SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malw…
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that…
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
A cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players…
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw…
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a…
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform…
After Mythos: New Playbooks For a Zero-Window Era
When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know…
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy. Xu Zewei, 34,…
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity…
FIRESTARTER: Cisco ASA Backdoor
The Advisory That Changes EverythingOn April 23, 2026, CISA and the United Kingdom National Cyber Security Centre jointly assessed that…
Unfiltered: The 9.8 CVSS Deserialization Loophole Hijacking Apache MINA
Apache MINA is widely recognized as a foundational network application framework, designed to help users easily develop high-performance and…
Robinhood account creation flaw abused to send phishing emails
Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate…
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update. Six…
Canada arrests three for operating “SMS blaster” device in Toronto
Canadian authorities have arrested three men for operating an "SMS blaster" device that pretends to be a cellular tower to send phishing texts…
82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected
Most people install browser extensions without giving them much thought. Recent incidents, along with a new investigation by LayerX Security…
Alleged Silk Typhoon hacker extradited to US for cyberespionage
A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to…
ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach
A series of new data leak listings posted on a dark web site linked to the ShinyHunters hacker group has put three well-known companies in the…
FTC: Americans lost over $2.1 billion to social media scams in 2025
The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, exceeding $2.1 billion in…
Notepad++ Vulnerability Allows Attackers to Crash Application, Leak Memory Data
A security vulnerability has been identified in Notepad++, one of the most widely used open-source text editors among developers and IT…
PyPI package with 1.1M monthly downloads hacked to push infostealer
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data…
US Sanctions Target Cambodian Scam Network Leaders
A Cambodian network accused of orchestrating large-scale cryptocurrency fraud has been hit with US sanctions targeting senior figures and…
The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit
Conceptual flow of the original CVE-2026-21510 exploitation | Image: Akamai Researchers at Akamai have discovered that a previous fix for a…
Home security giant ADT data breach affects 5.5 million people
The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant…
The CVE Watchtower: Weekly Threat Intelligence Briefing (April 20 – April 26, 2026)
Welcome to your Monday morning digest. As we close out the final full week of April, the global threat landscape is painting a complex…
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group…
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
Itron, a global technology provider for the utilities industry, has disclosed it suffered a cybersecurity breach. In an 8-K form filed to the…
Medtronic confirms breach after hackers claim 9 million records theft
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in “certain corporate IT…
Widely Used Browser Extensions Selling User Data
Dozens of widely used browser extensions have been collecting and selling user data with explicit disclosure in their privacy…
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains…
Money launderer linked to $230M crypto heist gets 70 months in prison
22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive…
UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware
A data theft campaign by a relatively new hacking group, UNC6692, has been discovered, in which hackers use social engineering and a custom…
Microsoft says Outlook.com outage is causing sign‑in failures
Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent signing issues and preventing customers from accessing…
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a…
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video…
Most Cybersecurity Professionals Feel Undervalued and Underpaid
Over three quarters of cybersecurity professionals were not granted a pay rise last year, contributing to feelings of being undervalued among…
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked…
Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files
New research from the Lat61 Threat Intelligence Team at Point Wild reveals that hackers are now hiding malicious code inside everyday files…
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
Security researchers have identified malware dating back to 2005 that appears to have been designed to disrupt Iran’s nuclear program…
Attackers Can Backdoor CODESYS Applications by Chaining Vulnerabilities
Multiple vulnerabilities in the CODESYS Control runtime, one of the world’s most widely adopted software-based programmable logic…
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
Security researchers have revealed details of a new extortion group that has been actively targeting retail and hospitality businesses since…
Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents
A critical has been disclosed in Pipecat, the popular open-source Python framework used to build voice and conversational agents. The flaw,…
Carlson VASCO-B GNSS Receivers Left Open to Remote Hijack
In an era where precision timing and positioning are the invisible pillars of our global infrastructure, a critical has emerged that could…
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe…