A phishing campaign is targeting residents across multiple US states with fake traffic violation notices delivered by text message, using embedded QR codes to d Thank you for being a Ghacks reader. The post Traffic Violation Scam Texts Now Use…
How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
In one of his recent diaries, Johannes discussed how open redirects are actively being sought out by threat actors[1], which made me wonder about how commonly these mechanisms are actually misused… This article has been indexed from SANS Internet Storm…
Chat With Your Data: Introducing AI Assistant for Web Supply Chain Defense
There’s a gap in how security teams work today. The alerts exist. The risk signals exist. The data exists. But turning that data into a […] The post Chat With Your Data: Introducing AI Assistant for Web Supply Chain Defense…
Apache Traffic Server Flaw Allowed Attackers to Trigger Denial-of-Service Attacks
The Apache Software Foundation has released critical security updates to address two vulnerabilities in Apache Traffic Server (ATS). Disclosed on April 2, 2026, these flaws could allow remote threat actors to trigger denial-of-service (DoS) conditions or execute HTTP request smuggling…
Poisoned Axios Package Spreads Cross-Platform Malware via Phantom Dependency
Hackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross‑platform remote access trojan (RAT) on macOS, Windows, and Linux systems. Axios is one of the JavaScript ecosystem’s most…
Hackers Breach ILSpy WordPress Domain to Deliver Malware
The official WordPress website for ILSpy, a highly popular open-source tool used by software developers to examine .NET code, has been compromised. Hackers successfully breached the site to redirect visitors and deliver malware, turning a trusted developer resource into a…
Critical Dgraph Database Flaw Allowed Attackers to Bypass Authentication
A newly discovered critical vulnerability in the open-source Dgraph database system leaves servers exposed to complete system takeovers. Tracked as CVE-2026-34976 and carrying a maximum CVSS score of 10.0, this missing authorization flaw allows remote, unauthenticated attackers to overwrite databases,…
Proven incident response and business continuity strategy
From cybersecurity breaches to natural disasters, disruptive events can occur suddenly and without warning. As a result, it is crucial for organizations to develop resilient plans that not only respond to incidents in real time but also ensure long-term operational…
METATRON – Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to Linux
A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment. Built for Parrot OS and other Debian-based Linux distributions, METATRON combines automated reconnaissance tooling with…
New ResokerRAT Uses Telegram Bot API to Control Infected Windows Systems
A new Remote Access Trojan (RAT) called ResokerRAT has been found targeting Windows systems by abusing Telegram’s widely used Bot API to receive commands and send stolen data back to attackers. Unlike traditional malware that relies on custom command-and-control servers,…
A week in security (March 30 – April 5)
A list of topics we covered in the week of March 30 to April 5 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (March 30 – April 5)
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
Germany’s Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actors associated with the now-defunct REvil (aka Sodinokibi) ransomware-as-a-service (RaaS) operation. The threat actor, who went by the alias UNKN, functioned…
Malicious npm packages, CISA budget cuts, hackers exploit React2Shell
36 Malicious npm packages exploited to deploy persistent implants Hundreds of millions to be cut from CISA in proposed budget Hackers exploit React2Shell in automated credential theft campaign Check out our show notes here: https://cisoseries.com/cybersecurity-news-malicious-npm-packages-cisa-budget-cuts-hackers-exploit-react2shell/ Huge thanks to our episode…
Nvidia To Invest $2bn In Marvell
Nvidia invests in custom AI chipmaker Marvell, in move to bolster its position at centre of AI data centre boom This article has been indexed from Silicon UK Read the original article: Nvidia To Invest $2bn In Marvell
IT Security News Hourly Summary 2026-04-06 09h : 4 posts
4 posts were published in the last hour 6:11 : ResokerRAT Hijacks Telegram API to Command Infected Windows PCs 6:11 : Threat Actors Weaponize Fake Microsoft Teams Domains to Target Users 6:11 : CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw…
36 Malicious npm Strapi Packages Used to Deploy Redis RCE and Persistent C2 Malware
A coordinated supply chain attack has been uncovered targeting developers who build applications on Strapi, a widely used open-source content management system. Thirty-six malicious npm packages disguised as legitimate Strapi plugins were published to the npm registry, carrying payloads designed…
ResokerRAT Hijacks Telegram API to Command Infected Windows PCs
A newly identified Windows malware dubbed ResokerRAT abuses Telegram’s Bot API as its main command-and-control (C2) channel to remotely monitor and control infected systems without relying on a traditional attacker‑owned server. By blending in with legitimate encrypted Telegram traffic, it becomes harder…
Threat Actors Weaponize Fake Microsoft Teams Domains to Target Users
Threat actors associated with North Korea are deploying fake Microsoft Teams domains to conduct social engineering attacks and distribute malware. The threat group, identified as UNC1069, uses convincing meeting lures and compromised communication channels to target unsuspecting professionals. UNC1069 is…
CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw
Fortinet issued emergency patches for a critical FortiClient EMS flaw (CVE-2026-35616) actively exploited in the wild. Fortinet released out-of-band patches for a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS 9.1), which is already being exploited in attacks in the…
Meta & YouTube Found Negligent: A Turning Point for Big Tech?
A landmark jury verdict has found Meta and YouTube negligent in a social media addiction case, raising major questions about platform accountability and legal protections under Section 230. This episode covers the details of the case, why the ruling is…
2,000+ FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE Flaw
Cybersecurity researchers have issued an urgent warning for organizations using Fortinet’s FortiClient Enterprise Management Server (EMS). Over 2,000 instances of this critical administrative tool are currently exposed to the public internet. Threat actors are actively exploiting severe vulnerabilities to take…
Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app
Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online accounts. It is available on Windows, macOS, Linux, iOS, and Android, allowing users to access their verification codes across…
Residential proxies make a mockery of IP-based defenses
Attack traffic moved through ordinary home and mobile connections in ways that limited the usefulness of IP reputation on its own. GreyNoise observed 4 billion malicious sessions during a 90-day period and described activity that appeared indistinguishable from normal user…
Google DeepMind Flags New Threat as Malicious Web Content Puts AI Agents at Risk
As artificial intelligence evolves from simple chatbots to autonomous agents that actively browse the web, a new cybersecurity threat has emerged. Researchers at Google DeepMind have identified a critical vulnerability they call “AI Agent Traps.” These are adversarial web pages…