Mié. Abr 22nd, 2026
Trending News: Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply ChainSelf-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer TokensHarvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph APIWhen Cross-App Permissions Stack into RiskLotus Wiper Malware Targets Venezuelan Energy Systems in Destructive AttackMicrosoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation BugCohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container EscapeMustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy CirclesSystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware OperationGoogle Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP ConvertersRansomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 20235 Places where Mature SOCs Keep MTTR Fast and Others Waste TimeNGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINsHow Attackers Walk Through the Front Door via Identity-Based AttacksCISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal DeadlinesSGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model FilesVercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & MoreWhy Most AI Deployments Stall After the DemoAnthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply ChainResearchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT SystemsVercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence ClaimsMirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS BotnetThree Microsoft Defender Zero-Days Actively Exploited; Two Still UnpatchedGoogle Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy OverhaulNIST Limits CVE Enrichment After 263% Surge in Vulnerability SubmissionsOperation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal AccountsApache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active ExploitationNewly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 TrafficObsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto AttacksHidden Passenger? How Taboola Routes Logged-In Banking Sessions to TemuDefender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your EnvironmentCisco Patches Four Critical Identity Services, Webex Flaws Enabling Code ExecutionUAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaignn8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing EmailsApril Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and MoreActively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server TakeoverThe Architecture Exposure Validation RequiresMicrosoft Issues Patches for SharePoint Zero-Day and 168 Other New VulnerabilitiesOpenAI Launches GPT-5.4-Cyber with Expanded Access for Security TeamsNew PHP Composer Flaws Enable Arbitrary Command Execution — Patches ReleasedAI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad FraudGoogle Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance SecurityMirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta AdsAnalysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 UsersCISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe SoftwareShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched ServersJanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud AttemptsFiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and MoreYour MTTD Looks Great. Your Post-Alert Gap Doesn’tNorth Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT MalwareOpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain IncidentAdobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor DownloadsLaw Enforcement Used Webloc to Track 500 Million Devices via Ad DataGlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEsMarimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of DisclosureBrowser Extensions Are the New AI Consumption Channel That No One Is Talking AboutGoogle Rolls Out DBSC in Chrome 146 to Block Session Theft on WindowsBackdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend ServersEngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto WalletsUAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing CampaignsBitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA RegionHybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More StoriesAdobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025The Hidden Security Risks of Shadow AI in EnterprisesNew Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS ProxyMasjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT DevicesAPT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO AlliesShrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major SystemsN. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, RustIran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCsRussian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking CampaignDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host AccessThe Hidden Cost of Recurring Credential IncidentsOver 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise RiskNew GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-FlipsChina-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa RansomwareFlowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances ExposedIran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 OrganizationsDPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South KoreaAxios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and MoreHow SOCs Close a Critical Risk in 3 StepsHow LiteLLM Turned Developer Machines Into Credential Vaults for AttackersQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR ToolsBKA Identifies REvil Leaders Behind 130 German Ransomware Attacks$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering OperationFortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent ImplantsChina-Linked TA416 Targets European Governments with PlugX and OAuth-Based PhishingMicrosoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux ServersWhy Third-Party Risk Is the Biggest Gap in Your Clients’ Security PostureUNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain AttackDrift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Chicago 12, Melborne City, USA
Mié. Abr 22nd, 2026
Trending News: Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply ChainSelf-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer TokensHarvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph APIWhen Cross-App Permissions Stack into RiskLotus Wiper Malware Targets Venezuelan Energy Systems in Destructive AttackMicrosoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation BugCohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container EscapeMustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy CirclesSystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware OperationGoogle Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP ConvertersRansomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 20235 Places where Mature SOCs Keep MTTR Fast and Others Waste TimeNGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINsHow Attackers Walk Through the Front Door via Identity-Based AttacksCISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal DeadlinesSGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model FilesVercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & MoreWhy Most AI Deployments Stall After the DemoAnthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply ChainResearchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT SystemsVercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence ClaimsMirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS BotnetThree Microsoft Defender Zero-Days Actively Exploited; Two Still UnpatchedGoogle Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy OverhaulNIST Limits CVE Enrichment After 263% Surge in Vulnerability SubmissionsOperation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal AccountsApache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active ExploitationNewly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 TrafficObsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto AttacksHidden Passenger? How Taboola Routes Logged-In Banking Sessions to TemuDefender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your EnvironmentCisco Patches Four Critical Identity Services, Webex Flaws Enabling Code ExecutionUAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaignn8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing EmailsApril Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and MoreActively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server TakeoverThe Architecture Exposure Validation RequiresMicrosoft Issues Patches for SharePoint Zero-Day and 168 Other New VulnerabilitiesOpenAI Launches GPT-5.4-Cyber with Expanded Access for Security TeamsNew PHP Composer Flaws Enable Arbitrary Command Execution — Patches ReleasedAI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad FraudGoogle Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance SecurityMirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta AdsAnalysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 UsersCISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe SoftwareShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched ServersJanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud AttemptsFiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and MoreYour MTTD Looks Great. Your Post-Alert Gap Doesn’tNorth Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT MalwareOpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain IncidentAdobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor DownloadsLaw Enforcement Used Webloc to Track 500 Million Devices via Ad DataGlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEsMarimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of DisclosureBrowser Extensions Are the New AI Consumption Channel That No One Is Talking AboutGoogle Rolls Out DBSC in Chrome 146 to Block Session Theft on WindowsBackdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend ServersEngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto WalletsUAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing CampaignsBitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA RegionHybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More StoriesAdobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025The Hidden Security Risks of Shadow AI in EnterprisesNew Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS ProxyMasjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT DevicesAPT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO AlliesShrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major SystemsN. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, RustIran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCsRussian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking CampaignDocker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host AccessThe Hidden Cost of Recurring Credential IncidentsOver 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise RiskNew GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-FlipsChina-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa RansomwareFlowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances ExposedIran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 OrganizationsDPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South KoreaAxios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and MoreHow SOCs Close a Critical Risk in 3 StepsHow LiteLLM Turned Developer Machines Into Credential Vaults for AttackersQilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR ToolsBKA Identifies REvil Leaders Behind 130 German Ransomware Attacks$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering OperationFortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent ImplantsChina-Linked TA416 Targets European Governments with PlugX and OAuth-Based PhishingMicrosoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux ServersWhy Third-Party Risk Is the Biggest Gap in Your Clients’ Security PostureUNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain AttackDrift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Chicago 12, Melborne City, USA

Etiqueta KICS

Other Story

Uncategorized

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Uncategorized

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Uncategorized

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
Uncategorized

When Cross-App Permissions Stack into Risk

When Cross-App Permissions Stack into Risk
Uncategorized

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
Uncategorized

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug