Collecting Cyber-News from over 60 sources

Tag: exploit

DarkSword exploit forces Apple to loosen its patching policy

Apr 2, 2026 1:52 PM

Tags: apple, exploit, update

Apple has extended security updates to a wider range of devices still running iOS 18, aiming to protect users from the DarkSword exploit kit. This is not the first time Apple … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/apple-ios-18-darksword-security-updates/
Vietnam-Linked PXA Stealer Campaign Exploits LinkedIn to Target Professionals Globally

Apr 2, 2026 11:51 AM

Tags: data, data-breach, exploit, linkedin, malware, social-engineering, threat

A newly exposed global malware campaign reveals how PXA Stealer has been wielded by Vietnam”‘linked actors to siphon sensitive data from professionals across multiple countries using trusted platforms like LinkedIn. First documented in late 2024, this campaign has evolved into a new threat that leverages social engineering, advanced payload delivery, and stealthy execution to outmaneuver…
TrueConf zero-day vulnerability exploited to target government networks

Apr 2, 2026 11:51 AM

Tags: china, exploit, government, malware, network, vulnerability, zero-day

Suspected China-nexus attackers have leveraged a zero-day vulnerability (CVE-2026-3502) in the TrueConf client application to distribute malware within government networks in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/02/trueconf-zero-day-vulnerability-cyber-espionage/
NoVoice on Google Play Exploits 22 Flaws to Hit Millions of Android Users

Apr 2, 2026 11:51 AM

Tags: android, cyber, exploit, flaw, google, tool, vulnerability

NoVoice is a new Android rootkit campaign that hid in more than 50 apps on Google Play, exploiting 22 vulnerabilities to hijack millions of older and unpatched Android devices and even clone WhatsApp sessions. The apps posed as everyday utilities such as cleaners, casual games, and gallery tools, and behaved normally to avoid raising suspicion.…
CISA Issues Alert on Chrome Zero-Day Under Active Exploitation

Apr 2, 2026 11:51 AM

Tags: browser, chrome, cisa, cve, cyber, cybersecurity, exploit, flaw, google, hacker, infrastructure, kev, vulnerability, zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability affecting Google Chrome and other Chromium-based web browsers. Officially tracked as CVE-2026-5281, this security flaw has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog because hackers are actively exploiting it in real-world attacks. The vulnerability originates…
Apple Releases iOS 18.7.7 Update to Defend Against DarkSword Exploit

Apr 2, 2026 11:51 AM

Tags: apple, cyber, exploit, threat, update

Apple has officially expanded the rollout of iOS 18.7.7 and iPadOS 18.7.7 to defend users against a critical web-based threat known as the DarkSword exploit. Originally released on March 24, 2026, Apple aggressively pushed the update to more devices via Automatic Updates on April 1 to ensure widespread, immediate protection. The DarkSword Threat While the…
Cybersecurity in the age of instant software

Apr 2, 2026 11:51 AM

Tags: access, ai, attack, computing, control, credentials, cybersecurity, deep-fake, defense, detection, exploit, flaw, injection, intelligence, iot, malicious, network, open-source, programming, risk, social-engineering, software, technology, tool, update, vulnerability, zero-day

Automating patch creation: But that’s just half of the arms race. Defenders get to use AI, too. These same AI vulnerability-finding technologies are even more valuable for defense. When the defensive side finds an exploitable vulnerability, it can patch the code and deny it to attackers forever.How this works in practice depends on another related…
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Apr 2, 2026 10:51 AM

Tags: attack, data-breach, exploit, Internet, rce, remote-code-execution

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-14-000-f5-big-ip-apm-instances-still-exposed-to-rce-attacks/
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit

Apr 2, 2026 10:51 AM

Tags: apple, exploit, risk, update

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword.”We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can…
Cisco Smart Software Manager Flaw Allowed Arbitrary Command Execution

Apr 2, 2026 9:51 AM

Tags: advisory, cisco, cve, cvss, cyber, exploit, flaw, software, vulnerability

Cisco has released a high-priority security advisory regarding a critical vulnerability in its Smart Software Manager On-Prem (SSM On-Prem) platform. The flaw, tracked as CVE-2026-20160, carries a near-maximum CVSS severity score of 9.8 out of 10. If exploited, it enables an unauthenticated, remote attacker to execute arbitrary commands with root privileges on the underlying operating…
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

Apr 1, 2026 8:31 PM

Tags: ai, attack, control, cve, cvss, cybersecurity, exploit, flaw, LLM, malicious, sql, tool, vulnerability, zero-day

P_MLE and P_SECURE) in the tabpanel sidebar introduced in 2025, and a missing security check in the autocmd_add() function.Claude Code then helpfully tried to find ways to exploit the vulnerability, eventually suggesting a tactic that bypassed the Vim sandbox by persuading a target to open a malicious file. It had gone from prompt to proof-of-concept…
Google’s Vertex AI Is Over-Privileged. That’s a Problem

Apr 1, 2026 8:31 PM

Tags: ai, cloud, data, exploit, google, network

Palo Alto Networks researchers show how attackers could exploit AI agents on Google’s Vertex AI to steal data and break into restricted cloud infrastructure. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/googles-vertex-ai-over-privilege-problem
Hackers Are Using WhatsApp to Deliver Malware to Windows PCs

Apr 1, 2026 7:30 PM

Tags: exploit, hacker, malware, microsoft, windows

Hackers are using WhatsApp messages to deliver malware to Windows PCs, exploiting user trust and attachments to trigger stealthy, multi-stage attacks. The post Microsoft: Hackers Are Using WhatsApp to Deliver Malware to Windows PCs appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-whatsapp-malware-windows-attack/
Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

Apr 1, 2026 5:29 PM

Tags: apt, attack, exploit, finance, google, group, korea, north-korea, supply-chain, threat

Google links the Axios npm supply chain attack to North Korean threat group UNC1069, targeting financial gain. Google has attributed the recent Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069. The attack, aimed at financial gain, exploited the package to target developers and organizations relying on Axios. John Hultquist…
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation, Patch Released

Apr 1, 2026 4:29 PM

Tags: browser, chrome, cve, exploit, flaw, google, open-source, update, vulnerability, zero-day

Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been exploited in the wild.The high-severity vulnerability, CVE-2026-5281 (CVSS score: N/A), concerns a use-after-free bug in Dawn, an open-source and cross-platform implementation of the WebGPU standard.”Use-after-free in Dawn in Google Chrome prior…
Zero-Day-Schwachstelle in abgehärteten Videokonferenz-Tool Trueconf

Apr 1, 2026 3:30 PM

Tags: bug, exploit, malware, phishing, software, tool, update, vulnerability, zero-day

Check Point Research (CPR) hat eine bisher unbekannte Zero-Day-Sicherheitslücke in der Videokonferenz-Software <> aufgedeckt. Wie die Sicherheitsforscher von Check Point Software Technologies herausfanden, konnten Angreifer vertrauenswürdige, lokal installierte Software-Updates missbrauchen. Sie verbreiteten so unbemerkt Malware in mehreren südostasiatischen Behörden und Regierungsapparaten. Die Täter mussten also weder auf Phishing, also den Diebstahl von Anmeldedaten, noch auf Exploits…
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus

Apr 1, 2026 3:30 PM

Tags: antivirus, exploit, group, ransomware, tool

New research from Seqrite explains the ‘dual-use dilemma,’ where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker… First seen on hackread.com Jump to article: hackread.com/ransomware-groups-exploit-it-tools-bypass-antivirus/
Google Warns of New Chrome Zero-Day Under Active Exploitation Users Urged to Update Immediately

Apr 1, 2026 3:30 PM

Tags: browser, chrome, cyber, exploit, flaw, google, linux, threat, update, vulnerability, windows, zero-day

Google has released an urgent security update for its Chrome desktop browser to address 21 vulnerabilities, including a critical zero-day flaw that is actively being exploited in the wild. Users are strongly urged to update their browsers immediately to version 146.0.7680.177/.178 for Windows and Mac, or 146.0.7680.177 for Linux . Active Zero-Day Threat The most…
Gigabyte Control Center: Schadcode-Lücke in verbreitetem Hardware-Steuertool

Apr 1, 2026 3:30 PM

Tags: control, exploit, Hardware

Viele Nutzer mit Gigabyte-Hardware verwenden das Gigabyte Control Center. Eine Lücke darin lässt Angreifer unter anderem Schadcode einschleusen. First seen on golem.de Jump to article: www.golem.de/news/gigabyte-control-center-schadcode-luecke-in-verbreitetem-hardware-steuertool-2604-207159.html
A Taxonomy of Cognitive Security

Apr 1, 2026 2:29 PM

Tags: data, exploit, hacking

Last week, I listened to a fascinating talk by K. Melton on cognitive security, cognitive hacking, and reality pentesting. The slides from the talk are here, but”, even better”, Menton has a long essay laying out the basic concepts and ideas. The whole thing is important and well worth reading, and I hesitate to excerpt.…
Google Chrome Update Fixes 21 Flaws, Warns of Actively Exploited Vulnerability

Apr 1, 2026 2:29 PM

Tags: browser, chrome, exploit, flaw, google, update, vulnerability

Google has released a Stable Channel Update for Chrome, addressing 21 security vulnerabilities, including a high-profile code smuggling vulnerability that is actively being exploited in the wild. The update rolled out on Wednesday night. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/chrome-stable-channel-update-security/
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2026-5281)

Apr 1, 2026 2:29 PM

Tags: browser, chrome, cve, exploit, google, vulnerability, zero-day

Google has fixed 21 vulnerabilities affecting its popular Chrome browser, among them a zero-day (CVE-2026-5281) with an in-the-wild exploit. About CVE-2026-5281 As per usual, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/01/google-chrome-zero-day-cve-2026-5281/
Google fixes fourth Chrome zero-day exploited in attacks in 2026

Apr 1, 2026 1:29 PM

Tags: attack, browser, chrome, exploit, google, vulnerability, zero-day

Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-fourth-chrome-zero-day-exploited-in-attacks-in-2026/
Hackers Exploit Hotel Booking Systems to Send Fake Payment Requests to Guests

Apr 1, 2026 1:29 PM

Tags: cyber, data, exploit, hacker

Hackers are increasingly targeting hotel booking workflows to trick travelers into handing over payment details, using a technique that blends real reservation data with convincing social engineering. The message references real booking details such as the hotel name, stay dates, or payment status making it appear legitimate. Instead of raising suspicion, the message feels like…
Security awareness is not a control: Rethinking human risk in enterprise security

Apr 1, 2026 12:29 PM

Tags: access, attack, authentication, awareness, banking, best-practice, breach, business, control, corporate, credentials, crowdstrike, defense, email, exploit, finance, framework, Hardware, healthcare, identity, infrastructure, malware, mfa, monitoring, passkey, password, phishing, radius, risk, security-incident, social-engineering, strategy, tactics, threat, training, vulnerability

The predictability of human error: Human error is sometimes viewed as an exception in security incident conversations, as if a breach happened because someone made a mistake that should have been prevented. Human error is a constant in complex systems, especially in huge organizations where everyday operations are shaped by scale, pace, and conflicting agendas.…
Vim und Emacs: Claude liefert auf Zuruf gefährliche Schadcode-Exploits

Apr 1, 2026 12:29 PM

Tags: exploit

Forscher haben Claude mit Fake-Gerüchten dazu verleitet, Exploit-Code für bisher unbekannte Sicherheitslücken in Vim und Emacs zu generieren. First seen on golem.de Jump to article: www.golem.de/news/vim-und-emacs-claude-liefert-auf-zuruf-gefaehrliche-schadcode-exploits-2604-207151.html
PoC Exploit Code Published for nginx-ui Backup Restore Security Flaw

Apr 1, 2026 11:29 AM

Tags: backup, cve, cyber, exploit, flaw, update, vulnerability

A critical security flaw in the nginx-ui backup restore mechanism, tracked as CVE-2026-33026, allows attackers to manipulate encrypted backups and execute arbitrary commands. Proof-of-Concept (PoC) exploit code has been publicly released, prompting an urgent need for administrators to update to version 2.3.4. Backup Integrity Bypass Flaw The vulnerability stems from a circular trust model where…
Schadcode per Klick: Attackierte Chrome-Lücke gefährdet Millionen von Nutzern

Apr 1, 2026 11:29 AM

Tags: browser, bug, chrome, exploit, google

In Google Chrome klafft eine Sicherheitslücke, mit der sich per Webseitenaufruf Schadcode einschleusen lässt. Angreifer nutzen das bereits aus. First seen on golem.de Jump to article: www.golem.de/news/schadcode-per-klick-attackierte-chrome-luecke-gefaehrdet-millionen-von-nutzern-2604-207143.html
Darksword: Apple bringt Exploit-Patch für weitere iPhones

Apr 1, 2026 10:34 AM

Tags: apple, exploit, iphone, update

Wer nicht auf iOS 26 aktualisieren will und weiter iOS 18 verwendet, ist bisher vor dem Darksword-Exploit ungeschützt gewesen. First seen on golem.de Jump to article: www.golem.de/news/darksword-apple-bringt-exploit-patch-fuer-weitere-iphones-2604-207142.html
TrueConf Vulnerability Under Active Exploitation in Southeast Asia Government Attacks

Apr 1, 2026 9:30 AM

Tags: attack, cve, cvss, cyber, exploit, flaw, government, update, vulnerability, zero-day

Check Point Research has discovered a critical zero-day vulnerability in the TrueConf video conferencing client. Tracked as CVE-2026-3502 with a CVSS score of 7.8, this flaw is currently being exploited in targeted attacks against government entities in Southeast Asia. Dubbed >>Operation TrueChaos,<< the campaign uses the application's trusted update system to deliver the Havoc post-exploitation…