Cybersecurity

Cybersecurity

Google Fortifies Pixel 10 with Rust-Based DNS Security Layer

Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the secur

Cybersecurity

GoGra Linux Malware Exploits Microsoft Graph API for Covert Attacks

A Linux variant of the GoGra backdoor uses legitimate Microsoft infrastructure, relying on an Outlook inbox for stealthy payload delivery. [...]

Cybersecurity

AI-Generated Scam Campaign Floods Google Discover Feed

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intellig

Cybersecurity

Microsoft Graph API Change Breaks Universal Print Sharing

Microsoft says that an ongoing Universal Print sharing issue that prevents users from creating some printer shares is due to a Microsoft Graph API code change.

Cybersecurity

Mirax Android RAT Hijacks 220K Devices via Meta Ads

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,

Cybersecurity

1,300+ Microsoft SharePoint Servers at Risk From Spoofing Flaw

Over 1,300 Microsoft SharePoint servers exposed online remain unpatched against a spoofing vulnerability that was exploited as a zero-day and is still being abu

Cybersecurity

Critical Security Risks Jump 400% as AI Dev Tools Outpace Detection

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume gre

Cybersecurity

Microsoft Issues Emergency Patches for Critical ASP.NET Core Flaw

Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. [...]

Cybersecurity

108 Malicious Chrome Extensions Target 20K Users

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-

Cybersecurity

French Government Agency Confirms Data Breach

France Titres, the government agency in France for issuing and managince administrative documents has disclosed a data breach after a threat actor claimed the a

Cybersecurity

Critical ShowDoc Flaw Under Active Attack

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation i

Cybersecurity

New Lotus Malware Targets Venezuelan Energy Sector

A previously undocumented data-wiping malware dubbed Lotus was used last year in targeted attacks against energy and utilities organizations in Venezuela. [...]

Cybersecurity

CISA Flags 6 Critical Vulnerabilities Under Active Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalo

Cybersecurity

UK Regulator Launches Probe Into Telegram Over CSAM Concerns

Ofcom, the United Kingdom's independent communications regulator, has launched an investigation into Telegram based on evidence suggesting it's being used to sh

Cybersecurity

JanelaRAT Malware Launches 14,739 Attacks on Brazilian Banks

Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT. A modi

Cybersecurity

Seamless Fraud Defense: Protecting Users Without Slowing Them Down

Fraud prevention and user experience don't have to be a tradeoff. IPQS shows how combining identity, device, and network signals stops fraud without adding fric

Cybersecurity

Critical PDF Zero-Day and State Infrastructure Threats Emerge

Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in

Cybersecurity

CISA Issues Urgent Warning on SD-WAN Flaw Under Active Attack

​CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploite

Cybersecurity

FBI and Indonesian Police Shut Down $20M W3LL Phishing Scheme

The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global p

Cybersecurity

Ransomware Negotiator Admits to Leading BlackCat Attacks

41-year-old Angelo Martino, a former employee of cybersecurity incident response company DigitalMint, has pleaded guilty to targeting U.S. companies in BlackCat

Cybersecurity

AI Model Finds Zero-Days Across All Major Operating Systems

Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and b

Cybersecurity

6,400 Apache ActiveMQ Servers Under Active Attack

Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-se

Cybersecurity

Congressional Pressure Mounts as CISA Grapples with Major Data Leak

Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity report

Cybersecurity

OpenAI Revokes macOS Certificate Following Axios Supply Chain Issue

OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user dat

Cybersecurity

NGate Android Malware Targets NFC Payments via HandyPay

A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile pa

Cybersecurity

North Korean Hackers Target Users Via Facebook Befriending Scam

The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat act

Cybersecurity

North Korean Hackers Blamed for $290M KelpDAO Crypto Heist

State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday. [...]

Cybersecurity

CPUID Site Compromised to Distribute STX RAT Malware

Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and P

Cybersecurity

Apple's Chinese App Store Hit by Crypto-Stealing Wallet Scams

A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phras

Cybersecurity

Botmaster Behind Kimwolf IoT Botnet Arrested

Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet t

Cybersecurity

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild. The vulner

Cybersecurity

Gentlemen Ransomware Gang Deploys SystemBC Botnet in Corporate Attacks

A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen rans

Cybersecurity

Third-Party Vendors: Your Organization's Hidden Security Risk

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their

Cybersecurity

Seiko USA Website Defaced in Data Theft Attack

The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to lea

Cybersecurity

WhatsApp Warns 200 Users of Fake iOS App Spyware

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with&nb

Cybersecurity

Microsoft Teams Targeted in Enterprise Helpdesk Impersonation Attacks

Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movemen

Cybersecurity

Critical Vulnerabilities Expose Popular Software to Active Attacks

This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t ev

Cybersecurity

Backups Alone Won't Save Your Business From Downtime

Backups protect data, but don't keep your business running during downtime. Datto shows why BCDR is essential to keep operations running during ransomware and o

Cybersecurity

Identity Gaps Pose Growing Enterprise Risk as AI Threats Escalate

In the rapid evolution of the 2026 threat landscape, a frustrating paradox has emerged for CISOs and security leaders: Identity programs are matu

Cybersecurity

British Scattered Spider Leader Pleads Guilty to Crypto Theft

A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and agg

Cybersecurity

North Korean Hackers Behind Axios npm Package Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orch

Cybersecurity

Microsoft Accelerates File Explorer with Speed Enhancements

Microsoft is rolling out multiple File Explorer changes to Windows 11 users in the Insider program, including improvements to launch speed and performance. [...

Cybersecurity

New LucidRook Malware Targets Taiwan NGOs

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organization

Cybersecurity

Microsoft Deploys Emergency Fixes for Windows Server Glitches

Microsoft has released out-of-band (OOB) updates to fix issues affecting Windows Server systems after installing the April 2026 security updates. [...]

Cybersecurity

Security Threats Escalate: Pre-Auth Chains and Android Rootkits

The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the internet right now. No corporate fluff or boring lectures her

Cybersecurity

Microsoft Rolls Back Teams Update After Launch Issues

Microsoft has reverted a recent service update that was preventing some customers from launching the Microsoft Teams desktop client. [...]

Cybersecurity

Security Threats Surge: Legacy Flaws Meet Modern Attack Methods

Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got some range — old vulnerabilitie

Cybersecurity

Vercel Confirms Security Breach, Hackers Claim Data Sale

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen d

Cybersecurity

Open Source Security Report Reveals Enterprise Consumption Trends

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open

Cybersecurity

NIST Stops Rating Low-Priority Vulnerabilities Amid Rising Submissions

The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising