Articles

432 articles

Industry NewsApr 21, 2026

Ofcom Investigates Telegram for CSAM Sharing and Encryption Non-Compliance

UK regulator Ofcom launches a formal investigation into Telegram over evidence of child sexual abuse material (CSAM) sharing and potential breaches of the Online Safety Act's encryption reporting rules.

2 min read

PureRAT Malware Evades Detection with PNG-Stashed Payloads

HIGH

MalwareApr 21, 2026

PureRAT Malware Evades Detection with PNG-Stashed Payloads

PureRAT hides its Windows PE payloads inside PNG files and executes them filelessly in memory, a technique detailed by cybersecurity researchers analyzing a new sophisticated campaign.

3 min read

Windows Snipping Tool Vulnerability Leaks NTLM Hashes via Malicious Links

HIGH

VulnerabilitiesApr 21, 2026

Windows Snipping Tool Vulnerability Leaks NTLM Hashes via Malicious Links

CVE-2026-33829 in Windows Snipping Tool allows attackers to steal NTLMv2 hashes via malicious links. A public PoC exploit targets the ms-screensketch protocol to enable credential relay attacks.

CVE-2026-33829

3 min read

Datto Warns Traditional Backups Fail to Maintain Business Operations During

HIGH

Industry NewsApr 20, 2026

Datto Warns Traditional Backups Fail to Maintain Business Operations During

Datto's 2026 report reveals 43% of businesses with backups still face over 24 hours of downtime after an attack, highlighting the critical gap between data backup and true business continuity and disaster recovery (BCDR).

3 min read

FakeWallet Crypto Stealer Infects iOS Devices via Apple App Store

HIGH

MalwareApr 20, 2026

FakeWallet Crypto Stealer Infects iOS Devices via Apple App Store

Kaspersky discovered 22 malicious iOS apps on the official App Store impersonating crypto wallets like MetaMask and Coinbase, stealing seed phrases and private keys from over 1,000 victims.

3 min readFakeWallet

Gh0st RAT and CloverPlus Adware Deployed in Dual-Payload Campaign

HIGH

MalwareApr 20, 2026

Gh0st RAT and CloverPlus Adware Deployed in Dual-Payload Campaign

A new malware campaign deploys both Gh0st RAT and CloverPlus adware via a single obfuscated loader, giving attackers persistent remote control and a revenue stream from a single infection.

3 min read

MiningDropper Framework Delivers Infostealers, RATs to Android Devices

HIGH

MalwareApr 20, 2026

MiningDropper Framework Delivers Infostealers, RATs to Android Devices

MiningDropper, a multi-stage Android malware framework, delivers infostealers, RATs, and banking trojans to devices via disguised apps, according to CyberSecurity News researchers.

3 min read

NIST Abandons Comprehensive NVD Analysis for Risk-Based Prioritization

INFORMATIONAL

Industry NewsApr 20, 2026

NIST Abandons Comprehensive NVD Analysis for Risk-Based Prioritization

NIST will no longer analyze all 263,000+ annual CVE submissions, shifting to a risk-based model to prioritize high-impact flaws as submissions surge 263% since 2020.

3 min read

Senate Extends Section 702 Surveillance Authority for 48 Hours

INFORMATIONAL

Industry NewsApr 20, 2026

Senate Extends Section 702 Surveillance Authority for 48 Hours

The U.S. Senate passed a 48-hour extension of Section 702 surveillance powers, averting a lapse after House chaos. The program, used by the NSA and FBI, collects foreign communications without a warrant.

2 min read

SGLang Vulnerability CVE-2026-5760 Enables Remote Code Execution via GGUF Files

CRITICAL

VulnerabilitiesApr 20, 2026

SGLang Vulnerability CVE-2026-5760 Enables Remote Code Execution via GGUF Files

CVE-2026-5760, a critical 9.8 CVSS flaw in the SGLang inference engine, allows attackers to execute arbitrary code by uploading malicious GGUF model files, compromising AI/ML serving deployments.

The Gentlemen Ransomware Deploys SystemBC Proxy for C2 Evasion

The Gentlemen ransomware-as-a-service group uses the SystemBC SOCKS5 proxy tool to hide command-and-control traffic, according to a Check Point DFIR report analyzing a recent affiliate attack.

3 min readThe Gentlemen

108 Malicious Chrome Extensions Hijack Browsers, Steal Google and Telegram Data

HIGH

MalwareApr 19, 2026

108 Malicious Chrome Extensions Hijack Browsers, Steal Google and Telegram Data

Socket identified 108 malicious Chrome extensions that infected 20,000 users, stealing Google and Telegram session cookies and injecting ads via a shared command-and-control server.

3 min read

← PrevPage 27 of 36Next →