Real-time Intelligence Feed for cybersecurity professionals.
Curated cybersecurity reporting and advisories. Headlines link to original sources.
Try a different keyword, or switch the source filter back to “All sources”.
France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the attack and stealing citizen data. [...]
A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. [...]
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server l…
NGate malware abuses HandyPay app to steal NFC card data and PINs in Brazil
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been c…
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the s…
Angelo Martino of Florida has pleaded guilty to collaborating with the BlackCat cybercrime group while working as a ransomware negotiator. The post Third US Security Expert Admits Helping Ransomware Gang appeared first on SecurityWeek.
A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in…
Masquerading as popular cryptocurrency wallets, the apps can hijack recovery phrases and private keys. The post Dozens of Malicious Crypto Apps Land in Apple App Store appeared first on SecurityWeek.
Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud without adding friction. [...]
Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections
Ofcom, the United Kingdom's independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it's being used to share child sexual abuse material (CSAM). [...]
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage. The root cause of slow…
Data exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance report
Cybersecurity researchers have discovered a new iteration of an Android malware family called NGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and…
Things are improving, but a researcher has still identified over 1,500 Perforce P4 instances allowing attackers to read files on the server. The post Unsecured Perforce Servers Expose Sensitive Data From Major Orgs appeared first on SecurityWeek.
CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. [...]
The security defects could be exploited for remote code execution, OS command injection, and WAF detection bypass. The post Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster appeared first on SecurityWeek.
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identi…
CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before. The post Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities appeared first on SecurityWeek.
Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. [...]
Data breaches were disclosed by Southern Illinois Dermatology, Saint Anthony Hospital, and North Texas Behavioral Health Authority. The post Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000 appeared first on SecurityWeek.
Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capa…
41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat (ALPHV) ransomware attacks in 2023. [...]
The hackers targeted LayerZero’s DVN, compromising certain RPCs and DDoSing others to trigger failover to the poisoned infrastructure. The post $290 Million Kelp DAO Crypto Heist Blamed on North Korea appeared first on SecurityWeek.
Cloud app developer Vercel appears to have suffered a security breach
A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile payments processing tool. [...]
North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitati…
State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. [...]
A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency assets. [...]
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate. [...]
The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid. [...]
A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been desc…
ZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilities
Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex products and described theoretical attack scenarios. The post Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking appeared first on SecurityWeek.
Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. [...]
Formbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncovered
Backups protect data, but don't keep your business running during downtime. Datto shows why BCDR is essential to keep operations running during ransomware and outages. [...]
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. E…
A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft. [...]
FortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devices
Tyler Buchanan admitted in court to hacking into various companies, defrauding them, and stealing cryptocurrency from multiple individuals. The post British Scattered Spider Hacker Pleads Guilty in the US appeared first on SecurityWeek.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 20, 2026 – Listen to the podcast The Cybercrime Magazine Podcast tops Million Podcast’s curated list of the best 60 cybercrime podcasts to listen to in 2026. These podc…
The machine emulator has been abused in at least two different campaigns distributing ransomware and remote access tools. The post Hackers Abuse QEMU for Defense Evasion appeared first on SecurityWeek.
The fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail…
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This f…
The National Cyber Security Centre has shared an update of its resilience-building efforts for the NHS
Russian crypto-exchange Grinex claims Western intelligence agencies were behind a $13m heist
Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set…
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool,…
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials:…
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it descri…
Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 17, 2026 – Listen to the podcast episode Kerem Albayrak from north London threatened to wipe 319 million accounts unless Apple gave him iTunes gift cards worth $100,000…
Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in compromised systems. The activity involves the exploitation of three vulnerabilities that are codenamed BlueHamme…
AI models are making rapid gains in vulnerability research and exploit development, raising new cybersecurity risks, a Forescout study finds
Coordinated action by FBI, Europol and others seizes infrastructure, makes arrests – and sends warning letters to known DDoS service users
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy upd…
The National Institute of Standards and Technology (NIST) has announced changes to the way it handles cybersecurity vulnerabilities and exposures (CVEs) listed in its National Vulnerability Database (NVD), stating it will only enrich those that fulfil certain…
An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation…
A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in the wild, per the U.S. Cybersecurity and Infrastructure Security Agency (CISA). To that end, the agency has added the vulnerability, tracked as CV…
Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a previously undocumented botnet dubbed PowMix since at least December 2025. "PowMix employs randomized command-and-control (C2) bea…
US authorities jail two Americans for aiding North Korean laptop farm scams that infiltrated over 100 firms
APK malformation tactic now appears in over 3000 Android malware samples evading static analysis
Tennessee's CRMC notifies over 337,000 patients of Rhysida ransomware breach exposing sensitive data
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow s…
NIST’s National Vulnerability Database will now prioritize enriching new and exploited flaws to address the record growth of reported CVEs
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service. The details of the vulnerabilitie…
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting indivi…
Ox Security claims as many as 200,000 servers are exposed by newly discovered MCP vulnerability
Halcyon says ransomware now accounts for more than two-fifths of cyber-attacks targeting carmakers
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive da…
New automation and AI-driven triage capabilities dramatically reduce alert noise and accelerate investigations for modern security teams San Jose, Calif. – Apr. 16, 2026 As security operations teams struggle to keep pace with escalating alert volumes and incre…
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leverag…
OpenAI’s new frontier model focused on cybersecurity comes following Anthropic’s launch of Claude Mythos Preview and Project Glasswing
The EU cybersecurity agency looks to become the third Top-Level Root CVE Numbering Authority, alongside CISA and MITRE
Huntress uncovers adware deploying AV-killing payloads via signed updates across 23,000 endpoints
Critical nginx-ui MCP authentication bypass CVE-2026-33032 actively exploited with CVSS 9.8
A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active exploitation in the wild. The vulnerability in question is CVE-2026-33032 (CVSS score: 9.8), an authentication bypass vulnera…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 15, 2026 – Read the full story from RSAC The top line on chief information security officer pay packages in 2026 is that CISOs are earning more than ever, writes Steve…
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April's Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and…
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operatio…
At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future
Barracuda says 88% of brute-force attempts in Q1 were from the region
Microsoft has patched two zero-day flaws and over 160 others
Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical…
OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accel…
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed "BlueHammer." Se…
Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injection flaws affecting th…
Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. "The new Rust-based DNS…
Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick use…
A new IANS report claims just 34% of cybersecurity professionals plan to stay put in the next 12 months
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 14, 2026 – Read the full story in Time For the past few years, it’s escaped no one that levels of Internet and telephone fraud have skyrocketed. TIME reports that one i…
Triad Nexus scales $200m scams, uses infrastructure laundering, localized fraud and US-access blocks
108 malicious Chrome extensions steal sessions, Google data, inject ads via single C2 infrastructure
A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integr…
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted developm…
The AISI has issued its judgement on Anthropic’s Mythos Preview model
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abu…
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS sc…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-2164…
Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated wit…
Attackers are abusing Microsoft 365 mailbox rules to hide activity, exfiltrate data and retain access after account compromise, researchers warn
The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims'…
Security researchers warn of Mirax, an emerging Android banking trojan using MaaS, remote access and residential proxies to target European users
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming t…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 13, 2026 – Read the full story in Barron’s Cybersecurity stocks could be set for a massive boost from risks tied to Anthropic’s latest advances in artificial intelligen…
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmore warned that similar capabilities are weeks or months from…
The W3LL phishing kit has been associated with fraud attempts totaling $20m
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the tr…
The UK Cyber Security Council has unveiled a new Associate Cyber Security Professional title aimed at supporting early‑career cybersecurity professionals
UK, US and Canadian authorities have identified over 20,000 victims of approval phishing scams that trick users into handing over full crypto wallet access
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised. "Out of an abundance of caution, we are taking steps to protec…
Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote ac…
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful explo…
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by…
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 10, 2026 – Read the full story in BusinessWorld Cybercrime operates like a legitimate, profit-driven economy, writes Subhalakshmi Ganapathy, chief IT security evangelis…
Qilin, Akira and Dragonforce were responsible for 40% of 672 ransomware incidents reported in March, says Check Point
Chrome’s Device Bound Session Credentials is designed to block infostealers from harvesting session cookie
STX RAT, a newly identified remote access trojan, attempted deployment in finance, showing advanced C2 and stealthy delivery methods
Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 9, 2026 – Read the full story in Illumio “Gartner says we are all going to spend $240 billion USD (on cybersecurity this year), but Cybersecurity Ventures says that cyb…
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead
A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group
SANS Institute reveals that AI agents are behind a 76% surge in non-human identities
Google’s threat intel team warns UNC6783, a new extortion group possibly linked to the “Raccoon” persona, is targeting BPOs and enterprises
Google API key flaw exposes mobile apps to Gemini AI access, private files and billing risks
Ninja Forms File Upload RCE via unauthenticated arbitrary file upload; update to 3.3.27 immediately
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 8, 2026 – Watch the YouTube video Why did Cybercrime Magazine meet up with Charlie Thomas, CEO at Mitiga, at RSAC Conference 2026? Because attackers will get in. Cloud,…
Anthropic launches Project Glasswing, using its Claude Mythos Preview AI to autonomously identify and fix undiscovered vulnerabilities in critical software
The FBI deployed a method to unplug US-based routers compromised by APT28 from the threat actor’s malicious network
Anthropic’s Claude AI has helped researchers find a vulnerability in Apache ActiveMQ Classic
CISA has revealed Iranian attacks causing disruption and financial loss at US critical infrastructure firms