Tag: cyber
-
Fake Gemini npm Package Steals AI Tool Tokens
Hackers are abusing a fake Gemini-themed npm package to steal tokens and secrets from developers using AI coding tools like Claude, Cursor, Windsurf, PearAI, and others. The README text was copied from the unrelated chai-await-async library, a mismatch that should have been a red flag for careful reviewers. Code analysis showed the package contacting a Vercel-hosted endpoint, server-check-genimi.…
-
Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI
Cryptocurrency scams alone cost victims over $7 billion, while AI-enabled fraud threats are on the rise, says FBI First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/17bn-lost-to-cyber-fraud-warns-fbi/
-
FIRESIDE CHAT: Geopolitical turmoil, rising AI risk add a new layer to enterprise cyber defense
As if securing the enterprise against a tidal wave of AI tools wasn’t hard enough, it turns out the geopolitical instability of the moment is making things worse. That wasn’t the headline at RSAC 2026 last week, agentic AI… (more”¦) First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/fireside-chat-geopolitical-turmoil-rising-ai-risk-add-a-new-layer-to-enterprise-cyber-defense/
-
Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts
Hackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high”‘value cloud accounts, turning a single compromised pod into full cloud”‘level access. This trend is accelerating rapidly, with Kubernetes”‘related identity abuse and token-theft operations growing sharply across enterprise environments. Kubernetes now underpins many large”‘scale applications, making it a prime target for attackers who want…
-
GPUBreach Attack Could Lead to Full System Takeover and Root Shell Access
A newly discovered vulnerability dubbed >>GPUBreach<< demonstrates that GPU-based Rowhammer attacks can now achieve complete system compromise. Scheduled for presentation at the IEEE Symposium on Security & Privacy in 2026, University of Toronto researchers revealed how manipulating GPU memory can lead to a full CPU root shell. Most alarmingly, this exploit successfully bypasses standard hardware…
-
Hackers Exploit Next.js React2Shell Vulnerability, Breach 766 Hosts in 24 Hours
Hackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential”‘theft operation that has already compromised at least 766 servers in under 24 hours. The threat activity is tracked as “UAT”‘10608”. It relies on a custom framework dubbed NEXUS Listener to systematically harvest and organize stolen secrets at scale. Cisco Talos describes UAT”‘10608…
-
The rise of proactive cyber: Why defense is no longer enough
Tags: attack, breach, ciso, control, country, cyber, cybersecurity, defense, framework, google, government, hacking, infrastructure, intelligence, korea, law, microsoft, network, north-korea, risk, threat, toolWhat ‘proactive cyber’ means: Despite the more aggressive language, this shift toward private-sector involvement doesn’t envision vigilante-style payback by aggrieved organizations. It instead embraces a more systematic effort to interfere with adversaries earlier in the attack chain using authorities and capabilities that already exist.”To be clear, this is not hacking back,” Joyce said. “This is…
-
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
Hackers are using a deceptive technique known as “ClickFix” to deliver a sophisticated Node. js-based remote access Trojan (RAT) targeting Windows users. ClickFix, which gained popularity in early 2025, tricks users into interacting with fake CAPTCHA or verification prompts. In this latest campaign, attackers lure victims into executing malicious commands that silently install malware disguised…
-
Critical Android Flaw Allows Zero-Interaction Denial-of-Service Attacks
Google has rolled out its April 2026 Android Security Bulletin, addressing multiple vulnerabilities across the mobile operating system. The most alarming discovery this month is a critical security flaw in the Android Framework that allows attackers to trigger a local denial-of-service (DoS) state. Notably, the exploit requires absolutely no user interaction and operates without needing…
-
Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed
Tags: ai, control, cve, cvss, cyber, data-breach, exploit, flaw, injection, malicious, open-source, vulnerabilityA critical security flaw in Flowise, a popular open-source AI development platform, is currently being exploited in the wild. Tracked as CVE-2025-59528, this code injection vulnerability carries a maximum CVSS score of 10.0. It allows remote attackers to execute malicious code and take complete control of affected servers. Security researchers warn that up to 15,000…
-
Fake Installers Spread RATs, Monero Miners in Ongoing Malware Campaign
Fake software installers are being used in a long-running malware operation to drop remote access trojans (RATs), Monero cryptominers, and a new .NET implant across multiple campaigns dating back to late 2023. REF1695 relies on ISO-based fake installers that mimic legitimate software setup packages but never deliver real applications. Instead, users are guided via a…
-
Iran-Linked Hackers Hit M365 Tenants in Middle East Password Spray Campaign
Iran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new findings. The activity, observed throughout March 2026, unfolded in three distinct waves on March 3, March 13, and March 23. The campaign primarily targeted organizations in Israel and the United Arab Emirates, impacting more than…
-
New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images
Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection logic and AI-enhanced cloud protection to defend against emerging malware campaigns. Keeping antimalware solutions up to date…
-
Microsoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa Ransomware
Microsoft is warning that a fast”‘moving threat actor it tracks as Storm”‘1175 is aggressively exploiting vulnerabilities in internet”‘exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm”‘1175 is a financially motivated group known for high”‘velocity ransomware operations that weaponize recently disclosed, or “N”‘day”, vulnerabilities in web”‘facing services. The actor focuses…
-
50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCE
A severe security flaw has been discovered in the Ninja Forms File Upload plugin, a widely utilized WordPress add-on that allows website administrators to accept documents, images, and other media from their visitors. Tracked officially as CVE-2026-0740, this unauthenticated arbitrary file upload vulnerability carries a maximum critical CVSS score of 9.8. With an estimated 50,000…
-
Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers
A new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information”‘stealing malware on Windows and macOS systems. The campaign targets users searching for free or pirated versions of TradingView Premium, a popular browser”‘based charting and social platform for stock, crypto, and forex traders. Threat…
-
Windows Defender 0-Day Published Online, Giving Attackers Potential Full Access
A newly discovered zero-day vulnerability, dubbed >>BlueHammer,<< has been publicly disclosed. The flaw, which has been linked to Windows Defender, allows attackers to achieve Local Privilege Escalation (LPE) and potentially gain full administrative access to compromised systems. Because a patch is not yet available from Microsoft, this public release leaves Windows users temporarily exposed to…
-
NSFOCUS Monthly APT Insights February 2026
Regional APT Threat Situation In February 2026, the global threat hunting system of FUYING Lab detected a total of 21 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, and Central Asia, as shown in the figure below. Regarding the activity levels of different groups, the most active APT…The…
-
CISA Alerts Defenders to Actively Exploited Fortinet Zero-Day Vulnerability
Tags: cisa, cyber, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, threat, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, indicating that threat actors are actively exploiting it in the wild. The CISA KEV catalog serves as a…
-
How can Agentic AI keep you ahead of cyber threats
How Are Non-Human Identities (NHIs) Vital for Cybersecurity? Have you ever thought about the silent guardians of your organization’s data? While human cybersecurity professionals are pivotal, Non-Human Identities (NHIs) form an equally vital part of cybersecurity arsenal. They are the machine identities that operate behind the scenes, ensuring that data protection is not just proactive……
-
Trump’s Budget Proposal Would Slash CISA After Bruising Year
White House Criticizes Cyber Defense Agency – and Proposes a Steep $700 Million Cut. The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs while shifting the agency toward a narrower focus on federal networks and critical infrastructure amid rising nation-state cyberthreats. First seen on govinfosecurity.com Jump to…
-
Trump’s Budget Proposal Would Slash CISA After Bruising Year
White House Criticizes Cyber Defense Agency – and Proposes a Steep $700 Million Cut. The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs while shifting the agency toward a narrower focus on federal networks and critical infrastructure amid rising nation-state cyberthreats. First seen on govinfosecurity.com Jump to…
-
Trump’s Budget Proposal Would Slash CISA After Bruising Year
White House Criticizes Cyber Defense Agency – and Proposes a Steep $700 Million Cut. The FY2027 proposal would cut roughly $707 million from CISA, reducing staffing, contractor support and coordination programs while shifting the agency toward a narrower focus on federal networks and critical infrastructure amid rising nation-state cyberthreats. First seen on govinfosecurity.com Jump to…
-
2027 POTUS Budget Proposal Targets CISA With Funding Cuts
The proposed FY2027 budget cuts to CISA are raising concerns about weakened cyber defense and reduced collaboration. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/2027-potus-budget-proposal-targets-cisa-with-funding-cuts/
-
FBI: Cyber fraud surges to $17.6 billion in losses as scams, crypto theft soar
Cyber-enabled fraud was behind 85% of all losses reported to the FBI in 2025 and constituted 45% of the 1,008,597 complaints it’s IC3 unit received overall. First seen on therecord.media Jump to article: therecord.media/cyber-fraud-surges-to-17-billion-fbi-ic3
-
Phishing LNK files and GitHub C2 power new DPRK cyber attacks
DPRK-linked hackers use GitHub C2s, starting attacks via phishing LNK files that drop a PDF and PowerShell script in South Korea. North Korea-linked threat actors target South Korean organizations using GitHub as C2 servers. The attack chain starts with phishing emails carrying obfuscated LNK files that drop a decoy PDF and a PowerShell script to…
-
CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild
Exploitation has been observed for CVE-2026-35616, a critical improper access control zero-day vulnerability affecting Fortinet FortiClientEMS devices. Key takeaways: CVE-2026-35616, an improper access control vulnerability, has been exploited in the wild as a zero-day. Public exploit code has been identified and Fortinet products have a long history of targeting by malicious actors. Hotfixes have been…
-
Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data
A malicious PyPI package, hermes-px, that masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a private university AI service. Marketed as an OpenAI-compatible, Tor-routed proxy requiring no API keys, the package actually hijacks a Tunisian university’s internal AI endpoint, injects a stolen Anthropic Claude system prompt, and exfiltrates every…
-
Why Cybersecurity Is the First Step in Preparing Your Company for an IPO
Preparing for an Initial Public Offering (IPO) is a significant phase that requires careful planning across financial, legal, and operational areas. However, one critical factor that is often underestimated is cybersecurity. In the IPO journey, companies handle highly sensitive financial data, intellectual property, and regulatory disclosures, making them prime targets for cyber threats. A weak……