The integration of AI coding agents has introduced new, high-impact attack surfaces for development teams. Phantom Labs at BeyondTrust recently discovered a critical command-injection vulnerability in OpenAI Codex. This flaw allowed attackers to steal sensitive GitHub User Access Tokens. By…
Tag: Cyber Security News
50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability
A critical security flaw in the popular WordPress plugin “Ninja Forms – File Upload” has left approximately 50,000 websites vulnerable to complete takeover. Tracked as CVE-2026-0740, this flaw boasts a maximum CVSS severity score of 9.8, making it a severe…
Microsoft Warns Storm-1175 Exploits Web-Facing Assets 0-Day Flaws in Medusa Ransomware Attacks
A new ransomware campaign is putting organizations on high alert. A financially motivated threat group known as Storm-1175 has been running fast-paced attacks targeting vulnerable, internet-facing systems — and deploying the Medusa ransomware as the final blow. What makes this…
Researcher Released Windows Defender 0-Day Exploit Code, Allowing Attackers to Gain Full Access
A security researcher operating under the alias Chaotic Eclipse (@ChaoticEclipse0) has publicly dropped a working zero-day local privilege escalation (LPE) exploit for Windows, dubbed BlueHammer, along with full proof-of-concept (PoC) source code on GitHub. The disclosure was confirmed by vulnerability researcher Will Dormann, who…
Trojanized PyPI AI Proxy Uses Stolen Claude Prompt to Exfiltrates Data
A malicious Python package has been discovered on PyPI that disguises itself as a privacy-focused AI inference tool while quietly stealing sensitive user data in the background. Named hermes-px, the package marketed itself as a “Secure AI Inference Proxy” that routes…
CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in Fortinet FortiClient Enterprise Management Server (EMS), to its Known Exploited Vulnerabilities (KEV) catalog on April 6, 2026, mandating federal agencies to remediate by April…
North Korean IT Worker Unmasked After Refusing to Insult Kim Jong Un in Job Interview
A viral video circulating in cybersecurity and crypto circles has exposed a novel and surprisingly simple technique for unmasking North Korean state-sponsored IT workers attempting to infiltrate Western organizations: asking them to insult their Supreme Leader. The footage shows a…
DPRK Cyber Program Uses Modular Malware Strategy to Evade Attribution and Survive Takedowns
North Korea’s cyber program has fundamentally shifted how it builds and deploys malware. Rather than relying on one all-purpose hacking tool, the regime has assembled a fragmented ecosystem of purpose-built malware families, each aligned to a specific mission. This shift…
New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens
A new attack campaign is actively targeting open-source repositories on GitHub by carefully disguising malicious code as completely routine CI build configuration updates. The campaign, prt-scan exploits a widely misused GitHub Actions workflow trigger to steal sensitive tokens, credentials, and…
Hackers Drain $286 Million From Drift Protocol in Suspected North Korea-Linked Exploit
The largest decentralized perpetual futures exchange on the Solana blockchain — became the target of a massive and well-orchestrated theft on April 1, 2026, Drift Protocol. Unknown attackers managed to drain $286 million in digital assets from the platform’s core…
Hackers Use Poisoned Axios Package and Phantom Dependency to Spread Cross-Platform Malware
One of the most widely used JavaScript libraries in the world was turned into a weapon on March 30, 2026, when attackers poisoned the Axios npm package and silently deployed malware on developer machines running Windows, macOS, and Linux. With…
Hackers Compromised ILSpy WordPress Domain to Deliver Malware
A new supply chain attack targeting developers after threat actors compromised the official WordPress domain for ILSpy on April 6, 2026. Instead of providing the legitimate software, the hijacked website began redirecting visitors to a malicious webpage to deliver malware.…
Critical Dgraph Database Vulnerability Let Attackers Bypass Authentication
A maximum-severity vulnerability in Dgraph, a popular open-source graph database. Tracked as CVE-2026-34976, this critical flaw carries a perfect CVSS score of 10.0. It allows unauthenticated remote attackers to bypass all security controls, overwrite entire databases, read sensitive server files,…
Apache Traffic Server Vulnerabilities Let Attackers Trigger DoS Attack
The Apache Software Foundation has released emergency security updates to address two severe vulnerabilities in the Apache Traffic Server (ATS). ATS operates as a high-performance web proxy cache that improves network efficiency and handles massive volumes of enterprise web traffic.…
Google’s Bug Bounty Program Hits All-Time High With $17 Million in 2025 Payouts
Google’s Vulnerability Reward Program (VRP) celebrated its 15th anniversary in 2025 by breaking every payout record in its history. The tech giant awarded a staggering $17 million to external security researchers worldwide, representing a massive 40% surge compared to 2024.…
Hackers Using Fake “Microsoft Teams” Domains to Attack Users Via Malicious Payload
Cybercriminals are launching a sophisticated new wave of attacks using fake Microsoft Teams domains. According to recent threat intelligence shared by SEAL Org, hackers are actively tricking corporate users into downloading malicious payloads by mimicking the widely used communication platform. As…
Critical Claude Code Flaw Silently Bypasses Developer-Configured Security Rules
A high-severity security bypass vulnerability in Anthropic’s Claude Code AI coding agent allows malicious actors to silently evade user-configured deny rules through a simple command-padding technique, exposing hundreds of thousands of developers to credential theft and supply chain compromise. According…
METATRON – Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to Linux
A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment. Built for Parrot OS and other Debian-based Linux distributions, METATRON combines automated reconnaissance tooling with…
New ResokerRAT Uses Telegram Bot API to Control Infected Windows Systems
A new Remote Access Trojan (RAT) called ResokerRAT has been found targeting Windows systems by abusing Telegram’s widely used Bot API to receive commands and send stolen data back to attackers. Unlike traditional malware that relies on custom command-and-control servers,…
36 Malicious npm Strapi Packages Used to Deploy Redis RCE and Persistent C2 Malware
A coordinated supply chain attack has been uncovered targeting developers who build applications on Strapi, a widely used open-source content management system. Thirty-six malicious npm packages disguised as legitimate Strapi plugins were published to the npm registry, carrying payloads designed…