Tyler Robert Buchanan, a 24-year-old British hacker, pleaded guilty to conspiracy to commit wire fraud and aggravated identity theft in a U.S. federal court, linked to the Scattered Spider cybercrime campaign that stole at least $8 million in cryptocurrency.
The US government is preparing to authorize Anthropic’s Claude Mythos AI model for use by federal agencies, amid concerns about its potential to identify and exploit cybersecurity vulnerabilities.
Active exploitation attempts of CVE-2023-33538, a command injection vulnerability in end-of-life TP-Link routers, were detected. The vulnerability allows attackers to inject commands via the ssid1 parameter, but requires authentication.
Vercel confirmed a data breach on April 18-19, 2026, after hackers accessed internal systems via a compromised Google Workspace OAuth app linked to Context.ai. The attackers, claiming to be ShinyHunters, offered stolen data for $2 million, including employee records and access keys.
Mohan Pedhapati utilized Anthropic's Opus 4.6 model to create a Chrome exploit targeting the V8 JavaScript engine, incurring $2,283 in API costs. He highlighted the ease of exploit development with AI, warning that any determined individual could eventually exploit unpatched software.
A newly identified malware, ZionSiphon, targets Israeli water treatment and desalination facilities, posing a significant threat to critical infrastructure. It features hardcoded Israeli IP addresses and politically charged messages, indicating ideological motivations.
Cybersecurity researchers at Fortinet's FortiGuard Labs have identified a new Mirai variant, Nexcorium, targeting DVR devices, particularly TBK DVR-4104 and DVR-4216 models, exploiting CVE-2024-3721. This malware creates a botnet for DDoS attacks, using brute-force methods with hardcoded passwords.
Kyrgyzstan-based crypto exchange Grinex has ceased operations following a $13.7 million cyber heist, which it attributes to Western intelligence agencies. The attack targeted Russian users, with over 1 billion rubles stolen from their wallets.
A high-severity vulnerability in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score: 8.8), is actively exploited, prompting CISA to add it to its KEV catalog. It involves improper input validation allowing code injection via the Jolokia API.
Google's annual ads safety report reveals that its AI tool, Gemini, successfully blocked over 99% of policy-violating ads in 2025, removing 8.3 billion ads, including 602 million related to scams. The company suspended over 4 million advertiser accounts for scam activity.
Microsoft Threat Intelligence reported on a macOS cyber campaign by North Korean actor Sapphire Sleet, using social engineering to compromise systems.
A zero-day vulnerability in Microsoft Defender, named “RedSun,” allows unprivileged users to escalate privileges to full SYSTEM access on fully patched Windows 10, 11, and Server 2019 and later. This exploit, tracked as CVE-2026-33825 with a CVSS score of 7.
Authorities from 21 countries seized 53 domains and arrested four individuals linked to DDoS-for-hire operations, impacting over 75,000 cybercriminals in "Operation PowerOFF.
A threat actor targeting trucking and logistics companies compromised a load board platform on February 27, 2026, delivering a malicious payload via email.
A critical vulnerability in the model context protocol (MCP), created by Anthropic, could expose 150 million downloads and over 200,000 vulnerable instances. Researchers at Ox Security reported that the flaw allows arbitrary command execution, risking sensitive data access.
Cisco has released patches for four critical vulnerabilities in Identity Services and Webex Services that could lead to arbitrary code execution and user impersonation. Key vulnerabilities include CVE-2026-20184 (CVSS 9.
NIST announced changes to its CVE enrichment process due to a surge in vulnerability submissions, stating it will only enrich records that meet specific criteria. This shift aims to focus on critical vulnerabilities, particularly those in a federal catalog of exploited vulnerabilities.
Two U.S. nationals, Kejia Wang and Zhenxing Wang, were sentenced for facilitating a scheme that enabled North Korean IT workers to pose as U.S. residents and generate over $5 million for the DPRK.
Cisco Talos reports an increase in the misuse of the n8n AI workflow automation platform for phishing campaigns from October 2025 to March 2026. Attackers exploit n8n's webhook URLs to deliver malware and perform device fingerprinting.
McGraw Hill confirmed a data breach involving unauthorized access to a limited set of Salesforce-hosted data, attributed to a misconfiguration within Salesforce's environment. The ransomware group ShinyHunters claims to have stolen 45 million records, demanding a ransom by April 14, 2026.
A pro-Russian hacker group attempted to breach a thermal power plant in western Sweden in spring 2025, but the intrusion was thwarted by the facility's security measures, according to Swedish officials. The attackers are believed to have links to Russian intelligence.
A critical vulnerability (CVE-2026-33032) in nginx-ui, an open-source Nginx management tool, allows full server takeover via an authentication bypass. The flaw, with a CVSS score of 9.8, enables attackers to exploit the unprotected /mcp_message endpoint.
Dozens of WordPress plug-ins were taken offline after a backdoor was discovered, enabling malicious code distribution to websites using them. The backdoor was added following the acquisition of Essential Plugin, which has over 400,000 installs.
A newly identified Android banking trojan, Mirax, is spreading across Europe, targeting Spanish-speaking users and affecting over 200,000 accounts through social media ads.
Cybersecurity researchers identified 108 malicious Chrome extensions affecting approximately 20,000 users, designed to steal Google and Telegram data. These extensions, published under five identities, communicate with a shared command-and-control infrastructure.
OpenAI announced a new cybersecurity strategy and model, GPT-5.4-Cyber, aimed at digital defenders. This follows Anthropic's concerns about the risks of its Claude Mythos model. OpenAI emphasizes existing safeguards while acknowledging the need for advanced protections.
Basic-Fit confirmed a data breach affecting approximately 1 million members, with around 200,000 in the Netherlands. The breach involved unauthorized access to membership systems, exposing sensitive data including names, addresses, emails, phone numbers, dates of birth, and bank account details.
