“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution [email protected] (The Hacker News)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor (JCE) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, tracked as CVE-2026-48907 (CVSS score: 10.0), is a case of improper access control that could facilitate arbitraryRead More
-
npm Supply Chain Cryptocurrency Malware
What is the Attack? Researchers have identified a large-scale software supply chain campaign targeting the npm ecosystem, leveraging malicious JavaScript packages to distribute a multi-stage cryptocurrency-focused malware framework. The campaign affected numerous npm packages that collectively accumulated more than 2.7 million downloads, significantly increasing the potential victim pool among developers, software organizations, and CI/CD environments.…
-

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting [email protected] (The Hacker News)
A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure. Palo Alto Networks Unit 42, which found and reported the bug through Google’s bug bounty program, calls the technique “Pickle…
-

ClickFix Campaigns Expand Malware Delivery With New Loaders and Fake Update Lures [email protected] (The Hacker News)
Cybersecurity researchers have flagged multiple ClickFix campaigns that deliver three malware loaders called BabaDeda Loader, Lorem Ipsum Loader, and Potemkin, per independent reports from Morphisec, BlueVoyant, and Huntress, respectively. Attacks involving BabaDeda Loader, observed in April 2026, have targeted education and financial organizations. “Earlier BabaDeda activity was known forRead More
-
Cloud security metrics and KPIs: A CISO’s guide
Today’s distributed computing environments require a cloud strategy that goes well beyond choosing the best security tools. Instead, CISOs need a far more integrated approach.Read More
-

New Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds [email protected] (The Hacker News)
Security researchers at Zimperium’s zLabs have documented a new Android banking trojan, Rokarolla, that targets 217 banking and cryptocurrency apps and packs 137 remote commands. Together, they give an operator near-total control of an infected phone: it lifts lock-screen PINs, reads and sends SMS, rewrites the clipboard to redirect crypto payments, and switches off Google PlayRead More
-

Survey: 94% of Incidents Involve Anonymized Infrastructure. Teams Are Still Reactive [email protected] (The Hacker News)
Security teams have never had more IP data at their disposal. Every day, analysts ingest enrichment feeds, geolocation data, reputation scores, telemetry, and threat intelligence from a growing ecosystem of vendors and platforms. Yet despite this abundance of information, many organizations continue to face a fundamental challenge: sifting through the noise to understand who is…
-

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week [email protected] (The Hacker News)
Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a post shared on X, the company said it has observed exploitation of CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 over the past 24 hours. CVE-2026-39813 (CVSS score: 9.1) refers to a path traversal vulnerability in FortiSandbox JRPC API that…
-

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth [email protected] (The Hacker News)
Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. “The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS,” ESET said in a report shared with The Hacker News. “Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP,Read…
-

Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware [email protected] (The Hacker News)
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT. “The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possibleRead More
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
