Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Ravie LakshmananApr 12, 2026Vulnerability / Endpoint Security Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active…
Category: TheHackerNews
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Ravie LakshmananApr 12, 2026Malware / Threat Intelligence Unknown threat actors compromised CPUID (“cpuid[.]com”), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro,…
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
Ravie LakshmananApr 07, 2026Vulnerability / Threat Intelligence A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of…
The Hidden Cost of Recurring Credential Incidents
When talking about credential security, the focus usually lands on breach prevention. This makes sense when IBM’s 2025 Cost of a Data Breach Report puts the average cost…
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
Ravie LakshmananApr 07, 2026Vulnerability / DevSecOps A high-severity security vulnerability has been disclosed in Docker Engine that could permit an attacker to bypass authorization plugins (AuthZ)…
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle…
Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based…
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Ravie LakshmananApr 10, 2026Malware / Website Security Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and…
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
Ravie LakshmananApr 10, 2026Vulnerability / Threat Intelligence A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within…
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there’s a wide-open window nobody’s guarding: AI browser extensions. A new report from…
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
Ravie LakshmananApr 10, 2026Malware / Blockchain Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that’s designed…
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
Ravie LakshmananApr 10, 2026Malware / Browser Security Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months…