ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
Ravie LakshmananApr 14, 2026Vulnerability / Network Security A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in...
Hacking
Category Added in a WPeMatico Campaign
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
Ravie LakshmananApr 14, 2026Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen...
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
Ravie LakshmananApr 13, 2026Threat Intelligence / Malware Banks and financial institutions in Latin American countries like Brazil and Mexico have...
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
Ravie LakshmananApr 13, 2026Cybercrime / Threat Intelligence The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National...
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Ravie LakshmananApr 13, 2026Cybersecurity / Hacking Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are...
Your MTTD Looks Great. Your Post-Alert Gap Doesn’t
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating...
North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
Ravie LakshmananApr 13, 2026Social Engineering / Threat Intelligence The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed...
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31,...
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Ravie LakshmananApr 12, 2026Malware / Threat Intelligence Unknown threat actors compromised CPUID ("cpuidcom"), a website that hosts popular hardware monitoring tools...
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Ravie LakshmananApr 12, 2026Vulnerability / Endpoint Security Adobe has released emergency updates to fix a critical security flaw in Acrobat...
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to...
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Ravie LakshmananApr 10, 2026Malware / Blockchain Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a...
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI...
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
Ravie LakshmananApr 10, 2026Malware / Browser Security Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of...
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
Ravie LakshmananApr 10, 2026Vulnerability / Threat Intelligence A critical security vulnerability in Marimo, an open-source Python notebook for data science and...
