A new wave of cyber attacks is hitting trucking carriers and freight brokers, and the goal is not just data theft. Criminals are breaking into logistics companies digitally to steal physical cargo shipments worth millions of dollars in the real…
Tag: Cyber Security News
EU’s New Age Verification App Can Be Hacked Within 2 Minutes, Researchers Claim
The European Commission’s newly launched Digital Age Verification App, unveiled on April 14, 2026, to protect minors from harmful online content, has already been compromised, with UK-based security consultant Paul Moore demonstrating a full authentication bypass in under two minutes.…
SpankRAT Exploits Windows Explorer Processes for Stealth and Delayed Detection
A newly identified two-component Remote Access Trojan (RAT) toolkit built in Rust, dubbed SpankRAT, is being used by threat actors to abuse legitimate Windows processes, bypass reputation-based security controls, and maintain persistent access to compromised environments while largely evading detection…
McGraw Hill Confirms Data Breach Exposing 13.5 Million Users’ Personal Data
Education publishing giant McGraw-Hill has confirmed a data breach following an extortion attempt, with more than 100GB of stolen data now publicly distributed online, exposing the personal information of approximately 13.5 million users. The breach, disclosed in April 2026, stems…
Critical Cisco ISE Vulnerabilities Let Remote Attackers Execute Malicious Code
Cisco has issued an urgent security advisory warning of multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). According to the official Cisco security advisory published on April 15, 2026, these flaws could allow an…
New UAC-0247 Campaign Steals Browser and WhatsApp Data From Hospitals and Governments
A threat cluster tracked as UAC-0247 has been running an active campaign since early 2026, targeting local governments and municipal healthcare institutions across Ukraine, including clinical hospitals and emergency ambulance services. The attackers are not only stealing sensitive data from…
Two U.S. Nationals Sentenced for Running Laptop Farm for DPRK Remote Workers
Two American nationals have been sentenced to federal prison for operating a sophisticated “laptop farm” scheme. The operation successfully infiltrated over 100 U.S. companies, generating more than $5 million in illicit revenue to fund the Democratic People’s Republic of Korea…
Microsoft 365 Web Services Hit by Google Chrome 147 Compatibility Issue
Microsoft is actively investigating a widespread authentication issue affecting users attempting to access Microsoft 365 web-based services through Google Chrome version 147. The problem, first reported on April 16, 2026, has left a significant number of users unable to properly…
31 High-Impact Vulnerabilities Exploited in March as Interlock Hits Cisco FMC Zero-Day
March 2026 turned out to be one of the more active months for vulnerability exploitation this year. Security researchers tracked 31 high-impact vulnerabilities that were actively used against real-world systems, touching products from more than 20 major vendors including Cisco,…
Nginx-ui Vulnerability Actively Exploited in Attack – Enables Full Server Takeover
A critical authentication bypass vulnerability in Nginx UI, tracked as CVE-2026-33032 with a maximum CVSS score of 9.8, is currently being actively exploited in the wild. This flaw allows unauthenticated remote attackers to gain complete control over affected Nginx web…
Cisco Webex Services Vulnerability Let Remote Attacker Impersonate Any User
Cisco has issued a critical security advisory warning of a severe vulnerability in its cloud-based Webex Services. Tracked as CVE-2026-20184, this flaw carries a maximum Common Vulnerability Scoring System (CVSS) base score of 9.8 out of 10 According to the…
Hackers Abuse n8n AI Workflow Automation to Deliver Malware Through Trusted Webhooks
Cybercriminals have found a new way to sneak malware past traditional security filters by hijacking a legitimate AI workflow automation tool called n8n. Rather than building their own infrastructure from scratch, these threat actors are turning a productivity platform into…
Fake Proton VPN Sites and Gaming Mods Spread NWHStealer in New Windows Malware Campaign
A newly identified information-stealing malware called NWHStealer is quietly making its way onto Windows systems through a well-disguised campaign that uses fake VPN websites, gaming mods, and hardware utility tools as bait. The attackers are not relying on spam emails…
Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now!
Google has rolled out a crucial security update for its Chrome browser, addressing 31 vulnerabilities that could leave systems exposed to severe cyber threats. Released on April 15, 2026, this Stable Channel update requires immediate attention from users worldwide, as…
Splunk Enterprise and Cloud Platform Vulnerability Enables Remote Code Execution Attacks
A critical security vulnerability has been officially disclosed, affecting multiple versions of Enterprise and Cloud platforms. Tracked as CVE-2026-20204, this high-severity flaw carries a CVSS score of 7.1 and poses a significant threat to organizational networks. Discovered and reported by…
New Chrome Privacy Analysis Shows How Fingerprinting and Header Leaks Can Expose Users
Google Chrome is the most widely used browser in the world, yet a sweeping new analysis reveals it offers users almost no protection against fingerprinting and data leaks that quietly expose their identity to websites and trackers. Published April 14,…
1,250+ C2 Servers Mapped Across Russian Hosting Across 165 Providers
Cybersecurity researchers have uncovered a large and organized network of malicious infrastructure quietly running inside Russia’s commercial hosting ecosystem. Over a three-month window from January 1 to April 1, 2026, more than 1,250 active command-and-control (C2) servers were detected across…
Fake Adobe Reader Download Delivers ScreenConnect Through Stealthy In-Memory Loader
A newly uncovered attack campaign is tricking users into installing remote access software on their systems by disguising malware as a legitimate Adobe Acrobat Reader download. The attack uses a sophisticated chain of techniques — including in-memory execution, process masquerading,…
Hackers Abuse Google Discover With AI-Generated Content to Push Malicious Notifications
A newly identified threat operation is exploiting one of the most widely used content discovery tools on Android and Chrome devices — Google’s Discovery feed — to deliver malicious push notifications to unsuspecting users across multiple countries. The operation, named Pushpaganda by…
Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code
Adobe has released a critical security bulletin on April 14, 2026, to address multiple vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. According to the official advisory, successful exploitation of these flaws could allow attackers to execute arbitrary…