Fortinet Releases Emergency Patch for FortiClient EMS Vulnerability (CVE-2026-35616) Exploited in the Wild

194/69 Tuesday, April 7, 2026 Fortinet has issued an urgent advisory and patch to address a critical vulnerability in FortiClient EMS, tracked as CVE-2026-35616 (CVSS 9.1), which has already been actively exploited in the wild. The flaw is a pre-authentication API access bypass that can lead to privilege escalation, allowing unauthenticated attackers to send specially […]

sittisak mintaboon

April 7, 2026

Alert: Surge in Device Code Phishing Attacks—Up 37x in 2026

193/69 Tuesday, April 7, 2026 Cybersecurity researchers from Push Security have warned of a dramatic rise in “Device Code Phishing” attacks, which exploit weaknesses in the OAuth 2.0 Device Authorization Grant flow. Early 2026 data shows that phishing pages using this technique have increased by approximately 37.5 times. Originally designed to simplify login for devices […]

sittisak mintaboon

April 7, 2026

Two New Vulnerabilities in Progress ShareFile Can Be Chained for Unauthenticated RCE Attacks

192/69 Friday, April 3, 2026 Two security vulnerabilities have been discovered in Progress Software ShareFile, an enterprise file transfer and sharing solution, affecting the Storage Zones Controller component in version 5.x. The flaws-CVE-2026-2699 (authentication bypass) and CVE-2026-2701 (remote code execution)-can be chained together, allowing attackers to access systems, exfiltrate data, or execute malicious code without […]

sittisak mintaboon

April 3, 2026

Google Releases Patch for Fourth Chrome Zero-Day of 2026 Exploited in the Wild

191/69 Friday, April 3, 2026 Google has released a security update for its Chrome browser to address 21 vulnerabilities, including a zero-day flaw that has already been actively exploited in the wild. The vulnerability, tracked as CVE-2026-5281, is a Use-After-Free (UAF) issue in the WebGPU Dawn component, which is responsible for graphics processing. Google confirmed […]

sittisak mintaboon

April 3, 2026

New “CrystalRAT” Malware Sold as a Subscription Service Bundling Spyware, Stealer, and Prank Features in One Package

190/69 Friday, April 3, 2026 Security researchers from Kaspersky have discovered a new malware strain named CrystalRAT (also known as CrystalX), which is being promoted as a Malware-as-a-Service (MaaS) offering via platforms like Telegram and YouTube. Written in Go and showing similarities to earlier threats such as WebRAT, this malware adopts a tiered subscription model […]

sittisak mintaboon

April 3, 2026

Multiple Vulnerabilities in CrewAI Allow Sandbox Escape and Remote Code Execution via Prompt Injection

189/69 Thursday, April 2, 2026 Four security vulnerabilities have been discovered in CrewAI, an open-source Python framework for managing AI multi-agent systems. These flaws could enable a range of attacks, including remote code execution (RCE). The primary issue originates from the Code Interpreter component, which is designed to safely execute Python code inside a Docker […]

sittisak mintaboon

April 2, 2026

Lloyds Banking Group Incident Exposes Transaction Data of Over 450,000 Customers

188/69 Thursday, April 2, 2026 Lloyds Banking Group has disclosed a data security incident caused by a faulty software update on March 12, which led to the exposure of transaction data belonging to nearly 450,000 mobile banking users. The issue allowed some customers to view other users’ transaction details within the mobile application. The incident […]

sittisak mintaboon

April 2, 2026

Google Allows Users to Change @gmail.com Email Addresses, Rollout Begins in the U.S.

187/69 Thursday, April 2, 2026 Google has started rolling out a long-awaited feature that allows users to change their primary email address—specifically the part before “@gmail.com.” Previously, this portion of a Gmail address was permanently fixed, and users could only create aliases or secondary email addresses. The feature has initially been spotted among users in […]

sittisak mintaboon

April 2, 2026

CareCloud Reports Cyberattack Impacting Electronic Health Records (EHR) Systems

186/69 Wednesday, April 1, 2026 CareCloud, Inc., a healthcare company based in New Jersey, disclosed in a filing with the U.S. Securities and Exchange Commission (SEC) that it detected a system intrusion on March 16, 2026. The incident caused a temporary disruption to CareCloud Health services for approximately eight hours. It impacted one of the […]

sittisak mintaboon

April 1, 2026

Critical Vulnerability in OpenAI Codex Could Allow GitHub Token Theft via Unicode Injection

185/69 Wednesday, April 1, 2026 Researchers from BeyondTrust Phantom Labs have disclosed a critical vulnerability in OpenAI Codex that could be exploited to steal GitHub OAuth tokens. The flaw is a command injection vulnerability caused by insufficient input sanitization, allowing attackers to embed malicious commands within GitHub branch names. Notably, the attack leverages special Unicode […]

sittisak mintaboon

April 1, 2026
1 2 3 84