Real-time Intelligence Feed for cybersecurity professionals.
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Try a different keyword, or switch the source filter back to “All sources”.
Bitcoin Depot, which operates one of the largest Bitcoin ATM networks, says attackers stole $3.665 million worth of Bitcoin from its crypto wallets after breaching its systems last month. [...]
Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects without proper notification and no way to quickly reinstate them, effectively blocking them from publishing new software builds and security patches for Wind…
A hacker transferred more than 50 bitcoin from the Bitcoin ATM operator’s wallets after stealing credentials. The post $3.6 Million Stolen in Bitcoin Depot Hack appeared first on SecurityWeek.
Hackers vowed to revive its efforts against America when the time was right — demonstrating how digital warfare has become ingrained in military conflict. The post Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long appeared first o…
A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. [...]
A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. [...]
A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. [...]
CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. [...]
Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat'scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet's targeting infrastructure. "Chaos malware is increasingly targeting misconfigured cloud dep…
Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. [...]
Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It'…
Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks
A total of seven vulnerabilities, most of which can be exploited for DoS attacks, have been patched in OpenSSL. The post Data Leakage Vulnerability Patched in OpenSSL appeared first on SecurityWeek.
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately
The vulnerability requires authentication for successful exploitation, but another flaw exposes the Jolokia API without authentication. The post RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years appeared first on SecurityWeek.
A $30,000 AI GPU doesn't outperform consumer GPUs at password cracking. Specops explains why attackers don't need exotic hardware to break weak passwords. [...]
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced ste…
The FBI received over 1 million complaints of malicious activity in 2025, with investment, BEC, and tech support scams causing the highest losses. The post FBI: Cybercrime Losses Neared $21 Billion in 2025 appeared first on SecurityWeek.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 8, 2026 – Watch the YouTube video Why did Cybercrime Magazine meet up with Charlie Thomas, CEO at Mitiga, at RSAC Conference 2026? Because attackers will get in. Cloud,…
Signature Healthcare was forced to cancel some services, and pharmacies are unable to fill prescriptions due to the hacker attack. The post Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption appeared first on SecurityWeek.
Focused on persistence, the botnet does not engage in widespread infection and avoids blacklisted IPs and critical infrastructure entities. The post Evasive Masjesu DDoS Botnet Targets IoT Devices appeared first on SecurityWeek.
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous system…
Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software
The vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution. The post Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover appeared first on SecurityWeek.
The APT28 threat group exploited vulnerable TP-Link and MikroTik routers to conduct adversary-in-the-middle (AitM) attacks. The post US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking appeared first on SecurityWeek.
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities. The model will be used by a…
Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. "The threat actor's packages were designed to impersonate legitimate developer toolin…
Microsoft has pushed a server-side fix for a known issue that broke the Windows Start Menu search feature on some Windows 11 23H2 devices. [...]
Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. "These attacks…
Federal agencies warn attackers are manipulating PLC and SCADA systems across multiple sectors, triggering operational disruptions and raising concerns over broader OT targeting. The post Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks a…
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. [...]
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. [...]
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. [...]
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to…
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn them into malicious infrastructure under their control as part…
In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet the risk is actually increasing. According to new research from the Ponemon Institute, hundreds of applic…
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. [...]
Newly identified malicious campaigns are linked to virtual private servers modified by APT28 to operate as malicious DNS servers
A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability, tracked as CVE-2026-34040 (CVSS score: 8.8), stems from an incompl…
GPUBreach uses GPU Rowhammer on GDDR6 to flip bits, corrupt page tables and escalate to system root
GrafanaGhost chains AI prompt injection and URL flaws to exfiltrate sensitive Grafana data
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 7, 2026 – Listen to the podcast SoundCloud knows music… and cybersecurity. Late last year, the giant music streaming and sharing platform suffered a data breach that re…
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpose-built Python scanner continuously sweeps major cloud IP ran…
Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million. Avoiding even one major incident is enough to justify most se…
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware
Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBr…
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and break into susceptible internet-facing systems. "The threat…
Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulne…
An Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing, was carried out in three distinct at…
Threat actors likely associated with the Democratic People's Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet Forti…
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking advantage of the f…
This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What starts small c…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 6, 2026 – Watch the YouTube video In 2021, Nicole Perlroth wrote “This Is How They Tell Me the World Ends: The Cyberweapons Arms Race“, a New York Times Bestseller. The…
The most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and now local AI agents. In March 2026, the Tea…
Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro…
Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identities of two of the key figures associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. One of the threat actors, wh…
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry o…
Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that bega…
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop…
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access…
A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a cluster of activity that overlaps w…
Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execut…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 3, 2026 – Listen to the podcast Daniel Bernard, aka “DB”, Chief Business Officer at CrowdStrike, told Cybercrime Magazine that cybersecurity is a team sport, and that a…
The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers ta…
The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most o…
Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal it…
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. "Earlier today, a malicious actor gained unauthorized access to Drift Protocol thro…
A large-scale credential theft campaign targeting senior executives has been linked to a previously unknown automated phishing platform called Venom
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys,…
Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated, remote attacker to bypass authentication and gain access to the system with elevated p…
This modern infostealer adopted server-side decryption of stolen credentials to bypass security controls
The UK’s cybersecurity agency offered advice to “high-risk’ individuals” on how to protect against social engineering and cyber-attacks
iOS/iPadOS 18.7.7 updates expanded to protect older devices from DarkSword web exploit kit
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 2, 2026 – Read the full report The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos is out, with the latest chief information security officer co…
Halcyon says Akira is now capable of carrying out an entire ransomware attack in less than an hour
LNK files use GitHub C2, embedded decoders and PowerShell for persistence and data exfiltration
The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just a quick and honest look at the messy reality of keeping systems safe this week. Things are moving fast…
A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. "Beyond cryptomining, the threat actor monetizes infections through CPA (Cost…
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and…
Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA, the vast majo…
E2e-assure says 80% of critical infrastructure providers could face millions in downtime from cyber-attacks
Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword. "We enabled the availability of iOS 18.7.7 for more devices…
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE. As part of the attacks, the thre…
Android requires dev identity verification for sideloaded apps; phased global rollout from September
Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity, beginning in late February 2026, leverages these scripts to initiate a multi-stage infection chain for…
Venom Stealer malware-as-a-service automates ClickFix social engineering, credential and crypto exfiltration
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to say "No." No to ChatGPT. No to DeepSeek. No to the file-sharing tool the produ…
A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka Metamorfo) via another malware called Horabot. The activity has been attributed to a…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 1, 2026 – Read the full story in Forbes In 2025, the global damage cost resulting from cybercrime was an estimated $10.5 trillion USD, up from just $3 trillion annually…
Chinese state-backed group TA416 had suspended its cyber espionage operations in Europe since 2023, noted Proofpoint
Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild. The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after…
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor of what’s already inside your environment, including abusing trusted too…
Most UK manufacturers compromised last year suffered financial loss, says ESET
Threat actors hijacked the popular npm package axios to spread RAT malware after compromising an open‑source maintainer’s account, researchers warn
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity cluster tracked as UNC1069. "We have attributed the attack to a suspected North Korean threat actor we track as…
Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due to a human error. "No sensitive customer data or credentials were involved or exposed," an Anthrop…
Google on Monday said it's officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful apps while "hiding behind anonymity." The development comes ahead of a planned verification mandate that…
A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. The vulnerability in question is CVE-2026-3502…
Maryland man accused of $53m Uranium Finance hack, exploited smart contract flaws, laundered funds
Phantom Stealer .NET harvests browser credentials, cookies, cards, sessions, as stealer-as-a-service
Cybersecurity researchers have disclosed a security "blind spot" in Google Cloud's Vertex AI platform that could allow artificial intelligence (AI) agents to be weaponized by an attacker to gain unauthorized access to sensitive data and compromise an organizat…
OpenAI has patched vulnerability, which Check Point said was because of a DNS loophole
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 31, 2026 – Read the full story in Forbes One message has persisted over the past few years: cybersecurity is no longer an IT concern; it has become a fundamental busine…
TeamPCP is exploring ways to monetize the secrets harvested during supply chain attacks, with identified ties to the Lapsus$ and Vect ransomware gangs
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed. Speed of attack, speed of exploitation, and speed of change across modern e…
Analysis from law firm Nockolds suggests non-cyber incidents are driving up employee data breaches
The National Cyber Security Centre wants UK firms to patch CVE-2025-53521
AI-Driven Security and SOC – Christophe Briguet, Senior Director of Product Management – AI & Security Analytics, Stellar Cyber San Jose, Calif. – Mar. 30, 2026 Mid-market organizations face sophisticated cyber threats with constrained security budgets and lea…
Tax-season phishing floods deliver RMM malware, credential theft, BEC and tax-form scams
Lloyds app glitch exposed up to 447,936 customers’ transactions and personal data during update
Researchers at ReliaQuest warn of persistent malware campaign targeting enterprise credentials
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability
The UK Information Commissioner’s Office has handed a £100,000 fine to Birmingham-based TMAC
The European Commission has revealed details of a data breach impacting its AWS infrastructure
Resource guide for CISOs and MSSPs – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Mar. 27, 2026 Domain security unexpectedly and repeatedly came up in Cybercrime Magazine’s discussions with chief information security officers (CISOs) and managed security…
Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages
Socket and Endor Labs discovered a new TeamPCP campaign leading to the delivery of credential-stealing malware
‘Q-Day’ and the cybersecurity problems it brings could come as early as 2029 as Google accelerates its post-quantum cryptography migration
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 27, 2026 –Read the full story from CANOPY Cybercrime damage was on pace to hit $10.5 trillion in 2025, according to Cybersecurity Ventures. A single U.S. data breach av…
The UK government has sanctioned Xinbi, described as “the second-largest illicit online marketplace ever”
Security researchers from Georgia Tech have observed a surge in reported CVEs for which the flaw was introduced by AI-generated code
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study
EtherRAT hides C2 in Ethereum smart contracts via EtherHiding, steals wallets and credentials
PwC Annual Threat Dynamics report says AI-threats are the biggest concern of clients
OpenAI’s Safety Bug Bounty program seeks to address AI safety vulnerabilities beyond traditional security flaws
Halcyon and Beazley Security track the return of Iranian ransomware group Pay2Key
The National Crime Agency has warned construction firms about surging invoice fraud