breach
closed
4 articles
Two US cybersecurity professionals have been sentenced to prison over their roles in ransomware attacks, with Ryan Goldberg of Georgia and Kevin Martin of Texas each receiving a four-year term after pleading guilty to conspiracy to obstruct or affect interstate commerce by extortion. A third participant, Angelo Martino of Florida, also pleaded guilty and…
Apr 21, 2026
—
May 1, 2026
incident
closed
4 articles
According to CISA, Windows Shell and ConnectWise ScreenConnect flaws have been added to the Known Exploited Vulnerabilities (KEV) catalog. The entries include CVE-2024-1708, a ConnectWise ScreenConnect Path Traversal Vulnerability (CVSS 8.4) affecting versions 23.9.7 and earlier, and CVE-2026-32202, a Microsoft Windows Protection Mechanism Failure…
Apr 28, 2026
—
Apr 29, 2026
vulnerability
closed
2 articles
A Mirai botnet is actively exploiting a command injection flaw, tracked as CVE-2025-29635, in discontinued D-Link DIR-823X series routers, according to Akamai. The vulnerability allows attackers to inject commands because an attacker-controlled value is copied without proper validation, affecting firmware versions 240126 and 24082. Exploitation began about…
Apr 22, 2026
—
Apr 22, 2026
incident
closed
2 articles
Cybersecurity researchers have identified BRIDGE:BREAK, a set of 22 vulnerabilities across Lantronix and Silex serial-to-IP converters, which could allow attackers to hijack devices and tamper with data exchanged by them. The flaws affect as many as eight security weaknesses in Lantronix EDS3000PS and EDS5000 Series and 14 in Silex SD330-AC, with potential…
Apr 20, 2026
—
Apr 21, 2026
vulnerability
closed
2 articles
CVE-2023-33538 has been under attack for over a year in outdated TP-Link routers, but exploitation remains unsuccessful, according to security researchers. Hackers targeted the flaw, a command injection in the /userRpm/WlanNetworkRpm endpoint affecting models including TL-TL-WR940N v2/v4, TL-WR740N v1/v2, and TL-WR841N v8/v10, with CISA adding the issue to…
Apr 20, 2026
—
Apr 20, 2026
vulnerability
closed
2 articles
Microsoft has issued Patch Tuesday updates fixing 165 vulnerabilities, including a SharePoint zero-day that has been exploited in the wild. The exploited SharePoint Server vulnerability is tracked as CVE-2026-32201 and is described as a spoofing issue with a CVSS score of 6.5, according to Microsoft. Improper input validation in Microsoft Office SharePoint…
Apr 14, 2026
—
Apr 14, 2026
incident
closed
2 articles
According to Citizen Lab, the Webloc surveillance tool tracked up to 500 million devices globally by tapping into advertising data to support law enforcement investigations in the United States, Hungary, and El Salvador. Developed by Cobwebs Technologies and now sold by Penlink, Webloc is used by agencies including ICE, the military, and various police…
Apr 11, 2026
—
Apr 13, 2026
vulnerability
closed
3 articles
Attackers are actively exploiting a critical Flowise vulnerability, tracked as CVE-2025-59528, which enables remote code execution and full system takeover by abusing poor validation of user-supplied JavaScript. The flaw allows arbitrary JavaScript to be executed on Flowise servers through the CustomMCP node, because the convertToValidJSONString function…
Apr 7, 2026
—
Apr 7, 2026
vulnerability
closed
3 articles
According to Talos, a threat actor tracked as UAT-10608 exploited vulnerable Next[.]js applications to compromise systems and exfiltrate credentials at scale, leveraging automated scanning to target Next[.]js deployments affected by CVE-2025-55182 (CVSS 10) a critical React vulnerability known as React2Shell. Following initial access, the operation used…
Mar 6, 2026
—
Apr 3, 2026
vulnerability
closed
4 articles
CVE-2026-20093 is described as a critical authentication bypass flaw in Cisco IMC that could allow an unauthenticated remote attacker to bypass authentication and gain full administrative access to UCS servers. The vulnerability carries a CVSS score of 9.8 and stems from improper input validation in the password change functionality of IMC, enabling an…
Apr 2, 2026
—
Apr 3, 2026
vulnerability
closed
4 articles
according to Known Exploited Vulnerabilities Catalog, the entry for TrueConf is CVE-2026-3502, described as a Client Download of Code Without Integrity Check Vulnerability. An attacker who can influence the update delivery path can substitute a tampered update payload, potentially leading to arbitrary code execution in the context of the updating process or…
Mar 31, 2026
—
Apr 2, 2026
vulnerability
closed
7 articles
Google patched CVE-2026-5281, a high-severity use-after-free vulnerability in Dawn, Chromium’s WebGPU implementation, and it has confirmed exploitation in the wild. The NVD wording outlines that a remote attacker who had already compromised the renderer process could execute arbitrary code via a crafted HTML page. Chrome fixed the flaw in stable desktop…
Apr 1, 2026
—
Apr 2, 2026
campaign
closed
2 articles
Threat actor UAC-0255 impersonated CERT-UA in a phishing campaign to spread the AGEWHEEZE remote access tool, sending emails to about 1 million users. The messages urged recipients to download a password-protected archive from Files[.]fm and install a fake “specialized software” that would give attackers control over infected systems. AGEWHEEZE offers…
Apr 1, 2026
—
Apr 2, 2026
vulnerability
closed
2 articles
Apple has expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to more devices to protect users from the DarkSword exploit kit, according to Infosecurity Magazine. The update allows devices still running iOS 18 to receive security patches without upgrading to the latest operating system, and Apple broadened access on 1 April to help more users receive…
Apr 2, 2026
—
Apr 2, 2026
incident
closed
2 articles
WhatsApp says it alerted about 200 users who were tricked into installing a bogus iOS version of WhatsApp that was infected with spyware. According to La Repubblica and ANSA, the vast majority of the targets are located in Italy, and the attackers used social engineering to persuade users to install the malicious app. All affected users have been logged out…
Apr 2, 2026
—
Apr 2, 2026
campaign
closed
2 articles
Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines, which will lead to the attacker gaining remote control, according to Microsoft. The attack chain starts with a WhatsApp attachment that looks harmless but is actually a .vbs file that Windows can execute; when run, it copies built‑in Windows…
Apr 1, 2026
—
Apr 1, 2026
vulnerability
closed
3 articles
Google has attributed the Axios npm supply chain compromise to a North Korean threat group tracked as UNC1069, in a move described as identifying the attackers as financially motivated. According to Google Threat Intelligence Group, UNC1069 has been active since at least 2018, with WAVESHAPER.V2 and related infrastructure cited as links to the group’s…
Apr 1, 2026
—
Apr 1, 2026
vulnerability
closed
8 articles
CVE-2025-53521 is a vulnerability in F5 BIG-IP Access Policy Manager (APM) that was reclassified in 2026 from a denial-of-service issue to an unauthenticated remote code execution (RCE) vulnerability. The flaw is actively exploited, with exploitation occurring in vulnerable BIG-IP versions and CISA listing it in its Known Exploited Vulnerabilities catalog.…
Mar 27, 2026
—
Apr 1, 2026
campaign
closed
2 articles
Threat actors hijacked the Axios npm package, introducing malicious versions of plain-crypto-js as a dependency to spread remote access Trojans (RATs), according to researchers at OpenSourceMalware. With access to the maintainer Jason Saayman’s account, the attackers published versions v1.14.1 and v0.30.4 featuring plain-crypto-js, and changed Saayman’s…
Mar 31, 2026
—
Apr 1, 2026
breach
closed
2 articles
Between late February and March 2026, threat group TeamPCP conducted a multi-stage supply chain campaign targeting trusted security tools, including Aqua Security Trivy, Checkmarx KICS and the LiteLLM gateway, with the operation expanding to the Telnyx Python SDK. According to Unit 42, the attackers injected malicious infostealer payloads into GitHub…
Mar 30, 2026
—
Mar 31, 2026
incident
closed
2 articles
Elastic Security Labs reports a supply chain compromise of the axios npm package, one of the JavaScript ecosystem’s most depended-upon libraries, which at discovery had about 100 million weekly downloads. The attacker gained control of the maintainer account jasonsaayman and published two malicious versions, axios@1.14.1 and axios@0.30.4, meaning a fresh…
Mar 31, 2026
—
Mar 31, 2026
vulnerability
closed
4 articles
Threat actors have started exploiting a critical-severity vulnerability in Fortinet FortiClient EMS, tracked as CVE-2026-21643, which is described as a pre-authentication SQL injection that can be exploited remotely via crafted HTTP requests. FortiClient EMS version 7.4.4 is affected, and a patch to 7.4.5 was released in early February, with Fortinet noting…
Feb 9, 2026
—
Mar 31, 2026
vulnerability
closed
11 articles
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Citrix NetScaler flaw, tracked as CVE-2026-3055, to its Known Exploited Vulnerabilities (KEV) catalog, with a CVSS score of 9.3. In March, Citrix issued security updates for two NetScaler vulnerabilities, including CVE-2026-3055, which allows unauthenticated attackers to leak…
Mar 24, 2026
—
Mar 31, 2026
incident
closed
1 article
Axios has suffered a supply chain attack after two newly published versions of its npm package introduced a malicious dependency, plain-crypto-js version 4.2.1, as a fake runtime dependency. According to StepSecurity, the versions 1.14.1 and 0.30.4 were published using the compromised npm credentials of the primary Axios maintainer, “jasonsaayman,” enabling…
Mar 31, 2026
—
Mar 31, 2026