Tag: Cyber Security News

APT41 is once again pushing its Linux capabilities forward, this time by quietly turning cloud servers into powerful credential theft platforms. The group’s latest Winnti-family backdoor is a zero‑detection ELF implant designed specifically for Linux workloads running on AWS, Google…

Read more →

Global travel booking giant Booking.com has confirmed a cyberattack in which unauthorized third parties gained access to customers’ personal data, including names, email addresses, phone numbers, and reservation details, raising immediate concerns about downstream phishing attacks targeting millions of travelers…

Read more →

A dangerous malware campaign has been silently targeting cryptocurrency users by hiding inside a fake version of Proxifier, a popular proxy software tool. Threat actors set up a GitHub repository designed to look like a legitimate Proxifier download, but the…

Read more →

Rockstar Games has confirmed a data breach after the notorious hacking group ShinyHunters exploited a third-party integration to access the company’s internal Snowflake data warehouse, ultimately leaking over 78.6 million records on April 14, 2026. The breach did not stem…

Read more →

Cybercriminals are now weaponizing the very tools that developers and IT teams trust the most. By abusing the automated notification features built into GitHub and Jira, threat actors are delivering convincing phishing emails that originate directly from those platforms’ own…

Read more →

Anthropic’s Claude AI is facing a fresh wave of user-reported disruptions on April 13, 2026, with hundreds of users encountering intermittent HTTP 500 internal server errors across claude.ai, the API, and Claude Code, even as Anthropic’s official status page continues…

Read more →

The cybersecurity community is on high alert after the disclosure of a critical security flaw in Axios, a widely used promise-based HTTP client for Node.js and browsers. Security researcher Jason Saayman recently disclosed an unrestricted vulnerability that allows exfiltration of cloud…

Read more →

A critical vulnerability was disclosed in Marimo, an open-source reactive Python notebook platform. Less than 10 hours later, attackers successfully weaponized the flaw to steal sensitive cloud credentials, highlighting the extreme speed of modern threat actors. The security flaw is…

Read more →

Web server administrators must prioritize updating their infrastructure, as Nginx 1.29.8 and the parallel FreeNginx project have officially released critical updates. Released on April 7, 2026, these new versions introduce essential security features, enhanced cryptographic compatibility, and crucial bug fixes…

Read more →

Proving the ROI the company gets from SOC operations is a persistent challenge for SOC leaders and CISOs.  Financial leadership may view investing money into security as something that doesn’t drive value, since risk mitigation is hard to quantify.  However, with the right approach, high-quality threat intelligence saves money and…

Read more →

Mozilla has publicly criticized Microsoft for deploying its AI assistant, Copilot, onto Windows systems without user consent, a practice the Firefox maker describes as prioritizing corporate revenue over user rights. In a blog post titled “Old Habits Die Hard,” Mozilla…

Read more →

A dangerous Python-based backdoor called VIPERTUNNEL has been quietly making its way into enterprise networks, hiding inside a fake DLL file and using multiple layers of code obfuscation to stay undetected. The malware creates a SOCKS5 proxy tunnel to a…

Read more →

Europe’s largest budget fitness chain by club count, Basic-Fit, has confirmed a significant data breach affecting approximately 1 million members across multiple countries, with around 200,000 members in the Netherlands alone impacted by unauthorized access to its membership systems. Basic-Fit,…

Read more →

A North Korean state-sponsored threat group known as APT37 has launched a new targeted intrusion campaign using social media platforms, encrypted messaging apps, and a carefully tampered software installer to compromise victims. The attack is notable for how convincingly it…

Read more →

Elon Musk has officially rolled out XChat, a major security overhaul to the direct messaging infrastructure on the X platform. Designed to rival secure messengers like Signal and Telegram, XChat integrates strong privacy controls directly into the X ecosystem. The…

Read more →

Adobe has issued an emergency security patch to neutralize a critical zero-day vulnerability in Acrobat Reader that is currently being exploited in the wild. Tracked as CVE-2026-34621, this severe flaw enables threat actors to achieve arbitrary code execution on compromised machines.…

Read more →

A critical security flaw found in a widely used WordPress plugin is putting thousands of websites at serious risk worldwide. Tracked as CVE-2026-1492, this vulnerability affects the User Registration & Membership plugin for WordPress and lets attackers completely bypass the…

Read more →

Microsoft has officially acknowledged that recent security updates for Windows 11 are causing the “Reset this PC” (Push-button reset) recovery feature to fail. The issue was confirmed in the release notes for the March 2026 hotpatch updates, affecting systems running…

Read more →

Telegram founder Pavel Durov has accused WhatsApp of perpetrating what he calls “the biggest consumer fraud in history,” alleging that the platform’s widely marketed end-to-end encryption (E2EE) claims are fundamentally misleading, leaving the private messages of billions of users exposed…

Read more →

OpenAI has disclosed a security incident tied to the compromise of Axios, a widely used third-party JavaScript developer library, as part of a broader software supply chain attack detected on March 31, 2026. While the company confirmed no user data,…

Read more →