malicious

April 8, 2026

Cybercriminals Use Fake Zoom, Teams Calls to Deliver Malware

Hackers are increasinglyusing fake Zoom and Microsoft Teams meetings to trick victims into infecting their own systems with malware. SEAL…
Read More »
April 8, 2026

FBI Takes Down Russian Campaign That Compromised Thousands of Routers

U.S. Justice Department and FBI actions disrupted a worldwide network of hacked SOHO routers controlled by Russia’s GRU intelligence agency…
Read More »
April 8, 2026

Claude Code Leak Exploited to Spread Vidar and GhostSocks via GitHub Releases

Hackers exploited the exposed Claude Code source leak as a channel for malware distribution, using GitHub Releases to deliver the…
Read More »
April 8, 2026

Russian State-Sponsored Hackers Targeting Global Router Networks

Russian military-linked hackers are actively compromising poorly secured home and small-office routers to hijack internet traffic and conduct espionage on…
Read More »
April 8, 2026

ComfyUI Servers Hijacked for Cryptomining, Proxy Botnet Ops

Hackers are aggressively hijacking Internet-exposed ComfyUI servers and converting them into high‑value cryptomining rigs and proxy botnet nodes, abusing weakly…
Read More »
April 8, 2026

Claude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQ

An AI assistant recently uncovered a critical remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that went unnoticed for…
Read More »
April 7, 2026

Critical Ninja Forms File Upload Vulnerability Allows Unauthenticated Remote Code Execution

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress enables attackers to upload arbitrary files without…
Read More »
April 7, 2026

GPUBreach Attack Could Lead to Full System Takeover and Root Shell Access

Researchers at the University of Toronto have uncovered a new vulnerability dubbed “GPUBreach,” which demonstrates that GPU-based Rowhammer attacks can…
Read More »
April 7, 2026

Kubernetes Flaws Let Hackers Jump From Containers to Cloud Accounts

Hackers are increasingly abusing Kubernetes misconfigurations to jump from containers into high‑value cloud accounts, turning a single compromised pod into…
Read More »
April 7, 2026

Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published

Cybersecurity researchers have discovered critical vulnerabilities in the Windmill developer platform and Nextcloud Flow, an integration embedding the Windmill engine.…
Read More »
April 7, 2026

CUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code Execution

A team of AI-driven vulnerability hunting agents directed by security researcher Asim Viladi Oglu Manizada has discovered two critical security…
Read More »
April 7, 2026

Fake Gemini npm Package Steals AI Tool Tokens

Malicious actors are exploiting a counterfeit Gemini-themed npm package to pilfer tokens and secrets from developers utilizing AI coding tools…
Read More »
April 7, 2026

Tor-Backed ClickFix Campaign Drops Node.js RAT on Windows

Criminals are leveraging the “ClickFix” scheme, a deceptive tactic that dupes users into engaging with counterfeit CAPTCHA or verification screens.…
Read More »
April 7, 2026

Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed

A critical security flaw in Flowise, a widely used open-source AI development platform, is currently being actively exploited in the…
Read More »
April 7, 2026

Threat Actors Exploit LogMeIn Resolve, ScreenConnect in Phishing Campaigns

Cybercriminals are exploiting legitimate remote monitoring and management (RMM) tools LogMeIn Resolve and ScreenConnect in a multi-stage phishing operation that…
Read More »
April 6, 2026

Iran-Linked Hackers Hit M365 Tenants in Middle East Password Spray Campaign

Iran-linked threat actors have launched a coordinated password-spraying campaign targeting Microsoft 365 environments across the Middle East, according to new…
Read More »
April 6, 2026

Trojanized PyPI AI Proxy Steals Claude Prompt, Exfiltrates Data

A malicious PyPI package, hermes-px, masquerades as a “Secure AI Inference Proxy” while secretly stealing user prompts and abusing a…
Read More »
April 6, 2026

Critical Claude Code Flaw Silently Bypasses User-Configured Security Rules

Anthropic’s flagship AI coding agent, Claude Code, contains a critical security flaw that silently bypasses developer-configured safety rules. The vulnerability…
Read More »
April 6, 2026

Google’s Bug Bounty Program Hits Record $17 Million in 2025 Payouts

Google announced a record-breaking year for its Vulnerability Reward Program (VRP) in 2025, paying out over $17 million to ethical…
Read More »
April 6, 2026

36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 Malware

A coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a…
Read More »

Previous page Next page