Peter Stokes, 19, was detained while boarding a flight to Japan. Federal prosecutors allege he participated in breaches that forced companies to pay millions in ransoms.
North Korean threat actors are befriending targets on Facebook, building trust over weeks, then delivering RokRAT malware through trojanized PDF readers. Military and government officials targeted.
CVE-2026-41386 allows attackers to manipulate bootstrap setup codes during device pairing, bypassing role restrictions and gaining elevated privileges in OpenClaw.
Critical CVSS 9.8 flaw in cPanel/WHM allowed attackers to bypass authentication via CRLF injection. Exploits confirmed in the wild before emergency patches.
CVE-2026-42208 lets attackers steal API keys and forge admin sessions in LiteLLM without authentication. Exploitation began within 36 hours of public disclosure.
Malwarebytes uncovers campaign using fake TradingClaw website to distribute Needle Stealer malware. The infostealer hijacks browsers to harvest credentials, crypto wallets, and financial data from traders.
Russian state hackers weaponize CVE-2026-32202, an incomplete patch for Windows Shell that enables zero-click NTLM hash theft. Microsoft confirms active exploitation after Akamai discovers the bypass.
Silverfort researchers discover Microsoft's AI agent management role could be abused to take over arbitrary service principals in Entra ID tenants. Microsoft patched the privilege escalation flaw on April 9.
Chinese national Xu Zewei faces nine federal counts after extradition from Italy for alleged role in Silk Typhoon attacks stealing COVID-19 vaccine research from U.S. universities and research institutions.
Microsoft releases emergency patch for CVE-2026-40372 (CVSS 9.1), a critical ASP.NET Core flaw allowing attackers to forge authentication cookies and gain SYSTEM privileges on Linux and macOS servers.
Learn about ransomware, phishing, malware, and essential online safety practices.
Curated books, tools, and resources to deepen your cybersecurity knowledge.
Get the latest cybersecurity news delivered to your inbox.