European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information.
The post European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack appeared first on SecurityWeek.
https://www.securityweek.com/european-commission-confirms-data-breach-linked-to-trivy-supply-chain-attack/
Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information.
The post European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack appeared first on SecurityWeek.
https://www.securityweek.com/european-commission-confirms-data-breach-linked-to-trivy-supply-chain-attack/
SecurityWeek
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
Hackers stole over 300GB of data from the Commission’s AWS environment, including personal information.
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]
https://www.bleepingcomputer.com/news/security/traffic-violation-scams-switch-to-qr-codes-in-new-phishing-texts/
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]
https://www.bleepingcomputer.com/news/security/traffic-violation-scams-switch-to-qr-codes-in-new-phishing-texts/
BleepingComputer
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial…
New FortiClient EMS flaw exploited in attacks, emergency patch released
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/new-fortinet-forticlient-ems-flaw-cve-2026-35616-exploited-in-attacks/
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/new-fortinet-forticlient-ems-flaw-cve-2026-35616-exploited-in-attacks/
BleepingComputer
New FortiClient EMS flaw exploited in attacks, emergency patch released
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks.
Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-react2shell-in-automated-credential-theft-campaign/
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-react2shell-in-automated-credential-theft-campaign/
BleepingComputer
Hackers exploit React2Shell in automated credential theft campaign
Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell (CVE-2025-55182) in vulnerable Next.js apps.
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025.
The Solana-based decentralized exchange described it as "an attack six months in the
https://thehackernews.com/2026/04/285-million-drift-hack-traced-to-six.html
Drift has revealed that the April 1, 2026, attack that led to the theft of $285 million was the culmination of a months-long targeted and meticulously planned social engineering operation undertaken by the Democratic People's Republic of Korea (DPRK) that began in the fall of 2025.
The Solana-based decentralized exchange described it as "an attack six months in the
https://thehackernews.com/2026/04/285-million-drift-hack-traced-to-six.html
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant.
"Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,
https://thehackernews.com/2026/04/36-malicious-npm-packages-exploited.html
Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different payloads to facilitate Redis and PostgreSQL exploitation, deploy reverse shells, harvest credentials, and drop a persistent implant.
"Every package contains three files (package.json, index.js, postinstall.js), has no description, repository,
https://thehackernews.com/2026/04/36-malicious-npm-packages-exploited.html
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation.
"An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an
https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild.
The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation.
"An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an
https://thehackernews.com/2026/04/fortinet-patches-actively-exploited-cve.html
New GPUBreach attack enables system takeover via GPU rowhammer
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/
BleepingComputer
New GPUBreach attack enables system takeover via GPU rowhammer
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise.
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]
https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]
https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/
BleepingComputer
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions.
Microsoft fixes Classic Outlook bug causing email delivery issues
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-classic-outlook-bug-causing-email-delivery-issues/
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-classic-outlook-bug-causing-email-delivery-issues/
Microsoft removes Support and Recovery Assistant from Windows
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-support-and-recovery-assistant-from-windows/
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-support-and-recovery-assistant-from-windows/
BleepingComputer
Microsoft removes Support and Recovery Assistant from Windows
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10.
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/
BleepingComputer
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks.
Drift $280M crypto theft linked to 6-month in-person operation
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]
https://www.bleepingcomputer.com/news/security/drift-280m-crypto-theft-linked-to-6-month-in-person-operation/
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]
https://www.bleepingcomputer.com/news/security/drift-280m-crypto-theft-linked-to-6-month-in-person-operation/
BleepingComputer
Drift $280M crypto theft linked to 6-month in-person operation
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem."
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-fortinet-flaw-exploited-in-attacks-by-friday/
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-fortinet-flaw-exploited-in-attacks-by-friday/
BleepingComputer
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday.
Why Simple Breach Monitoring is No Longer Enough
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]
https://www.bleepingcomputer.com/news/security/why-simple-breach-monitoring-is-no-longer-enough/
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]
https://www.bleepingcomputer.com/news/security/why-simple-breach-monitoring-is-no-longer-enough/
BleepingComputer
Why Simple Breach Monitoring is No Longer Enough
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks.
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
Krebs on Security
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and…
Google DeepMind Researchers Map Web Attacks Against AI Agents
A vulnerability named ‘AI Agent Traps’ allows attackers to manipulate, deceive, and exploit visiting agents via malicious web content.
The post Google DeepMind Researchers Map Web Attacks Against AI Agents appeared first on SecurityWeek.
https://www.securityweek.com/google-deepmind-researchers-map-web-attacks-against-ai-agents/
A vulnerability named ‘AI Agent Traps’ allows attackers to manipulate, deceive, and exploit visiting agents via malicious web content.
The post Google DeepMind Researchers Map Web Attacks Against AI Agents appeared first on SecurityWeek.
https://www.securityweek.com/google-deepmind-researchers-map-web-attacks-against-ai-agents/
SecurityWeek
Google DeepMind Researchers Map Web Attacks Against AI Agents
A vulnerability named ‘AI Agent Traps’ allows attackers to manipulate, deceive, and exploit visiting agents via malicious web content.
Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.
https://www.securityweek.com/guardarian-users-targeted-with-malicious-strapi-npm-packages/
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.
https://www.securityweek.com/guardarian-users-targeted-with-malicious-strapi-npm-packages/
SecurityWeek
Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
North Korean Hackers Target High-Profile Node.js Maintainers
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
https://www.securityweek.com/north-korean-hackers-target-high-profile-node-js-maintainers/
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
https://www.securityweek.com/north-korean-hackers-target-high-profile-node-js-maintainers/
SecurityWeek
North Korean Hackers Target High-Profile Node.js Maintainers
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek.
https://www.securityweek.com/fortinet-rushes-emergency-fixes-for-exploited-zero-day/
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek.
https://www.securityweek.com/fortinet-rushes-emergency-fixes-for-exploited-zero-day/
SecurityWeek
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
Inside an AI‑enabled device code phishing campaign
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access.
The post Inside an AI‑enabled device code phishing campaign appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access.
The post Inside an AI‑enabled device code phishing campaign appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
Microsoft News
Inside an AI‑enabled device code phishing campaign
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and…