Cybersecurity News, Threats & Vulnerability Alerts
Real-time threat monitoring, zero-day vulnerability analysis, and data breach reports.
Apple Email System Exploited for iPhone Purchase Phishing
Critical protobuf.js RCE Flaw Gets Public Exploit Code
Payouts King Ransomware Uses QEMU for Stealth Backdoors
Microsoft Defender Zero-Days Under Active Attack
CISA Warns of Active Attacks on 13-Year-Old ActiveMQ Flaw
DraftKings Hacker Gets 30 Months for Account Access Sales
Memphis man Kamerin Stokes received 30 months in prison for selling access to tens of thousands of compromised DraftKings accounts.
Three Windows Vulnerabilities Under Active Exploitation
Attackers are exploiting three recently disclosed Windows security flaws to gain SYSTEM privileges and elevated administrator access.
Operation PowerOFF Dismantles DDoS-for-Hire Networks Globally
International law enforcement operation PowerOFF shut down DDoS-for-hire services across 21 countries on April 13, 2026.
ZionSiphon Malware Targets Water Treatment OT Systems
New ZionSiphon malware specifically targets operational technology in water treatment and desalination facilities to disrupt critical infrastructure operations.
Microsoft Defender Hit by Second Zero-Day in Two Weeks
Security researcher releases proof-of-concept exploit for new Microsoft Defender zero-day dubbed RedSun, marking second critical flaw disclosed this month.
Sapphire Sleet Targets Mac Users with Fake Zoom Updates
North Korean threat group Sapphire Sleet deploys ClickFix attacks through fraudulent job offers and malicious Zoom updates to compromise Mac systems.
NKAbuse Malware Exploits Marimo Python Notebook Flaw
Attackers exploit critical Marimo reactive Python notebook vulnerability to deploy NKAbuse malware variant through Hugging Face Spaces infrastructure.
Physical Security Systems Need 2FA Against Threat Actors
Security experts recommend implementing two-factor authentication in physical access systems as threat actors increasingly target non-traditional IT environments.
ATHR Platform Automates Voice Phishing with AI Agents
New ATHR cybercrime platform combines AI agents with human operators to conduct fully automated voice phishing attacks targeting credential theft.
Cisco Patches Four Critical Flaws in Webex and ISE
Cisco released security updates addressing four critical vulnerabilities affecting Webex Services and Identity Services Engine platforms.
Critical Nginx UI Flaw Enables Server Takeover Without Auth
A critical vulnerability in Nginx UI with Model Context Protocol support allows attackers to gain full server control without authentication.
AgingFly Malware Targets Government and Healthcare Sectors
New AgingFly malware family steals authentication data from Chromium browsers and WhatsApp, targeting local governments and hospitals worldwide.
30+ WordPress Plugins Compromised in EssentialPlugin Supply Chain Attack
Over 30 WordPress plugins from EssentialPlugin were compromised with malicious code enabling unauthorized website access, affecting thousands of installations.
Signed Adware Tool Disables Antivirus on Thousands of Systems
Digitally signed adware tool exploits SYSTEM privileges to disable antivirus protections across educational, healthcare, and government networks.
Attackers Weaponize n8n AI Platform for Phishing Campaigns
Threat actors exploit n8n workflow automation platform to bypass security filters and deliver sophisticated phishing attacks through automated emails.