WolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now
Security researcher Nicholas Carlini disclosed CVE‑2026‑5194, a critical flaw in the wolfSSL encryption library that impacts roughly 5 billion devices, including routers, IoT gadgets, and military systems. The vulnerability bypasses certificate digest size verification, allowing attackers to forge digital IDs across multiple signature algorithms. WolfSSL issued a patch in version 5.9.1 on April 8 2026, tightening hash checks, but many older devices may never receive updates. Experts warn the issue creates a broad supply‑chain risk for organizations with unmonitored legacy hardware.
Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses
InfoGuard discovered a new Python‑based backdoor called ViperTunnel operating in UK and US enterprises. The malware disguises itself as a system DLL and leverages the sitecustomize.py module to execute code automatically, establishing a SOCKS5 proxy on port 443. Developed by the...
BITTER APT Uses Signal, Google, and Zoom Lures to Spread ProSpy Spyware
Researchers from Access Now and Lookout have uncovered a BITTER APT campaign that uses spear‑phishing lures on Signal, Google, Zoom and other platforms to deliver the ProSpy Android spyware. The operation, active since at least 2022, targets journalists and opposition...
OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures
The Open Source Security Foundation (OpenSSF) has issued an advisory about a new Slack‑based phishing campaign that pretends to be Linux Foundation leaders. The attackers promote a bogus AI tool, directing developers to a counterfeit Google Workspace page that installs...
Alleged German DDoS-for-Hire Kingpin Behind Fluxstress Caught in Thailand
German national Noah Christopher, alleged operator of the Fluxstress and Neldowner DDoS‑for‑Hire services, was arrested in Bangkok last week. The 27‑year‑old had been evading capture by moving between Dubai, China and Thailand after a multi‑year probe by German and EU...
Hacker Used Claude Code, GPT-4.1 to Exfiltrate Hundreds of Millions of Mexican Records
A hacker exploited Anthropic's Claude Code and OpenAI's GPT‑4.1 to breach nine Mexican government agencies between December 2025 and February 2026. The AI‑driven attack executed 5,317 commands from 1,088 prompts, allowing the thief to exfiltrate hundreds of millions of taxpayer, civil and...
FBI Atlanta and Indonesian National Police Take Down W3LLSTORE Phishing Marketplace
The FBI Atlanta Field Office and Indonesia's National Police dismantled the W3LLSTORE phishing marketplace, a global operation linked to more than $20 million in attempted fraud. The takedown included domain seizures and the detention of a suspected developer, identified only as...
ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot
ShinyHunters claims to have breached Rockstar Games' Snowflake data warehouse by exploiting compromised Anodot authentication tokens. The group posted a deadline of April 14, demanding payment to avoid public exposure of the data. Anodot recently disclosed a breach that exposed tokens,...
Android Banking Trojan Linked to Cambodia Scam Compounds Hits 21 Countries
Infoblox Threat Intel, in partnership with Vietnamese NGO Chong Lua Dao, confirmed the first direct link between a Cambodian forced‑labour scam compound and an Android banking trojan operating in 21 countries. Trafficked workers at the K99 Triumph City facility in...
GraphAlgo Scam: Lazarus Hackers Register Real US LLCs to Spread Malware
Cybersecurity firm ReversingLabs uncovered that North Korea‑linked Lazarus Group launched the GraphAlgo campaign by registering a bona‑fide Florida LLC, Blocmerce, to lend credibility to fake job offers targeting blockchain developers. The group now embeds malicious Remote Access Trojans in GitHub...
UNC6783 Hackers Use Fake Okta Pages in Corporate Breach Campaign
Google Threat Intelligence Group has identified a new threat actor, UNC6783, conducting data‑theft extortion campaigns by compromising Business Process Outsourcers. The group leverages live‑chat social engineering to deliver counterfeit Okta login pages, stealing clipboard credentials and enrolling malicious devices for...
Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks
LayerX researchers discovered that the CLAUDE.md configuration file can be weaponized to bypass Claude Code’s safety guardrails, enabling automated SQL‑injection attacks without any programming. By inserting just three lines of plain English, the AI assistant was convinced it had permission to...
New macOS Malware notnullOSX Targets Crypto Wallets Over $10K
A new macOS malware dubbed notnullOSX is targeting cryptocurrency wallets holding more than $10,000. The threat, linked to a hacker known as 0xFFF (now alh1mik), spreads via fake Google Docs warnings and a malicious Terminal command called ClickFix, then requests...
Operation Masquerade: FBI Disrupts Russian Router Hacking Campaign
The Department of Justice and FBI announced the takedown of a Russian GRU‑run cyber‑espionage operation, dubbed Operation Masquerade, that compromised thousands of home and small‑office routers, primarily TP‑Link devices, across 23 U.S. states and abroad. The attackers, identified as the APT28/Fancy Bear...
Hackers Pose as Non-Profit Developers to Deploy Monero Mining Malware
Since late 2023, the REF1695 hacker group has been embedding Monero‑mining malware in counterfeit software installers that masquerade as non‑profit projects. The scheme uses a fake ISO download, a persuasive ReadMe.txt, and instructions to bypass Windows SmartScreen, delivering a toolkit...
AI Agents and Non-Human Identities Creating Critical Security Gaps, Report
Keeper Security’s new report, presented at RSA 2026, reveals that companies are rapidly deploying AI agents and other non‑human identities (NHIs) without adequate security controls. Nearly half of surveyed firms give AI‑powered tools access to critical data, yet 76% lack...
Missile Alert Phishing Exploits Iran-US-Israel Conflict for Microsoft Logins
Researchers at Cofense uncovered a new phishing campaign that disguises itself as urgent missile‑alert emails tied to the Iran‑Israel conflict. The messages, sent from a spoofed Ministry of Interior address, contain QR codes that lead victims to a counterfeit Microsoft...
Cloudflare Targets WordPress With New AI-Powered EmDash CMS
Cloudflare has unveiled EmDash CMS, a server‑less, AI‑built content platform designed to rival WordPress, which powers over 40% of websites. EmDash isolates each plugin in a Dynamic Worker sandbox, limiting access to declared permissions and addressing the 96% plugin‑related security...
Why Security Researchers and Red Teams Are Turning to Workflow Automation
Security teams are increasingly adopting workflow automation to combat alert fatigue and accelerate investigations. Automated pipelines now enrich indicators of compromise, aggregate threat intelligence, and run continuous recon for red teams and bug bounty hunters. Open‑source, self‑hosted platforms such as...
Fake ChatGPT Ad Blocker Chrome Extension Caught Spying on Users
A counterfeit Chrome extension named “ChatGPT Ad Blocker” was discovered harvesting users' ChatGPT conversations under the guise of removing ads. DomainTools found the malicious add‑on on the Chrome Web Store in February 2026, where it cloned the page’s DOM, stripped...
AI Future: The Leading International AI and Web3 Forum to Take Place in April
AI Future, the flagship event of the global Blockchain Forum, will convene in Moscow on April 14‑15, drawing over 20,000 participants from 100 countries. The two‑day summit features 200 speakers and 250 sponsors, focusing on the intersection of artificial intelligence...
ShinyHunters Hackers Claim Theft of 3M+ Cisco Records, Threaten Public Leak
ShinyHunters, identified as UNC6040, issued a final warning to Cisco, demanding contact before April 3 2026 or face a public data leak. The group alleges it has exfiltrated more than three million Salesforce records, along with GitHub repositories, AWS storage buckets, and...
Storm Infostealer Sold as Service, Targets Browsers, Wallets and Accounts
Storm, a new infostealer discovered by Varonis Threat Labs in early 2026, can decrypt Chrome’s App‑Bound Encryption and harvest credentials, session cookies, crypto wallets, and messaging app accounts from Chrome, Edge, Firefox and other browsers. The malware is offered as...
Why GitHub Developers Are Targeted by Token Giveaway Scams
GitHub developers are increasingly targeted by sophisticated token giveaway scams that masquerade as legitimate project announcements. Attackers exploit developers' public activity, mimicking maintainers, using authentic branding, and leveraging technical language to appear credible. The scams rely on urgency, hidden malicious...
LinkedIn Phishing Scam Uses Fake Notifications to Hijack Accounts
A new phishing campaign is tricking LinkedIn users with counterfeit notification emails that appear to come from the platform. The emails, sent from a freshly registered khanieteam.com domain, direct victims to a look‑alike site (inedindigital) that harvests login credentials. Cofense's...
Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus
Researchers at Seqrite have identified a "dual‑use dilemma" where ransomware groups repurpose legitimate IT utilities such as IOBit Unlocker and Process Hacker to disable antivirus software. These signed tools allow attackers to create a silent zone, bypassing traditional signature‑based defenses...
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
Octagon Networks uncovered a critical ImageMagick zero‑day that enables remote code execution on major Linux distributions and WordPress sites. The flaw, dubbed a “magic byte shift,” lets attackers disguise malicious scripts as harmless images, bypassing file‑extension checks and even secure...
AI Agents Are Democratizing Finance but Also Redefining Risk
AI agents are now moving capital autonomously, turning complex arbitrage strategies into simple commands and democratizing access to sophisticated finance. Users have seen outsized returns, such as a $300 investment growing to over $2.3 million in four months, thanks to rapid,...
Kernel Observability for Data Movement
Modern security stacks rely on user‑space logs, leaving a blind spot at the operating system layer where data actually moves. Kernel‑mediated events—file reads, network writes, process creation—provide a complete, immutable record of every data flow, yet most tools never tap...
OpenAI Codex Vulnerability Allowed Attackers to Steal GitHub Tokens
BeyondTrust Phantom Labs uncovered a critical command‑injection flaw in OpenAI's Codex that leveraged hidden Unicode characters in GitHub branch names to steal OAuth tokens. The vulnerability affected the ChatGPT web interface, Codex SDK, and several developer extensions, exposing full repository...
Wave Browser Brings Gaming Tools and Ocean Cleanup Into the Same Tab
Wave Browser launches as a gaming‑focused web browser that bundles multitasking tools such as a sidebar, picture‑in‑picture streaming, and a Memory Saver mode to keep RAM usage low during heavy gaming sessions. The browser embeds utilities like ad blocking, translation,...
15-Year-Old strongSwan Flaw Lets Attackers Crash VPNs via Integer Underflow
A fifteen‑year‑old integer underflow bug (CVE‑2026‑25075) in strongSwan’s EAP‑TTLS plugin can crash VPN services by requesting an impossible 18 exabyte memory allocation. The flaw affects versions 4.5.0 through 6.0.4 and triggers a two‑phase “ghost” attack that only crashes the charon daemon...
Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M
Hackers on the dark‑web marketplace Threat Market claim to have obtained 375 TB of Lockheed Martin data and are offering it for a $600 million buy‑out. The alleged sale, posted via a Telegram account linked to the market and attributed to an APT...
ShinyHunters Walk Away From BreachForums, Leak 300,000-User Database
The ShinyHunters hacker collective announced it is abandoning BreachForums, labeling the platform a waste of time after an FBI seizure in October 2025. Simultaneously, the group released a fresh dump containing data on more than 300,000 BreachForums users, including full...
BianLian Ransomware Spreads via Fake Invoice SVG Images in New Attacks
WatchGuard researchers have uncovered a new BianLian ransomware campaign that distributes malicious SVG invoice images to companies in Venezuela. The SVG files hide XML code that silently contacts a shortened ja.cat URL, redirects through compromised Brazilian domains, and drops a...
Quish Splash QR Code Phishing Campaign Hits 1.6 Million Users
Researchers at 7AI uncovered the "Quish Splash" campaign, which dispatched over 1.6 million phishing emails in less than three weeks. The attackers embedded malicious URLs inside BMP‑format QR‑code images, a technique that slipped past Microsoft Defender and other email filters. By...
New PXA Stealer Malware Targets Banks, Uses Telegram to Exfiltrate Data
CyberProof reports a 8‑10% surge in PXA Stealer attacks on financial institutions during Q1 2026, positioning the malware as the successor to takedown‑prone infostealers like RedLine and Lumma. The campaign spreads through convincing phishing emails that mimic tax forms, legal notices, or...
Acalvio ShadowPlex Review: Deception-Based Preemptive Cybersecurity
Acalvio ShadowPlex is an AI‑powered, agentless deception platform that projects decoys, breadcrumbs, and honeytokens across endpoints, cloud, OT, and identity layers to detect attacker intent early. The solution feeds high‑confidence alerts into existing SOC workflows via integrations with SIEM, SOAR,...
Best Klaviyo Alternatives for Revenue Growth and Advanced Analytics
Klaviyo remains a leading CRM for e‑commerce, but its cost and complexity can deter startups. The article highlights three cost‑effective alternatives—Maestra, Brevo, and Omnisend—that deliver advanced analytics and multi‑channel performance tracking. Each platform offers customizable attribution, granular revenue dashboards, and...
Understanding Wiz’s Approach to Securing the AI Supply Chain
The AI supply chain’s layered, multi‑cloud nature creates visibility gaps and unique vulnerabilities that traditional software‑security tools can’t fully address. Wiz proposes an AI‑CNAPP framework that unifies asset discovery, cloud‑posture management, workload protection, and continuous risk assessment across the entire...
All AI and Security Teams Need Transparent Data Pipelines
Organizations that rely on opaque AI data sources expose themselves to integrity risks, compliance gaps, and trust deficits. Without auditable pipelines, security teams cannot verify data quality, leading to hallucinations and regulatory violations such as under the EU AI Act....
OVHcloud Founder Denies Massive 590TB Data Breach Claims
OVHcloud founder Octave Klaba denied a purported 590 TB data breach alleged by a user on BreachForums. The poster claimed to have exfiltrated data from 1.6 million OVH Fresh customers and up to 6 million active websites, yet only supplied a trivial email‑and‑phone sample....
Gcore Radar Report Reveals 150% Surge in DDoS Attacks Year-on-Year
Gcore’s Q3‑Q4 2025 Radar report shows a 150% year‑on‑year jump in DDoS incidents, with attack counts climbing to 1.3 million in Q4 2025. Peak traffic surged to 12 Tbps, a six‑fold rise over the previous year, while network‑layer attacks now represent 82% of all...
Playnance Introduces Participation-First Model for Social Gaming with New Protocol Launch
Playnance launched its Democratic Social Gaming Protocol, a participation‑first system that links player activity to economic outcomes via the GCOIN token. The blockchain‑backed architecture promises transparent, verifiable reward distribution, moving away from traditional profit‑centric models. Over one million users now...
North Korean Hacker Lands Remote IT Job, Caught After VPN Slip
A North Korean hacker answered a generic help‑wanted ad, passed standard background checks, and was hired for a remote IT role handling sensitive Salesforce data on August 15, 2025. Ten days later, a login from an unmanaged device in St. Louis,...
Global Crackdown Dismantles 4 Botnets Behind Major DDoS Attacks
International law enforcement agencies, led by the US DOJ and FBI, dismantled four major botnets—Aisuru, KimWolf, JackSkid and Mossad—that had compromised over three million IoT devices. At their peak, the networks could generate 30 terabits per second of traffic, powering some...
Hacker Group LAPSUS$ Claims Alleged AstraZeneca Data Breach
LAPSUS$ has posted a claim that it exfiltrated roughly 3 GB of AstraZeneca data, including source code, cloud‑infrastructure configurations, and employee‑related records. The group shared sample files that appear to contain authentic GitHub Enterprise user exports and contractor onboarding logs, suggesting...
CISO Whisperer Names 11 Vendors Leading the Shift From Tools to Outcomes at RSA Conference 2026
The CISO Whisperer has identified 11 cybersecurity vendors at RSA Conference 2026 that exemplify the industry’s move from reactive tools to outcome‑driven, AI‑powered operations. Companies such as Daylight Security, Reclaim Security and CyCognito showcase models that turn detection into automated...
SpyCloud’s 2026 Identity Exposure Report Reveals Explosion of Non-Human Identity Theft
SpyCloud’s 2026 Identity Exposure Report reveals a sharp rise in non‑human identity theft, with 18.1 million API keys and tokens and 6.2 million AI‑tool credentials exposed in 2025. Phishing records surged 400 % YoY, delivering 28.6 million compromised identities, while 8.6 billion session cookies were...
Fake Windsurf IDE Extension Uses Solana Blockchain to Steal Developer Data
Bitdefender uncovered a counterfeit Windsurf IDE extension that pretends to be the legitimate REditorSupport tool for the R language. The malicious plug‑in drops native node files and uses a PowerShell task named UpdateApp to maintain persistence. Uniquely, it communicates via...