Nexcorium Mirai Variant Exploits TBK DVR Vulnerability to Spread and Launch DDoS Attacks

212/69 Monday, April 20, 2026 Researchers from Fortinet have uncovered a cyberattack campaign leveraging Nexcorium, a variant of the Mirai malware. The campaign exploits CVE-2024-3721, a command injection vulnerability in TBK DVR devices, along with attacks targeting end-of-life TP-Link routers. These compromised devices are then recruited into botnets used for Distributed Denial-of-Service (DDoS) attacks. The […]

sittisak mintaboon

April 20, 2026

Four New Android Malware Families Target Over 800 Banking Apps Worldwide

211/69 Monday, April 20, 2026 Cybersecurity researchers from Zimperium zLabs have identified a new Android malware campaign involving four families-RecruitRat, SaferRat, Astrinox, and Massiv-targeting more than 800 banking and cryptocurrency applications globally. The campaign relies on sophisticated social engineering techniques such as phishing and smishing. Examples include fake job recruitment websites that trick victims into […]

sittisak mintaboon

April 20, 2026

Ivanti Releases Patch for Neurons for ITSM Addressing Persistent Access and XSS Vulnerabilities

210/69 Friday, April 17, 2026 Ivanti has released security updates for Ivanti Neurons for ITSM to address two medium-severity vulnerabilities affecting both on-premises and cloud deployments. The first vulnerability, CVE-2026-4913 (CVSS 5.7), could allow authenticated users to retain access to the system even after their accounts have been disabled. This issue may enable unauthorized continued […]

sittisak mintaboon

April 17, 2026

Operation PowerOFF Identifies Over 75,000 DDoS Users, Shuts Down 53 Illegal Domains

209/69 Friday, April 17, 2026 Europol has provided an update on the international operation Operation PowerOFF, aimed at disrupting the use of Distributed Denial-of-Service (DDoS) attack platforms. Authorities have identified more than 75,000 individuals involved and have issued warnings via email and formal letters. The coordinated effort, involving agencies from 21 countries, has also led […]

sittisak mintaboon

April 17, 2026

Critical Nginx UI Vulnerability Actively Exploited, Allows Server Takeover Without Authentication

208/69 Friday, April 17, 2026 Cybersecurity experts have issued a warning about active exploitation of a critical vulnerability, CVE-2026-33032, affecting Nginx UI-a widely used web-based management interface for Nginx. The flaw stems from support for the Model Context Protocol (MCP), where the /mcp_message endpoint is left unprotected. This allows remote attackers to bypass authentication entirely […]

sittisak mintaboon

April 17, 2026

Booking.com Confirms Data Breach, Hackers Access Booking Details Raising Phishing Concerns

207/69 Thursday, April 16, 2026 Booking.com has confirmed a data breach after unauthorized individuals accessed certain customer booking information. The affected data may include names, addresses, email addresses, phone numbers, and selected booking details. The company stated that payment information was not impacted and has not disclosed the number of affected users or the attack […]

sittisak mintaboon

April 16, 2026

ShinyHunters Claims Breach of Rockstar Games, Releases Over 8.1GB of Internal Data

206/69 Thursday, April 16, 2026 A data leak of approximately 8.1GB has been reported, allegedly linked to Rockstar Games. The cybercriminal group ShinyHunters has claimed responsibility for the breach and has begun releasing portions of the data publicly. The leaked information reportedly includes anti-cheat source code, player analytics data, game assets, and customer support data […]

sittisak mintaboon

April 16, 2026

Over 100 Malicious Chrome Extensions Found Stealing Google Tokens and Hijacking Telegram Accounts

205/69 Thursday, April 16, 2026 Cybersecurity researchers from Socket have uncovered a large-scale malware campaign embedded within the Chrome Web Store, involving more than 100 malicious browser extensions designed to steal user data. These extensions disguise themselves as tools for managing Telegram, online slot games, and add-ons for platforms like YouTube and TikTok. Analysis of […]

sittisak mintaboon

April 16, 2026

Hardcoded Google API Keys in Android Apps Expose Gemini AI Access to Unauthorized Use

204/69 Friday, April 10, 2026 Researchers from CloudSEK have uncovered hardcoded Google API keys embedded in 22 popular Android applications, totaling 32 keys and impacting over 500 million users. These keys could potentially be abused to access Gemini AI services without authorization. The findings align with research from Quokka, which identified over 35,000 similar keys […]

sittisak mintaboon

April 10, 2026

Forest Blizzard Hackers Use Routers as a Platform for Cyber Espionage

203/69 Friday, April 10, 2026 A report from Microsoft Threat Intelligence reveals that the hacking group known as Forest Blizzard (also called Fancy Bear) has been conducting large-scale attacks by compromising home and small office (SOHO) routers to build an infrastructure for cyber espionage. This activity has been tracked since August 2025 and has continued […]

sittisak mintaboon

April 10, 2026
1 2 3 86