Cybersecurity News, Threats & Vulnerability Alerts

EvilTokens Kit Targets Microsoft Accounts with Device Code Phishing

New EvilTokens malicious toolkit exploits device code phishing to hijack Microsoft accounts for business email compromise attacks.

5m28

novoice-malware April 1 — 08:07 PM

NoVoice Android Malware Infiltrates 50+ Google Play Apps

NoVoice malware infected over 50 Android apps on Google Play Store, accumulating 2.3 million downloads before detection and removal.

5m56

chinese-mobile-apps April 1 — 01:39 PM

FBI Warns Against Chinese Mobile Apps Over Data Security Risks

The FBI issued a security advisory warning Americans to avoid Chinese-developed mobile applications due to data collection and national security concerns.

5m43

cve-2026-5281 April 1 — 12:25 PM

Google Patches Fourth Chrome Zero-Day Exploited in 2026

Google released an emergency Chrome update fixing CVE-2026-5281, the fourth actively exploited zero-day vulnerability discovered this year.

5m98

cisco-breach March 31 — 07:53 PM

Cisco Breached via Trivy Supply Chain Attack Credentials

Cisco confirms cyberattack where threat actors used stolen Trivy credentials to breach development systems and steal source code.

5m406

axios-npm-compromise March 31 — 03:53 PM

Axios npm Package Hijacked, 100M+ Downloads Compromised

Attackers compromised the popular Axios JavaScript HTTP client npm package, delivering cross-platform remote access trojans to millions of developers worldwide.

5m42

uranium-finance March 31 — 11:15 AM

Maryland Man Charged in $53M Uranium Finance Crypto Hack

Federal prosecutors charged a Maryland resident with stealing over $53 million through two separate attacks on Uranium Finance cryptocurrency exchange.

5m23

dutch-finance-ministry March 31 — 09:52 AM

Dutch Finance Ministry Hit by Cyberattack, Systems Offline

The Dutch Ministry of Finance took critical systems offline after detecting a cyberattack two weeks ago, disrupting treasury banking operations.

5m23

citrix-netscaler March 31 — 09:05 AM

CISA Orders Federal Agencies to Patch Exploited Citrix Flaw

CISA mandates federal agencies patch actively exploited Citrix NetScaler vulnerability by Thursday amid ongoing attacks.

5m55

roadkill-implant March 30 — 10:49 PM

RoadK1ll Implant Enables Silent Network Lateral Movement

Security researchers discovered RoadK1ll, a sophisticated malicious implant designed for covert lateral movement across compromised enterprise networks.

5m32

chatgpt-vulnerability March 30 — 08:05 PM

ChatGPT Vulnerability Exposed User Data Through Malicious Prompts

Check Point researchers discovered a ChatGPT vulnerability allowing attackers to steal conversation data and uploaded files through crafted prompts.

5m31

deepload-malware March 30 — 05:47 PM

DeepLoad Malware Uses ClickFix Tactics for Credential Theft

Cybercriminals deploy DeepLoad malware loader through ClickFix social engineering campaigns, targeting user credentials with AI-assisted evasion techniques.

5m49

shinyhunters March 30 — 01:29 PM

ShinyHunters Breaches European Commission, Steals 350GB

ShinyHunters hacker group claims massive data theft from European Commission cloud systems affecting government operations.

5m38

f5-big-ip March 30 — 12:59 PM

F5 BIG-IP APM Flaw Upgraded to Critical RCE Threat

F5 reclassified a BIG-IP APM denial-of-service vulnerability as critical remote code execution after attackers deployed webshells on unpatched systems.

5m32

cve-2026-21643 March 30 — 09:48 AM

Fortinet FortiClient EMS Hit by Active Zero-Day Attacks

Attackers are actively exploiting CVE-2026-21643, a critical remote code execution vulnerability in Fortinet's FortiClient EMS platform.

5m40

handala-hackers March 29 — 11:09 PM

Iran-Linked Handala Hackers Breach FBI Director's Email

Iranian hackers compromised FBI Director Kash Patel's personal email account and leaked sensitive documents online.

5m45

smart-slider-3 March 29 — 04:38 PM

Smart Slider 3 Plugin Flaw Exposes 800K WordPress Sites

Critical vulnerability in Smart Slider 3 WordPress plugin allows subscriber-level users to access arbitrary server files across 800,000 websites.

5m45

fbi-director-breach March 28 — 04:40 PM

Iranian Hackers Breach FBI Director Kash Patel's Email

Iranian-linked Handala Hack Team successfully compromised FBI Director Kash Patel's personal email account, leaking sensitive documents online.

4m34

infinity-stealer March 28 — 03:35 PM

Infinity Stealer Targets macOS with Python-Based Payload

New Infinity Stealer malware uses Python and Nuitka compiler to steal credentials from macOS systems through sophisticated social engineering campaigns.

5m29

infiniti-stealer March 28 — 11:30 AM

Infiniti Stealer Targets Mac Users via Fake Cloudflare CAPTCHA

Attackers deploy Infiniti infostealer on macOS through fake Cloudflare CAPTCHA pages using sophisticated ClickFix social engineering techniques.

5m69

cve-2026-3055 March 28 — 10:11 AM

CVE-2026-3055: Citrix NetScaler Critical Flaw Under Attack

Critical CVE-2026-3055 vulnerability in Citrix NetScaler ADC and Gateway faces active reconnaissance as attackers probe memory overread flaw.

Evan Mael4m40

1 2 3 4 5 6 7 8 9 10 11 12 13