Attacker Bought 31 WordPress Plugins, Hid a Backdoor for 8 Months, Then Activated It With an Ethereum C2

An attacker purchased a portfolio of 31 trusted WordPress plugins on a public marketplace, embedded a PHP backdoor in a routine-looking update, and left it dormant for eight months before activating it to distribute hidden SEO spam to thousands of websites — with the malware resolving its command-and-control server through an

BlueNoroff Used AI-Generated Zoom Deepfakes to Hide a 66-Day Fileless Implant in a Web3 Firm

BlueNoroff compromised a North American Web3 company using a fake Zoom meeting interface populated with AI-generated deepfakes, deploying a fileless PowerShell implant that maintained persistent access for 66 days while stealing cryptocurrency wallet credentials, browser data, and live webcam footage repurposed to lure future victims. GLOBAL — Arctic Wolf Labs has

APT28's Zero-Day Got a Patch — Then Researchers Found It Left a Zero-Click Hole Open

Microsoft's February patch for a Windows zero-day actively exploited by Russia's APT28 blocked the remote code execution path — but left behind a zero-click authentication coercion flaw. Akamai researchers found it while testing the fix. That flaw is now CVE-2026-32202, confirmed exploited in the wild, and added

ClickUp Hardcoded API Key Exposed Enterprise and Government Emails for Over a Year With No Fix

A hardcoded third-party API key embedded in ClickUp's publicly accessible website JavaScript exposed hundreds of corporate and government email addresses — along with thousands of internal product development flags — for more than a year with no authentication required to access the data. ClickUp has not issued a public statement.

Poland Reports Sharp Rise in Russian Cyberattacks as AI Tools Threaten to Intensify the Campaign

Poland is experiencing a sharp rise in state-linked cyberattacks primarily sourced from Russia, with officials warning that the spread of advanced AI tools will intensify the threat — following a December 2025 power grid attack that came within hours of a nationwide blackout. WARSAW, POLAND — Poland is facing a documented escalation

CISA Adds ConnectWise ScreenConnect and Windows Shell Flaws to Known Exploited Vulnerabilities Catalog

CISA confirmed active exploitation of two vulnerabilities — a ConnectWise ScreenConnect path traversal flaw linked to Medusa ransomware and a Microsoft Windows Shell spoofing bug attributed to Russian APT28 — adding both to its Known Exploited Vulnerabilities catalog with a federal patching deadline of May 12, 2026. WASHINGTON, D.C. — The Cybersecurity

North Korea Uses AI to Plant npm Malware via Fake U.S. Companies in Escalating Developer Campaign

North Korean threat actors have escalated their developer-targeting campaign by using an AI large language model to insert malicious npm dependencies into legitimate projects — operating through fake U.S.-registered companies and deploying full-featured remote access trojans targeting cryptocurrency wallets and developer infrastructure. GLOBAL — Cybersecurity researchers at ReversingLabs have documented

CISA Warns of Data Theft Flaw in NSA-Built OT Network Tool — No Patch Will Be Released

CISA has flagged a data-theft vulnerability in GrassMarlin, an open-source OT network analysis tool developed by the NSA. The tool reached end-of-life in 2017 and no patch will be released. A public proof-of-concept exploit is already available on GitHub. WASHINGTON, D.C. — The Cybersecurity and Infrastructure Security Agency has published

cPanel and WHM Emergency Patch Fixes Critical Authentication Bypass Exploited in the Wild

A critical authentication vulnerability in cPanel and WebHost Manager allowed attackers to access hosting control panels without valid credentials — and exploits were confirmed in the wild before the emergency patch was released on April 28, 2026. HOUSTON, TX — cPanel has issued an emergency security update to address a critical flaw

Senators Seek Answers After Hack Exposes Millions of “Anonymous” Crime and Student Safety Tips

U.S. Senators are demanding transparency from Navigate360 following claims that a hacker exfiltrated over 8 million confidential records from the P3 Global Intel platform, potentially unmasking tipsters and exposing decades of sensitive law enforcement and school safety data. WASHINGTON, D.C. — A massive cybersecurity incident at P3 Global Intel,

Cybersecurity Incident at Contractor Building JRL MRT Stations and NEWater Factory 3

A Singapore-linked contractor, Shanghai Tunnel Engineering Co (Singapore), has suffered a cybersecurity incident compromising digital project data for the Jurong Region Line (JRL) and Changi NEWater Factory 3. While operational control systems remain secure, the breach has prompted the Land Transport Authority (LTA) and Public Utilities Board (PUB) to suspend

PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks

A pro-Ukrainian hacktivist group called PhantomCore has been exploiting three TrueConf video conferencing flaws (BDU-2025-10114, 10115, 10116) since September 2025 to breach Russian networks. By chaining these vulnerabilities, the group bypasses authentication and executes arbitrary OS commands, turning video conferencing servers into springboards for lateral movement and data harvesting. ST.