A newly-disclosed Server-Side Request Forgery flaw in the LMDeploy LLM inference-serving toolkit is already under active exploitation, with attackers using a vision-language-module endpoint as an SSRF primitive to probe AWS IMDS, internal databases, and admin planes within minutes of patch availability. SHANGHAI, CHINA — The window between a vulnerability disclosure and
German authorities say a wave of phishing attacks targeting lawmakers and senior officials via Signal was “presumably run from Russia,” marking a major escalation in a broader campaign against European political figures. BERLIN, GERMANY — What began as a targeted intrusion has evolved into a full-scale diplomatic and espionage crisis. German
Security researchers at Kaspersky have uncovered PhantomRPC, an architectural-level vulnerability in Windows Remote Procedure Call that lets attackers deploy a fake RPC server and escalate privileges from low-privileged contexts to SYSTEM or Administrator — without requiring a classic memory-corruption bug. SINGAPORE — In the world of Windows exploitation, attackers usually hunt for
The Trigona ransomware-as-a-service (RaaS) group, linked to the Rhantus cybercrime umbrella, has begun using a privately-built exfiltration tool instead of common utilities like Rclone and MegaSync. The new “uploader_client.exe” client helps Trigona move data quickly, rotate connections to hide from network monitoring, and maintain a lower profile during
Italian-linked surveillance firm IPS Intelligence is tied to a new Android spyware, “Morpheus,” that tricks targets into installing a fake “update” app and then hijacks WhatsApp accounts using biometric-spoofing overlays. The case highlights how commercial spyware vendors are turning to mobile-phishing tactics to deploy powerful snooping tools. MILAN, ITALY — Another
A “mobile SMS blaster” deployed from vehicles in Toronto mimicked cell towers, hijacked tens of thousands of phones, and caused 13 million network disruptions—temporarily blocking 911 access while sending massive volumes of fraudulent texts under Project Lighthouse. TORONTO, ONTARIO — In a first-of-its-kind cybercrime investigation in Canada, the Toronto Police
Itron Inc. (NASDAQ: ITRI), a leading smart-meter and utility-technology provider, has disclosed a limited-scope cyberattack on its internal systems, confirming unauthorized access but saying operations and customer systems show no material disruption. LIBERTY LAKE, WASHINGTON — Itron Inc., a global heavyweight in the smart-metering and grid-management sector, has formally disclosed a
A newly-tracked threat cluster, UNC6692, is using social-engineering-driven Teams-chats to pose as IT support, tricking employees into installing a custom modular malware toolkit called SNOW. The attack signals a shift from pure-email-phishing to "chat-based intrusion." MOUNTAIN VIEW, CALIFORNIA — A sophisticated new threat cluster, identified by the Google Threat
A file-upload bug in the Breeze Cache plugin is under active exploitation, but only sites with the optional “Host Files Locally – Gravatars” feature enabled appear exposed. The issue highlights how a niche plugin setting can create outsized risk across a large WordPress install base. VALENCIA, SPAIN — Threat actors have begun
A 12-year-old TOCTOU bug in the Linux PackageKit daemon, now dubbed Pack2TheRoot (CVE-2026-41651), allows local users to silently install system packages and escalate to full root on many default-install Linux desktops and servers. BONN, GERMANY — Security researchers from Deutsche Telekom’s Red Team have disclosed a high-severity local privilege escalation
Ransomware group Incransom has targeted TruGreen, a major lawn-care and consumer-services provider, in a double-extortion attack that threatens the leaking of sensitive customer and operational data. MEMPHIS, TN — On April 22, 2026, the ransomware collective known as Incransom publicly claimed responsibility for a compromise of TruGreen Limited Partnership (trugreen.com)
Germany’s Bundestag President Julia Klöckner has reportedly become the latest victim of a Signal-based phishing campaign, in which attackers used social-engineering tactics to compromise her encrypted-messaging account and access sensitive group chats. BERLIN, GERMANY — The Federal Office for Information Security (BSI) and the Federal Office for the Protection of
Data Breaches
The delayed 2026 notification of a massive 1.7-million-record exposure at Kettering Health highlights the "long tail" of healthcare ransomware, where the clinical recovery of a hospital often precedes the true regulatory and legal fallout by nearly a year. DAYTON, OH — A 2025 ransomware attack on Ohio-based Kettering
Data Leak
Notion pages published to the web may be silently leaking collaborators’ email addresses and profile photos, exposing thousands of users and organizations to potential phishing and social-engineering attacks. SAN FRANCISCO, CA — A design-driven privacy vulnerability in Notion’s "Publish to web" feature is currently exposing the personally identifiable
Data Breaches
Same group behind ADT 10M breach claims 1.4M Udemy users via SaaS vishing. Education sector PII and corporate data at risk. April 27 leak deadline looms. SAN FRANCISCO, CA — Less than a week after the ADT data breach exposed 10 million records, the notorious threat collective ShinyHunters has claimed
Data Breaches
America's largest home security provider confirms breach after vishing attackers claim 10M customer records. Okta SSO → Salesforce attack chain exposes PII and partial SSNs. BOCA RATON, FL — In a stinging blow to the world’s most recognized name in physical security, ADT Inc. (NASDAQ: ADT) has confirmed a
Decentralized Finance (DeFi)
Original $293M LayerZero bridge attack caused 43x larger $13B TVL crash across Aave (-43%) + 26 protocols. North Korea's Lazarus hits $578M in 18 days as bridges become primary attack vector. GLOBAL — The fallout from the Kelp DAO exploit has officially mutated from a singular protocol theft into a
AI Security
Federal adoption hits 82% vs 41% private sector as FedRAMP 20x accelerates unvetted agents into classified networks. WASHINGTON, D.C. — While the commercial world cautiously debates the ROI of agentic AI, the federal government has quietly surged ahead, creating a massive, unmanaged attack surface. According to recent IDC and Salesforce
Settlements
HHS cracks down on four healthcare entities after risk analysis failures allowed PYSA and other ransomware to encrypt servers and exfiltrate patient data. WASHINGTON, D.C. — In a decisive move against systemic negligence in the medical sector, the HHS Office for Civil Rights (OCR) has announced a collective $1.165
Spearphishing
AVIC engineer Song Wu impersonated U.S. researchers to harvest NASA aerospace modeling software. Faces 300+ years if convicted. NASA OIG exposes China’s IP theft pipeline. WASHINGTON, D.C. — In a staggering breach of national security, NASA’s Office of Inspector General (OIG) has detailed how a Chinese national
Critical Infrastructure
DEF CON researchers demonstrate physical attack that overwrites CCS Parameter Information Block, permanently disabling public charging infrastructure with no software fix available. LAS VEGAS, NEVADA — At DEF CON 33, security researchers have unveiled a devastating new physical cyber weapon targeting the backbone of municipal electric vehicle (EV) infrastructure. The attack,
Data Breaches
33.7M user leak → US investor lawsuits → Congressional intervention → Delayed security consultations. How a consumer data breach became a national security crisis. SEOUL — What began as a corporate data leak has spiraled into an unprecedented diplomatic standoff between Washington and Seoul. The Coupang data breach, which exposed the personal information
Cyber-Warfare
SentinelOne uncovers ShadowBrokers-referenced cyberweapon that silently corrupted engineering math; likely US/Israel operation against Iranian nuclear program. SINGAPORE — Everything we knew about the origins of state-sponsored cyber-sabotage was just rewritten. Today, at Black Hat Asia 2026, SentinelOne researchers Vitaly Kamluk and Juan Andrés Guerrero-Saade unveiled FAST16, a precision-engineered malware sample
National Security
Internal DoD email outlines retaliation against allies refusing Iran war basing rights; UK reaffirms "unchanged" Falklands sovereignty amid diplomatic firestorm. WASHINGTON, D.C. — A high-level operational security breach has exposed a widening rift within the NATO alliance. A leaked internal Pentagon email, circulating since Thursday evening, outlines a