News
-
Silver Fox uses ABCDoor malware in phishing campaign targeting India and Russia
Silver Fox used tax-themed phishing emails to target organizations in Russia and India with the ABCDoor backdoor, with more than 1,600 malicious messages flagged in early 2026, according to a technical analysis by Kaspersky.
-
U.S., international agencies arrest 276 in crypto scam crackdown
International authorities arrested at least 276 suspects and shut down nine scam centers in a crackdown on cryptocurrency investment fraud schemes that targeted Americans and caused millions of dollars in losses.
-
Microsoft Defender wrongly flags DigiCert root certificates as malware
Microsoft Defender mistakenly flagged DigiCert root certificates as malware after an April 30 signature update, removing some from Windows trust stores. Microsoft says the false positives are fixed and no extra action is needed.
-
CISA adds actively exploited Linux root flaw to known vulnerabilities list
CISA added a Linux kernel privilege escalation flaw known as Copy Fail to its exploited vulnerabilities catalog after signs of active abuse. The issue can let a local user gain root access, and patches are already available.
-
PyPI Lightning package hit by credential-stealing malware
Python package Lightning was compromised on PyPI, with two malicious releases published on April 30, 2026. Security researchers said the code targeted developer credentials and could spread through package ecosystems.
-
Handala claims leak of US Marines data in WhatsApp threat campaign
US Marines in the Persian Gulf received WhatsApp threats from the Iran-linked Handala hacking group, which claimed to leak personal data on 2,379 service members and said it knew their family details and routines.
-
Google patches critical Gemini CLI flaw that could allow remote code execution
Google fixed a critical Gemini CLI flaw that could let attackers execute commands on host systems in headless CI workflows. The issue affected specific npm and GitHub Actions versions and required explicit folder trust after the update.
-
WordPress redirect plugin hid dormant backdoor for years
A WordPress redirect plugin installed on more than 70,000 sites hid a dormant backdoor for years, according to a technical analysis by Anchor. The issue involved a hidden update path and a tampered build from an external server.
-
Microsoft warns of exploited zero-click Windows flaw exposing sensitive data
Microsoft and CISA said attackers are exploiting CVE-2026-32202, a zero-click Windows flaw that can expose sensitive information. The issue stems from an incomplete fix for an earlier vulnerability linked to Russian espionage activity.
-
SAP-related npm packages hit by credential-stealing supply chain attack
SAP-related npm packages were compromised in an April 29 supply chain attack that inserted credential-stealing malware into four releases, affecting developer, GitHub, npm, cloud, and Kubernetes secrets, according to a technical analysis from Aikido Security.
