SecurityWeek

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

The security defects allow attackers to escalate privileges and execute arbitrary code remotely.

The post Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities appeared first on SecurityWeek.

SANS Internet Storm Center

ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)

BleepingComputer

European Gym giant Basic-Fit data breach affects 1 million members

Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. [...]

Dark Reading:

CSA: CISOs Should Prepare for Post-Mythos Exploit Storm

Security experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos in a new paper from the Cloud Security Alliance (CSA).

Dark Reading:

Adobe Patches Actively Exploited Zero-Day That Lingered for Months

An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.

BleepingComputer

Stolen Rockstar Games analytics data leaked by extortion gang

Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. [...]

BleepingComputer

Critical flaw in wolfSSL library enables forged certificate use

A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. [...]

Dark Reading:

Empty Attestations: OT Lacks the Tools for Cryptographic Readiness

OT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in paperwork dressed up to look like genuine security.

BleepingComputer

FBI takedown of W3LL phishing service leads to developer arrest

The FBI Atlanta Field Office and Indonesian authorities have dismantled the "W3LL" global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer. [...]

BleepingComputer

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]

BleepingComputer

New Booking.com data breach forces reservation PIN resets

Booking.com has confirmed via a statement to BleepingComputer that it has detected unauthorized access to its systems that has exposed sensitive reservation and user data. [...]

BleepingComputer

Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw

Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. [...]

Dark Reading:

APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials

The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication.

SecurityWeek

Booking.com Says Hackers Accessed User Information

The online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained. 

The post Booking.com Says Hackers Accessed User Information appeared first on SecurityWeek.

BleepingComputer

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]

SecurityWeek

BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings

Claims that “Microsoft is running one of the largest corporate espionage operations in modern history” face scrutiny as researchers analyze LinkedIn’s browser extension probing

The post BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings appeared first on SecurityWeek.

SANS Internet Storm Center

Scans for EncystPHP Webshell, (Mon, Apr 13th)

Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today, I noticed some scans for what appears to be the "EncystPHP" web shell. Fortinet wrote about this webshell back in January. It appears to be a favorite among attackers compromising vulnerable FreePBX systems.

SecurityWeek

OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack

The AI giant is taking action after determining that a macOS code signing certificate may have been compromised.

The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek.

SecurityWeek

International Operation Targets Multimillion-Dollar Crypto Theft Schemes

Law enforcement in the US, UK and Canada identified more than $45 million in cryptocurrency and froze $12 million.

The post International Operation Targets Multimillion-Dollar Crypto Theft Schemes appeared first on SecurityWeek.

SecurityWeek

CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads

Download links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT.

The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek.

SecurityWeek

Fake Claude Website Distributes PlugX RAT

The malware mimics the legitimate Anthropic installation, relies on DLL sideloading, and cleans up after itself.

The post Fake Claude Website Distributes PlugX RAT appeared first on SecurityWeek.

SecurityWeek

Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users

The feature allows enterprise users to compose and read end-to-end encrypted messages natively on their mobile devices.

The post Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users appeared first on SecurityWeek.

SANS Internet Storm Center

ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)

BleepingComputer

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. [...]

SecurityWeek

Adobe Patches Reader Zero-Day Exploited for Months

The vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution.

The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek.

BleepingComputer

Over 20,000 crypto fraud victims identified in international crackdown

An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. [...]

BleepingComputer

ChatGPT rolls out new $100 Pro subscription to challenge Claude

OpenAI has rolled out a new Pro subscription that costs $100 and is in line with Claude's pricing, which also has a $100 subscription, in addition to the $200 Max monthly plan. [...]

Dark Reading:

Hims Breach Exposes the Most Sensitive Kinds of PHI

Threat actors breached the telehealth brand, and now they may know patients' personal health details. What could they do with that information?

Dark Reading:

Your Next Breach Will Look Like Business as Usual

These are the fundamental detection model shifts cybersecurity teams need to make to keep up with the rising number of credential-based attacks.

BleepingComputer

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks

The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]

Dark Reading:

FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats

Dark Reading:

Orange Business Reimagines Enterprise Voice Communications With Trust and AI

SecurityWeek

In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack

Other noteworthy stories that might have slipped under the radar: Jones Day hacked, Internet Bug Bounty program paused due to AI, new Mac stealer malware.

The post In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack appeared first on SecurityWeek.

BleepingComputer

Analysis of one billion CISA KEV remediation records exposes limits of human-scale security

Analysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]

SecurityWeek

Juniper Networks Patches Dozens of Junos OS Vulnerabilities

A critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device.

The post Juniper Networks Patches Dozens of Junos OS Vulnerabilities appeared first on SecurityWeek.

Dark Reading:

Industrial Controllers Still Vulnerable As Conflicts Move to Cyber

The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices.

BleepingComputer

CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads

Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]

SecurityWeek

Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday

The US government has warned that Iran-linked hackers are manipulating PLCs and SCADA systems to cause disruption.

The post Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday appeared first on SecurityWeek.

Dark Reading:

Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?

Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the vendor said.

BleepingComputer

Microsoft: Canadian employees targeted in payroll pirate attacks

A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]

SecurityWeek

Orthanc DICOM Vulnerabilities Lead to Crashes, RCE

Attackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks.

The post Orthanc DICOM Vulnerabilities Lead to Crashes, RCE appeared first on SecurityWeek.

SecurityWeek

Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000

The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers.

The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek.

BleepingComputer

Google rolls out Gmail end-to-end encryption on mobile devices

Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]

SecurityWeek

MITRE Releases Fight Fraud Framework

The document provides a behavior-based model of the tactics and techniques employed by fraudsters.

The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek.

SecurityWeek

Critical Marimo Flaw Exploited Hours After Public Disclosure

Within nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild.

The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek.

SecurityWeek

Google Rolls Out Cookie Theft Protections in Chrome

New Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication.

The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek.

SecurityWeek

Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users

The security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago.

The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek.

SANS Internet Storm Center

Obfuscated JavaScript or Nothing, (Thu, Apr 9th)

I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS” (SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as malicious by 15 AV’s on VirusTotal[1].

BleepingComputer

New ‘LucidRook’ malware used in targeted attacks on NGOs, universities

A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]