A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under active exploitation. The warning comes from Defused Cyber, which helps organizations deploy honeypots/fake assets, and…
EU Investigates Cyberattack on Websites
The European Commission is currently investigating a cyberattack on the Europa.eu platform that may have resulted in the theft of some data. This article has been indexed from CyberMaterial Read the original article: EU Investigates Cyberattack on Websites
Ransomware Hits Goodwill Grand Rapids
Goodwill of Greater Grand Rapids is currently investigating a cybersecurity breach that has disrupted its internal network and retail operations. This article has been indexed from CyberMaterial Read the original article: Ransomware Hits Goodwill Grand Rapids
Spotify Seeks $300M From Anna’s Archive
Spotify and several major record labels have filed for a 322 million dollar default judgment against the shadow library Anna’s Archive following its failure to respond to a lawsuit regarding the scraping of millions of music files. This article has…
CISA Chief Warns Shutdown Raises Cyber Risks
Acting Director Nick Andersen recently warned that the ongoing Department of Homeland Security shutdown is causing dangerous security gaps as the agency operates with a severely depleted workforce. This article has been indexed from CyberMaterial Read the original article: CISA…
India To Ban Hikvision TP Link CCTV
The Indian government is implementing a ban on internet-connected CCTV cameras from Chinese manufacturers like Hikvision, Dahua, and TP-Link starting April 1, 2026. This article has been indexed from CyberMaterial Read the original article: India To Ban Hikvision TP Link…
WordPress Plugin Flaw Exposes Sensitive Data Across 800,000+ Sites
A severe security flaw has been disclosed in Smart Slider 3, a highly popular WordPress plugin currently active on more than 800,000 websites. Discovered by security researcher Dmitrii Ignatyev, this vulnerability enables authenticated attackers to read arbitrary files directly from…
ClickFix Evades PowerShell Detection via Rundll32 and WebDAV
A new variant of the ClickFix attack technique that shifts execution away from commonly monitored tools like PowerShell and mshta, instead abusing native Windows components such as rundll32.exe and WebDAV. This evolution allows attackers to bypass traditional script-based detection mechanisms,…
OffSec and Deloitte Portugal Announces Strategic Partnership
Announcing a strategic partnership with Deloitte Portugal to help organizations strengthen the technical capabilities of their security teams. The post OffSec and Deloitte Portugal Announces Strategic Partnership appeared first on OffSec. This article has been indexed from OffSec Read the…
Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit
The state-sponsored group’s campaign has targeted government, higher education, financial, and legal entities, as well as think tanks. The post Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Second data breach at European Commission this year leaves open questions over resilience
The European Commission confirmed that a cyberattack impacted cloud infrastructure hosting its web presence on the Europa.eu platform. Authorities said the cyberattack was discovered on 24 March, and early findings from the ongoing investigation suggest data were taken from the…
TA446 Uses DarkSword Exploit Kit to Target iPhone Users
TA446, a Russia-linked espionage group, has started using the DarkSword exploit kit to compromise iOS devices in a new phishing wave that abuses Atlantic Council‑themed lures. The campaign underscores how quickly leaked iOS exploit chains can be weaponized against high‑value…
The State of Secrets Sprawl 2026: 9 Takeaways for CISOs
Secrets sprawl isn’t slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian’s State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a…
Apple’s Camera Indicator Lights
A thoughtful review of Apple’s system to alert users that the camera is on. It’s really well-designed, and important in a world where malware could surreptitiously start recording. The reason it’s tempting to think that a dedicated camera indicator light…
Critical Fortinet Forticlient EMS Vulnerability Exploited in Attacks
A critical SQL injection vulnerability in Fortinet’s FortiClient Endpoint Management Server (EMS), tracked as CVE-2026-21643, is actively being exploited in the wild. Threat actors have been leveraging this flaw in attacks starting four days ago, despite it not yet appearing…
TeamPCP Supply Chain Attack Allegedly Compromised Databricks Platform
Databricks is currently investigating an alleged security compromise connected to the massive TeamPCP software supply chain attack after being alerted by threat intelligence researchers. According to International Cyber Digest, Databricks was notified of the potential breach last week. The organization…
Critical n8n Vulnerability Let Attackers Achieve Remote Code Execution
A critical security flaw in n8n, a widely used open-source workflow automation platform, exposes host servers to Remote Code Execution (RCE) attacks. Tracked as CVE-2026-33660, this critical vulnerability allows authenticated threat actors to bypass built-in security restrictions, access sensitive data,…
Critical Grafana Vulnerabilities Let Attackers Achieve Remote Code Execution
Urgent security updates for Grafana version 12.4.2 address two critical vulnerabilities that could allow attackers to achieve full remote code execution (RCE) and execute denial-of-service (DoS) attacks. System administrators utilizing Grafana for data visualization are strongly advised to apply these…
Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare
Iran-linked hacking groups are turning to high-volume, low-impact cyberattacks, and AI is providing a boost. The post Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare appeared first on SecurityWeek. This article has been indexed…
European Commission Reports Cyber Intrusion and Data Theft
The ShinyHunters hacker group claimed to have stolen over 350GB of information from European Commission cloud systems. The post European Commission Reports Cyber Intrusion and Data Theft appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
Second data breach at European Commission this year leaves questions over resilience
The European Commission confirmed that a cyberattack impacted cloud infrastructure hosting its web presence on the Europa.eu platform. Authorities said the cyberattack was discovered on 24 March, and early findings from the ongoing investigation suggest data were taken from the…
Critical Citrix NetScaler Vulnerability Exploited in the Wild
Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability This article has been indexed from www.infosecurity-magazine.com Read the original article: Critical Citrix NetScaler Vulnerability Exploited in the Wild
TeamPCP Uses Fake Ringtone File in Tainted Telnyx SDK to Steal Credentials
Telnyx issues an urgent alert after hackers TeamPCP uploaded malicious versions (4.87.1 & 4.87.2) of its Python SDK to steal cloud and crypto credentials. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
New Homoglyph Tricks Let Cybercriminals Mimic Trusted Domains
New homoglyph attack techniques are turning tiny visual differences in text into a reliable way to spoof trusted domains, steal credentials, and bypass weak Unicode handling in security stacks. By abusing Internationalized Domain Names (IDNs), Punycode, and Unicode “confusables,” attackers…