A prolific cybercrime group has been weaponizing n-day and zero-day exploits in high-tempo Medusa ransomware attacks over the past three years, Microsoft has revealed. Storm-1175 is a financially motivated actor that usually exploits the window between vulnerability disclosure and patch… Read More "Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks"
Cyber-enabled fraud cost victims over $17.7 billion during 2025, as financial losses to internet-enabled cybercrime continues to grow. Overall, cyber-enabled crimes cost US citizens $21bn. Published on April 6, the FBI’s 2025 Internet Crime Report, detailed how the Internet Crime Complaint… Read More "Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI"
Instead, Kamluk saw that it was a self-spreading piece of code with very different intentions. Using what was referred to within the code as “wormlet” functionality, Fast16 is designed to copy itself to other computers on the network via Windows’… Read More "Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet"
A newly identified critical vulnerability dubbed GrafanaGhost has been used by attackers to silently extract sensitive enterprise data from Grafana environments. According to researchers at Noma’s Threat Research Team, the exploit bypasses client-side protections and AI guardrails, enabling unauthorized data… Read More "GrafanaGhost Exploit Bypasses AI Guardrails for Silent Data Exfiltrati"
Cramming for finals is bad enough without the platform you use to do your schoolwork suddenly shutting down. Unfortunately for countless students across the US, that’s exactly what they faced on Thursday after Canvas went into “maintenance mode” following a… Read More "Hackable Robot Lawn Mower Unlocks a New Nightmare"
A new GPU-based Rowhammer attack capable of escalating privileges to a full system compromise has been demonstrated by researchers at the University of Toronto. The technique, called GPUBreach by researchers at the University of Toronto, shows how memory corruption on… Read More "GPU Rowhammer Attack Enables Privilege Escalation"
Ravie LakshmananMay 09, 2026Vulnerability / Web Hosting cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service. The list of vulnerabilities is as… Read More "cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now"
Russian hacking group APT28 has been exploiting vulnerable internet routers to redirect traffic through attacker-controlled servers and steal credentials from targeted organizations, the UK government has warned. In a new advisory published on April 7, the UK’s National Cyber Security… Read More "Russian APT28 Hackers Hijack Routers to Steal Credentials"
The UK’s National Cyber Security Centre (NSCS) has fully backed passkeys, stating that it should be “should now be consumers’ first choice of login”. This follows a shift over the last 12 months which saw the agency work closely the… Read More "NCSC Backs Passkeys, Hailing a New Era of Sign-in"
ESET researchers have recently observed a new instance of Operation DreamJob – a campaign that we track under the umbrella of North Korea-aligned Lazarus – in which several European companies active in the defense industry were targeted. Some of these… Read More "Lazarus targets the UAV sector"
