Vulnerability

3 minute read

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot.

byDeeba Ahmed

April 23, 2026

Microsoft Vulnerabilities Hit Record High, Critical Flaws Decline, Report Find

3 minute read

Microsoft Vulnerabilities Drop, But Critical Flaws Double, Report Warns

Microsoft vulnerabilities fall, but critical flaws double, BeyondTrust report highlights rising risk in Microsoft Office, Azure, and cloud systems.

byDeeba Ahmed

April 21, 2026

ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers

3 minute read

Security

ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers

Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.

byDeeba Ahmed

April 18, 2026

New Mirai-based Nexcorium Malware Hijacks Security Cameras for DDoS Attacks

3 minute read

New Mirai Variant Nexcorium Hijacks DVR Devices for DDoS Attacks

Cybersecurity researchers at Fortinet have discovered Nexcorium, a new Mirai-based malware targeting TBK DVR systems to turn them into a botnet for DDoS attacks.

byDeeba Ahmed

April 17, 2026

3 minute read

13.5M Device Botnet Drives 2 Tbps DDoS Attacks on FinTech, Qrator Finds

A new Qrator Labs report reveals that the largest DDoS botnet has grown to 13.5 million devices, and…

byDeeba Ahmed

April 15, 2026

2 minute read

wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now

Critical wolfSSL flaw CVE-2026-5194 allows digital ID forgery across billions of devices, update to version 5.9.1 to fix the issue and reduce risk.

byDeeba Ahmed

April 14, 2026

Why Your Deprecated Endpoints Are an Attacker’s Best Friend: The Rise of Ghost APIs

8 minute read

Security

Why Your Deprecated Endpoints Are an Attacker’s Best Friend: The Rise of Ghost APIs

Ghost APIs are deprecated endpoints left active, exposing systems to attack. Learn how they differ from shadow APIs and why they create hidden security risks

byArunkumar Mathiyazhagan

April 13, 2026

FBI finds way to read deleted Signal messages through iPhone notifications

2 minute read

FBI Recovers Deleted Signal Messages Through iPhone Notifications

Signal messages may persist in iPhone notification data, enabling FBI access even after deletion, a court case reveals.

byDeeba Ahmed

April 11, 2026

Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs

2 minute read

Security

Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs

An Adobe Reader zero-day vulnerability is being actively exploited via malicious PDFs, allowing hackers to steal data without user interaction, with no patch available.

byDeeba Ahmed

April 9, 2026

3 minute read

Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks

LayerX researchers have discovered how to bypass Claude Code’s safety rules using the CLAUDE.md file. This exploit allows…

byDeeba Ahmed

April 9, 2026

The Latest

New ClickFix attack Hides in Native Windows Tools to Reduce Detection Risk

TeamPCP Hijacks Bitwarden CLI, Uses Dependabot to Deploy Shai-Hulud Malware

French Police Arrest HexDex Hacker Over Mass Data Theft and Leaks

Harvester APT Expands Spying Operations with New GoGra Linux Malware

Vulnerability

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

Microsoft Vulnerabilities Drop, But Critical Flaws Double, Report Warns

ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers

New Mirai Variant Nexcorium Hijacks DVR Devices for DDoS Attacks

13.5M Device Botnet Drives 2 Tbps DDoS Attacks on FinTech, Qrator Finds

wolfSSL Vulnerability Hits IoT, Routers and Military Systems, Update to 5.9.1 Now

Why Your Deprecated Endpoints Are an Attacker’s Best Friend: The Rise of Ghost APIs

FBI Recovers Deleted Signal Messages Through iPhone Notifications

Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs

Claude Code Can Be Manipulated via CLAUDE.md to Run SQL Injection Attacks

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation

The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities

Security Risk Advisors Purple Team Participants Can Now Earn CPE Credits

Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action

AI Future: The Leading International AI and Web3 Forum to Take Place in April