Triad Nexus Evades Sanctions to Fuel Cybercrime

The sprawling cybercrime operation abuses major providers to prevent takedowns and distance itself from sanctions.
The post Triad Nexus Evades Sanctions to Fuel Cybercrime appeared first on SecurityWeek.
https://www.securityweek.com/triad-nexus-evades-sanctions-to-fuel-cybercrime/

Google Adds Rust DNS Parser to Pixel Phones for Better Security

The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment.
The post Google Adds Rust DNS Parser to Pixel Phones for Better Security appeared first on SecurityWeek.
https://www.securityweek.com/google-adds-rust-dns-parser-to-pixel-phones-for-better-security/

Nightclub Giant RCI Hospitality Reports Data Breach

The company said in an SEC filing that an IDOR vulnerability affecting RCI Internet Services exposed contractor data.
The post Nightclub Giant RCI Hospitality Reports Data Breach appeared first on SecurityWeek.
https://www.securityweek.com/nightclub-giant-rci-hospitality-reports-data-breach/

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

The security defects allow attackers to escalate privileges and execute arbitrary code remotely.
The post Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/organizations-warned-of-exploited-windows-adobe-acrobat-vulnerabilities/

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2009-0238 Microsoft Office Remote Code Execution Vulnerability
CVE-2026-32201 Microsoft SharePoint Server Improper Input Validation Vulnerability 
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.
https://www.cisa.gov/news-events/alerts/2026/04/14/cisa-adds-two-known-exploited-vulnerabilities-catalog

New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released

Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution.
The vulnerabilities have been described as command injection flaws affecting the Perforce VCS (version control software) driver. Details of the two flaws are below -

CVE-2026-40176 (CVSS
https://thehackernews.com/2026/04/new-php-composer-flaws-enable-arbitrary.html

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level.
"The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying
https://thehackernews.com/2026/04/google-adds-rust-based-dns-parser-into.html

AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud

Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google's Discover feed and trick users into enabling persistent browser notifications that lead to scareware and financial scams.
The campaign, which has been
https://thehackernews.com/2026/04/ai-driven-pushpaganda-scam-exploits.html

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta.
"Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real
https://thehackernews.com/2026/04/mirax-android-rat-turns-devices-into.html

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while raw alert volume grew by 52% year-over-year, prioritized critical risk grew by nearly 400%.
The surge in AI-assisted development is creating a "velocity gap" where the density of high-impact vulnerabilities is scaling faster than
https://thehackernews.com/2026/04/analysis-of-216m-security-findings.html

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited.
According to Socket, the extensions (complete list
https://thehackernews.com/2026/04/108-malicious-chrome-extensions-steal.html

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0.
It relates to a case of unrestricted file upload that stems from improper validation of
https://thehackernews.com/2026/04/showdoc-rce-flaw-cve-2025-0520-actively.html

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows -

CVE-2026-21643 (CVSS score: 9.1) -  An SQL injection vulnerability in  Fortinet FortiClient EMS that could allow an
https://thehackernews.com/2026/04/cisa-adds-6-known-exploited-flaws-in.html

Privilege Elevation Dominates Massive Microsoft Patch Update

Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix.
https://www.darkreading.com/vulnerabilities-threats/privilege-elevation-dominates-microsoft-patch-update

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses

Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.
https://www.darkreading.com/vulnerabilities-threats/edr-killer-ecosystem-expansion-requires-stronger-byovd-defenses

War Game Exercise Demonstrates How Social Media Manipulation Works

In an educational game called "Capture the Narrative," students created bots to sway a fictional election, simulating influence in real-world political scenarios.
https://www.darkreading.com/cyber-risk/wargame-demonstrates-social-media-manipulation

Daily Dose of Dark Web Informer - April 14th, 2026

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.
https://darkwebinformer.com/daily-dose-of-dark-web-informer-april-14th-2026/

France's National ID Agency ANTS Allegedly Breached, 18 Million Citizen Records With Government-Verified Identities Listed for Sale

France's National ID Agency ANTS Allegedly Breached, 18 Million Citizen Records With Government-Verified Identities Listed for Sale
https://darkwebinformer.com/frances-national-id-agency-ants-allegedly-breached-18-million-citizen-records-with-government-verified-identities-listed-for-sale/

Moroccan Biomedical School SUPTECH SANTE Breached, 231 Student Dossiers With National IDs, Diplomas, and ID Card Photos Exposed

Moroccan Biomedical School SUPTECH SANTE Breached, 231 Student Dossiers With National IDs, Diplomas, and ID Card Photos Exposed
https://darkwebinformer.com/moroccan-biomedical-school-suptech-sante-breached-231-student-dossiers-with-national-ids-diplomas-and-id-card-photos-exposed/

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. [...]
https://www.bleepingcomputer.com/news/security/critical-nginx-ui-auth-bypass-flaw-now-actively-exploited-in-the-wild/

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger. [...]
https://www.bleepingcomputer.com/news/security/new-agingfly-malware-used-in-attacks-on-ukraine-govt-hospitals/