Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
Ravie LakshmananApr 22, 2026Malware / Critical Infrastructure Cybersecurity researchers have discovered a previously undocumented data wiper that has been used...
Hacking
Category Added in a WPeMatico Campaign
Toxic Combinations: When Cross-App Permissions Stack into Risk
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide...
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Ravie LakshmananApr 22, 2026Vulnerability / Cryptography Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that...
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Ravie LakshmananApr 22, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE...
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
Ravie LakshmananApr 22, 2026Vulnerability / Container Security A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium...
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called...
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Ravie LakshmananApr 21, 2026Network Security / Vulnerability Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters...
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
Ravie LakshmananApr 21, 2026Insider Threat / Cybercrime A third individual who was employed as a ransomware negotiator has pleaded guilty...
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the...
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
Ravie LakshmananApr 21, 2026Mobile Security / Artificial Intelligence Cybersecurity researchers have discovered a new iteration of an Android malware family...
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits....
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
Ravie LakshmananApr 21, 2026Vulnerability / Artificial Intelligence Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE),...
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
Ravie LakshmananApr 21, 2026Network Security / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight...
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
Ravie LakshmananApr 20, 2026Open Source / Server Security A critical security vulnerability has been disclosed in SGLang that, if successfully...
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
Ravie LakshmananApr 20, 2026Cybersecurity / Hacking Monday’s recap shows the same pattern in different places. A third-party tool becomes a...
