Attackers are hosting counterfeit installers and plugins on GitHub and SourceForge that pose as widely used software, including ChatGPT, Claude, AutoTune, Kontakt, Ableton Live, and ZENOLOGY. The downloads deliver a backdoor called DinDoor, which then loads a remote access Trojan built on the Deno JavaScript runtime, according to Malwarebytes. Compromised YouTube channels push victims toward…
Tag: widely
AI, Apps, Endpoint, Exploits, Global Security News, Network Security, Risk Management
AI agent finds 18-year-old remote code execution flaw in Nginx
Researchers have found a critical vulnerability in the widely used Nginx web server that can potentially lead to remote code execution under certain conditions. The flaw is a heap buffer overflow that has gone undetected in the program’s code for the past 18 years. Tracked as CVE-2026-42945, the vulnerability is one of 4 bugs found…
AI, Exploits, Global Security News
CVE-2026-42945: 18-Year-Old NGINX Rewrite Flaw May Enable Unauthenticated RCE
Web infrastructure bugs remain especially dangerous when they sit in widely deployed request-handling logic for years without detection. Among the latest vulnerabilities impacting NGINX Plus and NGINX Open, the CVE-2026-42945 vulnerability stands out as an 18-year-old heap buffer overflow in ngx_http_rewrite_module that can be reached by an unauthenticated attacker through crafted HTTP requests and may…
AI, Global Security News, Government & Policy, malware
FlowerStorm phishing gang adopts virtual-machine obfuscation to evade email defenses
A widely active phishing-as-a-service (PhaaS) operation known as FlowerStorm has begun using a browser-based virtual machine to conceal credential theft code, marking what researchers say is an escalation in phishing-kit sophistication that could make attacks harder for traditional email and static-analysis tools to detect. Researchers at Sublime Security said in April that they identified the…
Data Breaches, Global Security News
Instructure reaches ‘agreement’ with ShinyHunters to stop data leak
Instructure, the edtech giant behind the widely popular Canvas learning management system (LMS), has reached an “agreement” with the ShinyHunters extortion group to prevent the data stolen in a recent breach from being leaked online. […]
Global Security News
Instructure Breach Exposes Schools’ Vendor Dependence
ShinyHunters’ attack on Instructure, which owns the widely used Canvas learning management system (LMS), carries big questions about the trust educational institutions put into their vendors.
AI, Apps, Cloud Security, Compliance, Endpoint, Global Security News, Network Security
Why most zero-trust architectures fail at the traffic layer
Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different reality often emerges. I have worked with organizations where zero-trust initiatives were fully implemented from an identity…
Cybersecurity, Global Security News
Edu tech firm Instructure discloses cyber incident, probes impact
Instructure, the company behind the widely used Canvas learning platform, has disclosed that it recently suffered a cybersecurity incident and is now investigating its impact. […]
Global Security News
Edtech firm Instructure confirms data breach after Salesforce instance hack
Instructure, the company behind the widely used Canvas learning platform, has disclosed a security incident after a social engineering attack allowed hackers to access data in its Salesforce instance. […]
AI, Cybersecurity, Exploits, Global Security News, Network Security
cPanel’s authentication bypass bug is being exploited in the wild, CISA warns
A severe authentication bypass vulnerability in cPanel, one of the most widely deployed web hosting control panel platforms on the internet, is being actively exploited in the wild, according to security researchers and hosting providers. The vulnerability, tracked as CVE-2026-41940, affects all supported versions of cPanel and WebHost Manager (WHM) released after version 11.40, as…
Global Security News
Australia’s digital construction boom has created a new battleground: data ownership
GUEST OPINION: Australia’s architecture, engineering, construction (AEC) sector is widely recognised as one of the most digitally advanced construction markets in the world.
AI, Apps, Exploits, Global Security News, Risk Management
AI Model Claude Opus turns bugs into exploits for just $2,283
Claude Opus created a working Chrome exploit for $2,283, showing that widely available AI models can already find and weaponize vulnerabilities. Claude Opus managed to produce a functional Chrome exploit for just $2,283, raising concerns about how easily AI can be used to find and exploit vulnerabilities. Below is the cost of the experiment: Model…
AI, Apps, Exploits, Global Security News, Risk Management
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
Maintainers of Thymeleaf, a widely used template engine for Java web applications, fixed a rare critical vulnerability that allows unauthenticated attackers to execute malicious code on servers. The vulnerability, tracked as CVE-2026-40478, is rated 9.1 on the CVSS severity scale and is described as a Server-Side Template Injection (SSTI) issue. Thymeleaf has a sandbox-like protection…
AI, Apps, Cloud Security, Compliance, Endpoint, Global Security News, Network Security
Why most zero-trust architectures fail at the traffic layer
Zero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies, and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different reality often emerges. I have worked with organizations where zero-trust initiatives were fully implemented from an identity…
Global Security News, Network Security, privacy
Product showcase: Session, a messenger without phone numbers or metadata
Instant messaging has been around for decades, but it became widely adopted with the emergence of smartphones. Earlier, communication was limited to basic text messages. Messaging expanded to include photos, videos, and video calls without relying on telecom networks, as long as there is a reliable data connection. Privacy and metadata concerns With the growth…
AI, Global Security News, Risk Management
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. “This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data,” the Microsoft Defender
AI, APAC, Global Security News
Anthropic cuts OpenClaw access from Claude subscriptions, offers credits to ease transition
Anthropic has blocked paid Claude subscribers from using the widely used open-source AI agent OpenClaw under their existing subscription plans, a move that took effect April 4 and has drawn pushback from subscribers who question both the cost implications and the company’s stated rationale. In an email to subscribers reviewed by InfoWorld, Anthropic said access…
AI, Apps, Cloud Security, Data Breaches, Global Security News, malware
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
Attackers compromised the npm account of the lead maintainer of Axios, a widely used JavaScript HTTP client library, and used it to publish malicious versions of the package that deployed a cross-platform remote access trojan on developer machines. The incident represents the highest-impact npm supply chain attack on record given Axios’ approximately 100 million weekly…
AI, Global Security News
Axios npm packages backdoored in supply chain attack
An unknown attacker has compromised the GitHub and npm accounts of the main developer of Axios, a widely used HTTP client library, and published npm packages backdoored with a malicious dependency that triggered the installation of droppers and remote access trojans. How the attack unfolded On March 30, 2026, with an account using a separate…
AI, Apps, Cybersecurity, Data Breaches, Global Security News, malware, Network Security, Risk Management
LiteLLM Supply Chain Attack Exposes Credentials Across AI Ecosystems
A widely used AI development library was compromised in a recent supply chain attack, potentially exposing a large number of systems to risk. Malicious LiteLLM packages on PyPI were backdoored to quietly steal credentials, tokens, and sensitive infrastructure data from both development and production environments. “The LiteLLM compromise shows just how quickly supply chain attacks…
AI, Global Security News, malware, Russia
Alleged RedLine infostealer conspirator extradited to US
An operation to crack down on the widely used RedLine infostealer has netted the extradition of an Armenian man to the United States, where he made an initial appearance in a Texas court Wednesday. Authorities charged Hambardzum Minasyan with conspiracy to commit access device fraud, conspiracy to violate the Computer Fraud and Abuse Act and…
AI, Exploits, Global Security News, Network Security, Risk Management
Chained vulnerabilities in Cisco Catalyst switches could induce denial-of-service
Cisco’s widely deployed Catalyst 9300 Series enterprise switches have four security vulnerabilities, two of which could be chained to cause a denial-of-service outage, infrastructure security company Opswat has revealed. The two most operationally significant are CVE-2026-20114 and CVE-2026-20110, which the researchers found could be chained to make possible a dangerous privilege escalation. Opswat’s Unit 515…
AI, Cloud Security, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security
Trivy supply chain breach compromises over 1,000 SaaS environments, Lapsus$ joins the extortion wave
What started as a supply chain attack on Trivy, a widely used security scanner, has become a Lapsus$-linked extortion campaign, with more than 1,000 enterprise SaaS environments already compromised. Charles Carmakal, CTO of Mandiant Consulting, made the assessment at a Google-hosted threat briefing held alongside the RSA Conference 2026 in San Francisco on Tuesday. “We…
Global Security News
PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. […]
Data Breaches, Global Security News
Infinite Campus warns of breach after ShinyHunters claims data theft
Infinite Campus, a widely used K-12 student information system, is warning customers of a data breach following an extortion attempt by a threat actor. […]
AI, Data Breaches, Exploits, Global Security News, malware, Network Security, Risk Management
Trivy vulnerability scanner backdoored with credential stealer in supply chain attack
Attackers have compromised the widely used open-source Trivy vulnerability scanner, injecting credential-stealing malware into official releases and GitHub Actions used by thousands of CI/CD workflows. The breach could trigger a cascade of additional supply-chain compromises if impacted projects and organizations don’t rotate their secrets immediately. The attack, disclosed by Trivy maintainers today, results from an…
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
Hack the AI Brain: LangSmith Vulnerability Could Expose Sensitive AI Data
A vulnerability in LangSmith, a widely used AI observability platform, could have allowed attackers to hijack user accounts and access sensitive enterprise data flowing through large language model (LLM) systems. Researchers at Miggo Security discovered the flaw, which could allow token theft and account takeover if a logged-in user visited a malicious webpage. The vulnerability…
AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management
400K WordPress Sites Exposed by Elementor Ally Plugin SQL Flaw
A vulnerability in a widely used WordPress accessibility plugin could allow attackers to steal sensitive data from vulnerable websites without logging in. The flaw affects the Ally plugin developed by Elementor, which is installed on hundreds of thousands of sites worldwide This vulnerability “… can be leveraged to extract sensitive data from the database, such…
AI, Apps, Endpoint, Exploits, Global Security News, Risk Management
Everyone Knows About Broken Authorization – So Why Does It Still Work for Attackers?
Broken authorization is one of the most widely known API vulnerabilities. It features in the OWASP Top 10, AppSec conversations, and secure coding guidelines. Broken Object Level Authorization (BOLA) and Broken Function Level Authorization (BFLA) account for hundreds of API vulnerabilities every quarter. According to the 2026 API ThreatStats report, authorization issues ranked ninth in…
AI, Apps, Data Breaches, Global Security News, malware, Network Security, Risk Management
Over 41% of Popular OpenClaw Skills Found to Contain Security Vulnerabilities
As AI agents become more widely adopted, new research is highlighting security gaps within their supporting ecosystems. A large-scale audit of the OpenClaw skill registry by ClawSecure found that 41.7% of widely used skills contain substantive vulnerabilities, including issues such as command injection and credential exposure. “We audited 2,890+ of the most popular OpenClaw skills…
Global Security News
Microsoft reveals critical Windows Admin Center vulnerability (CVE-2026-26119)
Microsoft has disclosed a privilege-escalation vulnerability in Windows Admin Center (WAC), a browser-based platform widely used by IT administrators and infrastructure teams to manage Windows clients, servers, clusters, Hyper-V hosts and virtual machines, as well as Active Directory-joined systems. Although the issue was patched in early December 2025 with the release of Windows Admin Center…
AI, Apps, Data Breaches, Endpoint, Global Security News, Network Security, Risk Management
XSS Bug in VS Code Extension Exposed Local Files
A widely used Microsoft Visual Studio Code (VS Code) extension quietly exposed millions of developers to potential local file exfiltration through a cross-site scripting (XSS) flaw. The issue affected the official Live Preview extension — downloaded more than 11 million times — and allowed malicious websites to interact with a developer’s localhost environment. An “……
AI, Apps, Exploits, Global Security News, Network Security, Risk Management
Flaws in four popular VS Code extensions left 128 million installs open to attack
Critical and high-severity vulnerabilities were found in four widely used Visual Studio Code extensions with a combined 128 million downloads, exposing developers to file theft, remote code execution, and local network reconnaissance. Application security company OX Security published the findings this week, saying it had begun notifying vendors in June 2025 but received no response…
AI, Apps, Exploits, Global Security News, Network Security
Researchers unearth 30-year-old vulnerability in libpng library
Developers have resolved a legacy flaw in the widely used libpng open-source library that existed since the software was released nearly 30 years ago. The heap buffer overflow in libpng would cause applications on unpatched systems to crash when presented with maliciously crafted PNG graphic images. In worse case scenarios, the CVE-2026-25646 vulnerability could be…
AI, Apps, Global Security News
Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments
Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work in controlled environments. The issue is not the applications themselves, but how they…
AI, ANYRUN, Cybersecurity, Cybersecurity Lifehacks, Global Security News, malware, malware behavior, Network Security, Risk Management
How to Build Threat Hunting that Defends Your Organization Against Real Attacks
Threat hunting is widely recognized as one of the most important capabilities of a mature SOC. It uncovers stealthy attackers early, reduces dwell time, and prevents security incidents from impacting the business. Yet, in practice, many organizations find that their threat hunting efforts don’t consistently deliver these outcomes. Let’s take a look at how high-performing security teams make threat hunting more repeatable, measurable, and effective. Why Threat Hunting Programs Often Fail Before They Start …
AI, Cyberattacks, Cybercrime, Data Breach, Security, Data Breaches, Exploits, Global Security News, privacy
Substack data breach leaks users’ email addresses and phone numbers
Substack, a high-profile publishing platform widely used by academics, journalists, subject matter experts, and controversialists, has suffered a data breach affecting an unknown number of its creators and subscribers. According to emails sent out this week to some users, on February 3 the company “identified evidence” that a third party had exploited an unspecified weakness…
cyberattack, Don't miss, Endpoint, Global Security News, Hot stuff, malware, News
Why a decade-old EnCase driver still works as an EDR killer
Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software’s EnCase digital forensics tool, Huntress researchers warn. This particular driver is legitimate but its certificate expired and was revoked more than ten years ago. Even…