EtherRAT Campaign Uses SEO Poisoning and GitHub Facades to Target Enterprise Admins
A new and well-planned malware campaign has been actively targeting enterprise administrators, DevOps engineers, and security analysts by hijacking their
Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks
Ravie LakshmananMay 01, 2026 Cybersecurity researchers are warning of two cybercrime groups that are carrying out “rapid, high-impact attacks” operating
Ransomware Victims Jump to 7,831 as AI Crime Tools Scale Global Attacks
The ransomware threat has reached a new and alarming level. According to Fortinet’s newly released 2026 Global Threat Landscape Report,
Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft
Ravie LakshmananMay 01, 2026Supply Chain Attack / Malware A new software supply chain attack campaign has been observed using sleeper
US ransomware negotiators get 4 years in prison over BlackCat attacks
Two former employees of cybersecurity incident response companies Sygnia and DigitalMint were sentenced to four years in prison each for
New Bluekit phishing service includes an AI assistant, 40 templates
A new phishing kit named Bluekit offers more than 40 templates targeting popular services and includes basic AI features for
Microsoft Windows 11 April 2026 Security Update Breaks Third-Party Backup Applications
Microsoft’s April 2026 cumulative security update for Windows 11 is causing significant disruptions for users relying on third-party backup software,
PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials
Ravie LakshmananApr 30, 2026Supply Chain Attack / Malware In yet another software supply chain attack, threat actors have managed to
Qilin Ransomware Enumerates RDP Authentication History on a Compromised Server
Qilin ransomware is one of the most active and damaging threats in the cyber landscape today. The group has steadily
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and
OpenAI Releases 5-Point Action Plan to Strengthen AI-Powered Cyber Defense
OpenAI has published a comprehensive cybersecurity action plan titled “Cybersecurity in the Intelligence Age: An Action Plan for Democratizing AI-Powered