Tag: attack
-
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/supply-chain-attack-at-cpuid-pushes-malware-with-cpu-z-hwmonitor/
-
UK says it exposed Russian submarine activity near undersea cables
A Russian attack submarine and vessels from the country’s Main Directorate of Deep Sea Research (GUGI) were involved in what the UK Ministry of Defence called “nefarious activity over critical undersea infrastructure elsewhere.” First seen on therecord.media Jump to article: therecord.media/uk-says-it-exposed-russian-submarine-activity
-
How AutoSecT Simplifies Audit Preparation for Global Enterprises
AutoSecT by Kratikal steps in not as an AI-driven VMDR and pentest tool to add to the stack, but as a unified platform that radically simplifies audit readiness while strengthening security posture at scale. Preparing for security audits is one of the toughest challenges global enterprises face today. With sprawling attack surfaces, cloud environments, complex……
-
Claude uncovers a 13″‘year”‘old ActiveMQ RCE bug within minutes
AI accelerated discovery: ActiveMQ has been here before. The platform has a track record of high-impact vulnerabilities tied to management surfaces and unsafe assumptions around trusted inputs. From older web console flaws to deserialization bugs and protocol-level RCEs, administrative functionalities have consistently become attack vectors.But none of the previous flaws were found the way CVE-2026-34197…
-
The Cyber Express Weekly Roundup: Major State Threats, Crypto Attacks, and Legal Gaps
In this week’s weekly roundup, The Cyber Express summarizes key cybersecurity news across state-sponsored attacks, crypto ecosystem breaches, regulatory gaps, and mobile data exposure risks. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/weekly-roundup-cybersecurity-global-threats/
-
UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions
LucidRook is Lua malware used in phishing attacks on NGOs and universities in Taiwan, linked to UAT-10362, spread via password-protected emails. LucidRook is a new Lua-based malware used in targeted phishing attacks against NGOs and universities in Taiwan. Cisco Talos links it to a skilled group tracked as UAT-10362. In Oct 2025, attackers used password-protected…
-
Canadian employees targeted in payroll pirate attacks
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees’ salary payments after hijacking their accounts in payroll pirate attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-canadian-employees-targeted-in-payroll-pirate-attacks/
-
Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month
Qilin, Akira and Dragonforce were responsible for 40% of 672 ransomware incidents reported in March, says Check Point First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/three-ransomware-gangs-40-percent/
-
Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft
A ransomware attack on Dutch healthcare software vendor ChipSoft has forced the company to disable parts of its digital services used by hospitals and patients across the Netherlands, the national cybersecurity center for the healthcare sector said. First seen on therecord.media Jump to article: therecord.media/chipsoft-ransomware-attack-disrupts-dutch-hospitals
-
Renovate Dependabot: The New Malware Delivery System
Recent supply chain attacks stayed live for hours. Automation tools silently merged their malware in minutes. Read how upgrade bots and AI agents became the insider threat. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/renovate-dependabot-the-new-malware-delivery-system/
-
Middle East Espionage Attack Uses Fake Secure Messaging Apps to Deliver ProSpy
Hackers are impersonating popular secure messaging apps to deploy a sophisticated Android spyware tool called ProSpy against journalists, activists, and political figures across the Middle East, in a hack”‘for”‘hire campaign linked to the BITTER APT group. The campaign has been active since at least 2022. It primarily targets civil society members and potentially government officials in countries…
-
HPE Aruba Private 5G Vulnerability Opens Door to Credential Theft Attacks
A newly disclosed security flaw in HPE Aruba Networking Private 5G Core On-Prem is putting enterprise networks at severe risk of credential theft. Documented under the security bulletin HPESBNW05032EN_US, this vulnerability targets the platform’s graphical user interface and allows threat actors to silently harvest administrative login details. The security defect, officially tracked as CVE-2026-23818, stems…
-
New React Server Components Flaw Could Let Attackers Trigger DoS
A newly disclosed high-severity vulnerability in React Server Components could allow unauthenticated attackers to trigger a Denial of Service (DoS) condition. Tracked as CVE-2026-23869, this flaw poses a significant risk to web applications using specific server-side rendering packages. Because the exploit requires no privileges and involves low attack complexity, threat actors can easily target vulnerable…
-
MuddyWater Uses Russian MaaS in New ChainShell Attack
MuddyWater is now weaponizing a Russian malware-as-a-service (MaaS) platform to run a new operation dubbed “ChainShell”, blending Iranian state targeting with commercially developed cybercrime tooling. The assessment is based on a misconfigured command”‘and”‘control (C2) web server, 15 malware samples, and a previously undocumented JavaScript/Node.js payload named ChainShell. Investigators conclude that MuddyWater is running at least…
-
GlassWorm Trojan Hits VS Code, Cursor, Windsurf via OpenVSX Extension
A newly discovered supply chain attack is spreading the GlassWorm malware across multiple developer environments by abusing the OpenVSX extension marketplace. GlassWorm is not new. Researchers have tracked the campaign since March 2025, when attackers hid malicious payloads inside npm packages using invisible Unicode characters. Since then, the operation has expanded across GitHub repositories, npm…
-
DesckVB RAT Uses Fileless .NET Loader to Evade Detection
DesckVB RAT is emerging as a highly active and stealthy malware threat in 2026, leveraging layered obfuscation and fileless execution techniques to bypass traditional security defenses. The attack chain begins with a malicious JavaScript file that hides its true intent through complex encoding and code replication. This script copies its own logic into PowerShell and…
-
Singapore Cyber Security Agency chief: Cyber stability a necessity, not a luxury
With state-linked attacks rising and international rules unravelling, Singapore’s cyber security commissioner calls for global cooperation to prevent catastrophic conflict in cyber space First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641228/Singapore-Cyber-Security-Agency-chief-Cyber-stability-a-necessity-not-a-luxury
-
What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure
Tags: access, advisory, ai, attack, authentication, automation, backup, cctv, chatgpt, cisa, communications, compliance, control, credentials, crypto, cve, cyber, cybersecurity, data, data-breach, defense, detection, dns, email, exploit, finance, firewall, flaw, government, group, healthcare, infrastructure, intelligence, international, Internet, iot, iran, kev, leak, linux, malicious, malware, mitigation, mitre, monitoring, network, office, openai, password, radius, resilience, risk, router, service, siem, software, strategy, switch, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementAn Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating under Iran’s IRGC Cyber-Electronic Command. The U.S. Treasury sanctioned six named officials in February 2024 and the State Department…
-
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
Tags: access, adobe, attack, ciso, control, data, email, exploit, hacker, incident response, malicious, malware, monitoring, resilience, risk, sans, software, technology, threat, tool, update, vulnerabilityA high risk exploit: Kellman Meghu, chief technology officer at Canadian incident response firm DeepCove Security, called the exploit “a very high risk.”So far it looks as though this particular malware just exfiltrates data, he said. But it implies there is an ability or capability to turn it into a vehicle for remote code execution.…
-
Iranian attacks on US critical infrastructure puts 3,900 devices in crosshairs
Censys researchers warned that thousands of devices are exposed to the Iranian government’s campaign targeting energy, water, and U.S. government services and facilities. First seen on cyberscoop.com Jump to article: cyberscoop.com/iran-attackers-industrial-ot-government-energy-water-censys/
-
Breach Roundup: German Police Expose REvil, GandCrab Boss
Also, Medusa Ransomware, Grafana Flaw, German Political Party Breach. This week, German police unmasked a REvil leader, a critical Docker flaw, Medusa ransomware surged, DPRK hackers abused GitHub, Grafana AI bugs enabled data theft, scams hit $20B in the United States, Ivanti exploited and attacks hit Northern Ireland schools and a German political party. First…
-
Mythos and Like AI Tools Raise Stakes for Healthcare Cyber
Experts Warn of Faster and Higher Volume Attacks, Rising Patient Safety Worries. Emerging powerful AI tools – such as Anthropic’s new Claude Mythos – that are capable of autonomously identifying and exploiting software bugs in a flash could reshape the healthcare cyber landscape by accelerating attacks and raising the risk of widespread operational disruption, experts…
-
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-lucidrook-malware-used-in-targeted-attacks-on-ngos-universities/
-
New VENOM phishing attacks steal senior executives’ Microsoft logins
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called “VENOM” are targeting credentials of C-suite executives across multiple industries. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-venom-phishing-attacks-steal-senior-executives-microsoft-logins/
-
Healthcare IT solutions provider ChipSoft hit by ransomware attack
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/healthcare-it-solutions-provider-chipsoft-hit-by-ransomware-attack/
-
Cloudflare ‘actively adjusting’ quantum priorities in wake of Google warning
Tags: android, attack, awareness, browser, chrome, ciso, communications, compliance, computer, computing, crypto, cryptography, cybersecurity, data, encryption, google, government, group, Hardware, infrastructure, Internet, ml, mobile, regulation, risk, service, strategy, technology, threat, vulnerabilityNational Institute of Standards and Technology (NIST) has set a 2030 deadline for depreciating legacy encryption algorithms ahead of their planned retirement in 2035.Late last month Google brought forward its own post-quantum cryptography (PQC) deadline a year to 2029 because advances in quantum computers mean that legacy encryption and digital signature systems are at greater…
-
In-Memory Loader Drops ScreenConnect
IntroductionIn February 2026, Zscaler ThreatLabz discovered an attack chain where attackers used a fake Adobe Acrobat Reader download to lure victims into installing ConnectWise’s ScreenConnect. While ScreenConnect is a legitimate remote access tool, it can be leveraged for malicious purposes. In this blog post, ThreatLabz examines the various stages of this attack, from the download lure to the…
-
LangChain, Langflow, LiteLLM: When AI’s Foundation Code Becomes the Attack Surface
Three AI framework attacks in one week expose how classic vulnerabilities are hiding in AI’s foundational plumbing, putting millions of deployments at risk. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/langchain-langflow-litellm-when-ais-foundation-code-becomes-the-attack-surface/
-
Bitcoin Depot Reports $3.6m Crypto Theft After System Breach
Bitcoin Depot has disclosed a cyber-attack that led to the theft of more than 50 Bitcoin, worth $3.66m, after hackers accessed its internal systems First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/bitcoin-depot-dollar36m-crypto/