Latest IT News & Tech Trends
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. While BirdCall is a known backdoor for Windows systems, APT37, also known as ScarCruft and Ricochet Chollima, has developed a variant for Android that doubles as spyware. According to […]
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks before disclosing it publicly. Researchers at threat intelligence company Vega documented the malicious activity and […]
Cybersecurity firm Kaspersky reports that the Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. Although the resource has been leveraged for malicious activity in the past, Kaspersky says the current spike may be due to a large number of AWS Identity […]
A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a credential-stealing payload targeting browsers, environment files, and cloud services. The developer disclosed the supply-chain attack on April 30, saying that version 2.6.3 of the package included a hidden execution chain that downloads and executes a JavaScript payload. PyTorch […]
Cybersecurity firm Trellix disclosed a data breach after attackers gained access to “a portion” of its source code repository. Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. According to […]
Progress Software warned customers to patch a critical authentication bypass vulnerability in its MOVEit Automation enterprise-grade managed file transfer (MFT) application. MOVEit Automation automates complex data workflows without requiring manual scripting and serves as a central automation orchestrator to schedule and manage file transfers between different systems, including local servers, cloud storage, and external partners. […]
CISA has warned that threat actors have started exploiting the “Copy Fail” Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. Tracked as CVE-2026-31431, this security flaw was found in the Linux kernel’s algif_aead cryptographic algorithm interface and enables unprivileged local users to gain root privileges on unpatched […]
Microsoft has confirmed that the April 2026 security updates are causing failures in third-party backup applications using the psmounterex.sys driver. As GeekFeed reported last week, this issue affects software using VSS (Volume Shadow Copy Service) snapshots and causes failures due to a VSS service timeout. Software impacted by this includes, but is not limited to, products from Macrium (Reflect), Acronis (Cyber […]
Educational tech giant Instructure has confirmed that data was stolen in a cyberattack, with the ShinyHunters extortion gang claiming responsibility. Instructure is a U.S.-based education technology company best known for developing Canvas, a widely used learning management system that helps schools, universities, and organizations manage coursework, assignments, and online learning. On Friday, Instructure disclosed that it suffered […]
Microsoft Defender is detecting legitimate DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha, resulting in widespread false-positive alerts, and in some cases, removing certificates from Windows. According to cybersecurity expert Florian Roth, the issue first appeared after Microsoft added the detections to a Defender signature update on April 30th. Today, administrators worldwide began reporting that DigiCert root certificate entries were flagged as malware and, on […]
