The Underminr vulnerability allows attackers to hide malicious connections behind trusted domains, potentially affecting 88 million domains worldwide.
China-linked APT41 has deployed a zero-detection Linux backdoor targeting AWS, Google Cloud, Azure, and Alibaba Cloud environments, using SMTP port 25 as a covert C2 channel and typosquatted domains to mask malicious traffic.
Adobe has pushed an out-of-band security update for Acrobat and Reader to address CVE-2026-34621, a zero-day vulnerability exploited in the wild since at least December that allows malicious PDFs to escape sandbox protections and execute arbitrary code.
The ShinyHunters cybercrime group says it accessed Rockstar Games data via stolen authentication tokens linked to cloud analytics provider Anodot, threatening to leak files unless a ransom is paid by April 14.
Booking.com has begun alerting customers that hackers may have accessed personal details tied to their travel reservations, though the company says no financial or payment information was compromised.
Claims that LinkedIn is running mass corporate espionage by scanning users' browser extensions have gone viral, but security researchers say the reality is far more mundane — and the real concern may be the extensions themselves.
A new subscription-based infostealer named Storm emerged on underground forums in early 2026, shifting credential theft to server-side decryption to evade endpoint security tools and automate session hijacking against SaaS, cloud, and internal platforms.
OpenAI confirmed its macOS app-signing workflow executed a malicious version of the Axios JavaScript library, published by North Korean-linked threat group UNC1069 after compromising a lead maintainer's NPM account.
European gym chain Basic-Fit confirmed that unknown hackers breached its systems and downloaded personal data belonging to approximately 1 million members across Belgium, the Netherlands, Luxembourg, France, Spain, and Germany.
A joint law enforcement operation involving the United States, United Kingdom, and Canada has identified over $45 million in stolen cryptocurrency and successfully frozen roughly $12 million, which will be returned to victims.