The cybercrime group ShinyHunters has released a large cache of Rockstar Games corporate data after the publisher reportedly refused to pay ransom by an imposed deadline. According to the attackers, the dump contains more than 78.6 million records tied to internal analytics and monitoring of Rockstar’s online services, raising serious questions about SaaS supply chain … Read more
One of the world’s largest online travel platforms, Booking.com, has reported a cyber incident that resulted in unauthorized access to information about certain users’ reservations. As part of its response, the company has forcibly reset PIN codes for a number of current and past bookings and started emailing affected customers to notify them of the … Read more
The April Patch Tuesday cycle has introduced a cluster of critical security vulnerabilities across key enterprise products from SAP, Adobe, Microsoft and Fortinet. Several flaws are already being actively exploited, significantly increasing the risk for organizations that delay patch deployment or lack mature vulnerability management processes. Critical SAP SQL Injection (CVE-2026-27681) Puts Financial Planning at … Read more
A large-scale malware campaign abusing the Chrome Web Store has been uncovered, involving 108 malicious Chrome extensions designed to harvest user data, steal Google accounts, and surreptitiously control the browser. The add-ons share a common command-and-control (C2) infrastructure and can inject advertising and arbitrary JavaScript into visited websites. Malicious Chrome extensions campaign linked by shared … Read more
A new wave of the GlassWorm malware campaign is targeting software developers by abusing a fake Visual Studio Code extension. Security researchers have identified a Zig-based native dropper embedded in a counterfeit WakaTime activity tracker, capable of silently compromising almost every VS Code–compatible IDE installed on a developer’s workstation. Malicious WakaTime Look‑Alike Extension Hits Open … Read more
A critical vulnerability in the popular open-source data notebook Marimo has highlighted how quickly attackers now weaponize newly disclosed security issues. According to telemetry from Sysdig, the first real-world exploitation attempt of CVE-2026-39987 was observed less than 10 hours after the public advisory was released. CVE-2026-39987 in Marimo: Unauthenticated Remote Code Execution via WebSocket The … Read more
A coordinated supply chain attack on the update mechanism of the Smart Slider 3 Pro plugin for WordPress resulted in the short‑term distribution of a malicious version containing a full backdoor. For several hours, site owners who updated through the legitimate vendor infrastructure installed a compromised build that could silently take over their WordPress installations. … Read more
A high‑risk vulnerability in the widely used EngageLab SDK for Android push notifications and analytics has exposed millions of devices to potential data theft, including users of cryptocurrency and digital asset wallets. According to the Microsoft Defender Security Research Team, the flaw enabled attackers to bypass core Android protections and gain unauthorized access to sensitive … Read more
A previously undocumented threat cluster, tracked by Cisco Talos as UAT-10362, has been linked to a targeted cyber‑espionage campaign against Taiwanese non‑governmental organizations and, likely, academic institutions. The operators rely on a new Lua‑based Windows malware family dubbed “LucidRook”, illustrating a broader trend: advanced threat actors are increasingly adopting less common programming languages to evade … Read more
International digital rights and security groups Access Now, Lookout and SMEX have uncovered a long‑running hack‑for‑hire phishing campaign against journalists, activists and government employees across the Middle East and North Africa (MENA). The operation appears to be linked to a mercenary actor with suspected ties to Indian state interests and to the previously documented Bitter … Read more
