#cyberNEWS Bitrefill blames North Korean Lazarus group for cyberattack. Crypto-powered gift card store Bitrefill says that the attack it suffered at the beginning of the month was likely perpetrated by North Korean hackers of the Bluenoroff group. bleepingcomputer.com/news/security/…

#cyberNEWS Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. bleepingcomputer.com/news/security/…

#cyberNEWS The Trivy vulnerability scanner was compromised in a supply-chain attack by threat actors known as TeamPCP, which distributed credential-stealing malware through official releases and GitHub Actions. bleepingcomputer.com/news/security/…

#cyberNEWS An information stealer called VoidStealer uses a new approach to bypass Chrome’s Application-Bound Encryption (ABE) and extract the master key for decrypting sensitive data stored in the browser. bleepingcomputer.com/news/security/…

#cyberNEWS The North Korean threat actors behind the Contagious Interview campaign, also tracked as WaterPlum. thehackernews.com/2026/03/north-…

#cyberNEWS TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 Likely via Trivy CI/CD Compromise. TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm. thehackernews.com/2026/03/teampc…

#cyberNEWS New Torg Grabber infostealer malware targets 728 crypto wallets. A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets. bleepingcomputer.com/news/security/…

#cyberNEWS The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. bleepingcomputer.com/news/security/…

#cyberNEWS A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. bleepingcomputer.com/news/security/…

#cyberNEWS New Infinity Stealer malware grabs macOS data via ClickFix lures. A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. bleepingcomputer.com/news/security/…

#cyberNEWS A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. bleepingcomputer.com/news/security/…

#cyberNEWS Critical Citrix NetScaler memory flaw actively exploited in attacks. Hackers are exploiting a critical severity vulnerability, tracked as CVE-2026-3055, in Citrix  NetScaler ADC and NetScaler Gateway appliances to obtain sensitive data. bleepingcomputer.com/news/security/…

#cyberNEWS A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign targeting government entities in Southeast Asia dubbed TrueChaos. thehackernews.com/2026/03/trueco…

#cyberNEWS Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass. Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages to distribute malicious Visual Basic Script (VBS) files. thehackernews.com/2026/04/micros…

#cyberNEWS Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise. Cisco has released updates to address a critical security flaw in the Integrated Management Controller (IMC). thehackernews.com/2026/04/cisco-…

#cyberNEWS A China-aligned threat actor has set its sights on European government and diplomatic organizations since mid-2025, following a two-year period of minimal targeting in the region. thehackernews.com/2026/04/china-…

#cyberNEWS Device code phishing attacks surge 37x as new kits spread online Device code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. bleepingcomputer.com/news/security/…

#cyberNEWS Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. bleepingcomputer.com/news/security/…

#cyberNEWS Microsoft says that Storm-1175, a China-based financially motivated cybercriminal group known for deploying Medusa ransomware payloads, has been deploying n-day and zero-day exploits in high-velocity attacks. bleepingcomputer.com/news/security/…

#cyberNEWS US warns of Iranian hackers targeting critical infrastructure. Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. bleepingcomputer.com/news/security/…