A new iteration of the notorious Mirai botnet, dubbed Nexcorium, has emerged in the wild, aggressively targeting internet-connected video recording devices. According to recent threat research published by Fortinet’s FortiGuard Labs, threat actors are exploiting a known command injection vulnerability…
Tag: Cyber Security News
Fiverr Allegedly Leaks User Information to Google Indexing, Researchers Say
Freelance service platform Fiverr is facing a significant privacy incident after researchers discovered that sensitive customer files are publicly accessible and indexed by Google search. According to a recent disclosure on Hacker News, an insecure file-hosting configuration has exposed personal…
PoC Exploit Released for FortiSandbox Vulnerability that Allows Attacker to Execute Commands
A proof-of-concept (PoC) exploit has been publicly released for a critical vulnerability in Fortinet’s FortiSandbox product, tracked as CVE-2026-39808. The flaw allows an unauthenticated attacker to execute arbitrary operating system commands as root, the highest privilege level, without requiring any login…
Nearly 6 Million Internet-Facing FTP Servers Still Exposed in 2026, Censys Warns
According to a recent April 2026 report by security researcher Himaja Motheram at Censys, just under 6 million internet-facing hosts are still running the File Transfer Protocol (FTP). While this marks a significant 40% decline from the 10.1 million servers…
Hackers Target TP-Link Routers With Mirai Malware in CVE-2023-33538 Exploitation Attempts
A known security flaw in several end-of-life TP-Link Wi-Fi routers is being actively targeted by hackers trying to install Mirai-based botnet malware on vulnerable devices. The vulnerability, tracked as CVE-2023-33538, affects multiple TP-Link models that no longer receive vendor updates,…
Email-Borne Worm Surge Drives New Threat Wave Across Industrial Control Systems
A global wave of email-borne worms hit industrial control systems (ICS) in the fourth quarter of 2025, marking one of the most concerning threat shifts seen across operational technology (OT) environments in recent years. The surge was largely tied to…
Fake Zoom SDK Update Delivers Sapphire Sleet Malware in New macOS Intrusion Chain
A North Korean threat actor known as Sapphire Sleet has launched a new campaign against macOS users, using a fake Zoom SDK update to trick victims into running malicious files that steal passwords, cryptocurrency assets, and personal data. Unlike attacks…
Hackers Use ATHR to Run AI-Powered Vishing, Credential Theft, and Phone-Based Phishing at Scale
A new cybercrime platform called ATHR is making it much easier for attackers to run large-scale phone-based phishing operations, also known as vishing. Instead of relying on malicious links or infected email attachments, this platform sends simple-looking emails with just…
Anthropic Releases Claude Opus 4.7 with Automated Real-Time Cybersecurity Safeguards
Anthropic has launched Claude Opus 4.7, its latest flagship model, combining improved coding and vision capabilities with automated real-time safeguards to detect and block high-risk cybersecurity requests. The release is notable because Anthropic is testing these protections on a broadly…
Fake Ledger Hardware Wallets on Chinese Marketplaces Steal Crypto Seeds and PINs
A Brazilian cybersecurity researcher has exposed a sophisticated, large-scale supply chain scam involving counterfeit Ledger Nano S Plus hardware wallets sold through a Chinese marketplace, devices engineered from the ground up to silently drain cryptocurrency across roughly 20 blockchains. The…
Attackers Weaponize CVE-2026-39987 to Spread Blockchain-Based Backdoor Via Hugging Face
A critical vulnerability in the marimo Python notebook platform is now being actively used by attackers to deploy a blockchain-powered backdoor on developer systems. The flaw, tracked as CVE-2026-39987, allows remote code execution without authentication, making it a dangerous entry…
Leaked Windows Defender 0-Day Vulnerability Actively Exploited in Attacks
An active in-the-wild exploitation of three recently leaked Windows Defender privilege escalation vulnerabilities, with threat actors deploying proof-of-concept exploit code sourced directly from public GitHub repositories against real enterprise targets. On April 2, 2026, a security researcher operating under the…
CISA Warns of Apache ActiveMQ Input Validation Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security defect in Apache ActiveMQ. On April 16, 2026, the agency officially added the vulnerability, tracked as CVE-2026-34197, to its Known Exploited Vulnerabilities (KEV) catalog.…
Payouts King Rises as New Ransomware Threat Linked to Former BlackBasta Affiliates
A relatively unknown ransomware group called Payouts King has emerged as a serious cybersecurity threat, carrying the torch of the now-defunct BlackBasta operation. Since its appearance in April 2025, the group has quietly carried out targeted attacks while remaining largely…
One-Click RCE in Azure Windows Admin Center Allow Attacker to Execute Arbitrary Commands
Windows Admin Center is a locally deployed, browser-based management tool used by IT administrators to manage Windows servers, clients, and clusters from a centralized graphical interface. This newly discovered critical flaw, identified by Cymulate Research Labs, allows attackers to achieve…
Windows Snipping Tool Vulnerability Allows Attacker to Perform Spoofing Over a Network
Microsoft has addressed a moderate-severity security flaw in the Windows Snipping Tool that could allow malicious actors to steal user credentials. Tracked as CVE-2026-33829, this spoofing vulnerability was officially patched during the April 14, 2026, security updates. Discovered and reported…
Microsoft Confirms Windows Servers Enter Reboot Loops Following April Patches
Microsoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers following the deployment of the April 2026 Patch Tuesday cumulative update, KB5082063, where affected servers are entering repeated reboot loops after installation. Released on April 14, 2026,…
Hackers Target Israeli Desalination Plants With ZionSiphon Sabotage Malware
A newly discovered piece of malware called ZionSiphon has raised serious concerns about the security of critical water infrastructure in Israel. The malware was built with a clear focus: to infiltrate and potentially sabotage Israeli water treatment and desalination systems,…
Microsoft Defender 0-Day Vulnerability “RedSun” Enables Full SYSTEM Access
A newly disclosed zero-day vulnerability in Microsoft Defender, dubbed “RedSun,” allows an unprivileged user to escalate privileges to full SYSTEM-level access on fully patched Windows 10, Windows 11, and Windows Server 2019 and later systems, and as of now, remains…
Microsoft Confirms Windows 11 Updates May Force Users to Enter BitLocker Recovery Key
Microsoft has officially acknowledged a known issue affecting Windows 11 users following the release of its April 2026 Patch Tuesday cumulative updates. Devices running certain BitLocker Group Policy configurations may unexpectedly prompt users to enter their BitLocker recovery key after…