Iranian-affiliated hackers have been attacking US critical national infrastructure (CNI) providers since last month, causing operational disruption and financial loss, the US government has revealed. A Cybersecurity and Infrastructure Security Agency (CISA) advisory on April 7 said the threat actors… Read More "Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT"
An AI-powered vulnerability-hunting effort helped security researchers discover a flaw in Apache ActiveMQ Classic that they claim was “hiding in plain sight” for over a decade. Horizon3.ai chief architect, Naveen Sunkavally, explained in a blog post, published on April 7,… Read More "Claude Discovers Apache ActiveMQ Bug Hidden for 13 Years"
A large-scale network of internet routers compromised by Russian hacking group APT28 to harvest credentials from victims of intelligence value has been taken down in the US. The US Department of Justice (DoJ) announced on April 7, that it teamed… Read More "US Thwarts DNS Hijacking Network Controlled by Russian APT28 Hackers"
AI firm Anthropic has launched Project Glasswing, an initiative which uses AI to identify and remediate undiscovered cybersecurity vulnerabilities in critical software. Project Glasswing, named after the glasswing butterfly, is based on Claude Mythos Preview, a powerful, not publicly available,… Read More "Anthropic Launches Project Glasswing to Fix Software Bugs With AI"
A critical arbitrary file upload vulnerability in Ninja Forms – File Upload Plugin has been identified, exposing thousands of WordPress sites to potential compromise. The issue affects plugin versions up to 3.3.26 and allows unauthenticated attackers to upload malicious files,… Read More "Critical Vulnerability in Ninja Forms Exposes WordPress Sites"
A flaw in Google’s API key system has reportedly exposed mobile applications to unintended access to its Gemini AI platform. According to a CloudSEK advisory published on April 8, the issue affects widely used Android apps and could allow attackers… Read More "Google API Keys Quietly Gain Access to Gemini on Android Devices"
Law enforcement agencies in the UK, US and Canada have teamed up in an ambitious initiative which has already identified more than 20,000 victims of so-called “approval phishing.” Approval phishing is a technique whereby victims are tricked into providing full… Read More "Operation Atlantic Seizes $12m in Crypto Losses"
The UK’s professional body for the cybersecurity sector has launched a new title designed to support more people at the start of their careers in the industry. UK Cyber Security Council said that the Associate Cyber Security Professional title is… Read More "UK Cyber Security Council Launches Associate Cyber Security Profession"
US and Indonesian law enforcement authorities have taken down a large-scale phishing network that has plotted over $20 million in fraud. Spearheaded by the FBI Atlanta field office, the operation targeted W3LL, a phishing kit which enables cybercriminals to impersonate… Read More "FBI Dismantles $20m Phishing Operation W3LL"
A newly identified Android banking trojan, known as Mirax, is spreading across Europe and combines remote access features with residential proxy capabilities to broaden its impact. According to an advisory published by Cleafy, the malware has been observed targeting Spanish-speaking users,… Read More "Mirax Android Trojan Turns Devices Into Residential Proxy Nodes"
