The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert regarding two actively exploited security vulnerabilities in Microsoft products. Added to the Known Exploited Vulnerabilities (KEV) catalog on April 13, 2026, these flaws impact the Microsoft Windows Common…
The Hidden Threat: How Third-Party Vulnerabilities Affect Platforms Like OpenAI
In the fast-paced world of technology, even giants like OpenAI, Google, and Microsoft don’t build everything from scratch.… The post The Hidden Threat: How Third-Party Vulnerabilities Affect Platforms Like OpenAI appeared first on Hackers Online Club. This article has been…
How Hackers Are Thinking About AI
Interesting paper: “What hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation.” Abstract: The rapid expansion of artificial intelligence (AI) is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands…
Hackers Use 108 Chrome Extensions to Steal User Data Through Shared C2 Infrastructure
A widespread cyber espionage campaign leveraging 108 malicious Google Chrome extensions. According to a recent report by Socket, these extensions are explicitly designed to steal sensitive user data and hijack active web sessions. The attackers manage this extensive operation through…
Researcher Reverse Engineered 0-Day Used to Disable CrowdStrike EDR
A cybersecurity researcher has uncovered a new Bring Your Own Vulnerable Driver (BYOVD) attack that can turn off top-tier endpoint security solutions, including CrowdStrike Falcon. By reverse-engineering a previously unknown zero-day kernel driver, the researcher revealed how threat actors use…
W3LL Phishing Kit Takedown Hits Global Credential Theft and MFA Bypass Operation
The FBI Atlanta Field Office, working in a historic joint operation with Indonesian law enforcement, has successfully dismantled a massive global phishing network. The investigation targeted the notorious W3LL phishing kit, a sophisticated toolset that enabled cybercriminals to bypass multi-factor…
APT41 Turns Linux Cloud Servers Into Credential Theft Targets With New Winnti Backdoor
APT41 is once again pushing its Linux capabilities forward, this time by quietly turning cloud servers into powerful credential theft platforms. The group’s latest Winnti-family backdoor is a zero‑detection ELF implant designed specifically for Linux workloads running on AWS, Google…
Booking.com Confirms Data Breach — Hackers Accessed Customers’ Personal Information
Global travel booking giant Booking.com has confirmed a cyberattack in which unauthorized third parties gained access to customers’ personal data, including names, email addresses, phone numbers, and reservation details, raising immediate concerns about downstream phishing attacks targeting millions of travelers…
Triad Nexus Evades Sanctions to Fuel Cybercrime
The sprawling cybercrime operation abuses major providers to prevent takedowns and distance itself from sanctions. The post Triad Nexus Evades Sanctions to Fuel Cybercrime appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Triad…
AI Security Institute Advocates Security Best Practices After Mythos Test
The AISI has issued its judgement on Anthropic’s Mythos Preview model This article has been indexed from www.infosecurity-magazine.com Read the original article: AI Security Institute Advocates Security Best Practices After Mythos Test
Google Adds Rust DNS Parser to Pixel Phones for Better Security
The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment. The post Google Adds Rust DNS Parser to Pixel Phones for Better Security appeared first on SecurityWeek. This article has been indexed from…
Sales Outreach Security: 5 Ways to Stop Your Sales Team from Looking Like Phishers
Is your sales team accidentally looking like phishers? Learn 5 proven ways to secure sales outreach emails and start landing in inboxes. The post Sales Outreach Security: 5 Ways to Stop Your Sales Team from Looking Like Phishers appeared first…
MXtoolbox Review: Features, User Experiences, Pros & Cons (2026)
Is MXToolbox worth it in 2026? Discover its features, limitations, user reviews, and how it compares to PowerDMARC for email security. The post MXtoolbox Review: Features, User Experiences, Pros & Cons (2026) appeared first on Security Boulevard. This article has…
Google to penalize sites that hijack the back button
Google is broadening its spam policies to crack down on “back button hijacking,” a deceptive practice where websites interfere with browser navigation, blocking users from returning to the page they came from. Instead, users are usually redirected to pages they…
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%. The surge in AI-assisted development is creating a “velocity gap”…
OpenAI Updates Apps After North Korean Axios Hack
OpenAI to require macOS users to update apps after hack of Axios tool by North Korean attackers affects authentication mechanism This article has been indexed from Silicon UK Read the original article: OpenAI Updates Apps After North Korean Axios Hack
Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses
ViperTunnel is a Python-based backdoor linked to DragonForce ransomware that targets businesses using Windows servers across the US and the UK. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
Attackers target unpatched ShowDoc servers via CVE-2025-0520
A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the…
ChatGPT under scrutiny as Florida investigates campus shooting
New cases and research suggest AI chatbots don’t always shut down dangerous conversations. This article has been indexed from Malwarebytes Read the original article: ChatGPT under scrutiny as Florida investigates campus shooting
Nightclub Giant RCI Hospitality Reports Data Breach
The company said in an SEC filing that an IDOR vulnerability affecting RCI Internet Services exposed contractor data. The post Nightclub Giant RCI Hospitality Reports Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
IT Security News Hourly Summary 2026-04-14 12h : 4 posts
4 posts were published in the last hour 9:36 : Consumer Chatbots See High Error Rates For Health Queries 9:36 : Hackers Exploit Obsidian Plugin to Deploy Cross-Platform Malware 9:36 : “Pics or it didnt happen” – What BlueHammer tells…
Consumer Chatbots See High Error Rates For Health Queries
Study finds error rates of above 80 percent when consumer AI chatbots try to diagnose cases where limited information is available This article has been indexed from Silicon UK Read the original article: Consumer Chatbots See High Error Rates For…
Hackers Exploit Obsidian Plugin to Deploy Cross-Platform Malware
Hackers are abusing Obsidian’s Shell Commands plugin and shared cloud vaults to deliver a new cross‑platform malware chain that ends with the PHANTOMPULSE remote access trojan. Attackers pose as a venture capital firm targeting financial and cryptocurrency professionals, first engaging…
“Pics or it didnt happen” – What BlueHammer tells us about Vulnerability Disclosure
Last week, reports circulated about an unpatched security vulnerability in Microsoft Windows. The “BlueHammer” 0-day vulnerability allows a normal user to gain system-level privileges. Microsoft allegedly refused to accept a report about the vulnerability—because video proof was missing. This article…