LinkedIn secretely scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data. [...]
https://www.bleepingcomputer.com/news/security/linkedin-secretely-scans-for-6-000-plus-chrome-extensions-collects-data/

Hims & Hers warns of data breach after Zendesk support ticket breach

Telehealth giant Hims & Hers Health is warning that it suffered a data breach after support tickets were stolen from a third-party customer service platform. [...]
https://www.bleepingcomputer.com/news/security/hims-and-hers-warns-of-data-breach-after-zendesk-support-ticket-breach/

Die Linke German political party confirms data stolen by Qilin ransomware

The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak. [...]
https://www.bleepingcomputer.com/news/security/die-linke-german-political-party-confirms-data-stolen-by-qilin-ransomware/

Evolution of Ransomware: Multi-Extortion Ransomware Attacks

Multi-extortion ransomware relies on stolen data to pressure victims with public leaks. Penta Security explains how its D.AMO platform keeps exfiltrated files encrypted and useless to attackers. [...]
https://www.bleepingcomputer.com/news/security/evolution-of-ransomware-multi-extortion-ransomware-attacks/

Microsoft still working to fix Exchange Online mailbox access issues

Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-still-working-to-fix-exchange-online-mailbox-access-issues/

Man admits to locking thousands of Windows devices in extortion plot

A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. [...]
https://www.bleepingcomputer.com/news/security/man-admits-to-extortion-plot-locking-coworkers-out-of-thousands-of-windows-devices/

Microsoft now force upgrades unmanaged Windows 11 24H2 PCs

Starting this week, Microsoft has begun force-upgrading unmanaged devices running Windows 11 24H2 Home and Pro editions to Windows 11 25H2. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-now-force-upgrades-unmanaged-windows-11-24h2-pcs/

CERT-EU: European Commission hack exposes data of 30 EU entities

The European Union's Cybersecurity Service (CERT-EU) has attributed the European Commission cloud hack to the TeamPCP threat group, saying the resulting breach exposed the data of at least 29 other Union entities. [...]
https://www.bleepingcomputer.com/news/security/cert-eu-european-commission-hack-exposes-data-of-30-eu-entities/

TrueConf Zero-Day Exploited in Asian Government Attacks

A Chinese threat actor exploited the video conferencing platform to perform reconnaissance, escalate privileges, and execute additional payloads.
The post TrueConf Zero-Day Exploited in Asian Government Attacks appeared first on SecurityWeek.
https://www.securityweek.com/trueconf-zero-day-exploited-in-asian-government-attacks/

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

Other noteworthy stories that might have slipped under the radar: Symantec vulnerability, anti-ClickFix mechanism added to macOS, FBI hack classified as major incident.
The post In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware appeared first on SecurityWeek.
https://www.securityweek.com/in-other-news-chatgpt-data-leak-android-rootkit-water-facility-hit-by-ransomware/

Critical ShareFile Flaws Lead to Unauthenticated RCE

The vulnerabilities can be chained together to bypass authentication and upload arbitrary files to the server.
The post Critical ShareFile Flaws Lead to Unauthenticated RCE appeared first on SecurityWeek.
https://www.securityweek.com/critical-sharefile-flaws-lead-to-unauthenticated-rce/

Mobile Attack Surface Expands as Enterprises Lose Control

Shadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk.
The post Mobile Attack Surface Expands as Enterprises Lose Control appeared first on SecurityWeek.
https://www.securityweek.com/mobile-attack-surface-expands-as-enterprises-lose-control/

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Using automated scanning and the Nexus Listener collection framework, the hackers compromised over 750 systems.
The post React2Shell Exploited in Large-Scale Credential Harvesting Campaign appeared first on SecurityWeek.
https://www.securityweek.com/react2shell-exploited-in-large-scale-credential-harvesting-campaign/

T-Mobile Sets the Record Straight on Latest Data Breach Filing

The cybersecurity incident involved an insider and had a limited impact, the telecoms giant told SecurityWeek.
The post T-Mobile Sets the Record Straight on Latest Data Breach Filing appeared first on SecurityWeek.
https://www.securityweek.com/t-mobile-sets-the-record-straight-on-latest-data-breach-filing/

North Korean Hackers Drain $285 Million From Drift in 10 Seconds

The attackers prepared infrastructure and multiple nonce-based transactions, took over an admin key, and drained five vaults.
The post North Korean Hackers Drain $285 Million From Drift in 10 Seconds appeared first on SecurityWeek.
https://www.securityweek.com/north-korean-hackers-drain-285-million-from-drift-in-10-seconds/

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region.
The campaign has been attributed to TA416, a cluster of activity that overlaps with DarkPeony, RedDelta, Red Lich, SmugX, UNC6384, and Vertigo Panda.
"This TA416 activity included multiple
https://thehackernews.com/2026/04/china-linked-ta416-targets-european.html

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team.
"Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution,
https://thehackernews.com/2026/04/microsoft-details-cookie-controlled-php.html

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069.
Maintainer Jason Saayman said the attackers tailored their social engineering efforts "specifically to me" by first approaching him under the guise of the founder of a
https://thehackernews.com/2026/04/unc1069-social-engineering-of-axios.html

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it.
Cynomi's new guide, Securing the Modern Perimeter: The Rise of Third-Party
https://thehackernews.com/2026/04/why-third-party-risk-is-biggest-gap-in.html

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems.
The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while
https://thehackernews.com/2026/04/new-sparkcat-variant-in-ios-android.html