Cybersecurity News, Threats & Vulnerability Alerts

DraftKings Hacker Gets 30 Months for Account Access Sales

Memphis man Kamerin Stokes received 30 months in prison for selling access to tens of thousands of compromised DraftKings accounts.

4m20

windows-vulnerabilities April 17 — 08:14 AM

Three Windows Vulnerabilities Under Active Exploitation

Attackers are exploiting three recently disclosed Windows security flaws to gain SYSTEM privileges and elevated administrator access.

5m7

operation-poweroff April 17 — 12:26 AM

Operation PowerOFF Dismantles DDoS-for-Hire Networks Globally

International law enforcement operation PowerOFF shut down DDoS-for-hire services across 21 countries on April 13, 2026.

5m39

zionsiphon-malware April 17 — 12:04 AM

ZionSiphon Malware Targets Water Treatment OT Systems

New ZionSiphon malware specifically targets operational technology in water treatment and desalination facilities to disrupt critical infrastructure operations.

5m37

microsoft-defender April 16 — 10:19 PM

Microsoft Defender Hit by Second Zero-Day in Two Weeks

Security researcher releases proof-of-concept exploit for new Microsoft Defender zero-day dubbed RedSun, marking second critical flaw disclosed this month.

5m68

sapphire-sleet April 16 — 09:42 PM

Sapphire Sleet Targets Mac Users with Fake Zoom Updates

North Korean threat group Sapphire Sleet deploys ClickFix attacks through fraudulent job offers and malicious Zoom updates to compromise Mac systems.

5m12

nkabuse-malware April 16 — 06:58 PM

NKAbuse Malware Exploits Marimo Python Notebook Flaw

Attackers exploit critical Marimo reactive Python notebook vulnerability to deploy NKAbuse malware variant through Hugging Face Spaces infrastructure.

5m15

physical-security April 16 — 05:28 PM

Physical Security Systems Need 2FA Against Threat Actors

Security experts recommend implementing two-factor authentication in physical access systems as threat actors increasingly target non-traditional IT environments.

4m7

athr-platform April 16 — 04:09 PM

ATHR Platform Automates Voice Phishing with AI Agents

New ATHR cybercrime platform combines AI agents with human operators to conduct fully automated voice phishing attacks targeting credential theft.

5m17

cisco-webex April 16 — 02:01 PM

Cisco Patches Four Critical Flaws in Webex and ISE

Cisco released security updates addressing four critical vulnerabilities affecting Webex Services and Identity Services Engine platforms.

5m21

nginx-ui April 16 — 12:35 AM

Critical Nginx UI Flaw Enables Server Takeover Without Auth

A critical vulnerability in Nginx UI with Model Context Protocol support allows attackers to gain full server control without authentication.

5m14

agingfly-malware April 15 — 11:57 PM

AgingFly Malware Targets Government and Healthcare Sectors

New AgingFly malware family steals authentication data from Chromium browsers and WhatsApp, targeting local governments and hospitals worldwide.

5m15

wordpress-plugins April 15 — 10:33 PM

30+ WordPress Plugins Compromised in EssentialPlugin Supply Chain Attack

Over 30 WordPress plugins from EssentialPlugin were compromised with malicious code enabling unauthorized website access, affecting thousands of installations.

5m83

signed-adware April 15 — 07:59 PM

Signed Adware Tool Disables Antivirus on Thousands of Systems

Digitally signed adware tool exploits SYSTEM privileges to disable antivirus protections across educational, healthcare, and government networks.

5m22

n8n-platform April 15 — 07:09 PM

Attackers Weaponize n8n AI Platform for Phishing Campaigns

Threat actors exploit n8n workflow automation platform to bypass security filters and deliver sophisticated phishing attacks through automated emails.

4m27

zero-day-quest April 15 — 06:20 PM

Microsoft Awards $2.3M to Researchers in Zero Day Quest

Microsoft distributed $2.3 million to security researchers after receiving nearly 700 vulnerability submissions in its annual Zero Day Quest contest.

5m12

windows-task-host April 15 — 04:51 PM

CISA Orders Federal Agencies to Patch Windows Task Host Flaw

CISA added a Windows Task Host privilege escalation vulnerability to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch immediately.

5m25

cve-2026-33032 April 15 — 02:56 PM

CVE-2026-33032: Critical nginx-ui Flaw Under Active Attack

A critical authentication bypass vulnerability in nginx-ui enables attackers to seize control of Nginx services through active exploitation campaigns.

5m54

fortisandbox April 15 — 11:37 AM

Fortinet Patches Critical FortiSandbox RCE Flaws

Fortinet released emergency patches for critical FortiSandbox vulnerabilities allowing authentication bypass and remote code execution via HTTP requests.

5m7

kraken-exchange April 14 — 11:58 PM

Kraken Exchange Faces Extortion Over Internal System Videos

Cybercriminals threaten to release footage of Kraken's internal systems hosting client data in extortion attempt against the cryptocurrency exchange.

5m15

chrome-extensions April 14 — 10:33 PM

108 Malicious Chrome Extensions Steal OAuth Tokens

Over 100 malicious Chrome Web Store extensions are actively stealing Google OAuth2 tokens and deploying backdoors on user systems.

5m18

1 2 3 4 5 6 7 8 9 10 11 12 13