All Security Articles
49 threat reports and vulnerability advisories
April 2026
- Apr 28Phishing Attack Explained: How Hackers Trick You Into Giving Personal Information
- Apr 28WhatsApp Account Hacking Scam: How Hackers Take Over Your Account Using OTP
- Apr 28OTP Scam 2026: How Hackers Trick You Into Sharing OTP and Steal Your Money
- Apr 27Fake Job Scam 2026: How Telegram & WhatsApp Scammers Are Tricking People in India
- Apr 26UPI Scam 2026: How Screen Sharing Apps Are Used to Steal Your Money
- Apr 26Pre-Stuxnet 'fast16' Malware Discovered: 2005 NSA-Linked Cyber Sabotage Framework Rewrites History of State Cyberweapons
- Apr 24CVE-2026-33626: LMDeploy SSRF Flaw Exploited in 12 Hours — Attackers Stole AWS Cloud Credentials via AI Image Loader
- Apr 24CVE-2026-33626: LMDeploy SSRF Flaw Exploited in 12 Hours — Attackers Stole AWS Cloud Credentials via AI Image Loader
- Apr 23CVE-2026-28950: Apple Patches iOS Flaw That Let FBI Extract Deleted Signal Messages From Push Notification Database
- Apr 22CVE-2026-5752: Cohere AI Terrarium Sandbox Flaw Allows Root Code Execution and Container Escape — No Patch Coming
- Apr 15Microsoft April 2026 Patch Tuesday: SharePoint Zero-Day CVE-2026-32201 Actively Exploited + CVSS 9.8 Windows IKE RCE Among 169 Fixes
- Apr 15OpenAI Launches GPT-5.4-Cyber: AI Built for Cybersecurity Defenders with Codex Security Fixing 3,000+ Critical Flaws
- Apr 13OpenAI Revokes macOS App Certificate After North Korea's Axios Supply Chain Attack — Update ChatGPT Before May 8
- Apr 12CVE-2026-34621: Adobe Releases Emergency Patch for Actively Exploited Acrobat Reader Flaw — Update Now
- Apr 11CVE-2026-34197: 13-Year-Old Apache ActiveMQ RCE Flaw Chains with Auth Bypass — Plus 20 More Threats This Week
- Apr 11This Week in Cybersecurity — April 11, 2026: npm Backdoors, Adobe Zero-Day, Docker Escape & More
- Apr 9Adobe Reader Zero-Day Actively Exploited via Fake Invoice PDFs — No Patch Available Yet
- Apr 8Masjesu Botnet: The Stealthy DDoS-for-Hire Service Quietly Hijacking IoT Devices Since 2023 — Now Hitting 300 Gbps
- Apr 7CVE-2026-34040: Docker AuthZ Plugin Bypass Lets Attackers Escape Containers and Gain Full Host Access — AI Agents Can Trigger It Automatically
- Apr 6$285 Million Drift Hack: North Korea's UNC4736 Spent Six Months Building Trust Before Draining Everything in 10 Seconds
- Apr 536 Malicious npm Packages Disguised as Strapi Plugins Exploit Redis and PostgreSQL to Deploy Persistent Implants and Reverse Shells
- Apr 4Microsoft Exposes Cookie-Controlled PHP Web Shells That Resurrect Themselves via Cron — A New Stealthy Linux Persistence Technique
- Apr 3CVE-2025-55182 React2Shell Actively Exploited: UAT-10608 Breaches 766 Next.js Hosts and Steals AWS Keys, SSH Keys, Stripe Tokens
- Apr 1North Korea's UNC1069 Backdoored Axios npm Package — 183 Million Weekly Downloads Exposed to WAVESHAPER.V2 Backdoor
March 2026
- Mar 31OpenAI Patches Two Critical Vulnerabilities: ChatGPT Data Exfiltration via Side Channel and Codex Command Injection Exposing GitHub Tokens
- Mar 26Coruna iOS Exploit Kit Linked to Operation Triangulation — Millions of iPhones at Risk
- Mar 25CVE-2026-3055: Citrix NetScaler Critical Flaw Leaks Sensitive Memory — Patch Immediately Before Exploitation Begins
- Mar 21CVE-2026-21992: Oracle Issues Emergency Patch for Critical Unauthenticated RCE in Identity Manager and Web Services Manager
- Mar 20Google's 24-Hour Android Sideloading Wait: What It Means for You and Why It Exists
- Mar 19DarkSword iOS Exploit Kit: 6 Vulnerabilities, 3 Zero-Days, Full iPhone Takeover — 221 Million Devices Still at Risk
- Mar 18CVE-2026-3888: Ubuntu Default Installation Flaw Lets Unprivileged Attackers Escalate to Root via systemd Cleanup Timing
- Mar 18CVE-2026-32746: Critical Unpatched Telnetd Flaw Allows Unauthenticated Root RCE via Port 23 — No Patch Until April 2026
- Mar 17GlassWorm ForceMemo: Stolen GitHub Tokens Used to Silently Inject Malware Into 240+ Python Repositories — Attack Still Active
- Mar 13Google Patches Two Chrome Zero-Days Actively Exploited in the Wild — Skia and V8 Engine Both Affected
- Mar 13Operation Lightning: Authorities Dismantle SocksEscort Proxy Botnet That Hijacked 369,000 Home Routers Across 163 Countries
- Mar 12Apple Backports Security Fixes for Older iPhones Targeted by the Coruna Exploit Kit — Update Now If You Have an iPhone 6s Through iPhone X
- Mar 12Six New Android Malware Families Discovered Targeting Banking Apps, Pix Payments, and Crypto Wallets in Real Time
- Mar 11Microsoft March 2026 Patch Tuesday: 84 Flaws Fixed Including Two Zero-Days, a CVSS 9.8 RCE, and a Zero-Click Copilot Data Leak
- Mar 11From a Stolen Token to Full AWS Admin Access in 72 Hours — The UNC6426 nx Supply Chain Attack Explained
- Mar 10"Glic Jack" — Chrome Vulnerability Let Malicious Extensions Hijack Gemini Panel and Access Your Camera, Files, and Mic
- Mar 9OpenAI Codex Security: AI Agent Scanned 1.2 Million Code Commits and Found 10,561 High-Severity Vulnerabilities
- Mar 7CISA Flags Hikvision and Rockwell Automation CVSS 9.8 Flaws as Actively Exploited — Patch by March 26
- Mar 7Transparent Tribe Uses AI to Mass-Produce Malware in Campaign Targeting India
February 2026
- Feb 28900+ FreePBX Phone Systems Hacked via Critical Command Injection Flaw
- Feb 8Critical WordPress Authentication Bypass Lets Attackers Take Over Any Site — Patch Now
- Feb 7Microsoft Outlook Zero-Click Vulnerability Actively Exploited — Update Immediately
- Feb 6Ring, Nest & Arlo Camera Auth Bypass Exposes 2 Million Smart Home Devices to Remote Takeover
- Feb 5Microsoft Patch Tuesday February 2026: Critical RCE and Privilege Escalation Flaws Fixed
- Feb 1Chrome History Leak Bug Lets Malicious Sites Track Your Browsing — Update to Latest Version Now