Risk
-
Dutch authorities take down botnet tied to 17 million infected devices
Dutch authorities have taken offline a botnet of at least 17 million infected devices and seized more than 200 servers in the Netherlands, according to a joint disclosure from the National Cyber Security Centre and police.
-
Google Chrome rolls out cookie theft protection for all users
Google said Chrome’s Device Bound Session Credentials feature is now generally available and rolling out to all users. The change is designed to bind session cookies to a device and make stolen cookies harder to reuse for account takeovers.
-
GREYVIBE campaign targets Ukraine with phishing, fake sites and AI tools
GREYVIBE has targeted Ukraine-linked entities since at least August 2025 using phishing, fake CAPTCHA pages and fraudulent websites, while a WithSecure analysis says the group appears to have used AI tools to speed malware development.
-
Malicious NuGet package poses as Sicoob SDK to steal banking credentials
A malicious NuGet package posing as a Sicoob SDK stole banking credentials and certificate data from developers before being blocked, according to a technical analysis. Researchers said the package could expose payment-related API responses too.
-
Fake LinkedIn emails abuse Adobe service in phishing campaign
A phishing campaign is using fake LinkedIn business emails and Adobe Target to hide credential theft, with attackers disguising HTML attachments as PDFs and redirecting victims to a real LinkedIn page after login.
-
Kimsuky uses fake Webex pages and HTTPSpy in South Korea attacks
Kimsuky targeted South Korean military and corporate entities in March and April 2026 with fake security pages, counterfeit Webex lures and a new HTTPSpy malware variant, according to technical analyses from ENKI and Kaspersky.
-
FBI warns of fake FIFA sites ahead of 2026 World Cup
The FBI warned that fake FIFA websites are being used ahead of the 2026 World Cup to steal data, sell bogus tickets and push other scams. Researchers said hundreds of phishing sites and related campaigns are already active.
-
Critical Gogs flaw can let authenticated users run code on servers
A critical, unpatched flaw in Gogs can let authenticated users run arbitrary code on affected servers under certain conditions, with Rapid7 rating the issue 9.4 on the CVSS scale and reporting no CVE yet.
-
Threat actors abuse patched FortiClient EMS flaw to push credential stealer
Threat actors are exploiting a patched FortiClient EMS flaw to push a credential stealer disguised as a Fortinet update, according to a technical analysis from Arctic Wolf. The campaign affects managed endpoints and can expose browser data, cookies and saved credentials.
-
Microsoft urges coordinated disclosure after public zero-day releases
Microsoft said public disclosure of six Windows zero-days without prior notice put customers at risk, after exploit details surfaced over the past month and three of the flaws were later used in active attacks.
