Risk
-
Researchers spot PowMix botnet targeting Czech workers
Researchers said the PowMix botnet has targeted workers in the Czech Republic since at least December 2025. The malware uses phishing-style ZIP files, in-memory execution and jittered command traffic to avoid detection.
-
Obsidian plugin abuse delivers new Windows backdoor in targeted campaign
Attackers abused Obsidian community plugins to deploy a new Windows backdoor in a targeted campaign against finance and cryptocurrency users. The intrusion was blocked, but the method showed how trusted app features can be used for code execution.
-
Ukraine warns of campaign targeting clinics with malware that steals browser and WhatsApp data
Ukraine’s CERT-UA said a March to April 2026 campaign targeted clinics, hospitals and some government bodies with malware that could steal browser and WhatsApp data, using phishing emails, LNK files and HTA loaders.
-
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package were compromised with malicious code, affecting hundreds of thousands of installations. The malware could push spam pages and redirects, and WordPress.org issued a forced update.
-
Critical nginx-ui flaw under active exploitation, researchers say
A critical nginx-ui flaw tracked as CVE-2026-33032 is under active exploitation, with researchers warning that attackers can take over Nginx service on exposed systems in just two requests.
-
Microsoft patches active SharePoint flaw in record 169-vulnerability update
Microsoft released patches for 169 vulnerabilities, including an actively exploited SharePoint spoofing flaw and a critical Windows IKE remote code execution bug. CISA added the SharePoint issue to its known exploited list.
-
OpenAI launches GPT-5.4-Cyber for defensive security work
OpenAI launched GPT-5.4-Cyber for defensive security work and expanded its Trusted Access for Cyber program to thousands of defenders. The company said the rollout is meant to improve safeguards while limiting misuse.
-
European regulators largely excluded from early access to Anthropic’s Mythos model
European regulators have largely been excluded from early access to Anthropic’s Mythos cybersecurity model, while a small group of mostly U.S. tech companies and the UK AI Security Institute have been allowed to test it.
-
Researchers link AI-driven Pushpaganda scam to Google Discover ad fraud
Researchers say a new ad fraud campaign used AI-generated content and Google Discover to push users toward notification-based scams. The operation, dubbed Pushpaganda, was tied to 113 domains and about 240 million bid requests in seven days.
-
108 malicious Chrome extensions linked to shared server, data theft
Researchers found 108 malicious Chrome extensions tied to one backend server, with the add-ons used to steal account data, exfiltrate Telegram sessions and inject ads or scripts into visited pages.
