CTM360 exposes FEMITBOT, a large-scale fraud operation abusing Telegram Mini Apps to run crypto scams, impersonate brands like Apple and NVIDIA, and distribute Android malware.
Educational tech giant Instructure confirms data breach affecting Canvas LMS users. ShinyHunters claims 275 million student and teacher records stolen from 9,000 schools, with a May 6 leak deadline.
Attackers compromised elementary-data version 0.23.3 on PyPI, pushing malicious code to 1.1 million monthly users. The infection extended to Docker images via automated workflows.
Securonix uncovers DEEP#DOOR, a Python-based backdoor that steals browser passwords, AWS/Azure credentials, and SSH keys while evading detection through bore.pub tunneling and extensive anti-analysis.
A faulty signature update caused Windows Defender to detect trusted DigiCert root certificates as Trojan:Win32/Cerdigent.A!dha. Microsoft has released a fix, but some users already reinstalled Windows.
Trellix, formed from McAfee Enterprise and FireEye merger, disclosed unauthorized access to source code. Forensic investigation ongoing with no evidence of code exploitation.
SHADOW-EARTH-053, GLITTER CARP, and SEQUIN CARP target Asian governments, journalists, and activists across Pakistan, Thailand, Poland, and 5 other nations with ShadowPad.
New ConsentFix v3 attack automates Microsoft Azure OAuth credential theft using Pipedream webhooks and Cloudflare phishing pages. Pre-trusted apps bypass MFA entirely.
Go-based Sorry ransomware exploits cPanel auth bypass CVE-2026-41940, encrypting files with ChaCha20/RSA-2048. 44,000+ IPs compromised as attackers demand Tox ransom.
AiTM and token theft attacks hit 40,000 daily incidents in 2026. CISA warns OAuth tokens bypass MFA, enabling invisible lateral movement across SaaS apps.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.