Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. A reader shared an email with GeekFeed that appeared to be a standard Apple security notification that stated their account information had been updated. […]
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. Starting April 15, the service will only analyze and provide additional details (e.g., severity rating, product lists) for security issues that meet specific criteria related to the risk they pose. The […]
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. The tool is highly popular in the Node Package Manager (npm) registry, with an average of nearly 50 million weekly downloads. It is used for inter-service communication, in real-time applications, and for […]
Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client. In an advisory published on April 14, Microsoft says users are reporting that they are unable to paste URLs, text, or images into Teams chats when using right-click context menus, with the […]
The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. QEMU is an open-source CPU emulator and system virtualization tool that allows users to run operating systems on a host computer as virtual machines (VMs). Since security solutions on […]
Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies. The funds were stolen from cryptocurrency wallets belonging to Russian users, as the platform enables crypto-ruble exchange operations between Russian businesses and individuals. Launched early last year, Grinex has Russian links and is believed to be […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that a high-severity Apache ActiveMQ vulnerability patched earlier this month is now actively exploited in attacks. Apache ActiveMQ is the most popular open-source Java-based message broker for asynchronous communication between applications. Tracked asĀ CVE-2026-34197, the security flawĀ has gone undetected for 13 yearsĀ and was discovered byĀ Horizon3 […]
Microsoft has confirmed that some Windows domain controllers are entering restart loops due to Local Security Authority Subsystem Service (LSASS) crashes after installing the April 2026 security updates. The company also warned that Windows admins may encounter this issue when setting up new domain controllers, or even on existing ones, if the server processes authentication […]
23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. According toĀ court documents, the accounts were hijacked byĀ Nathan Austad (aka Snoopy) with the help of Joseph Garrison (a third accompliceĀ chargedĀ in May 2023)Ā in a massiveĀ November 2022 credential-stuffing attackĀ that compromised nearly 68,000 DraftKings accounts. U.S. prosecutors […]
Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. Since the start of the month, a security researcher known as “Chaotic Eclipse” or “Nightmare-Eclipse” has published proof-of-concept exploit code for all three security issues in protest to how Microsoft’s Security Response Center (MSRC) handled […]
