A team of researchers from the University of Toronto has discovered a new Rowhammer attack that threat actors can use to escalate privileges. The Rowhammer technique, a hardware vulnerability known for more than a decade, works by repeatedly accessing —… Read More "GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack "
“While the threat actor typically uses N-day vulnerabilities, we have also observed Storm-1175 leveraging zero-day exploits, in some cases a full week before public vulnerability disclosure,” Microsoft said in a blog post. “The threat actor has also been observed chaining… Read More "Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks"
A prolific cybercrime group has been weaponizing n-day and zero-day exploits in high-tempo Medusa ransomware attacks over the past three years, Microsoft has revealed. Storm-1175 is a financially motivated actor that usually exploits the window between vulnerability disclosure and patch… Read More "Storm-1175 Exploits Flaws in High-Velocity Medusa Attacks"
The German Federal Criminal Police (BKA) has named a Russian national as the mastermind behind the GandCrab and REvil ransomware operations. According to a law enforcement notice, the man, Daniil Maksimovich Shchukin, 31, of Krasnodarskiy, Russia, led the two ransomware… Read More "German Police Unmask REvil Ransomware Leader"
New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be exploited to escalate privileges and, in some cases, even take full control of a host. The efforts have been codenamed GPUBreach, GDDRHammer, and GeForge. GPUBreach goes… Read More "New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips"
For more than two decades, cybersecurity has been built on a reactive model: detect intrusions, patch vulnerabilities, respond to incidents, and repeat. That model is now under sustained pressure from a threat environment that is faster, more coordinated, and increasingly… Read More "The rise of proactive cyber: Why defense is no longer enough"
Human trafficking operations made hundreds of millions of dollars last year, as cryptocurrency inflows surged 85% annually, according to Chainalysis. The blockchain analytics company argued that its data shows this activity is increasingly linked to the growth of South East Asia… Read More "Crypto Payments to Human Traffickers Surges 85%"
The Trump administration is proposing a $707 million reduction in the budget of the Cybersecurity and Infrastructure Security Agency (CISA) for fiscal year 2027. A proposal from the Office of Management and Budget indicates that the cut aims to refocus… Read More "White House Seeks to Slash CISA Funding by $707 Million"
Ravie LakshmananApr 07, 2026Vulnerability / Threat Intelligence A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate “high-velocity” attacks and break into susceptible internet-facing systems. “The threat… Read More "China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware"
Google has released a security update to patch a newly discovered zero-day in Chrome and the company warned an exploit exists in the wild. The update, published on February 13, was accompanied by an advisory on CVE-2026-2441, a high severity… Read More "Google Warns of In the Wild Exploit as It Patches New Chrome Zero Day"
