Real-time Intelligence Feed for cybersecurity professionals.
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Try a different keyword, or switch the source filter back to “All sources”.
Fraudsters aren't hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. [...]
Significant cybersecurity M&A deals announced by Airbus, Cyera, Fortra, Palo Alto Networks, Silverfort, and Socket. The post Cybersecurity M&A Roundup: 33 Deals Announced in April 2026 appeared first on SecurityWeek.
Hackers delivered malware via a customer chat channel, infected an analyst’s system, and accessed the internal support portal. The post DigiCert Revokes Certificates After Support Portal Hack appeared first on SecurityWeek.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 4, 2026 – Watch the YouTube video Step into the future of cybersecurity at Black Hat USA 2026, Aug. 1-6, in Las Vegas. REGISTER Now & Save with the CODE: CYBERCRIME. Th…
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. [...]
Security breaches don't just test your defenses—they test your recovery. Join Kaseya in our upcoming webinar to learn how MSPs strengthen resilience with SaaS backups and BCDR to stay operational after attacks. [...]
On December 4, 2025, a 17-year-old was arrested in Osaka under Japan’s Unauthorized Access Prohibition Act. The young man had run malicious code to extract the personal data of over 7 million users of Kaikatsu Club, Japan's largest internet cafe chain. When as…
The China-based cybercrime group known as Silver Fox has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that mimic correspondence from the Income Tax Depa…
CISA has warned that threat actors have started exploiting the "Copy Fail" Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. [...]
CISA has added the bug to its KEV list, and Microsoft has observed limited exploitation, mainly associated with PoC testing. The post Exploitation of ‘Copy Fail’ Linux Vulnerability Begins appeared first on SecurityWeek.
Microsoft has confirmed that the April 2026 security updates are causing failures in third-party backup applications using the psmounterex.sys driver. [...]
Advanced Account Security provides stronger login methods, more secure account recovery, shorter sessions, and training exclusion. The post OpenAI Rolls Out Advanced Security for ChatGPT Accounts appeared first on SecurityWeek.
A previously unknown threat actor has been observed targeting government and military entities in Southeast Asia, alongside a smaller cluster of managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S.…
The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access. The post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation appeared first on SecurityWeek.
Hackers disrupted services and stole names, email addresses, student ID numbers, and user messages. The post Edtech Firm Instructure Discloses Data Breach Amid Hacker Leak Threats appeared first on SecurityWeek.
A coordinated international operation involving U.S. and Chinese authorities has arrested at least 276 suspects and shut down nine scam centers used for cryptocurrency investment fraud schemes targeting Americans, resulting in millions of dollars in losses. Th…
Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. [...]
Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. [...]
Google, Microsoft, Amazon Web Services, Nvidia, OpenAI, Reflection and SpaceX will provide resources to help augment warfighter decision-making in complex operational environments,” the Defense Department said. The post US Military Reaches Deals With 7 Tech Co…
Cybersecurity researchers have uncovered a large-scale fraud operation that uses Telegram's Mini App feature to run crypto scams, impersonate well-known brands, and distribute Android malware. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux distributions to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.…
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks. [...]
A new attack type, dubbed ConsentFix v3, has been circulating on hacker forums, building on the previous technique by adding automation and scaling potential. [...]
Still under development, Bluekit provides users with automated domain registration and an AI Assistant. The post New Bluekit Phishing Kit Features AI Assistant appeared first on SecurityWeek.
Cybersecurity company Trellix has announced that it suffered a breach that enabled unauthorized access to a "portion" of its source code. It said it "recently identified" the compromise of its source code repository and that it began working with "leading fore…
Microsoft has confirmed that Windows 11 is getting a new modern Run dialog with dark mode support and faster performance in a new preview build. [...]
Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. [...]
A newly discovered Vietnamese-linked operation has been observed using a Google AppSheet as a "phishing relay" to distribute phishing emails with an aim to compromise Facebook accounts. The activity has been codenamed AccountDumpling by Guardio, with the schem…
French authorities have detained a 15-year-old suspected of selling data stolen in a cyberattack on France Titres (ANTS), the country's agency for issuing and managing administrative documents. [...]
BleepingComputer initially published a story about a new data breach at Instructure. Shortly after publication, we determined that the information was incorrect and primarily based on outdated details from a prior incident. The article has been retracted, and…
Other noteworthy stories that might have slipped under the radar: OFAC hits Iranian central bank crypto reserves, ADT data leak, CISA guidance for zero trust in OT. The post In Other News: Scattered Spider Hacker Arrested, SOC Effectiveness Metrics, NSA Tool V…
The maximum reward for a zero-click Pixel Titan M exploit with persistence has increased to $1.5 million. The post Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge appeared first on SecurityWeek.
Cybersecurity researchers are warning of two cybercrime groups that are carrying out "rapid, high-impact attacks" operating almost within the confines of SaaS environments, while leaving minimal traces of their actions. The clusters, Cordial Spider (aka BlackF…
Raw threat intel isn't enough without real-world context. Criminal IP has partnered with Securonix to integrate exposure-based intelligence into ThreatQ, automating analysis and speeding up investigations. [...]
Cybersecurity researchers have disclosed details of a new China-aligned espionage campaign targeting government and defense sectors across South, East, and Southeast Asia, along with one European government belonging to NATO. Trend Micro has attributed the act…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May. 1, 2026 – Listen to the podcast A quarter-century old article in The Wall Street Journal reported in 1998 that Serge Humpich, a 37-year-old (at the time) programmer app…
Claude Security enters public beta, giving enterprises AI driven code scanning with no API integration or custom agents required
The cybersecurity workers used their knowledge and skills to conduct ransomware attacks for notorious gang, rather than protect victims against them
A researcher from offensive security firm Theori has found a nine-year-old flaw in the Linux kernel with the help of AI
The managed security services market is projected to grow from $38.31 billion in 2025 to $69.16 billion by 2030[1], with cybersecurity being the fastest-growing sector[2]. Despite this opportunity, many MSPs leave revenue on the table because their go-to-marke…
The U.S. Department of Justice (DoJ) on Thursday announced the sentencing of two cybersecurity professionals to four years each in prison for their role in facilitating BlackCat ransomware attacks in 2023. Ryan Goldberg, 40, of Georgia, and Kevin Martin, 36, o…
A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that enabled credential theft, GitHub Actions tampering, and SSH persistence. The activity has been attributed to the GitH…
In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two…
Suspects accused of distributing malware and selling access to stolen Roblox accounts on Russian marketplaces
Deep#Door Python RAT uses tunneling and obfuscation to evade detection and steal credentials
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity h…
A new CISA‑led guide explains how zero‑trust security can be applied to operational technology, balancing cyber defence with safety and system availability
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some developers are accidentally downloading tools that peek into their private files during a simple install. It is definitely a…
The British public education sector has faced the nation’s most dramatic increase in cyber breach prevalence over the past year
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 30, 2026 – Watch the YouTube video Flock Safety, an Atlanta, Ga.-based surveillance company, is facing increasing community pushback as it secures contracts with law en…
Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts. "The intrusion…
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and securi…
European police arrested 10 suspects after dismantling Albanian scam call centers linked to a €50m ($58m) online investment fraud operation
Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 (CVSS score: 7.8) has been codenamed Copy Fa…
Marsh’s 2026 People Risks survey finds cyber‑related challenges dominate, as cyber‑threat literacy tops risks and cyber and AI skills shortages rise
Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" GitHub Actions workflow -- that could have allowed attackers to execute arbitrary commands on host system…
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and G…
Cursor flaw lets extensions steal API keys and session tokens without user interaction, according to researchers at LayerX
Cybersecurity researchers have discovered malicious code in an npm package after a malicious package as a dependency to the project by Anthropic's Claude Opus large language model (LLM). The package in question is "@validate-sdk/v2," which is listed on npm as…
Researchers uncover a malicious npm dependency linked to an AI‑assisted code commit that steals sensitive data and exposes crypto wallets
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 29, 2026 – Watch the YouTube video Executive risk management has evolved far beyond physical protection and travel security. Today, the most pressing threats to leaders…
KELA claims infostealers remained the primary access vector for attacks in 2025
In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to automate attacks directly into the kill chain. We aren't just talking about AI writing better phishing emails anymore. We’re talki…
Every security team has a version of the same story. The quarter ends with hundreds of vulnerabilities closed. The dashboards are bursting with green. Then someone in a leadership meeting asks: "So, are we actually safer now?" Crickets. The room goes quiet bec…
The Vect 2.0 ransomware wipes large files instead of merely encrypting them, making recovery impossible – even for the attackers
RunSafe report reveals most attacks on medical devices disrupt patient care
cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the control panel software. The problem affects all currently supported versions of cPanel and WebHost Mana…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The v…
In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in BerriAI's LiteLLM Python package has come under active exploitation in the wild within 36 hours of the bug becoming public knowl…
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked a…
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). "The malware disguises itself as a Minecraft hack called 'Slinky,'"…
Medtronic confirms IT breach as ShinyHunters claims millions of records accesseda
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for th…
Ransomware groups 0APT and KryBit have doxxed each other online
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 28, 2026 – Read the report Media outlets globally have been covering the 2026 CISO Report from Cybersecurity Ventures in collaboration with Sophos, and the main message…
Extradition links alleged MSS-directed hacker to Silk Typhoon and COVID-19 espionage
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New rese…
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in questio…
When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing…
The National Cyber Security Centre has warned against measuring SOCs with ticket-based metrics
Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for…
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role intr…
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulner…
US sanctions target Cambodian scam networks tied to crypto fraud and trafficking
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Ch…
Itron confirmed a cyber incident but does not believe it is likely to have a material impact on the company
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we s…
Dozens of browser extensions openly sell user data via privacy policy disclosures
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 27, 2026 – Cybercrime Magazine YouTube Shorts The award-winning Cybercrime Magazine YouTube Channel, which has more than 1.2 million subscribers and many more viewers g…
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how qu…
A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which fo…
A new report by global technology recruitment firm, Harvey Nash, found that three quarters of cybersecurity staff are pessimistic on pay and half are looking for a new job
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cl…
The “fast16” malware may have been used to target Iran’s nuclear program prior to Stuxnet
Researchers uncover a new data theft and extortion group dubbed “BlackFile”
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit…
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, th…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X series routers to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with a new malware called FIREST…
The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as…
UK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removed
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 24, 2026 – Read the full story in it-daily.net According to the 2026 CISO Report, published by Cybersecurity Ventures in collaboration with Sophos, a massive gap exists…
AI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant Consulting
The AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. I…
Cybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect user…
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for r…
Malicious npm packages spread via worm-like propagation and steal developer credentials
A high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving large language models (LLMs), has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as…
The attacker’s blind spot just disappeared –Mayuresh Ektare, Senior Vice President, Product Management San Jose, Calif. – Apr. 23, 2026 Today’s attackers largely treat software as a black box. Some study open-source software (OSS) to tailor their techniques, b…
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied…
Google Cloud’s COO advocated for combining general-purpose frontier large language models with task-specific AI agents
Bitwarden CLI, the command-line interface for the password manager Bitwarden, has reportedly been compromised as part of a newly discovered and ongoing Checkmarx supply chain campaign, according to findings from JFrog and Socket. "The affected package version…
Apple patches iOS flaw that retained deleted notifications, exposing message data
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 23, 2026 – Watch the YouTube video Keeper Security is transforming cybersecurity for people and organizations around the world. The company’s next-generation privileged…
Google Cloud will attribute a unique cryptographic ID every AI agent that will be tied to “traceable and auditable” authorization policies
Quorum Cyber report finds higher and further education institutions experienced 63% increase in attacks over a year
Forcepoint has found 10 new indirect prompt injection attacks targeting AI agents
The UK’s NCSC has fully backed passkeys as consumers’ first choice for login, citing progress with FIDO and successful use across the NHS
macOS LOTL techniques bypass detection using native tools and metadata abuse
The UK’s cybersecurity agency said the devices will be available for purchase by organizations around the world
UK unveils £90m cybersecurity funding at CYBERUK to boost SME resilience, promote Cyber Essentials and a new Cyber Resilience Pledge, sparking industry debate
Null subject phishing campaigns bypass filters and target VIPs with QR code and RMM abuse
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 22, 2026 – Read the full story in Cairo SCENE Digital transformation across the Middle East has accelerated rapidly in recent years, and cybersecurity has followed clos…
A former ransomware negotiator has pleaded guilty to abusing his position by working with noted cybercrime group BlackCat
Infrawatch says ProxySmart platform enables SIM farm activity at “industrial scale”
The convergence of global tensions and rapid technological change is driving a new era of cyber risk, the NCSC warns
NGate malware abuses HandyPay app to steal NFC card data and PINs in Brazil
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the s…
Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections
Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report
Cloud app developer Vercel appears to have suffered a security breach
North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO
ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities