Ravie LakshmananApr 13, 2026Cybersecurity / Hacking Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in… Read More "Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More"
SSO endpoints are often internet-facing by design, researchers noted, turning the flaw into a remote entry point and making chaining with additional weaknesses possible. AdminCenter flaws allow further escalation Beyond initial access, the research outlined critical issues within WebSphere Liberty’s… Read More "Seven IBM WebSphere Liberty flaws can be chained into full takeover"
A newly identified Android banking trojan capable of hijacking Brazil’s instant payment transfers, targeting one of the country’s most widely used financial systems, has been uncovered by security researchers. The malware, known as PixRevolution, silently monitors victims’ smartphones and redirects… Read More "PixRevolution Malware Hijacks Brazil’s PIX Transfers in Real Time"
OpenAI revealed on Friday that it’s one of many organizations affected by the recent Axios supply chain attack, which cybersecurity experts have attributed to North Korean hackers. Axios is a widely used open source JavaScript HTTP client library for making… Read More "OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack"
Black Hat Asia 2026 Is Coming to Singapore — Here’s What the Threat Landscape Looks Like Ahead of It Black Hat Asia 2026 explores ransomware growth, AI-driven cyber threats, and supply chain risks reshaping global cybersecurity and digital resilience. As… Read More "Black Hat Asia 2026 Cyber Threats And Ransomware Trends"
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report… Read More "Your MTTD Looks Great. Your Post-Alert Gap Doesn’t"
How the flaw works Marimo’s server includes a built-in terminal feature that lets users run commands directly from the browser. That terminal was accessible over the network without any authentication check, while other parts of the same server correctly required… Read More "Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure"
US and Indonesian law enforcement authorities have taken down a large-scale phishing network that has plotted over $20 million in fraud. Spearheaded by the FBI Atlanta field office, the operation targeted W3LL, a phishing kit which enables cybercriminals to impersonate… Read More "FBI Dismantles $20m Phishing Operation W3LL"
An international operation involving law enforcement agencies from the United States, the United Kingdom, and Canada has targeted multimillion-dollar cryptocurrency theft schemes. Dubbed Operation Atlantic, the initiative identified over $45 million in stolen funds and successfully froze approximately $12 million… Read More "International Operation Targets Multimillion-Dollar Crypto Theft Schemes"
Ravie LakshmananApr 13, 2026Social Engineering / Threat Intelligence The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends… Read More "North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware"
