New GPUBreach attack enables system takeover via GPU rowhammer
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. [...]
https://www.bleepingcomputer.com/news/security/new-gpubreach-attack-enables-system-takeover-via-gpu-rowhammer/
BleepingComputer
New GPUBreach attack enables system takeover via GPU rowhammer
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise.
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]
https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. [...]
https://www.bleepingcomputer.com/news/security/disgruntled-researcher-leaks-bluehammer-windows-zero-day-exploit/
BleepingComputer
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions.
Microsoft fixes Classic Outlook bug causing email delivery issues
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-classic-outlook-bug-causing-email-delivery-issues/
Microsoft has resolved a known issue that was preventing some Classic Outlook users from sending emails via Outlook.com. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-classic-outlook-bug-causing-email-delivery-issues/
Microsoft removes Support and Recovery Assistant from Windows
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-support-and-recovery-assistant-from-windows/
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-support-and-recovery-assistant-from-windows/
BleepingComputer
Microsoft removes Support and Recovery Assistant from Windows
Microsoft has deprecated and removed the Support and Recovery Assistant (SaRA) command-line utility from all in-support versions of Windows updates starting March 10.
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-links-medusa-ransomware-affiliate-to-zero-day-attacks/
BleepingComputer
Microsoft links Medusa ransomware affiliate to zero-day attacks
Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks.
Drift $280M crypto theft linked to 6-month in-person operation
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]
https://www.bleepingcomputer.com/news/security/drift-280m-crypto-theft-linked-to-6-month-in-person-operation/
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem." [...]
https://www.bleepingcomputer.com/news/security/drift-280m-crypto-theft-linked-to-6-month-in-person-operation/
BleepingComputer
Drift $280M crypto theft linked to 6-month in-person operation
The Drift Protocol says that the $280+ million hack it suffered last week was the result of a long-term, carefully planned operation that included building "a functioning operational presence inside the Drift ecosystem."
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-fortinet-flaw-exploited-in-attacks-by-friday/
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. [...]
https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-fortinet-flaw-exploited-in-attacks-by-friday/
BleepingComputer
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday.
Why Simple Breach Monitoring is No Longer Enough
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]
https://www.bleepingcomputer.com/news/security/why-simple-breach-monitoring-is-no-longer-enough/
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks. [...]
https://www.bleepingcomputer.com/news/security/why-simple-breach-monitoring-is-no-longer-enough/
BleepingComputer
Why Simple Breach Monitoring is No Longer Enough
Infostealers are harvesting credentials and session cookies at scale, bypassing traditional defenses. Lunar explains why simple breach monitoring alone can't keep up with modern credential-based attacks.
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021.
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
Krebs on Security
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and…
Google DeepMind Researchers Map Web Attacks Against AI Agents
A vulnerability named ‘AI Agent Traps’ allows attackers to manipulate, deceive, and exploit visiting agents via malicious web content.
The post Google DeepMind Researchers Map Web Attacks Against AI Agents appeared first on SecurityWeek.
https://www.securityweek.com/google-deepmind-researchers-map-web-attacks-against-ai-agents/
A vulnerability named ‘AI Agent Traps’ allows attackers to manipulate, deceive, and exploit visiting agents via malicious web content.
The post Google DeepMind Researchers Map Web Attacks Against AI Agents appeared first on SecurityWeek.
https://www.securityweek.com/google-deepmind-researchers-map-web-attacks-against-ai-agents/
SecurityWeek
Google DeepMind Researchers Map Web Attacks Against AI Agents
A vulnerability named ‘AI Agent Traps’ allows attackers to manipulate, deceive, and exploit visiting agents via malicious web content.
Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.
https://www.securityweek.com/guardarian-users-targeted-with-malicious-strapi-npm-packages/
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.
https://www.securityweek.com/guardarian-users-targeted-with-malicious-strapi-npm-packages/
SecurityWeek
Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
North Korean Hackers Target High-Profile Node.js Maintainers
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
https://www.securityweek.com/north-korean-hackers-target-high-profile-node-js-maintainers/
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
https://www.securityweek.com/north-korean-hackers-target-high-profile-node-js-maintainers/
SecurityWeek
North Korean Hackers Target High-Profile Node.js Maintainers
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek.
https://www.securityweek.com/fortinet-rushes-emergency-fixes-for-exploited-zero-day/
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek.
https://www.securityweek.com/fortinet-rushes-emergency-fixes-for-exploited-zero-day/
SecurityWeek
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
Inside an AI‑enabled device code phishing campaign
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access.
The post Inside an AI‑enabled device code phishing campaign appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access.
The post Inside an AI‑enabled device code phishing campaign appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
Microsoft News
Inside an AI‑enabled device code phishing campaign
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and…
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
The post Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
The post Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
Microsoft News
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
https://www.cisa.gov/news-events/alerts/2026/04/06/cisa-adds-one-known-exploited-vulnerability-catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
https://www.cisa.gov/news-events/alerts/2026/04/06/cisa-adds-one-known-exploited-vulnerability-catalog
[local] is-localhost-ip 2.0.0 - SSRF
is-localhost-ip 2.0.0 - SSRF
https://www.exploit-db.com/exploits/52496
is-localhost-ip 2.0.0 - SSRF
https://www.exploit-db.com/exploits/52496
Exploit Database
is-localhost-ip 2.0.0 - SSRF
is-localhost-ip 2.0.0 - SSRF.. local exploit for Multiple platform
[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
Fortinet FortiWeb v8.0.1 - Auth Bypass
https://www.exploit-db.com/exploits/52495
Fortinet FortiWeb v8.0.1 - Auth Bypass
https://www.exploit-db.com/exploits/52495
Exploit Database
Fortinet FortiWeb v8.0.1 - Auth Bypass
Fortinet FortiWeb v8.0.1 - Auth Bypass. CVE-2025-64446 . webapps exploit for Multiple platform
[local] Windows Kernel - Elevation of Privilege
Windows Kernel - Elevation of Privilege
https://www.exploit-db.com/exploits/52494
Windows Kernel - Elevation of Privilege
https://www.exploit-db.com/exploits/52494
Exploit Database
Windows Kernel - Elevation of Privilege
Windows Kernel - Elevation of Privilege. CVE-2025-62215 . local exploit for Windows platform
[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
https://www.exploit-db.com/exploits/52493
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
https://www.exploit-db.com/exploits/52493
Exploit Database
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation. CVE-2025-59254 . local exploit for Windows platform
Hackers exploit critical flaw in Ninja Forms WordPress plugin
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-ninja-forms-wordpress-plugin/
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-ninja-forms-wordpress-plugin/
BleepingComputer
Hackers exploit critical flaw in Ninja Forms WordPress plugin
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution.