Even though it’s patched, Adobe confirmed it was exploited in the wild, so updating is urgent, not optional. This article has been indexed from Malwarebytes Read the original article: Simply opening a PDF could trigger this Adobe Reader zero-day
Gym giant Basic-Fit confirms data on a million members stolen in cyberattack
Names, addresses, dates of birth, and bank details accessed, though not passwords Basic-Fit, Europe’s largest gym chain, has confirmed data including the bank details of around a million customers was stolen from its systems.… This article has been indexed from…
International Operation Targets Multimillion-Dollar Crypto Theft Schemes
Law enforcement in the US, UK and Canada identified more than $45 million in cryptocurrency and froze $12 million. The post International Operation Targets Multimillion-Dollar Crypto Theft Schemes appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
Google makes it harder to exploit Pixel 10 modem firmware
Google is working to improve the security of Pixel phones by focusing on the cellular baseband modem, a part of the device that handles communication with mobile networks and processes external data. In the Pixel 9, the company introduced measures…
Basic-Fit Suffers Data Breach Affecting Millions Across Multiple Nations
European fitness operator Basic-Fit has confirmed a significant data breach affecting approximately one million members across its network. The incident heavily impacted users in the Netherlands, which accounted for 200,000 of the compromised accounts. This breach underscores the persistent targeting…
Iran-Linked CyberAv3ngers Target Water Utilities, Industrial Controllers
Iran-linked threat group CyberAv3ngers is intensifying attacks on U.S. water utilities and industrial control systems, shifting from noisy hacktivism to sustained disruption of operational technology (OT) environments. CyberAv3ngers operates as a state-directed persona for Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC),…
The Dumbest Hack of the Year Exposed a Very Real Problem
Last April, a hacker hijacked crosswalk announcements to mimic Mark Zuckerberg and Elon Musk. Records obtained by WIRED reveal how unprepared local authorities were. This article has been indexed from Security Latest Read the original article: The Dumbest Hack of…
Citizen Lab: Webloc tracked 500M devices for global law enforcement
Citizen Lab reported that law enforcement used the surveillance tool Webloc to track up to 500M devices via ad data globally. A report by Citizen Lab revealed that law enforcement agencies in the U.S., Hungary, and El Salvador used a…
Elon Musk Announces to Launch XChat With Self-Destruct Message Features
Elon Musk has officially rolled out XChat, a major security overhaul to the direct messaging infrastructure on the X platform. Designed to rival secure messengers like Signal and Telegram, XChat integrates strong privacy controls directly into the X ecosystem. The…
Adobe Patches Acrobat Reader 0-Day Vulnerability Exploited in the Wild
Adobe has issued an emergency security patch to neutralize a critical zero-day vulnerability in Acrobat Reader that is currently being exploited in the wild. Tracked as CVE-2026-34621, this severe flaw enables threat actors to achieve arbitrary code execution on compromised machines.…
Rockstar Games gets a taste of grand theft data amid ShinyHunters threat of ‘Pay or leak’
Gang claims it accessed Snowflake metrics via third-party tool ShinyHunters is back, this time pinning Rockstar Games to its leak site and claiming it didn’t so much hack its way in as walk through a door someone else left wide…
CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads
Download links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT. The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
Alleged German DDoS-for-Hire Kingpin Behind Fluxstress Caught in Thailand
Alleged German cybercrime figure behind Fluxstress and Neldowner arrested in Thailand after years running global DDoS-for-hire services across countries. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Alleged German…
Critical Axios Vulnerability Enables Remote Code Execution, PoC Released
A critical security vulnerability has been discovered in Axios, one of the most widely used HTTP client libraries, exposing applications to Remote Code Execution (RCE) and full cloud infrastructure compromise. Tracked as CVE-2026-40175, this flaw carries a critical CVSS 3.1…
AI Chatbots and Trust
All the leading AI chatbots are sycophantic, and that’s a problem: Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And…
Adobe issues emergency fix for Acrobat Reader flaw exploited in the wild (CVE-2026-34621)
Adobe has pushed out an emergency security update for Adobe Acrobat Reader, patching a zero-day vulnerability (CVE-2026-34621) exploited in the wild since November 2025. About CVE-2026-34621 CVE-2026-34621 is a critical prototype pollution vulnerability – a type of vulnerability that occurs…
Siemens expands Industrial Automation DataCenter with edge AI and cybersecurity
Siemens will present the next generation of its Industrial Automation DataCenter, a custom-configured data center for IT needs in production, expanding its turnkey solution into an AI-ready platform. Structure of the Siemens Industrial Automation DataCenter and its Remote Industrial Operations…
North Korea’s APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building…
VIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader Chain
Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi‑stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Lib\. This special Python module…
Iran-linked group Handala claims to have breached three major UAE organizations
Iran-linked group Handala claims to have breached three major UAE organizations, Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority The group Handala claimed a major cyberattack against the UAE, targeting Dubai Courts Department, Dubai Land Department, and Dubai…
Fake Claude Website Distributes PlugX RAT
The malware mimics the legitimate Anthropic installation, relies on DLL sideloading, and cleans up after itself. The post Fake Claude Website Distributes PlugX RAT appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Fake…
Seized VerifTools servers expose 915,655 fake IDs, 8 arrested
On April 7 and 8, Dutch police arrested eight suspects in a nationwide operation targeting users of the VerifTools platform as part of an identity fraud investigation. The suspects, all men aged 20 to 34, are accused of identity fraud,…
IT Security News Hourly Summary 2026-04-13 12h : 6 posts
6 posts were published in the last hour 9:34 : NHS pays £46K to prep next Microsoft licensing round 9:34 : UK Cyber Security Council Launches Associate Cyber Security Professional Title 9:18 : Marimo RCE Vulnerability Exploited Within 10 Hours…
NHS pays £46K to prep next Microsoft licensing round
Benchmarking contract lays groundwork for renegotiating £774M software agreement NHS England is spending £46,000 on “benchmarking” as it gears up for what looks like the next round of negotiations behind one of the UK public sector’s biggest software deals.… This…