Hackers are claiming that one of China’s most strategically important computing facilities suffered a massive cyber intrusion, with more than 10 petabytes of sensitive information allegedly taken from a state-run supercomputing environment that experts suspect is the National Supercomputing Center…
This fake Windows support website delivers password-stealing malware
A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access. This article has been indexed from Malwarebytes Read the original article: This fake Windows support website delivers password-stealing malware
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
Tracked as UNC6783, the threat actor is likely linked to Mr. Raccoon, the hacker behind the alleged theft of Adobe data from a BPO. The post Google Warns of New Campaign Targeting BPOs to Steal Corporate Data appeared first on…
IT Security News Hourly Summary 2026-04-09 12h : 11 posts
11 posts were published in the last hour 9:34 : Fake Security Tool Spreads LucidRook in Taiwan Cyberattacks 9:34 : The long road to your crypto: ClipBanker and its marathon infection chain 9:34 : Keeper Security Expands PAM Browser Isolation…
Fake Security Tool Spreads LucidRook in Taiwan Cyberattacks
Hackers are using fake security tools and cleverly crafted phishing emails to secretly deploy a new malware family, LucidRook, against organizations in Taiwan. The campaign, tracked as UAT-10362, focuses on Taiwanese NGOs and likely universities and shows a high level of…
The long road to your crypto: ClipBanker and its marathon infection chain
Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard. This article has been indexed from Securelist Read the original article: The…
Keeper Security Expands PAM Browser Isolation to Support Advanced Web Browsing Workflows
Keeper Security has announced the release of new Remote Browser Isolation (RBI) capabilities within KeeperPAM, delivering major adoption and usability improvements for modern web workflows within privileged vault sessions. These enhancements address a persistent challenge in zero-trust environments: enabling secure,…
Quantum-Safe Email: S/MIME and Post-Quantum Email Security
Your Email is Encrypted Today, but Will It Hold Up Tomorrow? Awakening one day to discover that every “secure email” you’ve ever written was not secure at all. Your client contracts, financial spreadsheets, and confidential boardroom conversations… all revealed as…
WhatsApp brings long-awaited privacy feature to filter who can reach you
After years of waiting, WhatsApp is set to roll out a username feature that will allow people to connect and communicate without sharing their phone numbers. This means more privacy and better control over phone number visibility by choosing a…
Google Warns of New Threat Group Targeting BPOs and Helpdesks
Google’s threat intel team warns UNC6783, a new extortion group possibly linked to the “Raccoon” persona, is targeting BPOs and enterprises This article has been indexed from www.infosecurity-magazine.com Read the original article: Google Warns of New Threat Group Targeting BPOs…
China’s Tianjin Supercomputer Center Allegedly Hit in 10-Petabyte Data Theft
A threat actor has allegedly executed one of the largest data heists in China’s history, siphoning an astounding 10 petabytes of highly classified information from the National Supercomputing Center (NSCC) in Tianjin. The stolen dataset reportedly includes sensitive defense documents,…
Security Awareness: Why employees are essential for IT security
Technical protection measures are only half the battle. In this interview, Frank Queißer from Cyber Samurai explains why security awareness is a crucial component of modern IT security, how companies can identify knowledge gaps among employees, and why realistic training…
MIWIC26: Funke Omolere, Senior Technology Compliance Product Owner at Adobe
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2026’s Top 20 women selected…
Adobe Reader Zero-Day Exploited for Months: Researcher
Reputable researcher Haifei Li has come across what appears to be a PDF designed to exploit an unpatched vulnerability. The post Adobe Reader Zero-Day Exploited for Months: Researcher appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Meta’s Muse Spark takes AI a step closer to personal superintelligence
Meta Superintelligence Labs has introduced Muse Spark, a natively multimodal reasoning model with support for tool use, visual chain of thought, and multi-agent orchestration. The release includes a Contemplating mode, which is rolling out gradually and orchestrates multiple agents that…
CISA Issues Warning on Critical Ivanti EPMM Flaw Exploited in Ongoing Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical security flaw in Ivanti Endpoint Manager Mobile (EPMM). The agency recently added the vulnerability, identified as CVE-2026-1340, to its Known Exploited Vulnerabilities (KEV) catalog after…
New Silver Fox Campaign Hides ValleyRAT Inside Fake Telegram Chinese Language Pack Installer
A new malware campaign linked to the Silver Fox APT group has been discovered, using a fake Telegram Chinese language pack installer to secretly deliver ValleyRAT — a powerful remote access trojan — onto targeted machines. The malicious file, disguised…
Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code
Google has released Chrome 147 to the stable channel for Windows, Mac, and Linux, patching a sweeping set of security vulnerabilities — including two critical-severity flaws that could allow remote attackers to execute arbitrary code on targeted systems. The most…
New RoningLoader Campaign Uses DLL Side-Loading and Code Injection to Evade Detection
A threat actor known as DragonBreath has launched a stealthy campaign using a multi-stage malware loader called RoningLoader. The malware targets Chinese-speaking users by disguising itself as trusted software such as Google Chrome and Microsoft Teams. Its core strength lies…
Microsoft Suspends Developer Accounts of High-Profile Open-Source Projects
Microsoft has suspended the Windows Hardware Program developer accounts of two critical open-source security projects, VeraCrypt and WireGuard, blocking their ability to sign drivers and push updates to millions of Windows users, with no prior warning or explanation provided to…
300,000 People Impacted by Eurail Data Breach
In December 2025, hackers stole names and passport numbers from the European travel company’s network. The post 300,000 People Impacted by Eurail Data Breach appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: 300,000…
Your MCP Server Is a Resource Server Now. Act Like It.
TL;DR — Without an identity layer, AI agents accessing enterprise tools create real exposure: data exfiltration through unscoped access, audit failures when no one can trace which user authorized which tool call, and lateral movement when a compromised agent inherits…
Sticky-note security turned gym into hall of ’80s horrors
Even fitness equipment is vulnerable to mischief makers these days PWNED Welcome back to Pwned, the column where we share war stories from IT soldiers who shot themselves – or watched someone else shoot themselves – in the foot. Today’s…
Internet-Exposed ICS Devices Raise Alarm for Critical Sectors
Exposed ICS devices and insecure protocols like Modbus increase risks to critical infrastructure, enabling disruption, data access, and potential sabotage. Malware targeting industrial control systems (ICS) poses a serious risk to critical infrastructure, with threats like Stuxnet, Industroyer, Triton, Havex,…