Cybersecurity News
-
Critical ShowDoc Vulnerability Exposes Organizations to Unauthenticated RCE
Cybersecurity researchers have uncovered a severe vulnerability in ShowDoc, a widely used online document-sharing platform designed for IT teams. Tracked as CNVD-2020-26585, this flaw enables unauthenticated remote code execution (RCE)…
Read More » -
CISA Warns of Critical Fortinet Vulnerability: CVE-2026-21643
On April 13, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-21643 to its Known Exploited Vulnerabilities (KEV) catalog. This move confirms that threat actors are actively exploiting this…
Read More » -
Rockstar Games Data Breach: ShinyHunters Leaks 78.6 Million Records
Rockstar Games has suffered a significant data breach after the infamous threat group ShinyHunters leaked over 78.6 million internal records on April 14, 2026. Supply-Chain Attack via Third-Party Platform The…
Read More » -
SAP April 2026 Security Patch Day: Critical Vulnerabilities Demand Immediate Action
SAP released its monthly Security Patch Day updates for April 2026, addressing 19 new security notes and one update to a previously released note. These patches resolve severe vulnerabilities, including…
Read More » -
China-Linked APT41 Deploys Stealthy Linux Backdoor with SMTP Command-Control
Security researchers have uncovered a previously undocumented Linux backdoor attributed to China-linked APT41 (Winnti) group, actively targeting cloud workloads across AWS, Google Cloud Platform, Azure, and Alibaba Cloud. This zero-day…
Read More » -
The Emergence of Okta Vishing: Identity-Centric Cloud Attacks on the Rise
Hackers are increasingly abandoning email phishing in favor of a more sophisticated threat vector: voice-based social engineering targeting identity platforms like Okta. Dubbed “Okta vishing,” this technique transforms single-account compromises…
Read More » -
Critical Security Flaws Discovered in Synology SSL VPN Client
In a significant development for cybersecurity, Synology has released a critical security update addressing dangerous vulnerabilities in its widely-used SSL VPN Client utility. These vulnerabilities could potentially allow remote attackers…
Read More » -
Critical Axios Vulnerability Enables Full Cloud Infrastructure Compromise
A severe security flaw has been identified in Axios, one of the internet’s most popular HTTP client libraries. This vulnerability (CVE-2026-40175) allows Remote Code Execution (RCE) and complete cloud infrastructure…
Read More » -
Basic-Fit Data Breach Exposes Personal Data of 1 Million European Members
European fitness giant Basic-Fit has confirmed a major data breach compromising approximately 1 million member accounts across its operating regions. The incident heavily impacted Dutch members, with 200,000 accounts exposed,…
Read More » -
SaaS Platforms Abused: GitHub and Jira Become Phishing Proxies
Threat actors are weaponizing GitHub and Jira’s internal notification systems to craft undetectable phishing campaigns. By hijacking official mail servers, attackers send emails that bypass standard security protocols like SPF,…
Read More » -
Booking.com Suffers Data Breach Affecting Customer Booking Information
The accommodation reservation platform Booking.com has experienced a data breach in which unauthorised parties gained access to customer booking details. The company discovered “suspicious activity involving unauthorised third parties being…
Read More » -
Iran’s CyberAv3ngers Escalates Attacks on U.S. Water Utilities and Industrial Systems
CyberAv3ngers, an Iranian state-linked threat group, has intensified disruptive campaigns against U.S. water utilities and industrial control systems, shifting from noisy hacktivism to sustained operational technology (OT) compromises as documented…
Read More » -
APT37 Campaign: Social Engineering via Facebook & Tampered PDFelement Targets Defense Sector
North Korea-linked threat actor APT37 is conducting a sophisticated intrusion campaign that weaponizes Facebook and Telegram to deliver a tampered Wondershare PDFelement installer. This attack chain enables stealthy access and…
Read More » -
Critical Apache Tomcat Security Updates Patch Three High-Risk Vulnerabilities
The Apache Software Foundation has issued critical security updates for Tomcat to address three newly disclosed vulnerabilities affecting widely deployed enterprise web servers. These flaws pose significant risks by enabling…
Read More » -
WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass
A newly disclosed vulnerability, tracked as CVE-2026-1492, has been identified in the User Registration & Membership plugin for WordPress, exposing websites to critical authentication bypass and privilege escalation risks. Affecting…
Read More » -
EDR Killers Broaden Ransomware Tactics, ESET Warns
Ransomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts, anti‑rootkits, and driverless techniques. According to ESET’s latest telemetry-backed study,…
Read More » -
Adobe Releases Emergency Patch for Critical Zero-Day Flaw in Acrobat and Reader
Adobe has issued an urgent security update to fix a critical zero-day vulnerability affecting Acrobat and Reader on both Windows and macOS platforms. The flaw, tracked as CVE-2026-34621, is currently…
Read More » -
UK NCA Leads Global Anti-Crypto Fraud Operation Targeting 20,000 Victims
An international law enforcement action led by the U.K.’s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States.…
Read More »