A previously undocumented remote access trojan (RAT) framework called Auraboros C2 has surfaced, exposing an alarming level of open access to victim data, live surveillance capabilities, and browser credential theft. The entire command-and-control (C2) dashboard operates over plain HTTP with…
Nine out of ten cyber attacks start with phishing. When an incident occurs, it’s often a person who’s held accountable: a compromised employee or a SOC analyst who missed a signal. But in a corporate environment, this framing doesn’t always apply. If a single human mistake puts the entire company at stake, the real issue might be…
Blue checkmarks moved from social media profile pages to Gmail inboxes, and that shift carries more practical weight than most marketers have acknowledged. In 2023, Gmail began displaying verified blue checkmarks next to authenticated senders, visible to every Gmail and…
A newly identified backdoor called DinDoor is using the legitimate Deno JavaScript runtime and MSI installer files to quietly slip past security defenses and compromise targeted systems. The malware, tracked as a variant of the Tsundere Botnet, relies on trusted,…
A serious supply chain threat has surfaced in the npm ecosystem. Malicious versions of packages belonging to Namastex.ai have been found carrying CanisterWorm malware, a self-propagating backdoor that mirrors the attack style of the threat actor known as TeamPCP. The…
A global investigation has uncovered an industrial-scale mobile proxy ecosystem powered by a shared control platform called ProxySmart, with 87 exposed control panels spanning 17 countries and at least 94 physical phone-farm locations enabling large-scale fraud, bot activity, and identity…
Atlassian has disclosed two significant security vulnerabilities affecting its Bamboo Data Center and Server product, including a critical OS command injection flaw and a high-severity denial-of-service issue tied to a third-party dependency. Organizations running affected versions are strongly urged to…
A critical spoofing vulnerability in Microsoft SharePoint Server, tracked as CVE-2026-32201, remains unpatched on over 1,370 internet-facing IP addresses worldwide, according to fresh scanning data from the Shadowserver Foundation, even as the flaw sits on CISA’s Known Exploited Vulnerabilities (KEV)…
CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability (CVE-2026-40050) affecting its LogScale platform, warning that a remote attacker could exploit the flaw to read arbitrary files directly from the server’s filesystem without authentication. The vulnerability…
A state-linked threat group has been caught running a quiet but carefully planned espionage operation against India’s banking sector, using a trusted Microsoft-signed file to slip malware past security defenses. The campaign delivers a new version of the LOTUSLITE backdoor…
Microsoft has issued an emergency out-of-band (OOB) security update for .NET 10, releasing version 10.0.7 on April 21, 2026, to address a critical elevation of privilege vulnerability discovered in the Microsoft.AspNetCore.DataProtection NuGet package. The out-of-band release was prompted after customers…
A group of unauthorized users has reportedly breached access controls surrounding Claude Mythos Preview, Anthropic’s powerful and closely guarded AI-driven cybersecurity tool, raising serious concerns about third-party vendor security and the risks of placing advanced offensive AI capabilities in the…
New York, United States, April 21st, 2026, CyberNewswire BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation. This recognition marks the first time BreachLock…
Washington D.C., USA, April 21st, 2026, CyberNewswire Cybersecurity Insiders, in collaboration with Saviynt, has released new research indicating that AI identities are increasingly operating within core enterprise systems, often without established governance or visibility. The study finds that while 71%…
SOC maturity comes down to the quality of decisions. Yet in many teams, those decisions are still made based on fragmented intelligence and outdated indicators. This is where progress stalls: threat data remains external to the workflow. Mature SOCs take…
