Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.
https://www.securityweek.com/guardarian-users-targeted-with-malicious-strapi-npm-packages/
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
The post Guardarian Users Targeted With Malicious Strapi NPM Packages appeared first on SecurityWeek.
https://www.securityweek.com/guardarian-users-targeted-with-malicious-strapi-npm-packages/
SecurityWeek
Guardarian Users Targeted With Malicious Strapi NPM Packages
Hackers published 36 NPM packages posing as Strapi plugins to execute shells, escape containers, and harvest credentials.
North Korean Hackers Target High-Profile Node.js Maintainers
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
https://www.securityweek.com/north-korean-hackers-target-high-profile-node-js-maintainers/
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
The post North Korean Hackers Target High-Profile Node.js Maintainers appeared first on SecurityWeek.
https://www.securityweek.com/north-korean-hackers-target-high-profile-node-js-maintainers/
SecurityWeek
North Korean Hackers Target High-Profile Node.js Maintainers
The threat actor behind the Axios supply chain attack has been aiming at other maintainers in its social engineering campaign.
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek.
https://www.securityweek.com/fortinet-rushes-emergency-fixes-for-exploited-zero-day/
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
The post Fortinet Rushes Emergency Fixes for Exploited Zero-Day appeared first on SecurityWeek.
https://www.securityweek.com/fortinet-rushes-emergency-fixes-for-exploited-zero-day/
SecurityWeek
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
The improper access control bug in FortiClient EMS allows unauthenticated attackers to execute arbitrary code remotely.
Inside an AI‑enabled device code phishing campaign
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access.
The post Inside an AI‑enabled device code phishing campaign appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access.
The post Inside an AI‑enabled device code phishing campaign appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
Microsoft News
Inside an AI‑enabled device code phishing campaign
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and…
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
The post Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
The post Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
Microsoft News
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
The financially motivated cybercriminal threat actor Storm-1175 operates high-velocity ransomware campaigns that weaponize recently disclosed vulnerabilities to obtain initial access, exfiltrate data, and deploy Medusa ransomware.
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
https://www.cisa.gov/news-events/alerts/2026/04/06/cisa-adds-one-known-exploited-vulnerability-catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
https://www.cisa.gov/news-events/alerts/2026/04/06/cisa-adds-one-known-exploited-vulnerability-catalog
[local] is-localhost-ip 2.0.0 - SSRF
is-localhost-ip 2.0.0 - SSRF
https://www.exploit-db.com/exploits/52496
is-localhost-ip 2.0.0 - SSRF
https://www.exploit-db.com/exploits/52496
Exploit Database
is-localhost-ip 2.0.0 - SSRF
is-localhost-ip 2.0.0 - SSRF.. local exploit for Multiple platform
[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
Fortinet FortiWeb v8.0.1 - Auth Bypass
https://www.exploit-db.com/exploits/52495
Fortinet FortiWeb v8.0.1 - Auth Bypass
https://www.exploit-db.com/exploits/52495
Exploit Database
Fortinet FortiWeb v8.0.1 - Auth Bypass
Fortinet FortiWeb v8.0.1 - Auth Bypass. CVE-2025-64446 . webapps exploit for Multiple platform
[local] Windows Kernel - Elevation of Privilege
Windows Kernel - Elevation of Privilege
https://www.exploit-db.com/exploits/52494
Windows Kernel - Elevation of Privilege
https://www.exploit-db.com/exploits/52494
Exploit Database
Windows Kernel - Elevation of Privilege
Windows Kernel - Elevation of Privilege. CVE-2025-62215 . local exploit for Windows platform
[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
https://www.exploit-db.com/exploits/52493
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
https://www.exploit-db.com/exploits/52493
Exploit Database
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation. CVE-2025-59254 . local exploit for Windows platform
Hackers exploit critical flaw in Ninja Forms WordPress plugin
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-ninja-forms-wordpress-plugin/
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-ninja-forms-wordpress-plugin/
BleepingComputer
Hackers exploit critical flaw in Ninja Forms WordPress plugin
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution.
FBI: Americans lost a record $21 billion to cybercrime last year
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. [...]
https://www.bleepingcomputer.com/news/security/fbi-americans-lost-a-record-21-billion-to-cybercrime-last-year/
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. [...]
https://www.bleepingcomputer.com/news/security/fbi-americans-lost-a-record-21-billion-to-cybercrime-last-year/
BleepingComputer
FBI: Americans lost a record $21 billion to cybercrime last year
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says.
Snowflake customers hit in data theft attacks after SaaS integrator breach
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. [...]
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. [...]
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/
BleepingComputer
Snowflake customers hit in data theft attacks after SaaS integrator breach
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen.
US warns of Iranian hackers targeting critical infrastructure
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. [...]
https://www.bleepingcomputer.com/news/security/us-warns-of-iranian-hackers-targeting-critical-infrastructure/
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. [...]
https://www.bleepingcomputer.com/news/security/us-warns-of-iranian-hackers-targeting-critical-infrastructure/
BleepingComputer
US warns of Iranian hackers targeting critical infrastructure
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations.
Max severity Flowise RCE vulnerability now exploited in attacks
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]
https://www.bleepingcomputer.com/news/security/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]
https://www.bleepingcomputer.com/news/security/max-severity-flowise-rce-vulnerability-now-exploited-in-attacks/
BleepingComputer
Max severity Flowise RCE vulnerability now exploited in attacks
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code.
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. [...]
https://www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials. [...]
https://www.bleepingcomputer.com/news/security/authorities-disrupt-dns-hijacks-used-to-steal-microsoft-365-logins/
BleepingComputer
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials.
Why Your Automated Pentesting Tool Just Hit a Wall
Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap. [...]
https://www.bleepingcomputer.com/news/security/why-your-automated-pentesting-tool-just-hit-a-wall/
Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap. [...]
https://www.bleepingcomputer.com/news/security/why-your-automated-pentesting-tool-just-hit-a-wall/
BleepingComputer
Why Your Automated Pentesting Tool Just Hit a Wall
Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap.
German authorities identify REvil and GandCrab ransomware bosses
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]
https://www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. [...]
https://www.bleepingcomputer.com/news/security/german-authorities-identify-revil-and-gangcrab-ransomware-bosses/
BleepingComputer
German authorities identify REvil and GandCrab ransomware bosses
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021.
Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code.
https://krebsonsecurity.com/2026/04/russia-hacked-routers-to-steal-microsoft-office-tokens/
Krebs on Security
Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers…
❤1
Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands.
The post Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek.
https://www.securityweek.com/anthropic-unveils-claude-mythos-a-cybersecurity-breakthrough-that-could-also-supercharge-attacks/
New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands.
The post Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek.
https://www.securityweek.com/anthropic-unveils-claude-mythos-a-cybersecurity-breakthrough-that-could-also-supercharge-attacks/
SecurityWeek
Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands.
The New Rules of Engagement: Matching Agentic Attack Speed
The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural.
The post The New Rules of Engagement: Matching Agentic Attack Speed appeared first on SecurityWeek.
https://www.securityweek.com/the-new-rules-of-engagement-matching-agentic-attack-speed/
The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural.
The post The New Rules of Engagement: Matching Agentic Attack Speed appeared first on SecurityWeek.
https://www.securityweek.com/the-new-rules-of-engagement-matching-agentic-attack-speed/
SecurityWeek
The New Rules of Engagement: Matching Agentic Attack Speed
The cybersecurity response to AI-enabled nation-state threats cannot be incremental. It must be architectural.