Can’t Touch This: Data Exfiltration via Finger
During the various phases of an attack, it’s not uncommon for threat actors to use “living off the land” binaries (LOLBins) or scripts and libraries…
Month: April 2026
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver.…
Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools
A critical zero-day vulnerability in the Litecoin network was actively exploited to launch a denial-of-service (DoS) attack, temporarily disrupting operations across major mining pools before…
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
Ravie LakshmananApr 22, 2026Vulnerability / Cryptography Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to…
Trigona ransomware adopts custom tool to steal data and evade detection
Trigona ransomware adopts custom tool to steal data and evade detection Pierluigi Paganini April 26, 2026 Trigona ransomware now uses a custom command-line tool to…
MFT Exploitation and Adversary Operations
Threat actors of varying types continue to target managed file transfer (MFT) applications for exploitation. The latest concerning MFT vulnerability was identified by Converge Technology…
DORA and operational resilience: Credential management as a financial risk control
Author: Eirik Salmi, System Analyst at Passwork When a threat actor walks into your network using a legitimate username and password, which control stops them?…
73 Open VSX Sleeper Extensions Linked to GlassWorm Activate New Malware Campaign
The GlassWorm supply chain attack targeting the Open VSX marketplace has escalated with the discovery of 73 new “sleeper” extensions. Identified in April 2026, this…
California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner
A 31-year-old engineer and computer scientist was identified by media reports and President Donald Trump as the suspected shooter at the White House Correspondents’ Dinner…
A study of 1,000 Android apps finds a privacy policy logging gap
Android developers write log statements for the same reasons they always have: debugging crashes, tracing performance issues, and understanding how features behave in production. Legal…
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Ravie LakshmananApr 23, 2026Vulnerability / Encryption Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored…
A tsunami of flaws: When frontier AI and Patch Tuesday collide
Microsoft’s regular monthly round of vulnerability fixes dropped as scheduled on Tuesday 14 April, containing a handful of zero-days and critical updates for security teams…