More than $12 million has been frozen, and over 20,000 victims have been identified in an international law enforcement operation targeting cryptocurrency and investment scammers. Authorities also uncovered more than $45 million in suspected cryptocurrency fraud losses worldwide. One UK…
Hackers hijacked CPUID downloads, served STX RAT to victims
If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between…
IT Security News Hourly Summary 2026-04-13 15h : 10 posts
10 posts were published in the last hour 12:42 : Securing Manufacturing Without Downtime in 2026 12:42 : OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack 12:42 : Your MTTD Looks Great. Your Post-Alert Gap Doesn’t 12:42 : FBI…
Securing Manufacturing Without Downtime in 2026
The Clorox production lines went dark in 2023 without a single attacker ever touching an OT device [2]. A major global auto manufacturer’s factories cross five countries halted simultaneously in 2025 from one set of stolen credentials. In both cases, the breach was fast. The…
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
The AI giant is taking action after determining that a macOS code signing certificate may have been compromised. The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Your MTTD Looks Great. Your Post-Alert Gap Doesn’t
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report…
FBI Dismantles $20m Phishing Operation W3LL
The W3LL phishing kit has been associated with fraud attempts totaling $20m This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Dismantles $20m Phishing Operation W3LL
Hackers Exploit MSBuild LOLBin to Evade Detection in Fileless Windows Attacks
Cyber attackers are increasingly using Living Off the Land Binaries (LOLBins) to bypass security detection. By leveraging legitimate system tools, these attacks avoid signature-based defenses and operate without dropping traditional malware files. One such LOLBin now gaining attention is MSBuild.exe, a native Windows…
New Nginx 1.29.8 and FreeNginx Versions Patch Critical Security Flaws
Web server administrators need to prioritize a crucial update this week. The developers behind Nginx and the community-driven FreeNginx project have released new versions to address critical security flaws and introduce key enhancements. Released on April 7, 2026, Nginx version…
iPhone forensics expose Signal messages after app removal in U.S. case
An FBI case in Texas shows Signal messages can still be recovered from iPhones even after app uninstall, via system artifacts, challenging privacy assumptions. The recent revelations about FBI forensic access to Signal messages on an iPhone have reignited a…
Basic-Fit Data Breach Exposes Millions of Users Across Multiple Countries
Europe’s largest budget fitness chain by club count, Basic-Fit, has confirmed a significant data breach affecting approximately 1 million members across multiple countries, with around 200,000 members in the Netherlands alone impacted by unauthorized access to its membership systems. Basic-Fit,…
APT37 Abuses Facebook, Telegram, and Tampered Installer in New Targeted Intrusion Attack
A North Korean state-sponsored threat group known as APT37 has launched a new targeted intrusion campaign using social media platforms, encrypted messaging apps, and a carefully tampered software installer to compromise victims. The attack is notable for how convincingly it…
Rockstar Games receives “pay or leak” warning after cyberattack
Rockstar Games, the developer behind titles such as Grand Theft Auto and Red Dead Redemption, has confirmed a cyberattack claimed by hacking group ShinyHunters, which says it accessed the company’s Snowflake environment and obtained data. The attackers exploited Anodot, a…
Why Your Deprecated Endpoints Are an Attacker’s Best Friend: The Rise of Ghost APIs
Ghost APIs are deprecated endpoints left active, exposing systems to attack. Learn how they differ from shadow APIs and why they create hidden security risks This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…
Simply opening a PDF could trigger this Adobe Reader zero-day
Even though it’s patched, Adobe confirmed it was exploited in the wild, so updating is urgent, not optional. This article has been indexed from Malwarebytes Read the original article: Simply opening a PDF could trigger this Adobe Reader zero-day
Gym giant Basic-Fit confirms data on a million members stolen in cyberattack
Names, addresses, dates of birth, and bank details accessed, though not passwords Basic-Fit, Europe’s largest gym chain, has confirmed data including the bank details of around a million customers was stolen from its systems.… This article has been indexed from…
International Operation Targets Multimillion-Dollar Crypto Theft Schemes
Law enforcement in the US, UK and Canada identified more than $45 million in cryptocurrency and froze $12 million. The post International Operation Targets Multimillion-Dollar Crypto Theft Schemes appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Google makes it harder to exploit Pixel 10 modem firmware
Google is working to improve the security of Pixel phones by focusing on the cellular baseband modem, a part of the device that handles communication with mobile networks and processes external data. In the Pixel 9, the company introduced measures…
Basic-Fit Suffers Data Breach Affecting Millions Across Multiple Nations
European fitness operator Basic-Fit has confirmed a significant data breach affecting approximately one million members across its network. The incident heavily impacted users in the Netherlands, which accounted for 200,000 of the compromised accounts. This breach underscores the persistent targeting…
Iran-Linked CyberAv3ngers Target Water Utilities, Industrial Controllers
Iran-linked threat group CyberAv3ngers is intensifying attacks on U.S. water utilities and industrial control systems, shifting from noisy hacktivism to sustained disruption of operational technology (OT) environments. CyberAv3ngers operates as a state-directed persona for Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC),…
The Dumbest Hack of the Year Exposed a Very Real Problem
Last April, a hacker hijacked crosswalk announcements to mimic Mark Zuckerberg and Elon Musk. Records obtained by WIRED reveal how unprepared local authorities were. This article has been indexed from Security Latest Read the original article: The Dumbest Hack of…
Citizen Lab: Webloc tracked 500M devices for global law enforcement
Citizen Lab reported that law enforcement used the surveillance tool Webloc to track up to 500M devices via ad data globally. A report by Citizen Lab revealed that law enforcement agencies in the U.S., Hungary, and El Salvador used a…
Elon Musk Announces to Launch XChat With Self-Destruct Message Features
Elon Musk has officially rolled out XChat, a major security overhaul to the direct messaging infrastructure on the X platform. Designed to rival secure messengers like Signal and Telegram, XChat integrates strong privacy controls directly into the X ecosystem. The…
Adobe Patches Acrobat Reader 0-Day Vulnerability Exploited in the Wild
Adobe has issued an emergency security patch to neutralize a critical zero-day vulnerability in Acrobat Reader that is currently being exploited in the wild. Tracked as CVE-2026-34621, this severe flaw enables threat actors to achieve arbitrary code execution on compromised machines.…