Source: Bleeping Computer The FBI has seized two websites used by the Handala hacktivist group after the threat actors conducted a destructive cyberattack on medical technology giant Stryker that wiped approximately 80,000 devices. Both the hacktivist's handala-redwanted[.]to and handala-hack[.]to... 5. Critical Langflow Vulnerability Exploited Hours After Public Disclosure Source: Security Week Because attacker-supplied flow data is used in public flows, the bug leads to unauthenticated remote code execution. The post Critical Langflow Vulnerability Exploited Hours After Public Disclosure 6. 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security Source: The Hacker News A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable driver (BYOVD) by abusing a total of 35 vulnerable drivers. EDR killer programs have been a common presence in ransomware... 7. Speagle Malware Hijacks Cobra DocGuard to Steal Data via Compromised Servers Source: The Hacker News Cybersecurity researchers have flagged a new malware dubbed Speagle that hijacks the functionality and infrastructure of a legitimate program called Cobra DocGuard. "Speagle is designed to surreptitiously harvest sensitive information from infected computers and transmit it... 8. Bitrefill blames North Korean Lazarus group for cyberattack Source: Bleeping Computer Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. During the investigation, the platform observed indicators similar to previous attacks attributed to...