OpenAI’s Codex AI model successfully escalated privileges to root on a real Samsung Smart TV by exploiting world-writable kernel driver interfaces — a finding that raises serious questions about how hardware vendors handle device security on consumer electronics. The experiment,…
Hackers Leave Credential Stuffing Botnet Wide Open With Full Worker Access and Root Passwords
A live credential stuffing botnet targeting Twitter/X accounts has been found completely exposed to the internet, with no password required to access its control panel, worker server credentials, or real-time attack data. The exposed system, running under the name “Twitter…
New PlugX USB Worm Spreads Across Multiple Continents Using DLL Sideloading
A newly discovered variant of the PlugX worm is silently crossing borders by hiding inside USB drives, and it has already been detected on multiple continents spanning nearly ten time zones. First spotted in Papua New Guinea in August 2022,…
Oligo enables real-time exploit detection and blocking at application runtime
Oligo Security has unveiled Runtime Exploit Blocking, a new capability that stops exploit attempts at the application layer in real time. By providing visibility into how applications execute and behave, Oligo identifies and blocks malicious activity at the point of…
PlugX USB Worm Hits Multiple Continents via DLL Sideloading
A new PlugX USB worm variant is driving fresh infection waves across several continents, using DLL sideloading and stealthy USB-based propagation to evade detection. First observed in Papua New Guinea in August 2022, the same strain resurfaced months later not…
No honor among thieves as 0APT threatens rival ransomware gang Krybit
Honey, the skids are fighting again Two rival ransomware gangs have locked horns after 0APT threatened to expose people affiliated with Krybit.… This article has been indexed from The Register – Security Read the original article: No honor among thieves…
Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members
Basic-Fit has reported that hackers have stolen names, dates of birth, and even bank account details. The post Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats
CISOs face a shrinking window to prepare as AI models like Mythos collapse the gap between vulnerability discovery and exploitation, driving a new era of high-velocity cyberattacks. The post ‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats…
Pavel Durov Says Russia VPN Restrictions Triggered Banking Disruption
In spite of the fact that the Russian government is intensifying its efforts to reaffirm its control over digital communication channels, unintended consequences of that strategy are becoming evident in a number of critical sectors beyond social media. Significant disruptions…
JanelaRAT Malware Attacks Banks in Brazil and Mexico, Steals Data
Banks in Latin American countries such as Mexico and Brazil have been victims of continuous malware attacks by a strain called JanelaRAT. An upgraded variant of BX RAT, JanelaRAT, can steal cryptocurrency and financial data from financial organizations, trace mouse…
Basic-Fit hack compromises data of up to 1 million members
Basic-Fit, a European gym chain, disclosed that hackers breached one of its internal systems, exposing members’ personal data in several countries. The company operates more than 2,150 clubs in 12 countries under two brands, with more than 5.8 million members.…
DavMail 6.6.0 patches a regex flaw and advances its Microsoft Graph backend
Organizations that run DavMail to bridge standard mail clients to Microsoft Exchange or Office 365 received an update this week. Version 6.6.0 addresses a code-scanning alert tied to a regex vulnerability, adjusts OAuth redirect handling to match a recent Microsoft…
FIFA World Cup 2026 Partners Expose Email Fraud Risk
A recent study by cybersecurity firm Proofpoint highlights a significant vulnerability among the partners and sponsors of the FIFA World Cup 2026. This article has been indexed from CyberMaterial Read the original article: FIFA World Cup 2026 Partners Expose Email…
Triad Nexus Evades Sanctions
Triad Nexus, a significant player in the cybercrime world, has developed strategies to evade international sanctions and prevent takedowns. This article has been indexed from CyberMaterial Read the original article: Triad Nexus Evades Sanctions
Australia Social Media Ban Faces Questions
Australia’s recent social media ban, aimed at restricting access for users under 16, is facing significant scrutiny following a new study that questions its effectiveness. This article has been indexed from CyberMaterial Read the original article: Australia Social Media Ban…
Cybersecurity of Critical Sectors Handbook
ENISA has released a new handbook designed to assist national and sectorial authorities in managing cybersecurity and resilience for critical sectors. This article has been indexed from CyberMaterial Read the original article: Cybersecurity of Critical Sectors Handbook
Patchstack Bug Bounty Program
Patchstack has introduced a Bug Bounty program designed to engage cybersecurity researchers, developers, and bug bounty hunters in identifying and reporting security vulnerabilities in WordPress plugins. This article has been indexed from CyberMaterial Read the original article: Patchstack Bug Bounty…
IT Security News Hourly Summary 2026-04-14 15h : 14 posts
14 posts were published in the last hour 12:32 : Botnet Exposed: Hackers Leave Worker Access and Root Passwords Wide Open 12:32 : Omnistealer uses the blockchain to steal everything it can 12:32 : How to Tell if An Email…
Botnet Exposed: Hackers Leave Worker Access and Root Passwords Wide Open
Hackers have left a live Twitter/X credential‑stuffing botnet effectively unlocked, exposing its full command‑and‑control stack, worker fleet, and root passwords to anyone who knows where to look. The C2 runs on a Windows Server 2019 instance hosted by Hetzner in…
Omnistealer uses the blockchain to steal everything it can
This malware is coming for your password managers, saved logins, cloud storage, crypto wallets, and just about anything else it can reach. This article has been indexed from Malwarebytes Read the original article: Omnistealer uses the blockchain to steal everything…
How to Tell if An Email is Fake: Complete Verification Guide
Originally published at How to Tell if An Email is Fake: Complete Verification Guide by Levon Vardumyan. A fake email is an email that appears … The post How to Tell if An Email is Fake: Complete Verification Guide appeared…
Hackers Exploit Obsidian Plugin for Malware
A new cyber threat has emerged as hackers exploit the Shell Commands plugin in Obsidian, a popular note-taking application, to deliver a sophisticated malware chain. This article has been indexed from CyberMaterial Read the original article: Hackers Exploit Obsidian Plugin…
Hackers Target Okta with Vishing Attacks
Cybercriminals are shifting their tactics from traditional email phishing to more direct voice-based social engineering attacks, known as vishing, to infiltrate corporate systems. This article has been indexed from CyberMaterial Read the original article: Hackers Target Okta with Vishing Attacks
Booking.com Confirms Data Breach
Booking.com, a leading global travel booking platform, has confirmed a data breach involving unauthorized access to customer information. This article has been indexed from CyberMaterial Read the original article: Booking.com Confirms Data Breach