PODCAST · news
Security Brief Daily
by Security Brief Daily
A daily AI-generated cybersecurity briefing. Fresh threat intelligence, vulnerability roundups, and infosec news — concise, clear, and delivered every day.
-
67
Jun 18, 2026 · #84
Episode 84 — 18 Jun 2026 1. FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. Source: Bleeping Computer Update: Added Fortinet's statement to the end of the article. A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide. The exposed data was first... 2. CISA orders feds to patch max severity Joomla plugin flaw by Friday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild. Tracked as CVE-2026-48907 , this vulnerability... 3. Crypto Clipper Campaign Abuses Fake Reviews, AI Narrators, and VirusTotal Comments Source: The Hacker News An unknown threat actor has been observed leveraging paid or promoted posts on legitimate news websites to drum up buzz for their warez, according to new findings from Check Point Research. The threat actor also has at their disposal a dedicated WordPress phishing page that... 4. Kodak confirms data breach claimed by ShinyHunters extortion gang Source: Bleeping Computer Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. Founded in 1880 as the Eastman Kodak Company and headquartered in Rochester, New York, Kodak has 79,000... 5. Steam Workshop abused to spread malware via Wallpaper Engine app Source: Bleeping Computer Threat actors are abusing Steam Workshop, Valve's community hub for downloading game-related content, to push various malware hidden in wallpaper packages. Infected wallpapers can lead to hijacking Steam accounts, compromising the system with a backdoor, or running... 6. CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The... 7. Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline Source: The Hacker News A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a... 8. New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds Source: The Hacker News Security researchers at Zimperium's zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen...
-
66
Jun 17, 2026 · #83
Episode 83 — 17 Jun 2026 1. Microsoft working on Defender patch for RoguePlanet zero-day Source: Bleeping Computer Microsoft confirmed that it's working on a security patch for a Defender zero-day vulnerability named "RoguePlanet," disclosed one week ago. The security researcher who published a RoguePlanet exploit during the June 2026 Patch Tuesday (known as Nightmare Eclipse) said it... 2. Kodak confirms data breach claimed by ShinyHunters extortion gang Source: Bleeping Computer Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data. Founded in 1880 as the Eastman Kodak Company and headquartered in Rochester, New York, Kodak has 79,000... 3. 144 Mastra npm Packages Compromised via Hijacked Contributor Account Source: The Hacker News As many as 144 npm packages associated with the Mastra namespace ("@mastra/*"), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed... 4. Critical Fortinet FortiSandbox flaws now exploited in attacks Source: Bleeping Computer Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. Fortinet released security updates for these three critical-severity security flaws (tracked as... 5. Ransomware gang abuses Microsoft Teams relays to hide malicious traffic Source: Bleeping Computer DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. The backdoor abuses the Traversal Using Relays around NAT (TURN) protocol used by Microsoft Teams to distribute messages when a... 6. CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The... 7. ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures Source: The Hacker News Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader,... 8. China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth Source: The Hacker News Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker...
-
65
Jun 16, 2026 · #82
Episode 82 — 16 Jun 2026 1. Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw Source: The Hacker News Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-20262, carries a CVSS score of 6.5 out of 10.0. "A vulnerability in the web UI of... 2. New attack turned Microsoft 365 Copilot into 1-click data theft tool Source: Bleeping Computer A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. The exfiltrated information could be email content... 3. SimpleHelp bug lets hackers create rogue remote support accounts Source: Bleeping Computer A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol. The flaw is tracked as CVE-2026-48558 and received a critical severity... 4. iRhythm discloses data breach, says hackers stole patient info Source: Bleeping Computer Digital healthcare company iRhythm Holdings has disclosed a data breach after hackers stole patients' personal and health information stored on third-party-hosted business applications. The company says its cardiac monitoring service has been used to analyze more than 2... 5. OptinMonster WordPress plugin hacked in CDN supply-chain attack Source: Bleeping Computer WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive's content distribution network (CDN). Of the three products, the OptinMonster lead-generation and conversion optimization platform is the most... 6. CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 18, 2026.... 7. Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware Source: The Hacker News The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. "The attack email contained a message impersonating an MS... 8. LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers Source: The Hacker News A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model...
-
64
Jun 12, 2026 · #81
Episode 81 — 12 Jun 2026 1. CISA orders feds to patch actively exploited Ivanti flaw by Sunday Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. Tracked as CVE-2026-10520 , this... 2. Oracle mitigates PeopleSoft zero-day exploited in data theft attacks Source: Bleeping Computer Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. The flaw is within Oracle PeopleSoft PeopleTools and has... 3. Authorities dismantle 'AudiA6' ransomware crypto-laundering service Source: Bleeping Computer Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. Europol says that the service has been linked to more than 15 distinct international investigations of ransomware... 4. The ‘Miasma’ worm source code briefly leaked on GitHub Source: Bleeping Computer The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. Miasma appears to be an evolution of the earlier Shai-Hulud worm, which was previously leaked on GitHub and... 5. The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm Source: The Hacker News A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like... 6. New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files Source: The Hacker News Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this,"... 7. Who Runs the Ransomware Group ‘The Gentlemen?’ Source: Krebs on Security A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This... 8. China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance Source: The Hacker News Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally...
-
63
Jun 11, 2026 · #80
Episode 80 — 11 Jun 2026 1. Path traversal flaw in AI dev platform Langflow exploited in attacks Source: Bleeping Computer Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers. Langflow is an open-source visual platform for building AI applications, AI agents,... 2. Microsoft patches Exchange Server zero-day exploited in attacks Source: Bleeping Computer Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users. This high-severity spoofing vulnerability ( CVE-2026-42897 )... 3. Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days Source: Bleeping Computer On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives. All three security flaws were disclosed last month by a security researcher... 4. The ‘Miasma’ worm source code briefly leaked on GitHub Source: Bleeping Computer The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub. Miasma appears to be an evolution of the earlier Shai-Hulud worm, which was previously leaked on GitHub and... 5. Who Runs the Ransomware Group ‘The Gentlemen?’ Source: Krebs on Security A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This... 6. CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows - CVE-2026-20245 (CVSS score:... 7. Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code Source: The Hacker News Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote... 8. ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances Source: The Hacker News ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an...
-
62
Jun 10, 2026 · #79
Episode 79 — 10 Jun 2026 1. Ivanti: Max severity Sentry flaw allows code execution as root Source: Bleeping Computer Security software company Ivanti has released patches to address two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity flaw that enables remote attackers to execute code with root privileges. Formerly known as MobileIron... 2. Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges Source: Bleeping Computer A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft fixed two previously disclosed flaws during June 2026 Patch Tuesday. The researcher, known as Nightmare Eclipse, says the new vulnerability affects... 3. ServiceNow discloses security incident exposing customer data Source: Bleeping Computer ServiceNow is warning about a security incident after attackers exploited an unauthenticated access flaw through a vulnerable API endpoint, allowing them to query data from customer instances. The company quietly warned impacted customers through a support bulletin and direct... 4. GitHub disables Microsoft repos pushing password-stealing malware Source: Bleeping Computer Microsoft removed 73 repositories across its Azure, microsoft, Azure-Samples, and MicrosoftDocs organizations on GitHub, disrupting continuous integration pipelines. The incident occurred on June 5, and it was contained within just 105 seconds. The company told... 5. Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code Source: The Hacker News Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote... 6. Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues Source: The Hacker News Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and... 7. LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS... 8. WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine Source: The Hacker News Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu (aka Gamaredon) and...
-
61
Jun 09, 2026 · #78
Episode 78 — 09 Jun 2026 1. Google patches new Chrome zero-day flaw exploited in the wild Source: Bleeping Computer Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. "Google is aware that an exploit for CVE-2026-11645 exists in the wild," the company said in a... 2. CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day Source: Bleeping Computer CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. Unauthenticated remote attackers can exploit this security flaw... 3. Critical UniFi OS bug lets hackers gain root without authentication Source: Bleeping Computer Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root privileges and without authentication. The security issues are tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. They have been addressed in... 4. LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-42271 (CVSS... 5. WhatsApp says it disrupted new NSO spyware phishing attacks Source: Bleeping Computer WhatsApp has detected and stopped spear-phishing campaigns allegedly conducted by the NSO Group after investigating user reports of social engineering attacks. The NSO Group is an Israeli commercial spyware vendor known for its advanced “Pegasus” tool that has been deployed... 6. One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public Source: The Hacker News Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to root and break out of a container. The flaw, CVE-2026-23111, sits in the kernel's nf_tables packet-filtering code and was patched... 7. VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances Source: The Hacker News A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET (aka GRIMBOLT) and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a... 8. UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign Source: The Hacker News Cybersecurity researchers have disclosed details of a financially motivated data theft extortion campaign that has targeted dozens of organizations across professional, legal, and financial services in the U.S. between January and May 2026. The activity has been attributed by...
-
60
Jun 05, 2026 · #77
Episode 77 — 05 Jun 2026 1. Cisco warns of unpatched SD-WAN zero-day exploited in attacks Source: Bleeping Computer On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245 ) actively exploited in attacks enabling root privilege escalation. The zero-day flaw impacts all deployment types, including On-Prem Deployment,... 2. Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites Source: The Hacker News Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arbitrary code, leading to a complete site compromise. The vulnerability in question is CVE-2026-3300 (CVSS score: 9.8), a... 3. Credit card theft campaign abuses Stripe to host stolen payment info Source: Bleeping Computer A new Magecart campaign is using Stripe's API infrastructure to host the credit card-stealing payload and the data exfiltrated from checkout pages. The entire malicious activity relies on Google Tag Manager and Stripe domains - googletagmanager.com and api.stripe.com - that... 4. Cisco warns of critical Unified CM flaw with PoC exploit code Source: Bleeping Computer Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. Cisco Unified CM (formerly known as Cisco CallManager) serves as the central control system for Cisco IP telephony... 5. Police dismantles fake ID marketplace used by migrant smugglers Source: Bleeping Computer French and Spanish authorities took down an online marketplace selling fake identity documents to migrant smuggling rings operating within the European Union. On May 27, law enforcement officers arrested one suspect in Alicante, Spain, and seized document-production equipment... 6. PCPJack Hijacks 230 AWS, Google Cloud, and Azure Servers for Covert SMTP Relay Network Source: The Hacker News The threat actor known as PCPJack has hijacked cloud servers associated with Amazon Web Services (AWS), Google Cloud, and Microsoft Azure to create a covert SMTP email relay network. "Compromised business servers across the U.S., Europe, and Asia were quietly converted into... 7. FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins Source: The Hacker News Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at... 8. Claude Code GitHub Action Flaw Let One Malicious Issue Hijack Repositories Source: The Hacker News A security researcher found a flaw in Anthropic's Claude Code GitHub Action that let an attacker take over vulnerable public repositories running it, with nothing more than a single opened GitHub issue. Because Anthropic's own action repo used the same workflow, a working...
-
59
Jun 04, 2026 · #76
Episode 76 — 04 Jun 2026 1. CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a popular Magento full-page cache extension, to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in... 2. Acer working to patch max severity zero-days in Wave 7 routers Source: Bleeping Computer Acer confirmed that it's working to address two maximum-severity zero-day vulnerabilities affecting its Wave 7 mesh routers. According to a Friday security advisory , the two security flaws were reported by security researcher Gergo Pap and affect Wave 7 routers running... 3. U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors Source: Bleeping Computer The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. Nobitex is believed to have helped evade economic sanctions and also... 4. VS Code zero-day lets hackers steal GitHub tokens in one click Source: Bleeping Computer A security researcher has released exploit code for a Visual Studio Code (VS Code) zero-day vulnerability that allows attackers to steal GitHub authentication tokens by tricking users into clicking a link. Microsoft classifies a software flaw as a zero-day if it is publicly... 5. Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited Source: The Hacker News !j> u5 C! Ζ$3OˠƏ9X8Kj| S Ee3NDD)&EʖcUqV-K%6YӹIڣxUow-ʗWwp%AٱZws- s2^c IRE-=]Gp=2T... 6. CISA warns of active attacks exploiting Android, Linux bugs Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. The most recent flaw the agency added to its Known Exploited Vulnerabilities (KEV) catalog,... 7. Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity security flaw impacting Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. The vulnerability, CVE-2024-21182... 8. Google DoubleClick Abused in New Malspam Campaign to Deliver DesckVB RAT Source: The Hacker News Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver a remote access trojan (RAT) named DesckVB RAT. "Before the victim ever reaches attacker-controlled infrastructure,...
-
58
Jun 02, 2026 · #75
Episode 75 — 02 Jun 2026 1. Critical Windows Netlogon RCE flaw now exploited in attacks Source: Bleeping Computer The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. Netlogon is a remote procedure call (RPC) interface... 2. Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Source: Krebs on Security The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta’s “AI support... 3. Dashlane password manager users locked out by brute force attacks Source: Bleeping Computer Multiple Dashlane users have been locked out of their accounts following brute-force attacks that attempted logins from distant locations and unknown devices. In a statement to BleepingComputer, the password management service confirmed that the suspensions were part of an... 4. Dashlane Discloses Brute-Force Attack, Encrypted Vaults of Fewer Than 20 Users Downloaded Source: The Hacker News Password manager Dashlane has disclosed that "fewer than" 20 users on the personal subscription plan had their encrypted vaults downloaded following a brute-force attack launched by an unknown party. On May 31, 2026, the company said an "external" threat actor launched a... 5. Spain arrests doxer leaking sensitive data of govt employees Source: Bleeping Computer The Spanish National Police has arrested an individual for leaking sensitive information related to members of various key state organizations, including the National Cybersecurity Institute (INCIBE). According to authorities, the individual is responsible for a massive leak... 6. Red Hat npm packages compromised to steal developer credentials Source: Bleeping Computer More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." The incident was discovered by security firms Aikido and OX... 7. Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm Source: The Hacker News A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the... 8. China-Aligned Groups Ramp Up Attacks: Dragon Weave Hits Czech Republic & Taiwan Source: The Hacker News A new cyber espionage campaign codenamed Operation Dragon Weave has been observed targeting officials and citizens in the Czech Republic and Taiwan to deliver an AdaptixC2 agent. According to Seqrite Labs, targets of the campaign include government, research, academic,...
-
57
Jun 01, 2026 · #74
Episode 74 — 01 Jun 2026 1. Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks Source: Bleeping Computer Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. The company fixed the CVE-2026-0257 flaw earlier this month, warning that it could be... 2. WP Maps Pro bug exploited to create admin accounts on WordPress sites Source: Bleeping Computer Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. The vulnerability, tracked as CVE-2026-8732, has a critical severity rating and impacts WP Maps Pro... 3. Dutch Authorities Dismantle Botnet Linked to 17 Million Infected Devices Source: The Hacker News Dutch authorities have announced the takedown of a botnet that enslaved millions of infected devices, including computers, tablets, smartphones, and IoT devices, to carry out malicious attacks. The bot network, per the Dutch Politie and the National Cyber Security Center...
-
56
May 31, 2026 · #73
Episode 73 — 31 May 2026 1. Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks Source: Bleeping Computer Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks. The company fixed the CVE-2026-0257 flaw earlier this month, warning that it could be... 2. California AG sues 23andMe over 2023 breach exposing health data Source: Bleeping Computer California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company’s failure to protect sensitive customer genetic and personal information. Improper security led to a high-profile data breach in 2023 that exposed the sensitive... 3. ChatGPT share links abused to host fake outage pages to deliver malware Source: Bleeping Computer Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. The "LLMShare" campaign, discovered by Push Security , uses Google ads to direct users searching... 4. Dutch govt disrupts malware botnet with 17 million infected devices Source: Bleeping Computer Dutch authorities have taken offline a massive botnet of 17 million devices and seized more than 200 servers at a local provider that supported the operation. The action was carried out following an investigation from the Police in collaboration with the country's... 5. Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit Source: The Hacker News An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker... 6. New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks Source: The Hacker News A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in... 7. Malicious Sicoob NuGet Steals Banking Credentials as npm Packages Target Cloud Secrets Source: The Hacker News Cybersecurity researchers have discovered a malicious NuGet package that masquerades as a C# software development kit for Sicoob, one of Brazil's largest cooperative financial systems, to siphon client IDs and PFX certificates. According to Socket, versions 2.0.0 through... 8. Man sent to prison for selling data of 7 millions elderly Americans Source: Bleeping Computer A North Carolina man was sentenced to more than 10 years in prison for selling the personal information of over 7 million elderly Americans to Jamaican scammers. 57-year-old Troy Murray (who used the Steve Dixon pseudonym) pleaded guilty in January 2026 to one count of...
-
55
May 30, 2026 · #72
Episode 72 — 30 May 2026 1. PAN-OS GlobalProtect Authentication Bypass (CVE-2026-0257) Under Active Exploitation Source: The Hacker News Palo Alto Networks has warned that a recently disclosed medium-severity security flaw impacting PAN-OS and Prisma Access has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0257 (CVSS score: 7.8), refers to a case of authentication bypass... 2. California AG sues 23andMe over 2023 breach exposing health data Source: Bleeping Computer California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company’s failure to protect sensitive customer genetic and personal information. Improper security led to a high-profile data breach in 2023 that exposed the sensitive... 3. New Gogs zero-day flaw lets hackers get remote code execution Source: Bleeping Computer An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub Enterprise or GitLab and written in Go, Gogs is often exposed online for remote... 4. ChatGPT share links abused to host fake outage pages to deliver malware Source: Bleeping Computer Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application. The "LLMShare" campaign, discovered by Push Security , uses Google ads to direct users searching... 5. Hackers exploit FortiClient EMS flaw to push infostealer malware Source: Bleeping Computer Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker disguised the malware as an update for Fortinet endpoints and executed it... 6. Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit Source: The Hacker News An unknown threat actor has been observed using a large language model (LLM) agent to conduct post-compromise actions after obtaining initial access following the exploitation of a publicly-accessible Marimo network using a recently disclosed vulnerability. "The attacker... 7. New Russia-Linked GREYVIBE Targets Ukraine with AI-Powered Cyberattacks Source: The Hacker News A previously undocumented threat actor dubbed GREYVIBE has been attributed to ongoing and persistent attacks targeting Ukraine and Ukraine-related entities since at least August 2025. GREYVIBE, per WithSecure, is assessed to be a Russian-speaking group operating broadly in... 8. Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer Source: The Hacker News Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across...
-
54
May 29, 2026 · #71
Episode 71 — 29 May 2026 1. Hackers exploit FortiClient EMS flaw to push infostealer malware Source: Bleeping Computer Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ. The attacker disguised the malware as an update for Fortinet endpoints and executed it... 2. New Gogs zero-day flaw lets hackers get remote code execution Source: Bleeping Computer An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub Enterprise or GitLab and written in Go, Gogs is often exposed online for remote... 3. Charter Communications data breach affects 4.9 million accounts Source: Bleeping Computer The ShinyHunters extortion gang stole personal information from 4.9 million accounts after hacking the U.S. telecom giant Charter Communications in early April, according to data breach notification service Have I Been Pwned. Charter has over 92,000 employees and provides... 4. Glassworm botnet disrupted after resilient C2 infrastructure takedown Source: Bleeping Computer The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. In a coordinated operation... 5. Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer Source: The Hacker News Threat actors are continuing to exploit a critical, now-patched security flaw impacting FortiClient Endpoint Management Server (EMS) deployments to deliver credential-stealing malware. "The campaign abused trusted endpoint management infrastructure to deliver malware across... 6. Gitea Vulnerability Exposes Private Container Images without Authentication Source: The Hacker News Cybersecurity researchers have disclosed a security flaw in Gitea, an open-source, self-hosted platform for version control, that allows unauthenticated remote attackers to pull private container images from Gitea deployments without requiring an account, password, or other... 7. Kimsuky Deploys HTTPSpy, Expands Arsenal with HelloDoor and VS Code Tunnels Source: The Hacker News The North Korean state-sponsored threat actor known as Kimsuky (aka Velvet Chollima) has been attributed to a fresh set of cyber attacks targeting South Korean military and corporate entities through March and April 2026. "Kimsuky employed a range of tailored social... 8. Grandoreiro Malware and BTMOB RAT Campaigns Target Windows and Android Users Source: The Hacker News Latin America and Europe become the target of two banking trojan campaigns that are designed to infect Windows and Android devices with Grandoreiro and BTMOB malware, respectively. That's according to new findings from WatchGuard and ESET, which have observed the two malware...
-
53
May 28, 2026 · #70
Episode 70 — 28 May 2026 1. CISA gives feds 4 days to patch actively exploited cPanel plugin flaw Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. Tracked as CVE-2026-48172... 2. KnowledgeDeliver flaw exploited as a zero-day to install web shells Source: Bleeping Computer Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems... 3. GPU mining malware spreads via SEO poisoning, AI chatbots Source: Bleeping Computer Threat actors are targeting systems with high-performance computers in an ongoing cryptojacking campaign spread through a coordinated SEO poisoning operation that also manipulated AI chatbot recommendations. The compromise occurs through malicious download pages for utility... 4. Glassworm botnet disrupted after resilient C2 infrastructure takedown Source: Bleeping Computer The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network. In a coordinated operation... 5. JINX-0164 Targets Cryptocurrency Firms with Fake Recruiter Lures and macOS Malware Source: The Hacker News A new campaign orchestrated by a previously undocumented threat actor has targeted cryptocurrency organizations with an aim to facilitate digital asset theft using recruitment-themed social engineering and bespoke macOS malware. "These campaigns leveraged sophisticated social... 6. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions Source: The Hacker News Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of... 7. GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure Source: The Hacker News CrowdStrike, in partnership with Google and the Shadowserver Foundation, has announced the simultaneous disruption of all command-and-control (C2) channels associated with GlassWorm, a persistent software chain campaign targeting software developers through malicious packages... 8. Malicious npm Package Stole Files From Claude AI User Directory via GitHub Source: The Hacker News Cybersecurity researchers have discovered a new malicious package on the npm registry that comes with information stealing capabilities. According to OX Security, the package, named "mouse5212-super-formatter," is designed to upload files from "/mnt/user-data," a dedicated...
-
52
May 27, 2026 · #69
Episode 69 — 27 May 2026 1. KnowledgeDeliver flaw exploited as a zero-day to install web shells Source: Bleeping Computer Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell. The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems... 2. CISA orders feds to patch actively exploited Drupal vulnerability Source: Bleeping Computer CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. Drupal is typically used by large organizations managing massive... 3. FBI warns of Kali365 phishing service targeting Microsoft 365 accounts Source: Bleeping Computer The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). According to the FBI PSA , Kali365 first... 4. Charter confirms data breach after ShinyHunters extortion threat Source: Bleeping Computer U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. Charter Communications is one of the largest broadband providers in the United States,... 5. AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites Source: The Hacker News Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging delivery technique extends social engineering beyond conventional search results... 6. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions Source: The Hacker News Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of... 7. Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Source: Krebs on Security Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the... 8. MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries Source: The Hacker News The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026. The activity targeted industrial and electronics manufacturing, education and...
-
51
May 26, 2026 · #68
Episode 68 — 26 May 2026 1. CISA orders feds to patch actively exploited Drupal vulnerability Source: Bleeping Computer CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. Drupal is typically used by large organizations managing massive... 2. Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions Source: The Hacker News Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659, carries a CVSS score of... 3. KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike Source: The Hacker News A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver, a Learning Management System (LMS) popular in Japan, was exploited as a zero-day to deliver the Godzilla web shell and ultimately facilitate the deployment of Cobalt Strike Beacon. The... 4. 7-Eleven data breach exposes personal information of 185,000 people Source: Bleeping Computer The ShinyHunters extortion gang stole the personal information of over 183,000 people after hacking the systems of convenience store chain giant 7-Eleven in April, according to data breach notification service Have I Been Pwned. Founded in 1927, 7-Eleven now operates,... 5. FBI warns of Kali365 phishing service targeting Microsoft 365 accounts Source: Bleeping Computer The FBI is warning about the Kali365 phishing-as-a-service platform (PhaaS) that is used to hijack Microsoft 365 accounts by abusing OAuth device code authentication to steal session tokens and bypass multi-factor authentication (MFA). According to the FBI PSA , Kali365 first... 6. Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Source: Krebs on Security Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the... 7. Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks Source: The Hacker News Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel ClickFix attacks. According to QiAnXin XLab, the activity involves the exploitation of CVE-2026-26980 (CVSS score: 9.4), an SQL... 8. Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning Source: The Hacker News The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following...
-
50
May 23, 2026 · #65
Episode 65 — 23 May 2026 1. Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is... 2. Ubiquiti patches three max severity UniFi OS vulnerabilities Source: Bleeping Computer Ubiquiti has released security updates to patch three maximum severity vulnerabilities in UniFi OS that can be exploited by remote attackers without privileges. UniFi OS is a unified operating system that powers UniFi Consoles and helps manage IT infrastructure, including... 3. Netherlands seizes 800 servers of hosting firm enabling cyberattacks Source: Bleeping Computer Financial crime investigators in the Netherlands (FIOD) arrested two men and seized 800 servers linked to a web hosting company that enabled cyberattacks, interference operations, and disinformation campaigns. FIOD arrested a 57-year-old suspect, who was the company director,... 4. Drupal: Critical SQL injection flaw now targeted in attacks Source: Bleeping Computer Drupal is warning that hackers are attempting to exploit a "highly critical" SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May 18, urging administrators to reserve time for core updates that addressed... 5. LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root Source: The Hacker News A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 (CVSS score: 10.0), relates to an instance of incorrect privilege assignment that an attacker could abuse... 6. Lawmakers Demand Answers as CISA Tries to Contain Data Leak Source: Krebs on Security Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on... 7. Trend Micro warns of Apex One zero-day exploited in the wild Source: Bleeping Computer Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. Apex One is Trend Micro's enterprise-grade endpoint security platform that protects corporate networks from a wide range of... 8. First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups Source: The Hacker News Authorities in Europe and North America have announced the dismantling of a criminal virtual private network (VPN) service used by criminal actors to obscure the origins of ransomware attacks, data theft, scanning, and denial-of-service attacks. Codenamed Operation Saffron,...
-
49
May 22, 2026 · #64
Episode 64 — 22 May 2026 1. Max severity Cisco Secure Workload flaw gives Site Admin privileges Source: Bleeping Computer Cisco has released security updates to address a maximum-severity Secure Workload vulnerability that allows attackers to gain Site Admin privileges. Formerly known as Cisco Tetration, Cisco Secure Workload helps admins reduce their network's attack surface through zero trust... 2. Google accidentally exposed details of unfixed Chromium flaw Source: Bleeping Computer Google has accidentally leaked details about an unfixed issue in Chromium that keeps JavaScript running in the background even when the browser is closed, allowing remote code execution on the device. The flaw was reported by security researcher Lyra Rebane and acknowledged... 3. Microsoft warns of new Defender zero-days exploited in attacks Source: Bleeping Computer On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. The first one, tracked as CVE-2026-41091 , is a privilege escalation security flaw affecting Microsoft Malware Protection Engine... 4. Police seize “First VPN” service used in ransomware, data theft attacks Source: Bleeping Computer A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. Authorities have seized dozens of First VPN servers located in 27 countries, arrested the administrator,... 5. CISA Adds Exploited Langflow and Trend Micro Apex One Vulnerabilities to KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting Langflow and Trend Micro Apex One to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabilities in question are... 6. Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada Source: Krebs on Security Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf , a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over... 7. Microsoft Takes Down Malware-Signing Service Behind Ransomware Attacks Source: The Hacker News Microsoft on Tuesday said it disrupted a malware-signing-as-a-service (MSaaS) operation that weaponized the company's Artifact Signing system to deliver malicious code and conduct ransomware and other attacks, compromising thousands of machines and networks across the world.... 8. Webworm Deploys EchoCreep and GraphWorm Backdoors Using Discord and MS Graph API Source: The Hacker News Cybersecurity researchers have flagged fresh activity from a China-aligned threat actor known as Webworm in 2025, deploying custom backdoors that employ Discord and Microsoft Graph API for command-and-control (C2 or C&C) communications. Webworm, first publicly documented by...
-
48
May 21, 2026 · #63
Episode 63 — 21 May 2026 1. Microsoft warns of new Defender zero-days exploited in attacks Source: Bleeping Computer On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. The first one, tracked as CVE-2026-41091 , is a privilege escalation security flaw affecting Microsoft Malware Protection Engine... 2. Hackers bypass SonicWall VPN MFA due to incomplete patching Source: Bleeping Computer Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance,... 3. Highly Critical Drupal Core Flaw Exposes PostgreSQL Sites to RCE Attacks Source: The Hacker News Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries... 4. Microsoft shares mitigation for YellowKey Windows zero-day Source: Bleeping Computer Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. The security flaw was disclosed last week by an anonymous security researcher known as 'Nightmare Eclipse,' who described it... 5. GitHub links repo breach to TanStack npm supply-chain attack Source: Bleeping Computer GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack . This attack is attributed to the TeamPCP threat group and began with the... 6. Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit Source: The Hacker News Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. The zero-day flaw, now tracked as CVE-2026-45585, carries a CVSS score of 6.8. It has been described as a BitLocker security feature... 7. 9-Year-Old Linux Kernel Flaw Enables Root Command Execution on Major Distros Source: The Hacker News Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local... 8. GitHub Internal Repositories Breached via Malicious Nx Console VS Code Extension Source: The Hacker News GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team...
-
47
May 20, 2026 · #62
Episode 62 — 20 May 2026 1. Microsoft shares mitigation for YellowKey Windows zero-day Source: Bleeping Computer Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. The security flaw was disclosed last week by an anonymous security researcher known as 'Nightmare Eclipse,' who described it... 2. Grafana GitHub Breach Exposes Source Code via TanStack npm Attack Source: The Hacker News Grafana Labs, on May 19, 2026, said an investigation into its recent breach found no evidence of customer production systems or operations being compromised. It said the scope of the incident is limited to the Grafana Labs GitHub environment, which includes public and private... 3. Max-severity flaw in ChromaDB for AI apps allows server hijacking Source: Bleeping Computer A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as CVE-2026-45829 and was reported to ChromaDB on February 17. It received the maximum... 4. GitHub confirms breach of 3,800 repos via malicious VSCode extension Source: Bleeping Computer GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension. The company has since removed the unnamed trojanized extension from the VS Code marketplace and has secured the compromised device.... 5. Cybercrime service disrupted for abusing Microsoft platform to sign malware Source: Bleeping Computer Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. According to a report published today by... 6. DirtyDecrypt PoC Released for Linux Kernel CVE-2026-31635 LPE Vulnerability Source: The Hacker News Proof-of-concept (PoC) exploit code has now been released for a recently patched security flaw in the Linux kernel that could allow for local privilege escalation (LPE). Dubbed DirtyDecrypt (aka DirtyCBC), the vulnerability was discovered and reported by the Zellic and V12... 7. Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws Source: The Hacker News Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS... 8. ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More Source: The Hacker News Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear....
-
46
May 19, 2026 · #61
Episode 61 — 19 May 2026 1. INTERPOL ‘Operation Ramz’ seizes 53 malware, phishing servers Source: Bleeping Computer More than 200 individuals were arrested for cybercrime activities during INTERPOL's Operation Ramz, which focused on the Middle East and North Africa. Law enforcement also identified another 382 suspects across 13 countries (Algeria, Bahrain, Egypt, Iraq, Jordan, Lebanon,... 2. New Windows 'MiniPlasma' zero-day exploit gives SYSTEM access, PoC released Source: Bleeping Computer A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems. The exploit was published by a researcher known as Chaotic Eclipse,... 3. SEPPMail Secure E-Mail Gateway Vulnerabilities Enable RCE and Mail Traffic Access Source: The Hacker News Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance. "These... 4. Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing Source: Bleeping Computer The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. Despite an international law enforcement operation disrupting the Tycoon2FA phishing platform in March, the malicious operation was... 5. Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws Source: The Hacker News Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS... 6. ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More Source: The Hacker News Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear.... 7. CISA Admin Leaked AWS GovCloud Keys on Github Source: Krebs on Security Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts... 8. Grafana says stolen GitHub token let hackers steal codebase Source: Bleeping Computer Grafana Labs disclosed that hackers have downloaded its source code after breaching its GitHub environment using a stolen access token. [...]
-
45
May 16, 2026 · #58
Episode 58 — 16 May 2026 1. Microsoft warns of Exchange zero-day flaw exploited in attacks Source: Bleeping Computer On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. Microsoft describes this security flaw... 2. Funnel Builder WordPress plugin bug exploited to steal credit cards Source: Bleeping Computer A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. The flaw has not received an official identifier and can be leveraged without authentication. It affects... 3. Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin Source: Bleeping Computer Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused analytics plugin active on 200,000 WordPress sites and marketed as a lightweight... 4. CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits Source: The Hacker News The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to... 5. Popular node-ipc npm package compromised to steal credentials Source: Bleeping Computer Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc package is a Node.js module that enables various processes to communicate... 6. Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access Source: The Hacker News The Russian state-sponsored hacking group known as Turla has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that's engineered for stealth and persistent access to compromised hosts. Turla, per the U.S. Cybersecurity and Infrastructure Security... 7. PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure Source: The Hacker News Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of its public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3),... 8. On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email Source: The Hacker News Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming...
-
44
May 15, 2026 · #57
Episode 57 — 15 May 2026 1. Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin Source: Bleeping Computer Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused analytics plugin active on 200,000 WordPress sites and marketed as a lightweight... 2. Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks Source: Bleeping Computer Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. CVE-2026-20182 has a maximum severity... 3. 18-year-old NGINX vulnerability allows DoS, potential RCE Source: Bleeping Computer An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. The vulnerability is tracked as CVE-2026-42945 and received a critical... 4. TeamPCP hackers advertise Mistral AI code repos for sale Source: Bleeping Computer The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. In a post on a hacker forum, the threat actor is asking $25,000 for a set of nearly 450 repositories. Mistral AI is a French artificial intelligence... 5. On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email Source: The Hacker News Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 (CVSS score: 8.1), has been described as a spoofing bug stemming... 6. Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation Source: The Hacker News An anonymous cybersecurity researcher who disclosed three Microsoft Defender vulnerabilities has returned with two more zero-days involving a BitLocker bypass and a privilege escalation impacting Windows Collaborative Translation Framework (CTFMON). The security defects have... 7. PraisonAI CVE-2026-44338 Auth Bypass Targeted Within Hours of Disclosure Source: The Hacker News Threat actors have been observed attempting to exploit a recently disclosed security vulnerability in PraisonAI, an open-source multi-agent orchestration framework, within four hours of public disclosure. The vulnerability in question is CVE-2026-44338 (CVSS score: 7.3), a... 8. 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE Source: The Hacker News Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years. The vulnerability, discovered by depthfirst, is a heap buffer overflow issue impacting...
-
43
May 14, 2026 · #56
Episode 56 — 14 May 2026 1. Windows BitLocker zero-day gives access to protected drives, PoC released Source: Bleeping Computer A cybersecurity researcher has published proof-of-concept (PoC) exploits for two unpatched Microsoft Windows vulnerabilities named YellowKey and GreenPlasma, which are a BitLocker bypass and a privilege-escalation flaw. Known as Chaotic Eclipse or Nightmare Eclipse, the... 2. New Fragnesia Linux flaw lets attackers gain root privileges Source: Bleeping Computer Linux distros are rolling out patches for a new high-severity kernel privilege escalation vulnerability that allows attackers to run malicious code as root. Known as Fragnasia and tracked as CVE-2026-46300 , this security flaw stems from a logic bug in the Linux XFRM... 3. New critical Exim mailer flaw allows remote code execution Source: Bleeping Computer A critical vulnerability affecting certain configurations of the Exim open-source mail transfer agent could be exploited by an unauthenticated remote attacker to execute arbitrary code. Identified as CVE-2026-45185 , the security issue impacts some Exim versions before 4.99.3... 4. West Pharmaceutical says hackers stole data, encrypted systems Source: Bleeping Computer West Pharmaceutical Services disclosed that it was the target of a cyberattack that resulted in data exfiltration and system encryption. The company said that it detected a compromise on May 4th. An investigation into the incident determined that the attacker stole data from... 5. 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE Source: The Hacker News 6. New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption Source: The Hacker News Details have emerged about a new variant of the recent Dirty Frag Linux local privilege escalation (LPE) vulnerability that allows local attackers to gain root access, making it the third such bug to be identified in the kernel within a span of two weeks. Codenamed Fragnesia,... 7. Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation Source: The Hacker News A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an expansion of its targeting. The activity has been attributed by Bitdefender... 8. New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution Source: The Hacker News Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and...
-
42
May 13, 2026 · #55
Episode 55 — 13 May 2026 1. Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator Source: Bleeping Computer Fortinet has released security updates to address two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code on unpatched systems. The first one, tracked as CVE-2026-44277, impacts the company's... 2. SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA Source: Bleeping Computer SAP has released the May 2026 security updates addressing 15 vulnerabilities across multiple products, including two critical flaws in Commerce Cloud and S/4HANA. Commerce Cloud is an enterprise-grade e-commerce platform used by online stores owned by large retailers and... 3. New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution Source: The Hacker News Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution. Exim is an open-source Mail Transfer Agent (MTA) designed for Unix-like systems to receive, route, and... 4. Signal adds security warnings for social engineering, phishing attacks Source: Bleeping Computer Signal has introduced new in-app confirmations and warning messages as additional safeguards against phishing and social engineering attempts that could lead to various forms of fraud. The purpose is to introduce enough friction that users get the time to evaluate the safety... 5. UK fines water supplier $1.3M for exposing data of 664k customers Source: Bleeping Computer The Information Commissioner's Office has fined South Staffordshire Water Plc and parent company South Staffordshire Plc £963,900 ($1.3 million) over a cyberattack that exposed the personal data of 663,887 customers and employees. The company supplies 330 million liters of... 6. Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation Source: The Hacker News Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for... 7. RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded Source: The Hacker News RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a "major malicious attack." "We're dealing with a major malicious attack on RubyGems right now," Maciej Mensfeld, senior... 8. New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots Source: The Hacker News Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2). The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking...
-
41
May 12, 2026 · #54
Episode 54 — 12 May 2026 1. Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation Source: The Hacker News Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for... 2. Official CheckMarx Jenkins package compromised with infostealer Source: Bleeping Computer Checkmarx warned over the weekend that a rogue version of its Jenkins Application Security Testing (AST) plugin had been published on the Jenkins Marketplace. The compromise was claimed by the TeamPCP hacker group, which initiated a spree of supply-chain attacks that included... 3. Instructure confirms hackers used Canvas flaw to deface portals Source: Bleeping Computer Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message. BleepingComputer has learned that both the breach and defacements involved multiple cross-site scripting (XSS)... 4. cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor Source: The Hacker News A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments. The attack exploits CVE-2026-41940, a vulnerability impacting cPanel and WebHost Manager... 5. Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packages Source: The Hacker News TeamPCP, the threat actor behind the recent supply chain attack spree, has been linked to the compromise of the npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI as part of a fresh Mini Shai-Hulud campaign. The affected npm packages have... 6. TrickMo Android banker adopts TON blockchain for covert comms Source: Bleeping Computer A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. The TrickMo banker was first spotted in September 2019 and has... 7. Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak Source: The Hacker News Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers... 8. Hackers abuse Google ads, Claude.ai chats to push Mac malware Source: Bleeping Computer Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install...
-
40
May 11, 2026 · #53
Episode 53 — 11 May 2026 1. Google: Hackers used AI to develop zero-day exploit for web admin tool Source: Bleeping Computer Researchers at Google Threat Intelligence Group (GTIG) say that a zero-day exploit targeting a popular open-source web administration tool was likely generated using AI. The exploit could be leveraged to bypass the two-factor authentication (2FA) protection in a popular... 2. Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak Source: The Hacker News Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory. The out-of-bounds read flaw, which likely impacts over 300,000 servers... 3. TrickMo Android banker adopts TON blockchain for covert comms Source: Bleeping Computer A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications. The TrickMo banker was first spotted in September 2019 and has... 4. Hackers abuse Google ads, Claude.ai chats to push Mac malware Source: Bleeping Computer Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign. Users searching for "Claude mac download" may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install... 5. Police shut down reboot of Crimenetwork marketplace, arrest admin Source: Bleeping Computer German authorities have shut down a relaunch version of the criminal marketplace 'Crimenetwork' that generated more than 3.6 million euros, and arrested its operator. Crimenetwork was the largest online cybercrime marketplace in Germany, operating since 2012 and with 100,000... 6. JDownloader site hacked to replace installers with Python RAT malware Source: Bleeping Computer The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan. The supply chain attack affects those who downloaded... 7. Fake OpenAI repository on Hugging Face pushes infostealer malware Source: Bleeping Computer A malicious Hugging Face repository that reached the platform’s trending list impersonated OpenAI’s “Privacy Filter” project to deliver information-stealing malware to Windows users. The repository briefly reached #1 on Hugging Face and accumulated 244,000 downloads before...
-
39
May 09, 2026 · #51
Episode 51 — 09 May 2026 1. NVIDIA confirms GeForce NOW data breach affecting Armenian users Source: Bleeping Computer NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. The gaming and hardware giant has clarified that the impact is limited to Armenia, and was caused by a compromise of the infrastructure operated by a... 2. Trellix source code breach claimed by RansomHouse hackers Source: Bleeping Computer The attack on the Trellix source code repository disclosed last week has been claimed by the RansomHouse threat group, which leaked a small set of images as proof of the intrusion. Yesterday, the threat actor published on their data leak site screenshots indicating access to... 3. Former govt contractor convicted for wiping dozens of federal databases Source: Bleeping Computer A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. In 2016, Sohaib Akhter and his twin brother and co-defendant Muneeb Akhter were also sentenced to several years in... 4. New Linux 'Dirty Frag' zero-day gives root on all major distros Source: Bleeping Computer A new Linux zero-day exploit, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. Security researcher Hyunwoo Kim, who disclosed it earlier today and published a proof-of-concept (PoC) exploit, says this... 5. Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access Source: The Hacker News Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions... 6. PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems Source: The Hacker News Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud infrastructure and ousts any artifacts linked to TeamPCP from the environments. "The toolset harvests credentials from cloud, container, developer,... 7. Canvas Breach Disrupts Schools & Colleges Nationwide Source: Krebs on Security An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand... 8. PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux Source: The Hacker News Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the...
-
38
May 08, 2026 · #50
Episode 50 — 08 May 2026 1. New Linux 'Dirty Frag' zero-day gives root on all major distros Source: Bleeping Computer A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. Security researcher Hyunwoo Kim, who disclosed the flaw earlier today and published a proof-of-concept (PoC) exploit,... 2. Ivanti warns of new EPMM flaw exploited in zero-day attacks Source: Bleeping Computer Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. The security flaw (tracked as CVE-2026-6973) stems from an Improper Input Validation weakness that allows remote... 3. Palo Alto Networks firewall zero-day exploited for nearly a month Source: Bleeping Computer Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. Tracked as CVE-2026-0300 , this remote code execution security flaw was found in the PAN-OS User-ID... 4. Former govt contractor convicted for wiping dozens of federal databases Source: Bleeping Computer A 34-year-old Virginia man was found guilty of conspiring to destroy dozens of government databases after getting fired from his job as a federal contractor. In 2016, Sohaib Akhter and his twin brother and co-defendant Muneeb Akhter were also sentenced to several years in... 5. PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage Source: The Hacker News Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as early as April 9, 2026. The vulnerability in question is CVE-2026-0300 (CVSS score: 9.3/8.7), a buffer overflow vulnerability in the... 6. Canvas Breach Disrupts Schools & Colleges Nationwide Source: Krebs on Security An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service’s login page with a ransom demand... 7. vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution Source: The Hacker News A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible systems. vm2 is an open-source library used to run untrusted JavaScript code... 8. MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack Source: The Hacker News The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to...
-
37
May 07, 2026 · #49
Episode 49 — 07 May 2026 1. New Cisco DoS flaw requires manual reboot to revive devices Source: Bleeping Computer Cisco released security updates to fix a Crosswork Network Controller (CNC) and Network Services Orchestrator (NSO) denial-of-service (DoS) vulnerability that requires manually rebooting targeted systems for recovery. Large enterprises and service providers leverage the CNC... 2. Critical vm2 sandbox bug lets attackers execute code on hosts Source: Bleeping Computer A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and has been confirmed to impact vm2 version 3.10.4, although earlier releases... 3. Hackers abuse Google ads for GoDaddy ManageWP login phishing Source: Bleeping Computer A phishing campaign delivered through Google sponsored search results is targeting credentials for ManageWP, GoDaddy’s platform for managing fleets of WordPress websites. The threat actor is using an adversary-in-the-middle (AitM) approach where the fake login page acts as a... 4. MuddyWater hackers use Chaos ransomware as a decoy in attacks Source: Bleeping Computer The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and establish persistence. Although the attack involved credential theft, persistence, remote access, data exfiltration,... 5. MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack Source: The Hacker News The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation. The attack, observed by Rapid7 in early 2026, has been found to... 6. Mirai-Based xlabs_v1 Botnet Exploits ADB to Hijack IoT Devices for DDoS Attacks Source: The Hacker News Cybersecurity researchers have exposed a new Mirai-derived botnet that self-identifies as xlabs_v1 and targets internet-exposed devices running Android Debug Bridge (ADB) to enlist them in a network capable of carrying out distributed denial-of-service (DDoS) attacks.... 7. ScarCruft Hacks Gaming Platform to Deploy BirdCall Malware on Android and Windows Source: The Hacker News The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCallto likely target ethnic Koreans residing in China. While prior versions... 8. China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions Source: The Hacker News A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under...
-
36
May 06, 2026 · #48
Episode 48 — 06 May 2026 1. Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution Source: The Hacker News Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the wild. The vulnerability, tracked as CVE-2026-0300, has been described as a case of unauthenticated remote code execution. It... 2. Student hacked Taiwan high-speed rail to trigger emergency brakes Source: Bleeping Computer A 23-year-old university student in Taiwan was arrested for interfering with the TETRA communication system used by the country's high-speed railway network (THSR). According to local media reports , the student halted four trains for 48 minutes on April 5 by using... 3. CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs Source: Bleeping Computer A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. The malware was discovered in an intrusion that was active since... 4. Researchers report Amazon SES abused in phishing to evade detection Source: Bleeping Computer Cybersecurity firm Kaspersky reports that the Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged... 5. New stealthy Quasar Linux malware targets software developers Source: Bleeping Computer A previously undocumented Linux implant named Quasar Linux (QLNX) is targeting developers' systems with a mix of rootkit, backdoor, and credential-stealing capabilities. The malware kit is deployed in development and DevOps environments in npm, PyPI, GitHub, AWS, Docker, and... 6. China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions Source: The Hacker News A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025. The activity is being tracked by Cisco Talos under... 7. Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Source: The Hacker News Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign,... 8. Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia Source: The Hacker News The China-based cybercrime group known as Silver Fox (aka Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne) has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using...
-
35
May 05, 2026 · #47
Episode 47 — 05 May 2026 1. Weaver E-cology critical bug exploited in attacks since March Source: Bleeping Computer Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks... 2. Amazon SES increasingly abused in phishing to evade detection Source: Bleeping Computer The Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, the... 3. Trellix discloses data breach after source code repository hack Source: Bleeping Computer Cybersecurity firm Trellix disclosed a data breach after attackers gained access to "a portion" of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000... 4. Progress warns of critical MOVEit Automation auth bypass flaw Source: Bleeping Computer Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a... 5. Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries Source: The Hacker News Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign,... 6. Critical cPanel Vulnerability Weaponized to Target Government and MSP Networks Source: The Hacker News A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S., by exploiting... 7. Phishing Campaign Hits 80+ Orgs Using SimpleHelp and ScreenConnect RMM Tools Source: The Hacker News An active phishing campaign has been observed targeting multiple vectors since at least April 2025 with legitimate Remote Monitoring and Management (RMM) software as a way to establish persistent remote access to compromised hosts. The activity, codenamed VENOMOUS#HELPER, has... 8. 2026: The Year of AI-Assisted Attacks Source: The Hacker News On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When asked, the young...
-
34
May 04, 2026 · #46
Episode 46 — 04 May 2026 1. Instructure confirms data breach, ShinyHunters claims attack Source: Bleeping Computer Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. Instructure is a U.S.-based education technology company best known for developing Canvas, a widely used learning management... 2. Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks Source: Bleeping Computer A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks. This week, an emergency update for WHM and cPanel was released to fix a critical authentication bypass flaw that allows attackers... 3. CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The... 4. Global Crackdown Arrests 276, Shuts 9 Crypto Scam Centers, Seizes $701M Source: The Hacker News A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. The crackdown was...
-
33
May 02, 2026 · #44
Episode 44 — 02 May 2026 1. Trellix Confirms Source Code Breach With Unauthorized Repository Access Source: The Hacker News Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading forensic experts" to... 2. 15-year-old detained over French govt agency data breach Source: Bleeping Computer French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country’s agency for issuing and managing administrative documents. The government agency confirmed the breach and the authenticity of the data... 3. US ransomware negotiators get 4 years in prison over BlackCat attacks Source: Bleeping Computer Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. 40-year-old Ryan Clifford Goldberg (a former Sygnia incident response... 4. FBI links cybercriminals to sharp surge in cargo theft attacks Source: Bleeping Computer The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. This represents a 60% surge in losses... 5. Edu tech firm Instructure discloses cyber incident, probes impact Source: Bleeping Computer Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. The U.S.-based education technology company is best known for developing Canvas, a widely used... 6. 30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign Source: The Hacker News A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the scheme selling the... 7. Anti-DDoS Firm Heaped Attacks on Brazilian ISPs Source: Krebs on Security A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The... 8. Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft Source: The Hacker News A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitHub account...
-
32
May 01, 2026 · #43
Episode 43 — 01 May 2026 1. US ransomware negotiators get 4 years in prison over BlackCat attacks Source: Bleeping Computer Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for targeting U.S. companies in BlackCat (ALPHV) ransomware attacks. 40-year-old Ryan Clifford Goldberg (a former Sygnia incident response... 2. Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining Source: Bleeping Computer Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. Exploitation started in early February, before the security issues were disclosed publicly at the end of the month,... 3. FBI links cybercriminals to sharp surge in cargo theft attacks Source: Bleeping Computer The U.S. Federal Bureau of Investigation (FBI) warned the transportation and logistics industry of a sharp rise in cyber-enabled cargo theft, with estimated losses in the United States and Canada reaching nearly $725 million in 2025. This represents a 60% surge in losses... 4. New Linux ‘Copy Fail’ flaw gives hackers root on major distros Source: Bleeping Computer An exploit has been published for a local privilege escalation vulnerability dubbed “Copy Fail” that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root permissions. The vulnerability is tracked as CVE-2026-31431 and was discovered... 5. Anti-DDoS Firm Heaped Attacks on Brazilian ISPs Source: Krebs on Security A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The... 6. PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials Source: The Hacker News In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious... 7. New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs Source: The Hacker News Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility... 8. Hackers arrested for hijacking and selling 610,000 Roblox accounts Source: Bleeping Computer The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000. The arrests were made by the police in Lviv after conducting ten searches on targeted locations, seizing $35,000 in cash, 37 mobile...
-
31
Apr 30, 2026 · #42
Episode 42 — 30 Apr 2026 1. Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining Source: Bleeping Computer Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers' servers. Exploitation started in early February, before the security issues were disclosed publicly at the end of the month,... 2. GitHub fixes RCE flaw that gave access to millions of private repos Source: Bleeping Computer In early March, GitHub patched a critical remote code execution vulnerability ( CVE-2026-3854 ) that could have allowed attackers to access millions of private repositories. The flaw was reported on March 4, 2026, by researchers at cybersecurity firm Wiz through GitHub's bug... 3. CISA orders feds to patch Windows flaw exploited as zero-day Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. Tracked as CVE-2026-32202 , this security flaw was reported by cybersecurity firm Akamai, which... 4. Learning from the Vercel breach: Shadow AI & OAuth sprawl Source: Bleeping Computer Learning from the Vercel breach: Shadow AI & OAuth sprawl Sponsored by Push Security April 29, 2026 09:05 AM 0 Most organizations are rightly nervous about employees adopting unapproved AI tools. Shadow AI use in the form of LLMs, where users upload sensitive data to ChatGPT,... 5. SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack Source: The Hacker News Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz,... 6. CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities... 7. Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is... 8. New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs Source: The Hacker News Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as a utility...
-
30
Apr 29, 2026 · #41
Episode 41 — 29 Apr 2026 1. CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities... 2. Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854... 3. US reportedly charges Scattered Spider hacker arrested in Finland Source: Bleeping Computer A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective. According to temporarily unsealed court records obtained by... 4. Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE Source: The Hacker News Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is... 5. LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure Source: The Hacker News In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowledge. The... 6. Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data Source: Bleeping Computer Application security company Checkmarx has confirmed that the LAPSUS$ threat group leaked data stolen from its private GitHub repository. Although the investigation is ongoing, Checkmarx believes that the access vector was the Trivy supply-chain attack attributed to the... 7. Broken VECT 2.0 ransomware acts as a data wiper for large files Source: Bleeping Computer Researchers are warning that the VECT 2.0 ransomware has a problem in the way it handles encryption nonces that leads to permanently destroying larger files rather than encrypt them. VECT has been advertised on one of the latest BreachForums iterations, inviting registered... 8. Video service Vimeo confirms Anodot breach exposed user data Source: Bleeping Computer Vimeo has disclosed that data belonging to some of its customers and users has been accessed without authorization following the recent breach at the Anodot data anomaly detection company. The video platform says that the threat actor accessed email addresses for some of its...
-
29
Apr 28, 2026 · #40
Episode 40 — 28 Apr 2026 1. Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202 Source: The Hacker News Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that... 2. PyPI package with 1.1M monthly downloads hacked to push infostealer Source: Bleeping Computer An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, and it extended to the Docker image due to the package's workflow that... 3. American utility firm Itron discloses breach of internal IT network Source: Bleeping Computer Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack. The company states that it activated its cybersecurity response plan when detecting the activity last month, notified law... 4. Alleged Silk Typhoon hacker extradited to US for cyberespionage Source: Bleeping Computer A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges. According to a DOJ announcement, Xu Zewei is alleged to be a contract hacker for China's... 5. Robinhood account creation flaw abused to send phishing emails Source: Bleeping Computer Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. Starting last night, Robinhood customers began receiving "Your... 6. Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack Source: The Hacker News Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub... 7. Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware Source: The Hacker News Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of... 8. ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More Source: The Hacker News חZË_ՋŚ?ܼ|?>w%2~^:_g\ x>|̿k/;7_Fvfqz#$unRc|D<@?_&\m&Vf/1d ;/vlNN=X٭ f97|[=ܨ<S[;Q|m} }...
-
28
Apr 27, 2026 · #39
Episode 39 — 27 Apr 2026 1. American utility firm Itron discloses breach of internal IT network Source: Bleeping Computer Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a cyberattack. The company states that it activated its cybersecurity response plan when detecting the activity last month, notified law... 2. Threat actor uses Microsoft Teams to deploy new “Snow” malware Source: Bleeping Computer A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named “Snow,” which includes a browser extension, a tunneler, and a backdoor. Their goal is to steal sensitive data after deep network compromise through credential theft and...
-
27
Apr 26, 2026 · #38
Episode 38 — 26 Apr 2026 1. ADT confirms data breach after ShinyHunters leak threat Source: Bleeping Computer Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. In a statement shared today, the company said it detected unauthorized access to customer and prospective customer data on April... 2. Firestarter malware survives Cisco firewall updates, security patches Source: Bleeping Computer Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. The backdoor has been attributed... 3. New BlackFile extortion group linked to surge of vishing attacks Source: Bleeping Computer A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. The group, also tracked as CL-CRI-1116, UNC6671 , and Cordial Spider , is... 4. Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks Source: Bleeping Computer Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver. Zimbra is a popular email and collaboration software suite... 5. FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with a new malware called FIRESTARTER.... 6. CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active... 7. Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 Source: The Hacker News Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.... 8. Threat actor uses Microsoft Teams to deploy new “Snow” malware Source: Bleeping Computer A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named “Snow,” which includes a browser extension, a tunneler, and a backdoor. Their goal is to steal sensitive data after deep network compromise through credential theft and...
-
26
Apr 25, 2026 · #37
Episode 37 — 25 Apr 2026 1. ADT confirms data breach after ShinyHunters leak threat Source: Bleeping Computer Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. In a statement shared today, the company said it detected unauthorized access to customer and prospective customer data on April... 2. Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks Source: Bleeping Computer Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver. Zimbra is a popular email and collaboration software suite... 3. Firestarter malware survives Cisco firewall updates, security patches Source: Bleeping Computer Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. The backdoor has been attributed... 4. CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active... 5. New BlackFile extortion group linked to surge of vishing attacks Source: Bleeping Computer A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. The group, also tracked as CL-CRI-1116, UNC6671 , and Cordial Spider , is... 6. Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2 Source: The Hacker News Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.... 7. CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks Source: CISA News Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on... 8. UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware Source: The Hacker News A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on...
-
25
Apr 24, 2026 · #36
Episode 36 — 24 Apr 2026 1. LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure Source: The Hacker News A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5),... 2. CISA orders feds to patch BlueHammer flaw exploited as zero-day Source: Bleeping Computer CISA has given U.S. government agencies two weeks to secure their Windows systems against a Microsoft Defender privilege escalation vulnerability that has been exploited in zero-day attacks. Tracked as CVE-2026-33825 , this high-severity security flaw allows low-privileged... 3. Hackers exploit file upload bug in Breeze Cache WordPress plugin Source: Bleeping Computer Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. The security issue is tracked as CVE-2026-3844 and has been leveraged in more than 170 exploitation... 4. CISA, National Cyber Security Centre (NCSC) UK, and Global Partners Issue Advisory on Chinese Government-Linked Covert Cyber Networks Source: CISA News Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on... 5. Cosmetics giant Rituals discloses data breach affecting customers Source: Bleeping Computer Dutch cosmetics giant Rituals disclosed a data breach after attackers stole the personal information of an undisclosed number of customers from its "My Rituals" membership database. The company revealed the security incident in a Wednesday notice, saying that the breach was... 6. New GopherWhisper APT group abuses Outlook, Slack, Discord for comms Source: Bleeping Computer A previously undocumented state-backed threat actor named GopherWhisper is using a Go-based custom toolkit and legitimate services like Microsoft 365 Outlook, Slack, and Discord in attacks against government entities. Active since at least 2023, the hackers have been linked... 7. CISA Warns of FIRESTARTER Malware Targeting Cisco ASA including Firepower and Secure Firewall Products Source: CISA News Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on... 8. Vercel Finds More Compromised Accounts in Context.ai-Linked Breach Source: The Hacker News Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation...
-
24
Apr 23, 2026 · #35
Episode 35 — 23 Apr 2026 1. New Mirai campaign exploits RCE flaw in EoL D-Link routers Source: Bleeping Computer A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. CVE-2025-29635 allows an attacker to execute arbitrary commands on remote devices by... 2. Microsoft releases emergency patches for critical ASP.NET flaw Source: Bleeping Computer Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated... 3. Kyber ransomware gang toys with post-quantum encryption on Windows Source: Bleeping Computer A new Kyber ransomware operation is targeting Windows systems and VMware ESXi endpoints in recent attacks, with one variant implementing Kyber1024 post-quantum encryption. Cybersecurity firm Rapid7 retrieved and analyzed two distinct Kyber variants in March 2026 during an... 4. Apple fixes bug that let the FBI recover deleted Signal messages Source: Bleeping Computer Article updated with statement from Signal thanking Apple for addressing the vulnerability . Apple has released out-of-band security updates for iPhone and iPad devices to fix a Notification Services flaw that could allow notifications marked for deletion to remain stored on... 5. SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation Source: The Hacker News Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to... 6. NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs Source: The Hacker News Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with... 7. Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain Source: The Hacker News Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags,... 8. Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape Source: The Hacker News A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium...
-
23
Apr 22, 2026 · #34
Episode 34 — 22 Apr 2026 1. Microsoft releases emergency patches for critical ASP.NET flaw Source: Bleeping Computer Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026-40372 ) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated... 2. Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks Source: Bleeping Computer Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abused in ongoing attacks. The security flaw, tracked as CVE-2026-32201 , affects SharePoint Enterprise Server 2016,... 3. CISA flags new SD-WAN flaw as actively exploited in attacks Source: Bleeping Computer The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. Catalyst SD-WAN Manager (formerly known as... 4. Actively exploited Apache ActiveMQ flaw impacts 6,400 servers Source: Bleeping Computer Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. Apache ActiveMQ is the most popular open-source multi-protocol message broker... 5. Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape Source: The Hacker News A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. "Sandbox escape vulnerability in Terrarium... 6. ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty Source: Krebs on Security A 24-year-old British national and senior member of the cybercrime group “ Scattered Spider ” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022... 7. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Source: The Hacker News A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case... 8. Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles Source: The Hacker News Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that's distributed via a theme related to India's banking sector. "The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell...
-
22
Apr 21, 2026 · #33
Episode 33 — 21 Apr 2026 1. China's Apple App Store infiltrated by crypto-stealing wallet apps Source: Bleeping Computer A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency assets. The threat actor used multiple methods to imitate official products,... 2. CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of... 3. SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files Source: The Hacker News A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case... 4. Seiko USA website defaced as hacker claims customer data theft Source: Bleeping Computer The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. Visitors to the "Press Lounge" section of the site were shown a page titled "HACKED,"... 5. Vercel confirms breach as hackers claim to be selling stolen data Source: Bleeping Computer Update 4/19/26: Added additional information from Vercel that was disclosed after publishing. Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud... 6. Microsoft: Teams increasingly abused in helpdesk impersonation attacks Source: Bleeping Computer Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. The hackers impersonate IT or helpdesk staff to contact employees through cross-tenant... 7. Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Source: The Hacker News Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used... 8. Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems Source: The Hacker News Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence,...
-
21
Apr 20, 2026 · #32
Episode 32 — 20 Apr 2026 1. Vercel confirms breach as hackers claim to be selling stolen data Source: Bleeping Computer Update 4/19/26: Added additional information from Vercel that was disclosed after publishing. Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data. Vercel is a cloud... 2. Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials Source: The Hacker News Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used... 3. Payouts King ransomware uses QEMU VMs to bypass endpoint security Source: Bleeping Computer The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. QEMU is an open-source CPU emulator and system virtualization tool that allows users to run operating systems... 4. Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched Source: The Hacker News Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHammer (requires... 5. Grinex exchange blames "Western intelligence" for $13.7M crypto hack Source: Bleeping Computer Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies. The funds were stolen from cryptocurrency wallets belonging to Russian users, as the platform enables crypto-ruble... 6. Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet Source: The Hacker News Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices... 7. Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems Source: The Hacker News Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence,... 8. $13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims Source: The Hacker News Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a...
-
20
Apr 16, 2026 · #28
Episode 28 — 16 Apr 2026 1. US nationals behind DPRK IT worker 'laptop farm' sent to prison Source: Bleeping Computer Two U.S. nationals have been sent to prison for helping North Korean remote information technology (IT) workers to pose as U.S. residents and get hired by over 100 companies across the country, including many Fortune 500 firms. 42-year-old Kejia Wang and 39-year-old Zhenxing... 2. New AgingFly malware used in attacks on Ukraine govt, hospitals Source: Bleeping Computer A new malware family named ‘AgingFly’ has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. The attacks were spotted in Ukraine by the country's CERT team last month. Based on... 3. Critical Nginx UI auth bypass flaw now actively exploited in the wild Source: Bleeping Computer A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. The flaw, tracked as CVE-2026-33032, is caused by nginx-ui leaving the ‘/mcp_message’ endpoint unprotected,... 4. CISA flags Windows Task Host vulnerability as exploited in attacks Source: Bleeping Computer CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. Task Host is a core Windows system component that serves as a container for DLL-based processes,... 5. UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign Source: The Hacker News The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from... 6. n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails Source: The Hacker News Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted... 7. Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover Source: The Hacker News A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that... 8. April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More Source: The Hacker News A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business...
-
19
Apr 15, 2026 · #27
Episode 27 — 15 Apr 2026 1. Critical flaw in wolfSSL library enables forged certificate use Source: Bleeping Computer A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. Researchers warn that an attacker could exploit the issue to... 2. McGraw-Hill confirms data breach following extortion threat Source: Bleeping Computer Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. The company assured that the breach did not affect its Salesforce accounts, customer databases, or internal... 3. Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover Source: The Hacker News A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnerability that... 4. Microsoft adds Windows protections for malicious Remote Desktop files Source: Bleeping Computer Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. RDP files are commonly used in enterprise environments to connect to remote... 5. Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities Source: The Hacker News Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are... 6. European Gym giant Basic-Fit data breach affects 1 million members Source: Bleeping Computer Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. The company operates the largest gym chain in Europe, owning more than 1,700 clubs and over 430 franchises in 12 countries,... 7. 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Source: The Hacker News Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting... 8. CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software Source: The Hacker News The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score:...
-
18
Apr 13, 2026 · #25
Episode 25 — 13 Apr 2026 1. Critical Marimo pre-auth RCE flaw now under active exploitation Source: Bleeping Computer Hackers started exploiting a critical vulnerability in the Marimo open-source reactive Python notebook platform just 10 hours after its public disclosure. The flaw allows remote code execution without authentication in Marimo versions 0.20.4 and earlier. It tracked as... 2. Over 20,000 crypto fraud victims identified in international crackdown Source: Bleeping Computer An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. Dubbed "Operation Atlantic," this joint action took place last month, and... 3. OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident Source: The Hacker News OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protect the process that... 4. Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Source: The Hacker News Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the... 5. CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads Source: The Hacker News Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan...
We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.
No matches for "" in this podcast's transcripts.
No topics indexed yet for this podcast.
Loading reviews...
ABOUT THIS SHOW
A daily AI-generated cybersecurity briefing. Fresh threat intelligence, vulnerability roundups, and infosec news — concise, clear, and delivered every day.
HOSTED BY
Security Brief Daily
CATEGORIES
Loading similar podcasts...