Malicious trading website drops malware that hands your browser to attackers
During our threat hunting, we found a campaign using the same malware loader from our previous research to deliver a different threat: Needle Stealer, data-stealing…
Author: Cybernoz
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
Ravie LakshmananApr 22, 2026Cyber Espionage / Malware The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor…
Interview: Critical local infrastructure is missing link in UK cyber resilience
Critical local infrastructure that supports council services, social care services and local transport in the UK is falling through the gaps in government and business…
After Bluesky, Mastodon Targeted in DDoS Attack
Following a similar assault on Bluesky just days prior, the decentralized social media platform Mastodon has also been targeted in a major distributed denial-of-service (DDoS)…
Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw
Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw Pierluigi Paganini April 22, 2026 Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS…
Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says
Hackers can now spin up fake login pages without writing a single line of code. Source link
NFC tap-to-pay gets tapped by hackers
Cyber crooks are abusing a trojanized Android payment application to steal near field communication (NFC) data and PINs, enabling cloning of payment cards and draining…
36 Must-Know Password Statistics for 2026
Password security is the first defense against cyber threats, and with billions of credentials stolen each year, it’s important to practice good password hygiene. If…
New npm supply-chain attack self-spreads to steal auth tokens
A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised…
New DinDoor Backdoor Abuses Deno Runtime and MSI Installers to Evade Detection
A newly identified backdoor called DinDoor is using the legitimate Deno JavaScript runtime and MSI installer files to quietly slip past security defenses and compromise…
Router Security Hardening Steps for 2026: From Default Credential Audits to Automated Firmware Risk Monitoring
Network edge devices are now among the most targeted entry points in cyberattacks. Recent intelligence shows that threat actors are focusing more on routers, firewalls,…
Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities
Mozilla has released Firefox 150 to patch 41 security vulnerabilities, including multiple high-severity flaws that could lead to remote code execution. Users should immediately update…