A dangerous Python-based backdoor called VIPERTUNNEL has been quietly making its way into enterprise networks, hiding inside a fake DLL file and using multiple layers of code obfuscation to stay undetected. The malware creates a SOCKS5 proxy tunnel to a…
German DDoS Kingpin Arrested in Thailand
A significant arrest has been made in Thailand, where a German national suspected of being a major player in the cybercrime industry has been apprehended. This article has been indexed from CyberMaterial Read the original article: German DDoS Kingpin Arrested…
Dutch police arrest 8 in identity fraud case
Dutch police have conducted a nationwide operation resulting in the arrest of eight individuals suspected of engaging in identity fraud and related cybercrime activities. This article has been indexed from CyberMaterial Read the original article: Dutch police arrest 8 in…
UK Regulators Assess AI Model Risks
UK financial regulators are engaging in urgent discussions with banks and cybersecurity officials following the revelation of significant vulnerabilities by Anthropic’s latest artificial intelligence model, Claude Mythos Preview. This article has been indexed from CyberMaterial Read the original article: UK…
UK Cyber Security Council Launches Associate Title
The UK Cyber Security Council has launched a new certification title aimed at supporting individuals at the beginning of their cybersecurity careers. This article has been indexed from CyberMaterial Read the original article: UK Cyber Security Council Launches Associate Title
UNIVEN Hackathon Promotes Cyber Security Skills
The University of Venda (UNIVEN) recently held the CyberSecureTech Hackathon, an event aimed at bolstering practical cyber security skills among students. This article has been indexed from CyberMaterial Read the original article: UNIVEN Hackathon Promotes Cyber Security Skills
Scans for EncystPHP Webshell, (Mon, Apr 13th)
Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today,…
OpenSSF Flags Malware Campaign on Slack Posing as Linux Foundation Figures
OpenSSF warns hackers impersonate Linux Foundation leaders on Slack, tricking developers into installing malware that can compromise entire systems. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: OpenSSF Flags…
GitHub and Jira Alerts Hijacked for Trusted-SaaS Phishing
Hackers are abusing GitHub and Jira’s built‑in notification systems to send phishing emails that appear completely legitimate. Because these emails are sent from the platforms’ own mail servers, they pass standard checks like SPF, DKIM, and DMARC, making them very…
“Giant superatoms” could finally solve quantum computing’s biggest problem
In the pursuit of powerful and stable quantum computers, researchers at Chalmers University of Technology, Sweden, have developed the theory for an entirely new quantum system – based on the novel concept of ‘giant superatoms’. This breakthrough enables quantum information…
$12 million frozen, 20,000 victims identified in crypto scam crackdown
More than $12 million has been frozen, and over 20,000 victims have been identified in an international law enforcement operation targeting cryptocurrency and investment scammers. Authorities also uncovered more than $45 million in suspected cryptocurrency fraud losses worldwide. One UK…
Hackers hijacked CPUID downloads, served STX RAT to victims
If you tried to download software from CPUID’s website late last week, you might have downloaded malware instead. “Investigations are still ongoing, but it appears that a secondary feature (basically a side API) was compromised for approximately six hours between…
IT Security News Hourly Summary 2026-04-13 15h : 10 posts
10 posts were published in the last hour 12:42 : Securing Manufacturing Without Downtime in 2026 12:42 : OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack 12:42 : Your MTTD Looks Great. Your Post-Alert Gap Doesn’t 12:42 : FBI…
Securing Manufacturing Without Downtime in 2026
The Clorox production lines went dark in 2023 without a single attacker ever touching an OT device [2]. A major global auto manufacturer’s factories cross five countries halted simultaneously in 2025 from one set of stolen credentials. In both cases, the breach was fast. The…
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
The AI giant is taking action after determining that a macOS code signing certificate may have been compromised. The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Your MTTD Looks Great. Your Post-Alert Gap Doesn’t
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report…
FBI Dismantles $20m Phishing Operation W3LL
The W3LL phishing kit has been associated with fraud attempts totaling $20m This article has been indexed from www.infosecurity-magazine.com Read the original article: FBI Dismantles $20m Phishing Operation W3LL
Hackers Exploit MSBuild LOLBin to Evade Detection in Fileless Windows Attacks
Cyber attackers are increasingly using Living Off the Land Binaries (LOLBins) to bypass security detection. By leveraging legitimate system tools, these attacks avoid signature-based defenses and operate without dropping traditional malware files. One such LOLBin now gaining attention is MSBuild.exe, a native Windows…
New Nginx 1.29.8 and FreeNginx Versions Patch Critical Security Flaws
Web server administrators need to prioritize a crucial update this week. The developers behind Nginx and the community-driven FreeNginx project have released new versions to address critical security flaws and introduce key enhancements. Released on April 7, 2026, Nginx version…
iPhone forensics expose Signal messages after app removal in U.S. case
An FBI case in Texas shows Signal messages can still be recovered from iPhones even after app uninstall, via system artifacts, challenging privacy assumptions. The recent revelations about FBI forensic access to Signal messages on an iPhone have reignited a…
Basic-Fit Data Breach Exposes Millions of Users Across Multiple Countries
Europe’s largest budget fitness chain by club count, Basic-Fit, has confirmed a significant data breach affecting approximately 1 million members across multiple countries, with around 200,000 members in the Netherlands alone impacted by unauthorized access to its membership systems. Basic-Fit,…
APT37 Abuses Facebook, Telegram, and Tampered Installer in New Targeted Intrusion Attack
A North Korean state-sponsored threat group known as APT37 has launched a new targeted intrusion campaign using social media platforms, encrypted messaging apps, and a carefully tampered software installer to compromise victims. The attack is notable for how convincingly it…
Rockstar Games receives “pay or leak” warning after cyberattack
Rockstar Games, the developer behind titles such as Grand Theft Auto and Red Dead Redemption, has confirmed a cyberattack claimed by hacking group ShinyHunters, which says it accessed the company’s Snowflake environment and obtained data. The attackers exploited Anodot, a…
Why Your Deprecated Endpoints Are an Attacker’s Best Friend: The Rise of Ghost APIs
Ghost APIs are deprecated endpoints left active, exposing systems to attack. Learn how they differ from shadow APIs and why they create hidden security risks This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More…