272
Ravie LakshmananApr 09, 2026Vulnerability / Mobile Security Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions…
Ravie LakshmananApr 09, 2026Malware / Windows Security A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a…
adminAn apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA),…
Ravie LakshmananApr 09, 2026Hacking News / Cybersecurity News Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting…
Ravie LakshmananApr 09, 2026Vulnerability / Threat Intelligence Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The…
adminAs AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows,…
Ravie LakshmananApr 08, 2026Cryptomining / Network Security Cybersecurity researchers have flagged a new variant ofmalware called Chaosthat’scapable of hitting misconfigured cloud deployments, marking an expansion of the botnet’s targeting infrastructure. «Chaos malware is…
adminRavie LakshmananApr 08, 2026IoT Security / Network Security Cybersecurity researchers have lifted the curtain on a stealthy botnet that’s designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been…
Ravie LakshmananApr 08, 2026Vulnerability / Cloud Security The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and…
The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity becomes increasingly fragmented across thousands of applications, decentralized teams, machine identities, and autonomous systems. The…
adminRavie LakshmananApr 08, 2026Artificial Intelligence / Secure Coding Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to…
The North Korea-linked persistent campaign known as Contagious Interview has spread its tentacles by publishing malicious packages targeting the Go, Rust, and PHP ecosystems. «The threat actor’s packages were designed to impersonate…
Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U.S., including programmable logic controllers (PLCs), cybersecurity and intelligence agencies warned Tuesday. «These attacks have led to…
The Russia-linked threat actor known as APT28 (aka Forest Blizzard) has been linked to a new campaign that has compromised insecure MikroTik and TP-Link routers and modified their settings to turn…
Ravie LakshmananApr 07, 2026Vulnerability / DevSecOps A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The vulnerability,…
adminWhen talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost of a breach at $4.4 million.…
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. «A purpose-built Python scanner continuously…
![[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk](https://thedigitalfortress.us/wp-content/uploads/2026/04/webinar-cerby.jpg)
adminThe Hacker NewsApr 07, 2026SaaS Security / Enterprise Security In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are maturing, yet…
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of…
adminRavie LakshmananApr 07, 2026Vulnerability / Threat Intelligence A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to…
Ravie LakshmananApr 07, 2026Artificial Intelligence / Vulnerability Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The…
adminAn Iran-nexus threat actor is suspected to be behind a password-spraying campaign targeting Microsoft 365 environments in Israel and the U.A.E. amid ongoing conflict in the Middle East. The activity, assessed to be ongoing,…
adminRavie LakshmananApr 06, 2026Malware / Threat Intelligence Threat actors likely associated with the Democratic People’s Republic of Korea (DPRK) have been observed using GitHub as command-and-control (C2) infrastructure in multi-stage attacks…
Ravie LakshmananApr 06, 2026Cybersecurity / Hacking This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much…
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linux infrastructure, and mobile devices, taking…
adminThe most active piece of enterprise infrastructure in the company is the developer workstation. That laptop is where credentials are created, tested, cached, copied, and reused across services, bots, build tools, and…
Ravie LakshmananApr 06, 2026Ransomware / Endpoint Security Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BYOVD) technique to silence security tools running on compromised…
Ravie LakshmananApr 06, 2026Cybercrime / Financial Crime Germany’s Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the…
Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the…
adminRavie LakshmananApr 05, 2026Vulnerability / API Security Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as…
Ravie LakshmananApr 05, 2026Malware / DevSecOps Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to…
adminA China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. The campaign has been attributed to TA416, a…
adminRavie LakshmananApr 03, 2026Linux / Server Hardening Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution,…
The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor…
Ravie LakshmananApr 03, 2026Threat Intelligence / Malware The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated…
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that took place on April 1, 2026. «Earlier today, a malicious actor…
Ravie LakshmananApr 03, 2026Mobile Security / Threat Intelligence Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year…
adminRavie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web…
Ravie LakshmananApr 02, 2026Network Security / Vulnerability Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC) that, if successfully exploited, could allow an unauthenticated,…
Ravie LakshmananApr 02, 2026Cybersecurity / Hacking News The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures here, just…
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container…
Ravie LakshmananApr 02, 2026Cryptomining / Malware A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs) and cryptocurrency miners since November 2023. «Beyond cryptomining, the threat actor…
Ravie LakshmananApr 02, 2026Surveillance / Mobile Security Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that…
Ravie LakshmananApr 02, 2026Mobile Security / Vulnerability Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a…
Ravie LakshmananApr 01, 2026Email Security / Artificial Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself…
Ravie LakshmananApr 01, 2026Vulnerability / Browser Security Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has…
adminRavie LakshmananApr 01, 2026Malware / Windows Security A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America and Europe to deliver Windows banking trojans like Casbaneiro (aka…
Ravie LakshmananApr 01, 2026Social Engineering / Malware Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. The activity,…
There is a character that keeps appearing in enterprise security departments, and most CISOs know exactly who that is. It doesn’t build. It doesn’t enable. Its entire function is to…
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s next. Threat actors now use malware less frequently in favor…
adminRavie LakshmananApr 01, 2026Threat Intelligence / Software Security Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean threat activity…
Ravie LakshmananApr 01, 2026Data Breach / Artificial Intelligence Anthropic on Tuesday confirmed that internal code for its popular artificial intelligence (AI) coding assistant, Claude Code, had been inadvertently released due…
Ravie LakshmananMar 31, 2026Mobile Security / Compliance Google on Monday said it’s officially rolling out Android developer verification to all developers to combat the problem of bad actors distributing harmful…
Ravie LakshmananMar 31, 2026Zero-Day / Vulnerability A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a…
The cybersecurity landscape is accelerating at an unprecedented rate. What is emerging is not simply a rise in the number of vulnerabilities or tools, but a dramatic increase in speed.…
Ravie LakshmananMar 31, 2026Cloud Security / AI Security Cybersecurity researchers have disclosed a security «blind spot» in Google Cloud’s Vertex AI platform that could allow artificial intelligence (AI) agents to…
adminChinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT. «The operation…
The popular HTTP client known as Axios has suffered a supply chain attack after two newly published versions of the npm package introduced a malicious dependency. Versions 1.14.1 and 0.30.4…
A previously unknown vulnerability in OpenAI ChatGPT allowed sensitive conversation data to be exfiltrated without user knowledge or consent, according to new findings from Check Point. «A single malicious prompt…
Ravie LakshmananMar 30, 2026Threat Intelligence / Browser Security A new campaign has leveraged the ClickFix social engineering tactic as a way to distribute a previously undocumented malware loader referred to…
What is really slowing Tier 1 down: the threat itself or the process around it? In many SOCs, the biggest delays do not come from the threat alone. They come…
Ravie LakshmananMar 30, 2026Cybersecurity / Hacking Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are…
Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and…
Ravie LakshmananMar 30, 2026Malware / Network Security Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that’s distributed via malicious Windows shortcut (LNK) files that are disguised as private…
Ravie LakshmananMar 30, 2026Threat Intelligence / Network Intrusion Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described…
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache…
Ravie LakshmananMar 28, 2026Vulnerability / Network Security A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and…
Ravie LakshmananMar 28, 2026Mobile Security / Email Security Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed…
Ravie LakshmananMar 28, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to…
Ravie LakshmananMar 27, 2026Spyware / Mobile Security Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based…
TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data.…
Ravie LakshmananMar 27, 2026Software Security / DevSecOps Cybersecurity researchers have disclosed details of a now-patched bug impacting Open VSX’s pre-publish scanning pipeline to cause the tool to allow a malicious…
Ravie LakshmananMar 27, 2026Ransomware / Malware Threat actors are using adversary-in-the-middle (AitM) phishing pages to seize control of TikTok for Business accounts in a new campaign, according to a report…
Rising geopolitical tensions are reflected (or in some cases preceded) by cyber operations, while technology itself has become politicized. Let’s admit it: we are in the middle of it. Introduction:…
Ravie LakshmananMar 27, 2026Threat Intelligence / Vulnerability A pro-Ukrainian group called Bearlyfy has been attributed to more than 70 cyber attacks targeting Russian companies since it first surfaced in the…
Ravie LakshmananMar 27, 2026Vulnerability / Artificial Intelligence Cybersecurity researchers have disclosed three security vulnerabilities impacting LangChain and LangGraph that, if successfully exploited, could expose filesystem data, environment secrets, and conversation…
adminA long-term and ongoing campaign attributed to a China-nexus threat actor has embedded itself in telecom networks to conduct espionage against government networks. The strategic positioning activity, which involves implanting…
Ravie LakshmananMar 26, 2026Cybersecurity / Hacking News Some weeks in security feel loud. This one feels sneaky. Less big dramatic fireworks, more of that slow creeping sense that too many…
Unmasking impostors is something the art world has faced for decades, and there are valuable lessons from the works of Elmyr de Hory that can apply to the world of…
Ravie LakshmananMar 26, 2026Browser Security / Vulnerability Cybersecurity researchers have disclosed a vulnerability in Anthropic’s Claude Google Chrome Extension that could have been exploited to trigger malicious prompts simply by…
![[Webinar] Stop Guessing. Learn to Validate Your Defenses Against Real Attacks](https://thedigitalfortress.us/wp-content/uploads/2026/03/validate.jpg)
The Hacker NewsMar 26, 2026Security Testing / Security Automation Most teams have security tools in place. Alerts are firing, dashboards look clean, threat intel is flowing in. On the surface,…
Ravie LakshmananMar 26, 2026Malware / Mobile Security The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version…
Ravie LakshmananMar 26, 2026Malware / Web Security Cybersecurity researchers have discovered a new payment skimmer that uses WebRTC data channels as a means to receive payloads and exfiltrate data, effectively…
Ravie LakshmananMar 25, 2026Cybercrime / Dark Web The alleged administrator of the LeakBase cybercrime forum has been arrested by Russian law enforcement authorities, state media reported Thursday. According to TASS…
Cybersecurity researchers are calling attention to an active device code phishing campaign that’s targeting Microsoft 365 identities across more than 340 organizations in the U.S., Canada, Australia, New Zealand, and…
Ravie LakshmananMar 25, 2026Browser Security / Threat Intelligence Cybersecurity researchers have flagged a new evolution of the GlassWorm campaign that delivers a multi-stage framework capable of comprehensive data theft and…
adminThe Hacker NewsMar 25, 2026Cybercrime / Ransomware The U.S. Department of Justice (DoJ) said a Russian national has been sentenced to two years in prison for managing a botnet that…
In September 2025, Anthropic disclosed that a state-sponsored threat actor used an AI coding agent to execute an autonomous cyber espionage campaign against 30 global targets. The AI handled 80-90%…
Ravie LakshmananMar 25, 2026Network Security / Data Protection The U.S. Federal Communications Commission (FCC) said on Monday that it was banning the import of new, foreign-made consumer routers, citing «unacceptable»…
adminTeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, a…
Ravie LakshmananMar 24, 2026Endpoint Security / Social Engineering A large-scale malvertising campaign active since January 2026 has been observed targeting U.S.-based individuals searching for tax-related documents to serve rogue installers…
adminRavie LakshmananMar 24, 2026Malware / Endpoint Security An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers.…
Two more GitHub Actions workflows have become the latest to be compromised by credential-stealing malware by a threat actor known as TeamPCP, the cloud-native cybercriminal operation also behind the Trivy…
On February 25, 2026, Gartner published its inaugural Market Guide for Guardian Agents, marking an important milestone for this emerging category. For those unfamiliar with the various Gartner report types,…
adminCybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the…
adminThe Hacker NewsMar 24, 2026Security Operations / Network Security Cybersecurity has changed fast. Roles are more specialized, and tooling is more advanced. On paper, this should make organizations more secure. But…
Ravie LakshmananMar 24, 2026Vulnerability / Enterprise Security Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited…
Ravie LakshmananMar 24, 2026Cybercrime / Network Security A 26-year-old Russian citizen has been sentenced in the U.S. to 6.75 years (81 months) in prison for his role in assisting major…
The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum, have been attributed to a malware family tracked as StoatWaffle that’s distributed via malicious Microsoft Visual…
Ravie LakshmananMar 23, 2026Cybersecurity / Hacking Another week, another reminder that the internet is still a mess. Systems people thought were secure are being broken in simple ways, showing many…