Cybersecurity Articles

202/69 Friday, April 10, 2026 Cybersecurity researchers have uncovered a campaign targeting nearly 100 online stores running Magento, where attackers use a highly stealthy technique by embedding credit card–stealing code inside 1×1 pixel SVG image files. These images are virtually invisible to users and difficult for traditional security scanners to detect. The attack leverages a […]

201/69 Thursday, April 9, 2026 Trellix has revealed details about the Masjesu botnet, which is specifically designed to carry out Distributed Denial-of-Service (DDoS) attacks. Active since 2023, the botnet operators promote their services via Telegram in both Chinese and English, claiming the capability to launch attacks reaching hundreds of gigabits per second. Analysis shows that […]

200/69 Thursday, April 9, 2026 A widespread system outage has disrupted banking and payment services across Russia, preventing users from making card payments, withdrawing cash from ATMs, or accessing mobile banking applications for several hours. The incident affected major banks including Sberbank, VTB Bank, Alfa-Bank, T-Bank, and Gazprombank, impacting multiple regions, including Moscow, with a […]

199/69 Thursday, April 9, 2026 Security researchers from Elastic Security Labs have uncovered a malware campaign linked to the threat group REF1695, active since late 2023. The attackers distribute malware through fake software installers packaged as ISO files. A key tactic in this campaign is the use of social engineering via a ReadMe.txt file, which […]

198/69 Wednesday, April 8, 2026 Researchers have disclosed a new attack technique called GPUBreach, which induces bit-flips in GPU memory (GDDR6) to escalate privileges and ultimately take control of a system. The method builds upon the concept of RowHammer, where intentional memory corruption is used to manipulate data. In this case, attackers target GPU memory […]

197/69 Wednesday, April 8, 2026 The Shadowserver Foundation has revealed that more than 14,000 F5 BIG-IP APM systems remain exposed on the internet and are vulnerable to exploitation through a critical flaw, CVE-2025-53521 (CVSS 9.8). This vulnerability is a Remote Code Execution (RCE) issue that is currently being actively exploited in the wild. The flaw […]

196/69 Wednesday, April 8, 2026 Germany’s Federal Criminal Police Office (BKA) has successfully identified the individuals behind the notorious global ransomware operations GandCrab and REvil, which caused widespread damage between 2019 and 2021. The primary suspects are Daniil Maksimovich Shchukin (alias “UNKN”) and Anatoly Sergeevitsch Kravchuk, both Russian nationals. Investigations revealed that the pair were […]

195/69 Tuesday, April 7, 2026 Cybercriminals are evolving their smishing (SMS phishing) tactics by using QR codes instead of malicious links in messages that impersonate traffic fines. Victims are tricked into scanning the QR code, which directs them to a phishing website where they are prompted to pay a supposed fine. This technique helps attackers […]

194/69 Tuesday, April 7, 2026 Fortinet has issued an urgent advisory and patch to address a critical vulnerability in FortiClient EMS, tracked as CVE-2026-35616 (CVSS 9.1), which has already been actively exploited in the wild. The flaw is a pre-authentication API access bypass that can lead to privilege escalation, allowing unauthenticated attackers to send specially […]

193/69 Tuesday, April 7, 2026 Cybersecurity researchers from Push Security have warned of a dramatic rise in “Device Code Phishing” attacks, which exploit weaknesses in the OAuth 2.0 Device Authorization Grant flow. Early 2026 data shows that phishing pages using this technique have increased by approximately 37.5 times. Originally designed to simplify login for devices […]