Microsoft Pays $2.3M for Cloud and AI Flaws at Zero Day Quest
Microsoft awarded $2.3 million to security researchers after the 2026 Zero Day Quest, recognizing over 80 high‑impact cloud and AI flaws uncovered during the live event. The contest attracted nearly 700 submissions from participants in more than 20 countries, building on a $5 million prize pool that makes it the largest hacking event in history. The effort is part of Microsoft’s Secure Future Initiative, launched to address a DHS‑cited security‑culture shortfall. Earlier, Microsoft paid a record $17 million to 344 researchers for vulnerabilities discovered between July 2024 and June 2025.
CISA Flags Windows Task Host Vulnerability as Exploited in Attacks
CISA has placed the Windows Task Host privilege‑escalation flaw (CVE‑2025‑60710) on its catalog of actively exploited vulnerabilities, urging federal agencies to apply Microsoft’s November 2025 patch within two weeks. The defect allows a low‑complexity local attack to elevate a standard user...
Microsoft Adds Windows Protections for Malicious Remote Desktop Files
Microsoft rolled out new Windows defenses against RDP‑phishing attacks in the April 2026 cumulative updates for Windows 10 (KB5082200) and Windows 11 (KB5083769, KB5082052). The changes introduce a one‑time educational prompt and a persistent security dialog that disables all resource redirections by default....
Microsoft Releases Windows 10 KB5082200 Extended Security Update
Microsoft released the Windows 10 KB5082200 extended security update, addressing the April 2026 Patch Tuesday fixes. The update patches 167 vulnerabilities, including two zero‑day flaws, and upgrades Windows 10 to build 19045.7184 (Enterprise LTSC 2021 to 19044.7184). It adds RDP file phishing protections, Secure Boot status...
McGraw-Hill Confirms Data Breach Following Extortion Threat
McGraw‑Hill disclosed that hackers leveraged a misconfigured Salesforce page to view a limited set of internal data. The company emphasized that the breach did not compromise its Salesforce accounts, customer databases, courseware, or any sensitive student information. Extortion group ShinyHunters...
Fake Ledger Live App on Apple’s App Store Stole $9.5M in Crypto
A counterfeit Ledger Live macOS app posted on Apple’s App Store siphoned roughly $9.5 million in cryptocurrency from about 50 users within days. Victims entered seed phrases, giving attackers control over wallets across Bitcoin, Ethereum, Tron, Solana and Ripple. The stolen...
5 Ways Zero Trust Maximizes Identity Security
Stolen credentials accounted for 22% of known initial access attempts in 2025, making them the top entry vector for attackers. Zero Trust promises to curb this risk, but only when identity is the core focus rather than a collection of...
The Silent “Storm”: New Infostealer Hijacks Sessions, Decrypts Server-Side
Storm, a new infostealer surfacing in early 2026, offloads encrypted browser data to attackers’ servers for decryption, eliminating the local decryption step that endpoint tools traditionally flag. By handling Chromium‑ and Gecko‑based browsers server‑side, it automates session‑cookie restoration using Google...
Over 20,000 Crypto Fraud Victims Identified in International Crackdown
Operation Atlantic, a joint effort by the U.K. National Crime Agency, U.S. Secret Service, Ontario police and private partners, identified more than 20,000 cryptocurrency‑fraud victims across Canada, the United Kingdom and the United States. Investigators froze over $12 million in suspected...
Analysis of One Billion CISA KEV Remediation Records Exposes Limits of Human-Scale Security
Qualys analyzed over one billion CISA KEV remediation records from 10,000 organizations, revealing that critical vulnerabilities remain open longer despite a 6.5‑fold increase in ticket closures. The share of critical flaws still unpatched after seven days climbed from 56% to...
New VENOM Phishing Attacks Steal Senior Executives' Microsoft Logins
Cybersecurity firm Abnormal has uncovered a new phishing‑as‑a‑service platform dubbed VENOM that specifically targets senior executives’ Microsoft accounts. The campaign, active since November, delivers highly personalized SharePoint‑style emails containing QR codes and double‑Base64‑encoded email fragments to evade detection. VENOM employs...
Google Chrome Adds Infostealer Protection Against Session Cookie Theft
Google Chrome 146 introduces Device Bound Session Credentials (DBSC) for Windows, a hardware‑linked protection that stops infostealer malware from abusing harvested session cookies. The feature cryptographically binds each session to the device’s TPM, making stolen cookies unusable without the private...
Smart Slider Updates Hijacked to Push Malicious WordPress, Joomla Versions
Security researchers discovered that the update mechanism for the Smart Slider 3 Pro plugin was hijacked, delivering a malicious version (3.5.1.35) for WordPress and Joomla on April 7. The compromised code embeds multiple backdoors, creates hidden administrator accounts, and injects persistent...
Hackers Use Pixel-Large SVG Trick to Hide Credit Card Stealer
Security firm Sansec uncovered a large‑scale campaign that injects a 1×1‑pixel SVG into Magento stores to deliver a credit‑card skimmer. The malicious SVG uses an onload handler with a base64‑encoded payload, bypassing traditional script‑based scanners. The attack exploits the PolyShell...
New macOS Stealer Campaign Uses Script Editor in ClickFix Attack
Security researchers have identified a new macOS stealer campaign that leverages the built‑in Script Editor to deliver the Atomic Stealer (AMOS) malware. The attack uses an “applescript://” URL from fake Apple‑themed cleanup sites, launching a pre‑filled script that runs an...
CISA Orders Feds to Patch Exploited Ivanti EPMM Flaw by Sunday
CISA has placed Ivanti Endpoint Manager Mobile (EPMM) in its Known Exploited Vulnerabilities catalog and issued a Binding Operational Directive requiring federal agencies to patch the critical CVE‑2026‑1340 flaw by April 11. The code‑injection bug enables unauthenticated remote code execution on...
Is a $30,000 GPU Good at Password Cracking?
The article tests whether a $30,000 AI‑grade GPU can outpace a high‑end consumer card in password cracking. Using Hashcat, Specops benchmarked Nvidia's H200, AMD's MI300X, and the RTX 5090 across MD5, NTLM, bcrypt, SHA‑256 and SHA‑512 hashes. The RTX 5090 consistently delivered...
Hackers Exploit Critical Flaw in Ninja Forms WordPress Plugin
A critical vulnerability (CVE‑2026‑0740) in Ninja Forms' File Upload add‑on lets unauthenticated attackers upload arbitrary files, potentially leading to remote code execution. Wordfence blocked over 3,600 exploitation attempts in a single day, confirming active abuse. The flaw affects versions up...
Snowflake Customers Hit in Data Theft Attacks After SaaS Integrator Breach
A breach at AI‑analytics firm Anodot exposed authentication tokens used by a SaaS integration platform, leading to data‑theft attacks on over a dozen companies. Snowflake reported unusual activity in a small number of customer accounts, promptly locked them down, and...
Max Severity Flowise RCE Vulnerability Now Exploited in Attacks
A critical remote code execution flaw, CVE‑2025‑59528, has been confirmed in Flowise, the open‑source low‑code platform for building LLM‑driven applications. The vulnerability allows attackers to inject arbitrary JavaScript through the CustomMCP node, leading to full command execution and file‑system access....
Authorities Disrupt Router DNS Hijacks Used to Steal Microsoft 365 Logins
Law enforcement and private‑sector partners have dismantled the FrostArmada operation, an APT28‑run campaign that hijacked DNS settings on MikroTik and TP‑Link routers to intercept Microsoft 365 credentials. At its peak in December 2025, the malware infected roughly 18,000 devices across...
Disgruntled Researcher Leaks “BlueHammer” Windows Zero-Day Exploit
A security researcher known as Chaotic Eclipse publicly released exploit code for a previously private Windows privilege‑escalation vulnerability dubbed BlueHammer. The flaw, a local privilege escalation combining a TOCTOU and path‑confusion bug, allows a local attacker to obtain SYSTEM or...
LinkedIn Secretly Scans for 6,000+ Chrome Extensions, Collects Data
LinkedIn has embedded a hidden JavaScript file that scans visitors' browsers for more than 6,200 Chrome extensions and collects detailed device information. The script, confirmed by BleepingComputer, checks extension IDs to identify installed add‑ons, including rivals such as Apollo, Lusha,...
Die Linke German Political Party Confirms Data Stolen by Qilin Ransomware
The Qilin ransomware group infiltrated Die Linke, Germany’s left‑wing parliamentary party, and stole internal data, though the membership database remained untouched. The attackers threatened to publish sensitive communications and employee information, prompting the party to report the incident to authorities. Die Linke...
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
Ransomware attacks surged 49% in 2025, affecting healthcare, finance and manufacturing, with incidents like the University of Mississippi Medical Center shutdown forcing chemotherapy cancellations. Threat actors have evolved from simple encryption to double and triple extortion, stealing data before encrypting...
Microsoft Still Working to Fix Exchange Online Mailbox Access Issues
Microsoft is still investigating intermittent Exchange Online mailbox access problems that affect Outlook mobile and the new Outlook for Mac client. The issue, first reported on March 11 and briefly marked resolved on April 1, resurfaced under a new incident tag. Microsoft...
Residential Proxies Evaded IP Reputation Checks in 78% of 4B Sessions
GreyNoise analyzed 4 billion malicious sessions and found residential proxies evaded IP reputation checks in 78% of cases. Roughly 39% of the traffic originated from home networks, yet most proxies disappear within a month, preventing reputation feeds from cataloguing them. The...
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
Threat actors are turning vacant rental homes into anonymous mail drop points, then exploiting USPS services like Informed Delivery and change‑of‑address forwarding to intercept sensitive correspondence. The workflow combines open‑source intelligence, weak identity verification, and fake identities to create persistent...
New Progress ShareFile Flaws Can Be Chained in Pre-Auth RCE Attacks
Researchers at watchTowr identified two critical flaws—CVE‑2026‑2699 and CVE‑2026‑2701—in Progress ShareFile’s Storage Zones Controller (SZC). The authentication bypass (CVE‑2026‑2699) lets attackers reach the admin interface, while the remote code execution bug (CVE‑2026‑2701) enables malicious ASPX webshell deployment. Chaining the vulnerabilities...
Critical Cisco IMC Auth Bypass Gives Attackers Admin Access
Cisco disclosed a critical authentication bypass (CVE‑2026‑20093) in its Integrated Management Controller (IMC) that lets unauthenticated attackers obtain admin privileges on UCS C‑Series and E‑Series servers. The flaw resides in the password‑change function and can be triggered with a crafted...
FBI Warns Against Using Chinese Mobile Apps Due to Privacy Risks
The FBI issued a public service announcement warning Americans that many popular mobile apps developed in China pose significant privacy and data‑security risks. The advisory highlights that these apps can collect extensive personal information, store it on servers in China,...
Hacker Charged with Stealing $53 Million From Uranium Crypto Exchange
U.S. prosecutors have charged Maryland resident Jonathan Spalletta with stealing more than $53 million from the decentralized Uranium Finance exchange through two separate smart‑contract exploits in April 2021. The attacks drained liquidity pools, forced the platform to shut down, and the...
New RoadK1ll WebSocket Implant Used to Pivot on Breached Networks
Security firm Blackpoint uncovered a new Node.js WebSocket implant called RoadK1ll, which enables attackers to pivot from a compromised host to internal systems via outbound tunnels. The lightweight reverse‑tunneling tool establishes a persistent WebSocket connection to attacker infrastructure, allowing multiple...
Apple Adds macOS Terminal Warning to Block ClickFix Attacks
Apple’s macOS Tahoe 26.4 introduces a built‑in warning that intercepts potentially malicious commands pasted into Terminal. The feature specifically targets ClickFix attacks, where scammers trick users into executing harmful code under the guise of a fix. When a risky paste is...
Critical Fortinet Forticlient EMS Flaw Now Exploited in Attacks
Threat‑intelligence firm Defused reports active exploitation of Fortinet’s FortiClient EMS vulnerability CVE‑2026‑21643. The SQL‑injection flaw lets unauthenticated attackers execute arbitrary code via crafted HTTP requests to the EMS web GUI. Shodan and Shadowserver data show roughly 1,000‑2,000 publicly exposed instances,...
File Read Flaw in Smart Slider Plugin Impacts 500K WordPress Sites
A file‑read flaw (CVE‑2026‑3098) in the Smart Slider 3 WordPress plugin allows any authenticated user, even a subscriber, to export arbitrary server files. The vulnerability stems from missing capability checks in the plugin’s AJAX export function, enabling access to sensitive files...
New Infinity Stealer Malware Grabs macOS Data via ClickFix Lures
Infinity Stealer, a new macOS infostealer, uses a Python payload compiled with the open‑source Nuitka compiler to produce a native binary that evades static analysis. The malware is delivered via a ClickFix lure that mimics Cloudflare’s CAPTCHA, prompting users to...
Agentic GRC: Teams Get the Tech. The Mindset Shift Is What's Missing.
Enterprise GRC teams recognize agentic AI’s potential to replace manual compliance workflows, yet many hesitate to adopt. The reluctance stems not from budget constraints but from an identity crisis as operational tasks that defined their roles are automated. Anecdotes’ platform...
European Commission Investigating Breach After Amazon Cloud Account Hack
The European Commission has opened an investigation after a threat actor gained access to at least one of its Amazon Web Services (AWS) accounts and allegedly exfiltrated more than 350 GB of employee data. AWS clarified that its infrastructure was not...
Windows 11 KB5079391 Update Rolls Out Smart App Control Improvements
Microsoft rolled out the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2 in March 2026. The optional, non‑security update adds 29 changes, most notably a toggle for Smart App Control that no longer requires a clean OS install. It also...
Dutch Police Discloses Security Breach After Phishing Attack
The Dutch National Police disclosed a recent phishing attack that was quickly detected and contained by its Security Operations Center, preventing any citizen data exposure. The breach’s impact remains limited, though investigators are still assessing the scope and whether any...
Ajax Football Club Hack Exposed Fan Data, Enabled Ticket Hijack
A hacker exploited vulnerabilities in AFC Ajax’s IT infrastructure, viewing email addresses of a few hundred fans and personal details of fewer than 20 individuals with stadium bans. The breach also allowed the manipulation of up to 42,000 season tickets,...
TikTok for Business Accounts Targeted in New Phishing Campaign
A new phishing campaign is specifically targeting TikTok for Business accounts, luring users with fake “Schedule a Call” pages that mimic TikTok and Google Careers interfaces. The malicious sites are hosted on a shared Google Storage bucket and use Cloudflare...
GitHub Adds AI-Powered Bug Detection to Expand Security Coverage
GitHub announced an AI‑powered scanning layer for its Code Security suite, complementing the existing CodeQL static analysis. The hybrid approach expands vulnerability detection to languages and frameworks such as Bash, Dockerfiles, Terraform, and PHP, while CodeQL continues deep semantic analysis...
Bubble AI App Builder Abused to Steal Microsoft Account Credentials
Threat actors are exploiting Bubble, an AI‑powered no‑code app builder, to host malicious web apps that impersonate Microsoft login pages. By serving phishing pages from the trusted *.bubble.io domain, email security solutions fail to flag the links, allowing credentials to...
New Torg Grabber Infostealer Malware Targets 728 Crypto Wallets
Researchers at Gen Digital have uncovered Torg Grabber, a rapidly evolving infostealer that has harvested data from 850 browser extensions, including 728 cryptocurrency wallets, between December 2025 and February 2026. The malware gains initial access via the ClickFix clipboard‑hijacking technique, then executes...
Paid AI Accounts Are Now a Hot Underground Commodity
Cybercriminals are building a thriving underground market for premium AI platform access, reselling accounts for tools like ChatGPT, Claude, and Microsoft Copilot. Flare’s analysis of fraud‑oriented forums shows recurring listings that bundle subscriptions, claim reduced restrictions, and target buyers seeking...
Kali Linux 2026.1 Released with 8 New Tools, New BackTrack Mode
Kali Linux 2026.1 launched with eight new security tools, a kernel upgrade to Linux 6.18, and a refreshed visual theme. The release adds 25 new packages, updates 183 existing ones, and introduces a BackTrack mode that disguises the desktop as...
TP-Link Warns Users to Patch Critical Router Auth Bypass Flaw
TP‑Link released firmware updates fixing multiple critical flaws in its Archer NX series, including CVE‑2025‑15517, an authentication bypass that lets unauthenticated attackers upload firmware. The patch also removes a hard‑coded cryptographic key (CVE‑2025‑15605) and resolves two admin‑level command‑injection bugs (CVE‑2025‑15518, CVE‑2025‑15519)....
PTC Warns of Imminent Threat From Critical Windchill, FlexPLM RCE Bug
PTC has disclosed a critical remote‑code‑execution vulnerability (CVE‑2026‑4681) affecting its Windchill and FlexPLM product‑lifecycle‑management platforms. The flaw stems from unsafe deserialization of trusted data and impacts all supported versions, including every critical patch set. German federal police (BKA) have sent...