Google Chrome is the most widely used browser in the world, yet a sweeping new analysis reveals it offers users almost no protection against fingerprinting and data leaks that quietly expose their identity to websites and trackers. Published April 14,…
Tag: Cyber Security News
1,250+ C2 Servers Mapped Across Russian Hosting Across 165 Providers
Cybersecurity researchers have uncovered a large and organized network of malicious infrastructure quietly running inside Russia’s commercial hosting ecosystem. Over a three-month window from January 1 to April 1, 2026, more than 1,250 active command-and-control (C2) servers were detected across…
Fake Adobe Reader Download Delivers ScreenConnect Through Stealthy In-Memory Loader
A newly uncovered attack campaign is tricking users into installing remote access software on their systems by disguising malware as a legitimate Adobe Acrobat Reader download. The attack uses a sophisticated chain of techniques — including in-memory execution, process masquerading,…
Hackers Abuse Google Discover With AI-Generated Content to Push Malicious Notifications
A newly identified threat operation is exploiting one of the most widely used content discovery tools on Android and Chrome devices — Google’s Discovery feed — to deliver malicious push notifications to unsuspecting users across multiple countries. The operation, named Pushpaganda by…
Adobe Acrobat Reader Vulnerabilities Let Attackers Execute Arbitrary Code
Adobe has released a critical security bulletin on April 14, 2026, to address multiple vulnerabilities in Adobe Acrobat and Reader for Windows and macOS. According to the official advisory, successful exploitation of these flaws could allow attackers to execute arbitrary…
New PHP Composer Vulnerability Let Attackers Execute Arbitrary Commands
PHP Composer released urgent security updates to address two critical command injection vulnerabilities. PHP Composer is an essential dependency management tool used globally by developers, making any code execution flaws highly concerning. These specific bugs reside in the Perforce Version Control…
Windows Active Directory Vulnerability Allow Attackers to Execute Malicious Code
Microsoft has released urgent security updates to address a critical vulnerability in Windows Active Directory that allows attackers to execute malicious code. Disclosed on April 14, 2026, the vulnerability poses a significant risk to enterprise networks by potentially granting threat…
Microsoft Releases Cumulative Update KB5083769 for Windows 11, Version 25H2 and 24H2
Microsoft has officially released the April 2026 Patch Tuesday cumulative update, KB5083769, for Windows 11 versions 25H2 and 24H2. Released on April 14, 2026, this mandatory security update addresses system vulnerabilities. It brings significant structural enhancements, advancing the operating system…
Google, Microsoft, Meta Tracking You Even if You Opt Out – New Research
In a massive blow to consumer privacy, a new forensic audit reveals that tech giants Google, Microsoft, and Meta are systematically ignoring legally defined privacy opt-out signals. According to the March 2026 California Privacy Audit conducted by webXray, 194 online…
Agentic LLM Browsers Expose New Attack Surface for Prompt Injection and Data Theft
Artificial intelligence is changing how people browse the internet. AI-powered browsers no longer just show web pages — they read content, take actions, and complete tasks for the user. These tools, called agentic LLM browsers, let users give simple commands…
Hackers Create Hidden Mailbox Rules in Microsoft 365 to Intercept Sensitive Business Emails
Cybercriminals have found a quiet way to sit inside a corporate email account and read everything being sent and received — without the account owner ever knowing. Attackers are now abusing a built-in Microsoft 365 feature called mailbox rules to…
Windows BitLocker Vulnerability Allows Attacker to Bypass Security Feature
Microsoft officially released security updates to address a significant vulnerability in Windows BitLocker. Tracked as CVE-2026-27913, this security feature bypass vulnerability was discovered by security researcher Alon Leviev in collaboration with the Microsoft STORM team. The flaw poses a substantial…
FUNNULL-Linked Triad Nexus Resurfaces With 175+ Rotating CNAME Domains and Global Scam Portals
A cybercriminal group tied to the FUNNULL Content Delivery Network has made a calculated return with a far more sophisticated and evasive infrastructure. Known as Triad Nexus, the group has rebuilt its global fraud operation following U.S. Treasury sanctions, deploying…
Microsoft Defender 0-Day Vulnerability Enables Privilege Escalation Attack
Microsoft has released patch Tuesday security updates to address a newly discovered zero-day vulnerability in the Microsoft Defender Antimalware Platform. Disclosed on April 14, 2026, the flaw is tracked as CVE-2026-33825 and carries an “Important” severity rating. If successfully…
New JanaWare Ransomware Targets Turkish Users Through Customized Adwind RAT
A new ransomware family called JanaWare has begun targeting computer users in Turkey, relying on a customized version of the Adwind remote access trojan (RAT) to gain a foothold on victims’ systems. This campaign stands out because it combines a…
25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack
What started as a routine adware alert quickly turned into something far more serious. On the morning of March 22, 2026, security alerts began firing across multiple managed environments, all linked to software signed by a company called Dragon Boss…
OpenAI Launches GPT-5.4 with Reverse Engineering, Vulnerability and Malware Analysis Features
OpenAI has unveiled GPT-5.4-Cyber, a specialized variant of its flagship GPT-5.4 model fine-tuned for advanced defensive cybersecurity workflows, granting vetted security professionals expanded access to capabilities such as binary reverse engineering, vulnerability scanning, and malware analysis, with fewer restrictions than…
Microsoft SharePoint Server 0-Day Vulnerability Actively Exploited in Attacks
A critical zero-day spoofing vulnerability in Microsoft SharePoint Server is being actively exploited in the wild, Microsoft confirmed on April 14, 2026, as part of its monthly security update cycle. Tracked as CVE-2026-32201, the flaw affects multiple versions of SharePoint…
Synology SSL VPN Client Vulnerabilities Let Remote Attackers Access Sensitive Files
Synology reveals two severe SSL VPN Client flaws that could let remote attackers steal sensitive files and intercept network traffic. The vulnerabilities affect users running older versions of the software and require immediate patching to prevent potential network compromise. Virtual…
Critical ShowDoc RCE Vulnerability Active Exploited in the Wild
Threat actors are actively exploiting a critical vulnerability in ShowDoc, a popular online document-sharing and collaboration tool used by IT teams worldwide. Tracked under the identifier CNVD-2020-26585, this severe security flaw allows unauthenticated remote attackers to upload malicious files and execute…