1. Instructure confirmed a data breach involving its Canvas platform with the ShinyHunters extortion gang claiming responsibility for the attack (bleepingcomputer.com). 2. An IBM subsidiary responsible for managing Italian public administration infrastructure suffered a breach where attackers maintained access for two weeks (reddit.com). 3. A critical cPanel vulnerability is being mass exploited in ongoing Sorry ransomware attacks (reddit.com). 4. A global law enforcement operation involving…
Posts tagged as “phishing”
1. Trellix confirmed a security breach involving unauthorized access to a portion of its internal source code repository (thehackernews.com). 2. A Vietnamese-linked operation named AccountDumpling compromised 30,000 Facebook accounts using Google AppSheet as a phishing relay (thehackernews.com). 3. China-linked threat group SHADOW-EARTH-053 is conducting an espionage campaign targeting government and defense sectors across Asia and a NATO member state (thehackernews.com). 4. Cybercrime groups Cordial Spider…
1. Microsoft confirmed active exploitation of the Windows Shell spoofing vulnerability CVE 2026 32202 (The Hacker News). 2. A Chinese national linked to the Silk Typhoon threat group was extradited to the United States for cyberattacks against government agencies (The Hacker News). 3. French authorities arrested a 21 year old hacker known as HexDex for approximately 100 data breaches including the French Ministry of National…
1. Ukraine: Russian drones struck Kyiv on April 28, with air defenses engaging Shahed UAVs over the capital and at least one high-rise building hit. Source: UkraineNow. 2. Ukraine: The General Staff confirmed a third major drone strike this month on the Tuapse oil refinery in Russia, causing massive fires and explosions at storage tanks. Source: ClashReport. 3. Ukraine: President Zelenskyy announced sanctions against entities…
1. CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog affecting SimpleHelp, Samsung MagicINFO 9 Server, and D-Link DIR-823X routers (The Hacker News). 2. Home security company ADT confirmed a data breach following extortion threats from the ShinyHunters group (BleepingComputer). 3. The Lazarus APT group is conducting a new campaign using the Mach-O Man malware kit to target businesses on macOS (Reddit).…
1. Cloud development platform Vercel confirmed a security breach involving unauthorized access to internal systems following the compromise of a third party AI tool used by an employee (The Hacker News). 2. Threat actors are actively exploiting a 17 year old Microsoft Excel vulnerability which has been flagged by the US cyber defense agency (Reddit). 3. Researchers identified a new malware strain named ZionSiphon targeting…
1. A critical authentication bypass vulnerability in Nginx UI with Model Context Protocol support is currently being exploited in the wild for full server takeover. (https://www.bleepingcomputer.com/news/security/critical-nginx-ui-auth-bypass-flaw-now-actively-exploited-in-the-wild/) 2. A new zero day vulnerability in Microsoft SharePoint has been identified as actively exploited and is subject to a CISA remediation deadline. (https://www.reddit.com/r/cybersecurity/comments/1smf2gz/new_microsoft_sharepoint_zeroday_cve_april_15/) 3. CISA has issued a warning regarding the active exploitation of a Windows Task Host…
1. Threat actors have been actively exploiting a zero-day vulnerability in Adobe Reader via malicious PDF files since December 2025 (thehackernews.com). 2. The update system for the Smart Slider 3 Pro plugin was hijacked to distribute a backdoored version to WordPress and Joomla users (bleepingcomputer.com). 3. A new Lua-based malware strain named LucidRook is being deployed in spear-phishing campaigns targeting NGOs and universities in Taiwan…
1. Fortinet released an emergency patch for a critical vulnerability in FortiClient EMS that is currently being exploited in the wild (BleepingComputer). 2. German authorities identified a 31 year old Russian national as the leader of the REvil and GandCrab ransomware gangs responsible for over 130 attacks (The Hacker News). 3. A six month social engineering campaign by DPRK threat actors resulted in the theft…
1. The TeamPCP hacking group is responsible for a major data breach at the European Commission and is conducting ongoing supply chain attacks (The Record). 2. North Korean threat actor UNC1069 compromised the Axios npm package through a highly targeted social engineering campaign against the maintainer (The Hacker News). 3. The Qilin ransomware group claimed responsibility for a data theft attack against the German political…