Cybersecurity News, Threats & Vulnerability Alerts

Microsoft Patches 161 CVEs in Record-Breaking April Update

Microsoft's April 2026 Patch Tuesday addresses 161 vulnerabilities including an actively exploited SharePoint zero-day, marking the second-largest patch release ever.

5m71

mcgraw-hill-breach April 14 — 08:07 PM

McGraw-Hill Confirms Data Breach via Salesforce Exploit

Education giant McGraw-Hill disclosed hackers exploited a Salesforce misconfiguration to access internal company data in confirmed security incident.

5m49

adobe-security-update April 14 — 06:48 PM

Adobe Patches 55 Flaws Across 11 Products in April 2026

Adobe released security updates fixing 55 vulnerabilities across 11 products, with critical ColdFusion flaws posing the highest exploitation risk.

5m37

chrome-extensions April 14 — 10:35 AM

108 Chrome Extensions Hijack Browsers via Shared C2 Network

Security researchers uncovered 108 malicious Chrome extensions using shared command-and-control infrastructure to steal user data and inject ads.

5m21

basic-fit-breach April 13 — 11:50 PM

Basic-Fit Data Breach Exposes 1 Million Customer Records

Dutch fitness chain Basic-Fit confirms hackers accessed personal information of one million customers in major security incident.

5m27

rockstar-games April 13 — 10:08 PM

Rockstar Games Hit by ShinyHunters Data Breach via Anodot

Rockstar Games suffered a data breach through compromised analytics provider Anodot, with ShinyHunters gang now leaking stolen data publicly.

5m71

wolfssl-vulnerability April 13 — 09:56 PM

wolfSSL Critical Flaw Weakens ECDSA Signature Verification

A critical vulnerability in wolfSSL's SSL/TLS library allows attackers to bypass ECDSA signature verification through improper hash algorithm validation.

5m18

w3ll-phishing April 13 — 08:55 PM

FBI Dismantles W3LL Phishing Platform in Global Operation

FBI and Indonesian authorities shut down the W3LL phishing-as-a-service platform, arresting its developer in the first US-Indonesia cybercrime enforcement action.

6m30

supply-chain-attack April 13 — 07:39 PM

OpenAI Rotates macOS Certificates After Supply Chain Attack

OpenAI revoked macOS code-signing certificates following a malicious Axios package compromise that targeted GitHub Actions workflows.

5m21

booking-com-breach April 13 — 07:30 PM

Booking.com Confirms Data Breach Exposing User Reservations

Booking.com detected unauthorized system access that compromised sensitive reservation data and personal information of platform users.

5m16

cve-2026-34621 April 13 — 05:37 PM

Adobe Patches Zero-Day CVE-2026-34621 in Emergency Update

Adobe released an emergency Acrobat Reader security update fixing CVE-2026-34621, actively exploited since December 2025.

5m59

booking-com-breach April 13 — 04:25 PM

Booking.com Confirms Data Breach Exposed Customer Info

Booking.com disclosed hackers accessed customer booking information in a security incident the travel platform says it has contained.

5m39

plugx-rat April 13 — 11:52 AM

Fake Claude AI Site Spreads PlugX RAT via DLL Sideloading

Cybercriminals are distributing PlugX remote access trojan through fake Anthropic Claude AI websites using sophisticated DLL sideloading techniques.

5m15

apt37 April 13 — 11:15 AM

APT37 Deploys RokRAT via Facebook Social Engineering

North Korean APT37 hackers use Facebook friend requests to deliver RokRAT malware through sophisticated social engineering attacks.

4m28

cve-2026-1847 April 12 — 04:20 PM

Marimo RCE Flaw Under Active Attack Hours After Disclosure

Critical pre-authentication remote code execution vulnerability in Marimo notebook platform exploited for credential theft within hours of public disclosure.

5m20

cve-2026-34621 April 12 — 06:25 AM

Adobe Patches Critical Acrobat Reader Zero-Day Under Attack

Adobe released emergency patches for CVE-2026-34621, a critical Acrobat Reader vulnerability actively exploited by attackers worldwide.

5m231

cryptocurrency-fraud April 11 — 04:20 PM

UK-Led Operation Exposes 20,000 Crypto Fraud Victims

International law enforcement operation coordinated by UK's National Crime Agency identifies over 20,000 cryptocurrency fraud victims across three countries.

5m17

iranian-hackers April 10 — 05:52 PM

Iranian Hackers Target Thousands of Rockwell PLCs in US Grid

Iranian-linked threat groups are actively targeting thousands of exposed Rockwell Automation programmable logic controllers across US critical infrastructure networks.

6m21

cpuid-compromise April 10 — 03:12 PM

CPUID Website Compromised: CPU-Z Downloads Serve Malware

Attackers compromised CPUID's API to replace legitimate CPU-Z and HWMonitor downloads with malicious executables on the official website.

5m52

storm-2755 April 10 — 01:56 PM

Storm-2755 Hackers Target Canadian Payroll Systems

Storm-2755 threat group hijacks Canadian employee accounts to steal salary payments through sophisticated payroll system attacks.

5m47

lucidrook-malware April 10 — 12:04 AM

LucidRook Malware Targets Taiwan NGOs in Spear-Phishing Attacks

Chinese threat actors deploy new Lua-based LucidRook malware against Taiwanese NGOs and universities through sophisticated spear-phishing campaigns.

5m31

1 2 3 4 5 6 7 8 9 10 11 12 13