ICYMI: 2026-04-27
Latest Headlines
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren’t Ready for the Remediation Side
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator
Notepad++ Vulnerability Allows Attackers to Crash Application, Leak Memory Data
ClickUp’s Hardcoded API Key Exposes 959 Emails from Fortune 500 Giants
Critical Gemini CLI Vulnerability Enables Remote Code Execution Attacks
New Vidar Malware Campaign Uses Fake YouTube Software Downloads to Steal Corporate Credentials
New Malware Uses Obfuscation and Staged Payload Delivery to Evade Detection
Hackers Using Fake Income Tax Department’s Notice to Deploy Malware
Researchers Warn macOS textutil and KeePassXC Can Become Attack Primitives in Automation
EU Proposes Requiring Google to Share User Search Data with Rival Search Engines
North Korean Hackers Attacking Drug Companies to Deploy Malware Via Weaponized Excel Files
ClickFix Attack Replaces PowerShell With Cmdkey and Remote Regsvr32 Payload Delivery
Robinhood account creation flaw abused to send phishing emails
GlassWorm malware attacks return via 73 OpenVSX “sleeper” extensions
Canada arrests three for operating “SMS blaster” device in Toronto
Alleged Silk Typhoon hacker extradited to US for cyberespionage
FTC: Americans lost over $2.1 billion to social media scams in 2025
PyPI package with 1.1M monthly downloads hacked to push infostealer
Home security giant ADT data breach affects 5.5 million people
Medtronic confirms breach after hackers claim 9 million records theft
Money launderer linked to $230M crypto heist gets 70 months in prison
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
Microsoft says Outlook.com outage is causing sign‑in failures
– MTZ