FIRESTARTER: Cisco ASA Backdoor
The Advisory That Changes EverythingOn April 23, 2026, CISA and the United Kingdom National Cyber Security Centre jointly assessed that FIRESTARTER &mdash…
Canada arrests three for operating “SMS blaster” device in Toronto
Canadian authorities have arrested three men for operating an "SMS blaster" device that pretends to be a cellular tower to send phishing texts…
82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected
Most people install browser extensions without giving them much thought. Recent incidents, along with a new investigation by LayerX Security…
Alleged Silk Typhoon hacker extradited to US for cyberespionage
A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to…
ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach
A series of new data leak listings posted on a dark web site linked to the ShinyHunters hacker group has put three well-known companies in the…
FTC: Americans lost over $2.1 billion to social media scams in 2025
The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, exceeding $2.1 billion in…
Notepad++ Vulnerability Allows Attackers to Crash Application, Leak Memory Data
A security vulnerability has been identified in Notepad++, one of the most widely used open-source text editors among developers and IT…
PyPI package with 1.1M monthly downloads hacked to push infostealer
An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data…
US Sanctions Target Cambodian Scam Network Leaders
A Cambodian network accused of orchestrating large-scale cryptocurrency fraud has been hit with US sanctions targeting senior figures and…
The Zero-Click Vulnerability: Akamai Uncovers Incomplete Patch for APT28 Exploit
Conceptual flow of the original CVE-2026-21510 exploitation | Image: Akamai Researchers at Akamai have discovered that a previous fix for a…
Home security giant ADT data breach affects 5.5 million people
The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant…
The CVE Watchtower: Weekly Threat Intelligence Briefing (April 20 – April 26, 2026)
Welcome to your Monday morning digest. As we close out the final full week of April, the global threat landscape is painting a complex…
Webinar: Spotting cyberattacks before they begin
Many cyberattacks don’t start with exploitation, they start with signals that are commonly overlooked. On Thursday, April 30 at 2:00 PM…
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group…
Utilities Tech Supplier Itron Discloses Cyber-Attack, Operations Unaffected
Itron, a global technology provider for the utilities industry, has disclosed it suffered a cybersecurity breach. In an 8-K form filed to the…
Medtronic confirms breach after hackers claim 9 million records theft
Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in “certain corporate IT…
Widely Used Browser Extensions Selling User Data
Dozens of widely used browser extensions have been collecting and selling user data with explicit disclosure in their privacy…
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains…
Money launderer linked to $230M crypto heist gets 70 months in prison
22-year-old Evan Tangeman of Newport Beach, California, was sentenced to 70 months in prison for laundering funds stolen in a massive…
UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware
A data theft campaign by a relatively new hacking group, UNC6692, has been discovered, in which hackers use social engineering and a custom…
Microsoft says Outlook.com outage is causing sign‑in failures
Microsoft is investigating an ongoing Outlook.com outage that is causing intermittent signing issues and preventing customers from accessing…
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a…
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video…
Most Cybersecurity Professionals Feel Undervalued and Underpaid
Over three quarters of cybersecurity professionals were not granted a pay rise last year, contributing to feelings of being undervalued among…
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Cybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked…
Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files
New research from the Lat61 Threat Intelligence Team at Point Wild reveals that hackers are now hiding malicious code inside everyday files…
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
Security researchers have identified malware dating back to 2005 that appears to have been designed to disrupt Iran’s nuclear program…
Attackers Can Backdoor CODESYS Applications by Chaining Vulnerabilities
Multiple vulnerabilities in the CODESYS Control runtime, one of the world’s most widely adopted software-based programmable logic…
BlackFile Group Targets Retail and Hospitality with Vishing Attacks
Security researchers have revealed details of a new extortion group that has been actively targeting retail and hospitality businesses since…
Critical 9.8 CVSS RCE Hijacks Pipecat Voice Agents
A critical has been disclosed in Pipecat, the popular open-source Python framework used to build voice and conversational agents. The flaw,…
Carlson VASCO-B GNSS Receivers Left Open to Remote Hijack
In an era where precision timing and positioning are the invisible pillars of our global infrastructure, a critical has emerged that could…
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe…
Critical 9.8 CVSS Flaw Exposes Intrado 911 Emergency Gateways
A critical security has been discovered in the Intrado 911 Emergency Gateway (EGW). The vulnerability, designated as CVE-2026-6074, carries a…
Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation
Cybersecurity researchers at the identity protection firm Silverfort found a vulnerability in a Microsoft platform built to manage AI. The…
American utility firm Itron discloses breach of internal IT network
Utility technology company Itron, Inc. has disclosed that an unauthorized third party accessed some of its internal systems during a…
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog with four new…
CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding two actively exploited vulnerabilities in…
Microsoft rolls out revamped Windows Insider Program
Microsoft says it's rolling out a revamped Windows Insider Program experience as part of the broader plans to address reliability concerns in…
Threat actor uses Microsoft Teams to deploy new “Snow” malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named “Snow,” which includes a…
Fake CAPTCHA Scam Abuses Verification Clicks to Send Costly International Texts
Network security firm Infoblox has disclosed details on a long-running fraud operation that has been quietly draining bank accounts since at…
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage…
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO…
Hackers Exploiting Cisco Firepower Devices’ Using n-day Vulnerabilities to Gain Unauthorized Access
State-sponsored threat actors are actively targeting Cisco Firepower devices by chaining known vulnerabilities to deploy a highly customized…