Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Threat actor uses Microsoft Teams to deploy new “Snow” malware
A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named “Snow,” which includes a browser extension, a tunneler, and a backdoor. Their goal is to steal sensitive data after deep network compromise through credential theft and domain takeover. According to Google’s Mandiant researchers, the attacker uses “email bombing” tactics to […]
ADT confirms data breach after ShinyHunters leak threat
Home security giant ADT has confirmed a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid. In a statement shared today, the company said it detected unauthorized access to customer and prospective customer data on April 20, after which it terminated the intrusion and launched an investigation. […]
Firestarter malware survives Cisco firewall updates, security patches
Cybersecurity agencies in the U.S. and U.K. are warning about a custom malware called Firestarter persisting on Cisco Firepower and Secure Firewall devices running Adaptive Security Appliance (ASA) or Firepower Threat Defense (FTD) software. The backdoor has been attributed to a threat actor that Cisco Talos tracks internally as UAT-4356, known for cyberespionage campaigns, including ArcaneDoor. […]
New BlackFile extortion group linked to surge of vishing attacks
A new financially motivated hacking group tracked as BlackFile has been linked to a wave of data theft and extortion attacks against retail and hospitality organizations since February 2026. The group, also tracked as CL-CRI-1116, UNC6671, and Cordial Spider, is impersonating corporate IT helpdesk staff to steal employee credentials and demand seven-figure ransoms, according to information shared […]
Microsoft to roll out Entra passkeys on Windows in late April
Microsoft will roll out passkey support for phishing-resistant passwordless authentication to Microsoft Entra‑protected resources from Windows devices starting late April. The feature is expected to reach general availability by mid-June 2026 and will also extend passwordless sign-in to unmanaged Windows devices. Microsoft says that Entra passkeys on Windows will support corporate, personal, and shared devices, […]
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. The flaw is identified as CVE-2026-41651 and received a high-severity rating of 8.8 out of 10. It has persisted for almost 12 years in the PackageKit daemon, a background service that manages software installation, […]
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver. Zimbra is a popular email and collaboration software suite used by hundreds of millions of people worldwide, including hundreds of government agencies and thousands of businesses. The vulnerability (tracked as CVE-2025-48700) […]
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. The security issue is tracked as CVE-2026-3844 and has been leveraged in more than 170 exploitation attempts by the Wordfence security solution for the WordPress ecosystem. The Breeze Cache WordPress caching […]
Bitwarden CLI npm package compromised to steal developer credentials
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. According to reports by Socket, JFrog, and OX Security, the malicious package was distributed as version 2026.4.0 and remained available between 5:57 PM and 7:30 PM ET on April 22, 2026, before being removed. […]
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. The utility was emplayed in attacks in March that were attributed to a gang affiliate, likely in an effort to avoid publicly available tools, such as Rclone and MegaSync, that typically trigger security solutions. […]