Hackers are abusing a critical React2Shell vulnerability in Next.js applications to run an automated credential‑theft operation that has already compromised at least 766 servers in under 24 hours. The threat activity is tracked as “UAT‑10608”. It relies on a custom…
Support platform breach exposes Hims & Hers customer data
Healthcare companies handle some of the most personal data imaginable, and that makes them a magnet for hackers. This article has been indexed from Malwarebytes Read the original article: Support platform breach exposes Hims & Hers customer data
Iran-Linked Hackers Launch Password Spray Campaign Against Microsoft 365 Tenants in Middle East
Microsoft 365 tenants in the Middle East are facing a new password spray campaign tied to an Iran-linked threat actor. Rather than starting with malware files or software exploits, the attackers are trying to break in through weak passwords and…
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
The group is using zero-days, quickly weaponizes fresh bugs, and exfiltrates and encrypts data within days of initial access. The post Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Mistral Debuts New Open Source Model for Realistic Speech Generation
Rather than function as a conventional transcription engine, Mistral’s latest release represents a significant evolution beyond its earlier text-focused systems by expanding its open-weight philosophy into the increasingly complex domain of speech generation. As an alternative to acting as a…
Data Masking Gaps That Could Expose Your Organization
Organizations collect and store huge amounts of sensitive data, customer details, financial records, login credentials, and more. Protecting this data is not just important; it’s critical for business survival. One of the most commonly used techniques to protect sensitive data…
Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks
Microsoft has released a new report about the Storm-1175 group and its connection to Medusa ransomware This article has been indexed from www.infosecurity-magazine.com Read the original article: Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks
Year in Review: Vulnerabilities old and new and something React2
The year was characterized by an unending beat-down on infrastructure that relied on older enmeshed dependencies (e.g., Log4j and PHPUnit), while React2Shell rocketed to the highest percentage of attacks for the entire year within the last three weeks of 2025. This article has been…
The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. This article has been indexed from Cisco Talos Blog Read the original article: The Trojan horse of cybercrime: Weaponizing SaaS…
Critical Android Flaw Allows Zero-Interaction Denial-of-Service Attacks
Google has rolled out its April 2026 Android Security Bulletin, addressing multiple vulnerabilities across the mobile operating system. The most alarming discovery this month is a critical security flaw in the Android Framework that allows attackers to trigger a local…
Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows
Hackers are using a deceptive technique known as “ClickFix” to deliver a sophisticated Node. js-based remote access Trojan (RAT) targeting Windows users. ClickFix, which gained popularity in early 2025, tricks users into interacting with fake CAPTCHA or verification prompts. In…
U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Fortinet FortiClient EMS, tracked as CVE-2026-35616 (CVSS score of…
Identity Is the New Attack Surface (And Most Teams Aren’t Prepared)
Security has shifted—but many strategies haven’t For decades, cybersecurity strategies have focused on protecting infrastructure: Firewalls Endpoints Networks But attackers have evolved. Today, they don’t need to break in. They log in. And that shift has made identity the most…
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge. GPUBreach goes…
Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced This article has been indexed from www.infosecurity-magazine.com Read the original article: Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
IT Security News Hourly Summary 2026-04-07 12h : 9 posts
9 posts were published in the last hour 9:32 : Why the cybersecurity skills gap is partly self-inflicted 9:32 : Microsoft Releases New Defender Update for Windows 11, 10, and Server Installation Images 9:32 : German Police Unmask REvil Ransomware…
Why the cybersecurity skills gap is partly self-inflicted
The cybersecurity skills gap is usually framed as a hiring problem. Organizations respond by expanding recruitment pipelines, investing in certifications, and launching internal training programs. The logic seems simple: if security teams are understaffed, the solution is to add more…
Microsoft Releases New Defender Update for Windows 11, 10, and Server Installation Images
Microsoft has officially rolled out its latest security intelligence update for Microsoft Defender Antivirus, delivering crucial protections for Windows 11, Windows 10, and Windows Server installation images. This vital release ensures that Microsoft’s built-in antimalware solutions are fully equipped to identify…
German Police Unmask REvil Ransomware Leader
Shchukin is accused of extorting more than $2 million as the head of the GandCrab and REvil ransomware operations. The post German Police Unmask REvil Ransomware Leader appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
GitHub Copilot CLI gets a second-opinion feature built on cross-model review
Coding agents make decisions in sequence: a plan is drafted, implemented, then tested. Any error introduced early compounds as subsequent steps build on the same flawed assumption. Self-reflection is a recognized mitigation technique, and one GitHub Copilot already supports, but…
Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed
A critical security flaw in Flowise, a popular open-source AI development platform, is currently being exploited in the wild. Tracked as CVE-2025-59528, this code injection vulnerability carries a maximum CVSS score of 10.0. It allows remote attackers to execute malicious…
Experts published unpatched Windows zero-day BlueHammer
A researcher leaked the unpatched Windows zero-day “BlueHammer,” letting attackers gain SYSTEM rights; no patch exists yet. A disgruntled researcher released the BlueHammer Windows zero-day, a privilege escalation flaw that allows attackers to gain SYSTEM or admin rights, Bleeping Computer…
The quiet revolt: what the world happiness report 2026 tells security professionals
Something the World Happiness Report 2026 reveals deserves more attention than it has received outside wellbeing circles. In Western Europe and English-speaking countries, young people who use social media for more than seven hours a day report significantly lower wellbeing…
OpenAI opens applications for an external AI safety research fellowship
OpenAI is accepting applications for a paid fellowship program that will fund external researchers to work on safety and alignment questions related to advanced AI systems. The program, called the OpenAI Safety Fellowship, runs from September 14, 2026 through February…