Cybersecurity Articles

208/69 Friday, April 17, 2026 Cybersecurity experts have issued a warning about active exploitation of a critical vulnerability, CVE-2026-33032, affecting Nginx UI-a widely used web-based management interface for Nginx. The flaw stems from support for the Model Context Protocol (MCP), where the /mcp_message endpoint is left unprotected. This allows remote attackers to bypass authentication entirely […]

207/69 Thursday, April 16, 2026 Booking.com has confirmed a data breach after unauthorized individuals accessed certain customer booking information. The affected data may include names, addresses, email addresses, phone numbers, and selected booking details. The company stated that payment information was not impacted and has not disclosed the number of affected users or the attack […]

206/69 Thursday, April 16, 2026 A data leak of approximately 8.1GB has been reported, allegedly linked to Rockstar Games. The cybercriminal group ShinyHunters has claimed responsibility for the breach and has begun releasing portions of the data publicly. The leaked information reportedly includes anti-cheat source code, player analytics data, game assets, and customer support data […]

205/69 Thursday, April 16, 2026 Cybersecurity researchers from Socket have uncovered a large-scale malware campaign embedded within the Chrome Web Store, involving more than 100 malicious browser extensions designed to steal user data. These extensions disguise themselves as tools for managing Telegram, online slot games, and add-ons for platforms like YouTube and TikTok. Analysis of […]

204/69 Friday, April 10, 2026 Researchers from CloudSEK have uncovered hardcoded Google API keys embedded in 22 popular Android applications, totaling 32 keys and impacting over 500 million users. These keys could potentially be abused to access Gemini AI services without authorization. The findings align with research from Quokka, which identified over 35,000 similar keys […]

203/69 Friday, April 10, 2026 A report from Microsoft Threat Intelligence reveals that the hacking group known as Forest Blizzard (also called Fancy Bear) has been conducting large-scale attacks by compromising home and small office (SOHO) routers to build an infrastructure for cyber espionage. This activity has been tracked since August 2025 and has continued […]

202/69 Friday, April 10, 2026 Cybersecurity researchers have uncovered a campaign targeting nearly 100 online stores running Magento, where attackers use a highly stealthy technique by embedding credit card–stealing code inside 1×1 pixel SVG image files. These images are virtually invisible to users and difficult for traditional security scanners to detect. The attack leverages a […]

201/69 Thursday, April 9, 2026 Trellix has revealed details about the Masjesu botnet, which is specifically designed to carry out Distributed Denial-of-Service (DDoS) attacks. Active since 2023, the botnet operators promote their services via Telegram in both Chinese and English, claiming the capability to launch attacks reaching hundreds of gigabits per second. Analysis shows that […]

200/69 Thursday, April 9, 2026 A widespread system outage has disrupted banking and payment services across Russia, preventing users from making card payments, withdrawing cash from ATMs, or accessing mobile banking applications for several hours. The incident affected major banks including Sberbank, VTB Bank, Alfa-Bank, T-Bank, and Gazprombank, impacting multiple regions, including Moscow, with a […]

199/69 Thursday, April 9, 2026 Security researchers from Elastic Security Labs have uncovered a malware campaign linked to the threat group REF1695, active since late 2023. The attackers distribute malware through fake software installers packaged as ISO files. A key tactic in this campaign is the use of social engineering via a ReadMe.txt file, which […]