List cybersec
Device code phishing attacks surge 37x as new kits spread online
{ "priority": "HIGH", "cve": "N/A", "target": "OAuth 2.0", "threat_actor": "N/A", "patch_ready": false, "insight": "Device code phishing attacks abusing OAuth 2.0 Device Authorization Gran..
3:10 pm, April 4, 2026 Cybersecurity
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
{ "priority": "MEDIUM", "cve": "N/A", "target": "LinkedIn", "threat_actor": "N/A", "patch_ready": false, "insight": "LinkedIn uses hidden JavaScript scripts to scan visitors' browsers for ..
3:10 pm, April 4, 2026 Cybersecurity
Axios npm hack used fake Teams error fix to hijack maintainer account
{ "priority": "HIGH", "cve": "N/A", "target": "Axios HTTP client", "threat_actor": "North Korean threat actors", "patch_ready": false, "insight": "A social engineering campaign targeting a..
9:10 pm, April 4, 2026 Cybersecurity
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
``` { "priority": "HIGH", "cve": "N/A", "target": "npm registry, Redis, PostgreSQL", "threat_actor": "N/A", "patch_ready": false, "insight": "Malicious npm packages disguised as Strapi CMS..
6:10 am, April 5, 2026 Cybersecurity
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
{ "priority": "CRITICAL", "cve": "CVE-2026-35616", "target": "FortiClient EMS", "threat_actor": "N/A", "patch_ready": true, "insight": "Fortinet patches actively exploited CVE-2026-35616 i..
6:10 am, April 5, 2026 Cybersecurity
Hackers exploit React2Shell in automated credential theft campaign
{ "priority": "HIGH", "cve": "CVE-2025-55182", "target": "Next.js", "threat_actor": "N/A", "patch_ready": false, "insight": "Hackers exploit React2Shell in automated credential theft campa..
3:10 pm, April 5, 2026 Cybersecurity
New FortiClient EMS flaw exploited in attacks, emergency patch released
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]
7:10 pm, April 5, 2026 Cybersecurity
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demandin..
8:10 pm, April 5, 2026 Cybersecurity
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
{ "priority": "HIGH", "cve": "N/A", "target": "Drift", "threat_actor": "DPRK", "patch_ready": false, "insight": "DPRK conducted a six-month social engineering operation to steal $285 milli..
8:10 pm, April 5, 2026 Cybersecurity
ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880, (Mon, Apr 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2:10 am, April 6, 2026 Cybersecurity
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
{"priority":"HIGH","cve":"N/A","target":"REvil, GandCrab","threat_actor":"Daniil Maksimovich Shchukin (UNKN)","patch_ready":false,"insight":"German authorities identify 31-year-old Russian national Da..
3:10 am, April 6, 2026 Cybersecurity
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
``` { "priority": "HIGH", "cve": "N/A", "target": "REvil (Sodinokibi) ransomware", "threat_actor": "UNKN", "patch_ready": false, "insight": "BKA identifies REvil ransomware leader UNKN beh..
7:10 am, April 6, 2026 Cybersecurity
How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The article discusses the use of open redirects in phishing attacks, citing a ..
9:10 am, April 6, 2026 Cybersecurity
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
{ "priority": "HIGH", "cve": "N/A", "target": "EDR Tools", "threat_actor": "Qilin and Warlock", "patch_ready": false, "insight": "Qilin and Warlock ransomware operations use vulnerable dri..
11:10 am, April 6, 2026 Cybersecurity
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
{ "priority": "HIGH", "cve": "N/A", "target": "LiteLLM", "threat_actor": "TeamPCP", "patch_ready": false, "insight": "LiteLLM developer machines were compromised by TeamPCP threat actor, t..
1:10 pm, April 6, 2026 Cybersecurity
Why Simple Breach Monitoring is No Longer Enough
{ "priority": "MEDIUM", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Simple breach monitoring is insufficient against modern credential-based att..
2:10 pm, April 6, 2026 Cybersecurity
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
Your attack surface no longer lives on one operating system, and neither do the campaigns targeting it. In enterprise environments, attackers move across Windows endpoints, executive MacBooks, Linu..
3:10 pm, April 6, 2026 Cybersecurity
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
{ "priority": "CRITICAL", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Multiple critical vulnerabilities and exploits were disclosed this week, i..
3:10 pm, April 6, 2026 Cybersecurity
CISA orders feds to patch Fortinet flaw exploited in attacks by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability..
4:10 pm, April 6, 2026 Cybersecurity
Microsoft links Medusa ransomware affiliate to zero-day attacks
{"priority": "HIGH", "cve": "N/A", "target": "Microsoft", "threat_actor": "Storm-1175", "patch_ready": false, "insight": "Microsoft links Medusa ransomware affiliate to zero-day attacks"}
5:10 pm, April 6, 2026 Cybersecurity
Drift $280M crypto theft linked to 6-month in-person operation
{ "priority": "HIGH", "cve": "N/A", "target": "Drift Protocol", "threat_actor": "N/A", "patch_ready": false, "insight": "A $280M crypto theft from Drift Protocol involved a 6-month in-pers..
5:10 pm, April 6, 2026 Cybersecurity
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
{ "priority": "CRITICAL", "cve": "N/A", "target": "FortiClient Enterprise Management Server (EMS)", "threat_actor": "N/A", "patch_ready": true, "insight": "CISA orders federal agencies to ..
5:10 pm, April 6, 2026 Cybersecurity
Microsoft removes Support and Recovery Assistant from Windows
{ "priority": "INFO", "cve": "N/A", "target": "Windows", "threat_actor": "N/A", "patch_ready": false, "insight": "Microsoft has deprecated and removed the Support and Recovery Assistant (S..
6:10 pm, April 6, 2026 Cybersecurity
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
{ "priority": "HIGH", "cve": "N/A", "target": "South Korea", "threat_actor": "DPRK-Linked Hackers", "patch_ready": false, "insight": "DPRK-linked hackers use GitHub as C2 infrastructure in..
6:10 pm, April 6, 2026 Cybersecurity
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]
8:10 pm, April 6, 2026 Cybersecurity
Microsoft fixes Classic Outlook bug causing email delivery issues
{ "priority": "LOW", "cve": "N/A", "target": "Classic Outlook", "threat_actor": "N/A", "patch_ready": true, "insight": "Microsoft resolved a bug in Classic Outlook that was causing email d..
8:10 pm, April 6, 2026 Cybersecurity
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
{ "priority": "HIGH", "cve": "N/A", "target": "Microsoft 365", "threat_actor": "Iran-nexus threat actor", "patch_ready": false, "insight": "Iran-linked threat actor targets 300+ Israeli Mi..
8:10 pm, April 6, 2026 Cybersecurity
New GPUBreach attack enables system takeover via GPU rowhammer
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
10:10 pm, April 6, 2026 Cybersecurity
German authorities identify REvil and GangCrab ransomware bosses
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "REvil and GandCrab", "patch_ready": false, "insight": "German authorities identified leaders of REvil and GandCrab ran..
12:10 am, April 7, 2026 Cybersecurity
ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "ISC Stormcast podcast for April 7th, 2026, discussing various cybersecurity to..
2:10 am, April 7, 2026 Cybersecurity
German authorities identify REvil and GandCrab ransomware bosses
{ "priority": "INFO", "cve": "N/A", "target": "REvil, GandCrab ransomware", "threat_actor": "Russian nationals", "patch_ready": false, "insight": "German authorities identified leaders of ..
4:10 am, April 7, 2026 Cybersecurity
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
{ "priority": "CRITICAL", "cve": "CVE-2025-59528", "target": "Flowise AI Agent Builder", "threat_actor": "N/A", "patch_ready": false, "insight": "CVE-2025-59528 CVSS 10.0 RCE vulnerability..
6:10 am, April 7, 2026 Cybersecurity
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
{ "priority": "CRITICAL", "cve": "N/A", "target": "Internet-facing systems", "threat_actor": "Storm-1175", "patch_ready": false, "insight": "China-linked Storm-1175 exploits zero-days to r..
8:10 am, April 7, 2026 Cybersecurity
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
{ "priority": "HIGH", "cve": "N/A", "target": "GPUs", "threat_actor": "N/A", "patch_ready": false, "insight": "New GPUBreach attack enables full CPU privilege escalation via GDDR6 bit-flip..
10:10 am, April 7, 2026 Cybersecurity
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
{"priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The webinar discusses identity gaps in enterprises and how AI may exploit these risks in 20..
1:10 pm, April 7, 2026 Cybersecurity
The Hidden Cost of Recurring Credential Incidents
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "The article discusses the hidden costs of recurring credential incidents, high..
1:10 pm, April 7, 2026 Cybersecurity
Why Your Automated Pentesting Tool Just Hit a Wall
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Automated pentesting tools may plateau and leave major attack surfaces unteste..
2:10 pm, April 7, 2026 Cybersecurity
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
An active campaign has been observed targeting internet-exposed instances running ComfyUI, a popular stable diffusion platform, to enlist them into a cryptocurrency mining and proxy botnet. "A purpos..
2:10 pm, April 7, 2026 Cybersecurity
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers..
4:10 pm, April 7, 2026 Cybersecurity
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
{"priority":"HIGH","cve":"CVE-2026-34040","target":"Docker Engine","threat_actor":"N/A","patch_ready":false,"insight":"Docker CVE-2026-34040 allows attackers to bypass authorization and gain host acce..
4:10 pm, April 7, 2026 Cybersecurity
Max severity Flowise RCE vulnerability now exploited in attacks
{ "priority": "CRITICAL", "cve": "CVE-2025-59528", "target": "Flowise", "threat_actor": "N/A", "patch_ready": false, "insight": "Hackers are exploiting a maximum-severity RCE vulnerability..
5:10 pm, April 7, 2026 Cybersecurity
US warns of Iranian hackers targeting critical infrastructure
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. [...]
6:10 pm, April 7, 2026 Cybersecurity
Russia Hacked Routers to Steal Microsoft Office Tokens
{ "priority": "HIGH", "cve": "N/A", "target": "Microsoft Office", "threat_actor": "Russia's military intelligence units", "patch_ready": false, "insight": "Russia's military intelligence h..
6:10 pm, April 7, 2026 Cybersecurity
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
{ "priority": "HIGH", "cve": "N/A", "target": "MikroTik and TP-Link routers", "threat_actor": "APT28", "patch_ready": false, "insight": "Russia-linked APT28 exploits SOHO routers in global..
6:10 pm, April 7, 2026 Cybersecurity
A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Attackers use webshells to maintain persistence on compromised web servers, of..
7:10 pm, April 7, 2026 Cybersecurity
Snowflake customers hit in data theft attacks after SaaS integrator breach
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. [...]
8:10 pm, April 7, 2026 Cybersecurity
FBI: Americans lost a record $21 billion to cybercrime last year
{ "priority": "INFO", "cve": "N/A", "target": "N/A", "threat_actor": "N/A", "patch_ready": false, "insight": "Americans lost a record $21 billion to cybercrime in the last year, primarily ..
9:10 pm, April 7, 2026 Cybersecurity
Hackers exploit critical flaw in Ninja Forms WordPress plugin
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]
10:10 pm, April 7, 2026 Cybersecurity
ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
2:10 am, April 8, 2026 Cybersecurity
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
{ "priority": "HIGH", "cve": "N/A", "target": "Internet-Exposed PLCs", "threat_actor": "Iran-Linked Hackers", "patch_ready": false, "insight": "Iran-affiliated cyber actors target internet..
6:10 am, April 8, 2026 Cybersecurity
