1. Threat actors have been actively exploiting a zero-day vulnerability in Adobe Reader via malicious PDF files since December 2025 (thehackernews.com).
2. The update system for the Smart Slider 3 Pro plugin was hijacked to distribute a backdoored version to WordPress and Joomla users (bleepingcomputer.com).
3. A new Lua-based malware strain named LucidRook is being deployed in spear-phishing campaigns targeting NGOs and universities in Taiwan (bleepingcomputer.com).
4. Dutch healthcare software provider ChipSoft confirmed it was hit by a ransomware attack that forced the company to take its digital services offline (bleepingcomputer.com).
5. A new phishing-as-a-service platform called VENOM is being used to target the Microsoft credentials of senior executives across multiple industries (bleepingcomputer.com).
6. Eurail disclosed a data breach from December 2025 that resulted in the theft of personal information belonging to 300,000 individuals (bleepingcomputer.com).
7. Google released Device Bound Session Credentials in Chrome 146 for Windows to prevent info-stealing malware from hijacking session cookies (thehackernews.com).
8. A vulnerability in the EngageLab SDK was found to expose 50 million Android users, including 30 million cryptocurrency wallet holders (thehackernews.com).
9. A hack-for-hire campaign linked to the Bitter threat actor has been targeting journalists and government officials across the Middle East and North Africa (thehackernews.com).
10. Hackers successfully stole and leaked sensitive documents belonging to the Los Angeles Police Department (reddit.com).
11. Reports indicate that Iranian cyber operations in the Gulf region have shifted from simple disruptive tactics to more complex and sophisticated threats (reddit.com).
12. Security researchers identified a remote code execution vulnerability within the Slippi spectator software (reddit.com).
Be First to Comment