Exposed Server Reveals AI-Assisted Credential Harvesting Factory
Security researchers uncovered an exposed server running the Bissa scanner, a criminal platform that leverages the critical React2Shell vulnerability (CVE‑2025‑55182) to automate mass exploitation. The operation combined AI coding assistants—Claude Code and OpenClaw—to debug, orchestrate, and refine a pipeline that scanned millions of targets, compromised over 900 servers, and harvested thousands of .env credentials. Victim data spanned AI‑provider keys, major cloud services, payment processors, and identity platforms, with the operator triaging high‑value targets in finance, crypto, and retail. Alerts were funneled through Telegram bots, giving the attacker real‑time visibility from a mobile device.
March 2026 Cyber Threat Landscape Fueled by Ransomware, Breaches, and Access Markets
In March 2026 the global cyber threat landscape intensified, with CRIL reporting 702 ransomware incidents—56% of which were driven by five prolific groups such as Qilin and Akira. The month also saw 20 access‑broker listings, a growing underground market that...
South Korea Expands AI Cybersecurity to Safeguard Cloud-Based Education Systems
South Korea’s Ministry of Education and KERIS are expanding an AI‑driven cybersecurity platform to protect private‑cloud environments used by schools and universities. The AI‑based Automated Cyber Intrusion Detection and Notification System recorded roughly 480 million threat indicators in 2025, confirming 86 000...
CISA Adds 8 Exploited Vulnerabilities Affecting Cisco, Zimbra, TeamCity
On April 21, 2026 the Cybersecurity and Infrastructure Security Agency expanded its Known Exploited Vulnerabilities (KEV) catalog with eight new flaws that are already being leveraged in active attacks. The list includes high‑severity issues such as an improper‑authentication bug in...
Personal Data Exposed on ANTS Portal, French Authorities Investigate
French authorities have confirmed a security incident on the ANTS.gouv.fr portal, detected on April 15, 2026, that exposed personal identifiers such as login IDs, names, email addresses, dates of birth and, in some cases, postal addresses and phone numbers. The...
Poste Italiane, Postepay Fined €12.5M for Unlawful User Data Processing
The Italian Data Protection Authority has imposed a combined fine of over €12.5 million (about $13.5 million) on Poste Italiane (€6.6 million) and its Postepay unit (€5.8 million) for unlawful processing of user data via mobile apps. Regulators found the apps collected extensive device‑level...
Indian Agency Arrests Key SIM Card Supplier of a Broader Cyber Fraud Network
India’s Central Bureau of Investigation (CBI) arrested a key conspirator in Guwahati who supplied roughly 10,000 fraudulently obtained SIM cards to cyber‑criminal networks, a major step in the ongoing Operation Chakra‑V. The suspect allegedly transferred about ₹67 lakh (≈ $80,000) through multiple...
UAE Cyber Security Council Warns 1 in 4 Public Files Contain Sensitive Personal Data
The UAE Cyber Security Council reports that 25% of publicly accessible files contain sensitive personal data, and up to 77% of privately shared files may be exposed due to weak controls. The advisory highlights a widening gap between rapid cloud...
Vercel Incident Linked to AI Tool Hack, Internal Access Gained
Vercel disclosed a security breach that stemmed from a compromised third‑party AI platform, Context.ai, which gave attackers access to an employee’s Google Workspace account and subsequently to internal systems. The intruders viewed non‑sensitive environment variables, while encrypted sensitive variables remained...
Cisco Patches Critical ISE Vulnerabilities Allowing Remote Code Execution Attacks
Cisco released emergency patches for its Identity Services Engine (ISE) and Webex Services after uncovering multiple critical vulnerabilities. Three ISE flaws (CVE‑2026‑20147, CVE‑2026‑20180, CVE‑2026‑20186) score 9.9 CVSS and enable remote code execution, privilege escalation, and potential denial‑of‑service. A separate Webex...
The Cyber Express Weekly Roundup: Crypto Breaches, State-Linked Schemes, and Platform Exploits
The Cyber Express weekly roundup highlighted a series of high‑profile cyber incidents. Grinex halted trading after a coordinated wallet breach that stole more than $15 million in USDT, while two U.S. citizens were sentenced for a North Korea‑linked scheme that generated...
Kuwait Banks Deploy Real-Time War Room to Fight Growing Cyber Fraud Threats
Kuwait’s banking sector has launched a virtual war room that connects banks, the Central Bank, the Ministry of Interior and the Public Prosecution in real time. The platform instantly flags suspicious transactions, halts fund movement and initiates legal action, shifting...
$15M Grinex Hack Forces Trading Halt After Major Crypto Wallet Breach
Kyrgyzstan‑based crypto exchange Grinex halted all trading after hackers breached its hot‑wallet infrastructure and stole roughly $15 million in USDT, equivalent to about 1 billion rubles. The attackers rapidly moved the stolen tokens across Ethereum and Tron, consolidating the proceeds into a...
Russian GRU Cyber Campaign Targets Western Logistics Firms Supporting Ukraine
A joint cybersecurity advisory has identified a sustained Russian GRU operation, attributed to Unit 26165 (APT28/Fancy Bear), that has been targeting Western logistics firms and technology providers supporting Ukraine since early 2022. The campaign leverages credential‑guessing, spear‑phishing, and weaponized CVEs such as...
“I’m Just Scared”: Teen Hacker Jailed After Massive U.S. School Data Breach
Teen hacker Matthew Lane, now 20, was sentenced to four years in federal prison for his central role in the PowerSchool data breach, one of the largest attacks on U.S. education. The breach exposed personal information for roughly 60 million students...
Targeted Cyberattack on Northern Ireland Schools Exposes Personal Data
A recent cyberattack on Northern Ireland's Education Authority was confirmed as a targeted breach affecting a small number of schools. Forensic analysis revealed that attackers accessed personal data, though no large‑scale exfiltration has been proven. Police Service of Northern Ireland...
MiningDropper Turns Android Apps Into Multi-Stage Malware Delivery Systems
Researchers at Cyble have identified a surge in Android malware campaigns leveraging a new modular framework called MiningDropper. The platform repurposes the open‑source Lumolight app as a trojanized entry point and uses layered XOR and AES encryption to deliver multi‑stage...
Ukraine Warns of Surge in Cyberattacks on Hospitals, Local Governments by UAC-0247 Hackers
Ukrainian cyber‑defense agency CERT‑UA reported a sharp increase in attacks by the UAC‑0247 threat cluster targeting hospitals, emergency services, and local government bodies between March and April 2026. The campaign uses phishing emails that pose as humanitarian aid offers, delivering...
Ivanti Neurons ITSM Vulnerabilities Could Allow Session Persistence
Ivanti disclosed two medium‑severity flaws—CVE-2026-4913 and CVE-2026-4914—in its Neurons for IT Service Management platform affecting versions up to 2025.3. The first vulnerability lets a remote authenticated user retain access after account deactivation, while the second is a stored XSS that...
Goldman Sachs ‘Hyperaware’ of AI Risks; Working with Anthropic on Mythos
Goldman Sachs warned that Anthropic’s new AI model, Mythos, can autonomously discover and exploit software vulnerabilities, raising serious cyber‑risk concerns for the financial sector. The bank’s CEO David Solomon said Goldman is "hyperaware" of these threats and is working with...
Hackers Exploit Kali Forms Vulnerability to Take Over WordPress Sites
A critical Remote Code Execution (RCE) flaw was discovered in the Kali Forms WordPress plugin, which powers over 10,000 active sites. The vulnerability, reported on March 2, 2026, was patched in version 2.4.10 on March 20, 2026, but attackers began exploiting it the same day,...
Dark Web Article Contest Offers $10,000 for Exploit Writing on TierOne Forum
A dark‑web forum called TierOne has launched a $10,000 article contest that rewards technical write‑ups on vulnerability exploitation. The prize pool is split into $5,000 for first place, $3,000 for second, and $2,000 for third, with submissions accepted from April 13...
Zimbabwe Boosts Cybersecurity as AI-Driven Cyber Fraud Surges
Zimbabwe is ramping up its cybersecurity defenses as AI‑driven fraud spikes, with deepfake voice cloning and automated phishing tools targeting mobile money users and public services. The government reports cyber‑related losses exceeding $30 million a year and a 40% rise in...
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe released emergency updates to fix a high‑impact Acrobat and Reader flaw identified as CVE‑2026‑34621. The vulnerability, rated 8.6 on the CVSS scale, allows arbitrary code execution via prototype pollution and has been confirmed exploited in the wild. Affected products...
The Cyber Express Weekly Roundup: Major State Threats, Crypto Attacks, and Legal Gaps
The Cyber Express weekly roundup highlights a surge in state‑sponsored DNS hijacking by Russia‑linked APT28, a $285 million theft from the Drift Protocol DeFi exchange, and a looming EU regulatory gap on child‑sexual‑abuse‑material detection. The U.S. Treasury announced a Digital Asset...
Not a Signal Flaw: IPhone Notifications Became a Backdoor for Deleted Messages
A federal FBI investigation revealed that deleted Signal messages can be recovered from an iPhone because iOS stores notification previews in a hidden database, not because of a flaw in Signal’s encryption. Investigators extracted incoming message fragments from a suspect’s...
Iran Crisis Highlights Rising Gulf Cybersecurity Risks to Critical Infrastructure
The recent Iran‑U.S. escalation has exposed Gulf states’ critical infrastructure to heightened cyber threats. Ports, energy facilities, desalination plants and financial hubs are now seen as vulnerable to combined kinetic and digital attacks. The United Arab Emirates is integrating cyber...
Microsoft Recall Flaw Exposes Decrypted User Data, Researchers Find
Microsoft re‑launched its Recall feature with a hardened security stack that includes VBS enclaves, AES‑256‑GCM encryption, Windows Hello, and a Protected Process Light host. Researchers discovered that while the encrypted vault remains secure, the AIXHost.exe process that renders decrypted data...
FCC Proposes Tougher KYC Rules to Crack Down on Illegal Robocalls
The FCC has issued a Further Notice of Proposed Rulemaking to tighten Know‑Your‑Customer (KYC) requirements for voice service providers that originate robocalls. The agency wants carriers to collect full names, addresses, government IDs and usage details, retain records for up...
U.S. Treasury Rolls Out Cybersecurity Information Sharing Initiative as Crypto Attacks Rise
The U.S. Treasury’s Office of Cybersecurity and Critical Infrastructure Protection launched a digital‑asset cybersecurity initiative that provides free, high‑quality threat intelligence to eligible U.S. crypto firms. The move responds to a surge in sophisticated attacks that cost the industry over...
Russian Hackers Exploit SOHO Routers for DNS Hijacking Campaign
Russian-linked threat group Forest Blizzard has been hijacking home and small‑office routers since at least August 2025, turning them into covert DNS infrastructure. Microsoft reported over 200 organizations and more than 5,000 consumer devices infected, enabling passive traffic monitoring and targeted...
Signature Healthcare Cyberattack Causes Service Disruptions, Treatment Delays
Signature Healthcare detected a cyberattack on April 6, 2026, prompting the network to shift to emergency downtime procedures. The breach forced the Brockton Hospital to divert ambulances, cancel chemotherapy infusions, and rely on manual workflows, while surgeries and urgent care continued...
Bitcoin Depot Discloses $3.6 Million Crypto Theft Following System Breach
Bitcoin Depot disclosed that on March 23, 2026 attackers siphoned 50.903 Bitcoin, roughly $3.665 million, from its internal settlement wallets after breaching corporate IT systems. The breach was limited to internal credentials and did not affect customer‑facing platforms or data. Bitcoin...
Gov. Tim Walz Deploys National Guard After Winona Cyberattack Disrupts Services
A cyberattack on Winona County began on April 6, crippling the county’s digital infrastructure that supports emergency and municipal services. Governor Tim Walz issued an emergency executive order authorizing the Minnesota National Guard to assist with containment, system stabilization, and recovery....
FBI Takes Down APT28 Network Behind Global DNS Hijacking Attacks
The FBI, in coordination with the Department of Justice, launched Operation Masquerade to dismantle a global network of compromised SOHO routers used by the Russian-linked threat group APT28 for DNS hijacking. The operation reset DNS configurations on thousands of TP‑Link...
Researchers Find a Zero-Day Attack Targeting Adobe Reader Users
Researchers have uncovered a zero‑day vulnerability in Adobe Reader that allows remote code execution through crafted PDF files. The exploit chain leverages a memory‑corruption flaw, runs entirely in memory, and requires no user interaction beyond opening the document. Its multi‑layer...
Iran-Linked Hackers Breach U.S. Industrial Systems, Trigger Disruptions
The FBI, CISA, and NSA issued a joint advisory on April 7, 2026 warning that Iranian‑affiliated APT groups are actively exploiting internet‑exposed programmable logic controllers (PLCs) to disrupt U.S. critical infrastructure. The campaign targets water, wastewater, energy, and government services,...
Child Safety at Risk as EU CSAM Detection Law Lapses, Reporting Concerns Rise
The EU’s temporary legal framework that allowed online platforms to scan private communications for child sexual abuse material (CSAM) expired on April 3, 2026, creating regulatory uncertainty. Major tech firms—including Google, Meta, Microsoft and Snap—have pledged to continue voluntary detection using hash‑matching...
Germany Names Suspected Leader of REvil and GandCrab Ransomware Gangs
German authorities have identified a 31‑year‑old Russian, Daniil Maksimovich Shchukin, as the suspected leader of the REvil and GandCrab ransomware gangs. The BKA says he directed at least 130 attacks in Germany from 2019‑2021, extorting roughly €2 million (about $2.1 million) and...
FortiClientEMS Vulnerabilities Under Active Exploitation, Expose Systems to RCE
Fortinet disclosed two critical vulnerabilities in its FortiClientEMS endpoint management platform that are already being exploited in the wild. CVE-2026-21643 is a SQL injection flaw in the admin interface of version 7.4.4, allowing unauthenticated remote code execution. CVE-2026-35616 is an...
$20 Billion Lost to Cybercrime as AI and Investment Scams Surge: FBI Report
The FBI’s 2025 Internet Crime Report records a historic $20.8 billion in losses from more than one million complaints. Cyber‑enabled fraud accounted for roughly $17.7 billion, with investment scams—especially cryptocurrency schemes—driving $8.6 billion of that damage. AI‑powered scams emerged as a new threat,...
75% of Cyberattacks Start with Phishing Emails, UAE Cyber Council Says
The UAE Cyber Security Council warned that over 75% of cyberattacks now begin with phishing emails, citing a daily global volume of 3.4 billion deceptive messages. Attackers rely on urgent language, brand impersonation, and simple tricks to lure users into revealing...
The Cyber Express Weekly Roundup: Ransomware, and Supply Chain Breaches Surge
The Cyber Express weekly roundup highlights a sharp rise in ransomware incidents and supply‑chain compromises across multiple sectors. High‑profile breaches include a ransomware intrusion at Hasbro, a malicious package update that hit AI startup Mercor via the LiteLLM project, and...
FBI Warns of AVrecon Malware Targeting Network Devices Across 163 Countries
The FBI has issued a warning about AVrecon, a modular malware that compromises home and small‑office routers by exploiting unpatched remote‑code‑execution flaws. The malware was used by the now‑dismantled SocksEscort proxy service, which sold access to roughly 369,000 infected devices...
Intesa Sanpaolo Missed Unauthorized Access for 2 Years, Regulator Reveals
Italy’s data protection authority disclosed that Intesa Sanpaolo failed to detect an insider’s unauthorized access for over two years. A single employee viewed the records of more than 3,500 customers, leading to a €31.8 million (≈ $34.7 million) fine. Regulators said the bank’s...
AI-Fueled Cyberattacks Surge in UAE Amid Rising Regional Tensions
The United Arab Emirates is confronting an unprecedented wave of cyberattacks, with the Cyber Security Council estimating 500,000 to 700,000 incidents each day. Threat actors, including state‑linked groups from Iran, are exploiting artificial‑intelligence tools such as ChatGPT to automate reconnaissance,...
Cybersecurity Is a Calling, Not Just a Career — Dr. Priyanka Sunder (PD) on Women Leading the Charge
Dr. Priyanka Sunder, a two‑decade cybersecurity strategist and award‑winning leader, discusses how women are reshaping governance, risk and compliance (GRC) in the industry. She highlights the shift from compliance check‑boxes to continuous resilience, emphasizing cloud security controls, data localization, and...
Hackers Impersonate Ukrainian CERT to Plant a RAT on Government, Hospital Networks
Ukrainian cyber‑defense agency CERT‑UA was spoofed with an AI‑generated website and phishing emails that distributed a password‑protected ZIP containing the AGEWHEEZE remote‑access Trojan. The Go‑based RAT offered full screen, input and system control and communicated with a command‑and‑control server on...
The Energy Sector Isn’t Ready for Ransomware—And 2025 Proved It
In 2025 the energy and utilities sector endured a record 187 ransomware incidents, many involving full system encryption and data theft. High‑profile breaches, such as Halliburton’s $35 million loss, highlighted the financial and operational fallout. Legacy operational technology, IT‑OT convergence, and...
Nova Scotia Power Data Breach Compromises Data of Over 900,000 Users
Nova Scotia Power disclosed a data breach affecting more than 900,000 current and former customers, exposing names, contact details, birth dates, banking information, driver’s licenses and Social Insurance Numbers. The intrusion began around March 19, 2025 when an employee clicked...