CVE-2026-33032 lets attackers take full control of nginx-ui servers without credentials. Threat actors are exploiting it now. Upgrade to 2.3.4 immediately.
Iranian APT MuddyWater adopts Russian TAG-150 malware-as-a-service platform to deploy ChainShell RAT against Israeli targets. C2 addresses resolved via Ethereum smart contracts evade takedowns.
Multiple campaigns distribute NWHStealer infostealer through counterfeit Proton VPN installers, gaming modifications, and YouTube-promoted downloads. Targets browser data and 25+ crypto wallets.
Booking.com confirms hackers accessed customer reservation data including names, emails, phone numbers, and booking details. Company resets PINs but won't disclose breach scope.
Security researchers expose 108 malicious Chrome extensions operating under five fake publishers, stealing Google OAuth tokens, Telegram sessions, and injecting ads. Over 20,000 users affected.
Google researchers expose EtherHiding technique storing malware payloads in Ethereum and BNB smart contracts. First nation-state adoption of unkillable blockchain C2 infrastructure.
eSentire researchers expose Omnistealer, a North Korean infostealer storing payloads in blockchain transactions. 300,000 credentials compromised across government and defense sectors.
HUMAN Security exposes Pushpaganda campaign using AI content to poison Google Discover feeds, generating 240 million fraudulent ad requests through scareware and fake news.
Dutch fitness chain Basic-Fit confirms hackers accessed bank account details, addresses, and personal data for up to 1 million members across six European countries.
Microsoft's April 2026 Patch Tuesday fixes 167 vulnerabilities including CVE-2026-32201, an actively exploited SharePoint zero-day. Eight critical RCE flaws patched.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.