The Underminr vulnerability allows attackers to hide malicious connections behind trusted domains, potentially affecting 88 million domains worldwide.
A critical unauthenticated vulnerability in Nginx UI's Model Context Protocol endpoint is being actively exploited in the wild, enabling attackers to fully take over web servers without credentials. Over 2,600 publicly exposed instances remain potentially vulnerable.
A 16-year-old boy was arrested in Portadown, County Armagh, on suspicion of Computer Misuse Act offenses after an attack took the C2K educational platform offline, affecting up to 300,000 pupils and 20,000 teachers.
CISA has added CVE-2025-60710, a Windows Task Host privilege escalation vulnerability patched by Microsoft in November 2025, to its actively exploited vulnerabilities catalog, giving federal agencies two weeks to patch.
Microsoft has confirmed that installing the April 2026 KB5082063 security update can push certain Windows Server 2025 machines into BitLocker recovery mode on first reboot, affecting systems with specific Group Policy configurations.
Siemens, Schneider Electric, Aveva, Rockwell Automation, ABB, Phoenix Contact, Mitsubishi Electric, and Moxa have all published new ICS security advisories, addressing vulnerabilities ranging from critical Wi-Fi flaws to privilege escalation and denial-of-service issues.
A new audit by privacy organization webXray found that 194 online advertising services ignore legally defined opt-out signals under California law, with Google allegedly non-compliant 86% of the time.
Security researchers at Socket uncovered more than 100 malicious Chrome Web Store extensions operating as part of a coordinated campaign to steal Google OAuth2 Bearer tokens, hijack sessions, and commit ad fraud.
Microsoft's April 2026 Patch Tuesday addresses 167 security vulnerabilities, including an actively exploited SharePoint Server zero-day and the publicly disclosed BlueHammer flaw in Windows Defender. Google Chrome and Adobe Reader also received urgent security fixes this cycle.
Crypto exchange Kraken is being extorted by a criminal group threatening to release videos of its internal systems containing client data, following two insider access incidents affecting roughly 2,000 accounts.