A threat actor has been running an active campaign on Reddit, using fake posts that promise free TradingView Premium access to deliver two malware families — Vidar on Windows and AMOS on macOS. The operation is still live, with new…
OpenAI Codex Command Injection Vulnerability Let Attackers Steal GitHub User Access Tokens
The integration of AI coding agents has introduced new, high-impact attack surfaces for development teams. Phantom Labs at BeyondTrust recently discovered a critical command-injection vulnerability in OpenAI Codex. This flaw allowed attackers to steal sensitive GitHub User Access Tokens. By…
50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability
A critical security flaw in the popular WordPress plugin “Ninja Forms – File Upload” has left approximately 50,000 websites vulnerable to complete takeover. Tracked as CVE-2026-0740, this flaw boasts a maximum CVSS severity score of 9.8, making it a severe…
Microsoft Warns Storm-1175 Exploits Web-Facing Assets 0-Day Flaws in Medusa Ransomware Attacks
A new ransomware campaign is putting organizations on high alert. A financially motivated threat group known as Storm-1175 has been running fast-paced attacks targeting vulnerable, internet-facing systems — and deploying the Medusa ransomware as the final blow. What makes this…
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate “high-velocity” attacks and break into susceptible internet-facing systems. “The threat actor’s high operational tempo and proficiency in…
Threat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing Campaigns
Threat actors are abusing legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi‑stage phishing campaign that blends social engineering, living‑off‑the‑land techniques, and stealthy information‑stealing malware. Sophos’ Managed Detection and Response (MDR) teams first saw this…
Drift blames exploit on North Korea, GitHub attacks target South Korea, Die Linke breach threatens data leak
Drift says exploit was North Korean intelligence operation GitHub used in multi-stage attacks targeting South Korea Data leak threatened after Die Linke attack Check out our show notes here: https://cisoseries.com/cybersecurity-news-drift-blames-exploit-on-north-korea-github-attacks-target-south-korea-die-linke-breach-threatens-data-leak/ Huge thanks to our episode sponsor, Vanta Risk and regulation…
EvilTokens: an AI-augmented Phishing-as-a-Service for automating BEC fraud – Part 2
A TLP:AMBER version of this post was originally distributed as a private FLINT report to our customers on 30 March 2026. Introduction As detailed in our previous blog post New widespread EvilTokens kit: device code phishing as-a-service – Part 1,…
OpenAI Concludes $122bn Funding Round At $852bn Valuation
Start-up OpenAI concludes biggest funding round to date, as it plans massive infrastructure investments, looks to cut costs This article has been indexed from Silicon UK Read the original article: OpenAI Concludes $122bn Funding Round At $852bn Valuation
Iran-Linked Hackers Hit M365 Tenants in Middle East Password Spray Campaign
Iran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new findings. The activity, observed throughout March 2026, unfolded in three distinct waves on March 3, March 13, and March 23.…
Telehealth company Hims & Hers discloses data breach
Hims & Hers, a telehealth company, has disclosed a data breach involving its third-party customer support ticketing system after hackers gained access between 4 and 7 February 2026. In a letter to customers, it warned of a data security incident that might have exposed their personal information. …
AppsFlyer SDK Exploited in New Supply Chain Crypto Attack
Between March 9 and March 11, 2026, attackers had a 48-hour window inside one of the most widely embedded JavaScript libraries on the internet. The […] The post AppsFlyer SDK Exploited in New Supply Chain Crypto Attack appeared first on…
IT Security News Hourly Summary 2026-04-07 09h : 5 posts
5 posts were published in the last hour 6:34 : New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images 6:34 : Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack 6:5 : 50,000 WordPress Sites Running…
New Microsoft Defender Update Issued for Windows 11, Windows 10, and Server Images
Microsoft has rolled out a fresh security intelligence update for Microsoft Defender Antivirus to help secure Windows 11, Windows 10, and Windows Server images. Released on April 7, 2026, this update equips endpoints with the latest threat detection logic and…
Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
The high-end casino and hotel operator has likely paid a ransom to avoid a data leak. The post Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCE
A severe security flaw has been discovered in the Ninja Forms File Upload plugin, a widely utilized WordPress add-on that allows website administrators to accept documents, images, and other media from their visitors. Tracked officially as CVE-2026-0740, this unauthenticated arbitrary…
Microsoft Warns Storm-1175 Exploiting Web-Facing Vulnerabilities to Deploy Medusa Ransomware
Microsoft is warning that a fast‑moving threat actor it tracks as Storm‑1175 is aggressively exploiting vulnerabilities in internet‑exposed systems to deliver Medusa ransomware in days and sometimes in under 24 hours. Storm‑1175 is a financially motivated group known for high‑velocity…
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code…
CISA Alerts Defenders to Actively Exploited Fortinet Zero-Day Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical zero-day vulnerability in Fortinet products. The agency officially added the flaw to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, indicating that threat…
NSFOCUS Monthly APT Insights – February 2026
Regional APT Threat Situation In February 2026, the global threat hunting system of FUYING Lab detected a total of 21 APT attack activities. These activities were primarily concentrated in regions including South Asia, East Asia, and Central Asia, as shown…
The case for fixing CWE weakness patterns instead of patching one bug at a time
In this Help Net Security interview, Alec Summers, MITRE CVE/CWE Project Lead, discusses how CWE is moving from a background reference into active use in vulnerability disclosure. More CVE records now include CWE mappings from CNAs, which tends to produce…
Windows Defender 0-Day Published Online, Giving Attackers Potential Full Access
A newly discovered zero-day vulnerability, dubbed “BlueHammer,” has been publicly disclosed. The flaw, which has been linked to Windows Defender, allows attackers to achieve Local Privilege Escalation (LPE) and potentially gain full administrative access to compromised systems. Because a patch…
Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers
A new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information‑stealing malware on Windows and macOS systems. The campaign targets users searching for free or pirated versions of TradingView…
How Mimecast brings enterprise-grade email protection to API deployment
In this Help Net Security video, Andrew Williams, Senior Product Manager at Mimecast, walks through the company’s API-based email security protection for Microsoft 365 and Google Workspace environments. The video covers a core problem: AI-generated phishing and business email compromise…