1. Cloud development platform Vercel confirmed a security breach involving unauthorized access to internal systems following the compromise of a third party AI tool used by an employee (The Hacker News). 2. Threat actors are actively exploiting a 17 year old Microsoft Excel vulnerability which has been flagged by the US cyber defense agency (Reddit). 3. Researchers identified a new malware strain named ZionSiphon targeting…
Posts published in “CyberSec report”
1. Three Microsoft Defender zero day vulnerabilities codenamed BlueHammer RedSun and UnDefend are being actively exploited in the wild to gain elevated privileges (The Hacker News). 2. The Payouts King ransomware group is utilizing QEMU virtual machines as a reverse SSH backdoor to evade detection by endpoint security solutions (BleepingComputer). 3. The Grinex cryptocurrency exchange has suspended operations following a 13.7 million dollar hack that…
1. A critical authentication bypass vulnerability in Nginx UI with Model Context Protocol support is currently being exploited in the wild for full server takeover. (https://www.bleepingcomputer.com/news/security/critical-nginx-ui-auth-bypass-flaw-now-actively-exploited-in-the-wild/) 2. A new zero day vulnerability in Microsoft SharePoint has been identified as actively exploited and is subject to a CISA remediation deadline. (https://www.reddit.com/r/cybersecurity/comments/1smf2gz/new_microsoft_sharepoint_zeroday_cve_april_15/) 3. CISA has issued a warning regarding the active exploitation of a Windows Task Host…
1. A cluster of 108 malicious Google Chrome extensions was identified stealing user data and Telegram information from approximately 20000 users (thehackernews.com). 2. The critical ShowDoc remote code execution vulnerability CVE-2025-0520 is currently being actively exploited in the wild (thehackernews.com). 3. CISA added six vulnerabilities to its Known Exploited Vulnerabilities catalog including a critical SQL injection flaw in Fortinet FortiClient EMS tracked as CVE-2026-21643 (thehackernews.com).…
1. Adobe released an emergency patch for CVE-2026-34621, a critical vulnerability in Acrobat Reader currently under active exploitation in the wild (The Hacker News). 2. Threat actors compromised the CPUID website to distribute trojanized versions of CPU-Z and HWMonitor, which deployed the STX RAT to unsuspecting users (The Hacker News). 3. ShinyHunters claimed a data breach affecting Rockstar Games, allegedly facilitated through a Snowflake integration…
1. Threat actors have been actively exploiting a zero-day vulnerability in Adobe Reader via malicious PDF files since December 2025 (thehackernews.com). 2. The update system for the Smart Slider 3 Pro plugin was hijacked to distribute a backdoored version to WordPress and Joomla users (bleepingcomputer.com). 3. A new Lua-based malware strain named LucidRook is being deployed in spear-phishing campaigns targeting NGOs and universities in Taiwan…
1. A remote unauthenticated RCE to root chain vulnerability has been identified in CUPS (https://www.reddit.com/r/netsec/comments/1sflk3t/spooler_alert_remote_unauthd_rcetoroot_chain_in/). 2. A path traversal vulnerability in an MCP server allows AI agents to access sensitive SSH keys (https://www.reddit.com/r/netsec/comments/1sfhmaa/we_found_a_path_traversal_in_an_mcp_server_with/). 3. A self propagating credential worm has compromised npm packages under the fairwords scope to steal tokens and infect PyPI packages (https://www.reddit.com/r/Malware/comments/1sfjg9f/fairwords_npm_packages_compromised_by_a/). 4. Authorities have disrupted a campaign involving router DNS hijacks…
1. Fortinet released an emergency patch for a critical vulnerability in FortiClient EMS that is currently being exploited in the wild (BleepingComputer). 2. German authorities identified a 31 year old Russian national as the leader of the REvil and GandCrab ransomware gangs responsible for over 130 attacks (The Hacker News). 3. A six month social engineering campaign by DPRK threat actors resulted in the theft…
1. The TeamPCP hacking group is responsible for a major data breach at the European Commission and is conducting ongoing supply chain attacks (The Record). 2. North Korean threat actor UNC1069 compromised the Axios npm package through a highly targeted social engineering campaign against the maintainer (The Hacker News). 3. The Qilin ransomware group claimed responsibility for a data theft attack against the German political…
1. ShinyHunters compromised Cisco source code and AWS keys by exploiting a supply chain vulnerability in Trivy. The breach resulted in the unauthorized cloning of over 300 repositories (https://www.reddit.com/r/netsec/comments/1sa8nld/cisco_source_code_stolen_by_shinyhunters_via/). 2. Google released a patch for a high severity Chrome zero day vulnerability identified as CVE 2026 5281 which is currently under active exploitation (https://thehackernews.com/2026/04/new-chrome-zero-day-cve-2026-5281-under.html). 3. Apple expanded the availability of iOS 18.7.7 and iPadOS 18.7.7…