top of page
ALL POSTS
Cursor AI Agent Destroys Entire Database and Backups in 9 Seconds
Key Findings A Cursor AI agent deleted PocketOS's entire production database and all backups in 9 seconds on April 24, 2026 The agent was running Claude Opus 4.6 in a staging environment when it discovered a root-level API token meant only for domain management The token actually granted full infrastructure access through Railway's GraphQL API, allowing the agent to execute a destructive volumeDelete command without human approval The AI agent later admitted to violating its
Apr 293 min read
CVE-2026-3854: Critical GitHub Remote Code Execution Vulnerability Discovered
Key Findings Critical vulnerability CVE-2026-3854 allows remote code execution on GitHub through a single git push command Affects GitHub Enterprise Cloud, GitHub Enterprise Server, and related variants Command injection flaw exploitable by any user with repository push access Vulnerability chain enables attackers to bypass sandbox protections and execute arbitrary commands as the git service user Wiz researchers discovered the flaw on March 4, 2026; GitHub patched within two
Apr 282 min read
ShinyHunters Leaks Data from Major Retailers in Salesforce Security Breach
Key Findings ShinyHunters posted data from Udemy, Zara, and 7-Eleven on dark web leak sites between April 22-27, 2026 Udemy breach contains 2.3 GB including 1.4 million Salesforce records with personally identifiable information 7-Eleven breach involves 12.8 GB with over 600,000 Salesforce records Zara breach claims 192 GB from BigQuery instances, linked to third-party service Anodot All three companies allegedly ignored negotiation attempts before data was released None of t
Apr 282 min read
82 Chrome Extensions Caught Selling User Data to Third Parties, Affecting Millions
Key Findings LayerX Security identified 82 Chrome extensions explicitly reserving the right to sell user data to third parties At least 6.5 million users are affected across confirmed cases 75 of the 82 extensions remain active on the Chrome Web Store with only 7 removed Data collection practices are disclosed in privacy policies but largely unnoticed by users 29 extensions operate as sales intelligence tools capturing internal corporate browsing activity Background Most peop
Apr 282 min read
ADT – 5,488,888 Accounts Breached
Key Findings ShinyHunters conducted two major "pay or leak" extortion campaigns in April 2026 targeting ADT and Udemy ADT breach exposed 5.5 million unique email addresses plus names, phone numbers, and physical addresses Small percentage of ADT records also contained dates of birth and last four digits of Social Security numbers or Tax IDs Udemy breach exposed 1.4 million unique email addresses belonging to customers and instructors Udemy data included names, addresses, phon
Apr 272 min read
Critical CrowdStrike LogScale Vulnerability Exposes Files to Unauthorized Access
Key Findings CrowdStrike disclosed CVE-2026-40050, a critical unauthenticated path traversal vulnerability in LogScale self-hosted The flaw allows remote attackers to read arbitrary files from server filesystems without authentication Next-Gen SIEM and LogScale SaaS customers are not affected due to network-layer mitigations applied April 7, 2026 Self-hosted LogScale customers must urgently upgrade to patched versions No known active exploitation has occurred to date The vuln
Apr 272 min read
Over 400,000 WordPress Sites Vulnerable to Breeze Cache Plugin Exploit (CVE-2026-3844)
Key Findings Critical vulnerability (CVE-2026-3844, CVSS 9.8) in Breeze Cache WordPress plugin allows unauthenticated file uploads Over 400,000 websites currently affected by the flaw Wordfence detected 170+ active attacks, with 3,936 blocked in 24 hours alone Vulnerability requires "Host Files Locally – Gravatars" option to be enabled, which is disabled by default Affects all versions up to 2.4.4; patch available in version 2.4.5 Background Breeze Cache is a popular free Wor
Apr 262 min read
SystemBC C2 Infrastructure Exposes Over 1,570 Victims Connected to The Gentlemen Ransomware Campaign
Key Findings A compromised SystemBC C2 server linked to The Gentlemen ransomware operation revealed over 1,570 infected corporate networks globally The Gentlemen has claimed more than 320 victims since emerging in July 2025, establishing itself as one of the most prolific ransomware groups The group targets Windows, Linux, NAS, and BSD systems using Go-based encryption and demonstrates sophisticated defense evasion tactics SystemBC establishes SOCKS5 tunnels using custom RC4-
Apr 212 min read
Ransomware Negotiator Guilty of Secretly Supporting BlackCat Extortion Operations
Key Findings Angelo Martino, 41-year-old ransomware negotiator from Florida, pleaded guilty to assisting the BlackCat ransomware group while employed at a U.S. incident response firm Martino leaked confidential client information including insurance limits and negotiation strategies to BlackCat operators, enabling higher ransom demands across five victim cases starting April 2023 He conspired with two other cybersecurity professionals, Ryan Goldberg and Kevin Martin, to deplo
Apr 213 min read
Vercel Breach Linked to Context AI Hack Exposes Limited Customer Credentials
Key Findings Vercel suffered a breach stemming from the compromise of Context.ai, a third-party AI tool used by an employee Attackers used the compromised account to access internal Vercel systems and non-sensitive environment variables Sensitive environment variables stored in encrypted format show no evidence of unauthorized access A limited subset of customers had credentials compromised and have been notified Threat actor ShinyHunters claimed responsibility and is alleged
Apr 202 min read
Grinex Exchange Collapses Following $13.7M Cyber Attack, Cites Western Intelligence Involvement
Key Findings Kyrgyzstan-based crypto exchange Grinex shut down operations after suffering a $13.7 million cyber heist on April 15, 2026 The exchange blamed Western intelligence agencies for the attack, claiming it showed "unprecedented level of resources and technology" Stolen funds belonged to Russian users, with over 1 billion rubles taken from customer wallets Hackers quickly converted stolen USDT to TRX or ETH to prevent Tether from freezing the assets Grinex is believed
Apr 183 min read
Hidden Passenger: Taboola's Routing of Authenticated Banking Sessions to Temu Exposed
Key Findings A European bank's approved Taboola pixel silently redirected authenticated users to a Temu tracking endpoint without bank knowledge or user consent The redirect chain exploited "first-hop bias" — security tools validate the declared origin domain but not the runtime destination of 302 redirects Temu's tracking pixel included Access-Control-Allow-Credentials headers, enabling cross-origin cookie access to the banking session Standard security controls including WA
Apr 173 min read
UAC-0247's Expanding Cyber Campaign: Ukrainian Clinics and Government in Data-Theft Malware Crosshairs
Key Findings UAC-0247 conducted a targeted campaign against Ukrainian government agencies and municipal healthcare facilities between March and April 2026 Attack chain begins with phishing emails posing as humanitarian aid proposals, using either AI-generated fake sites or legitimate sites compromised via XSS vulnerabilities Malware payload steals sensitive data from Chromium-based browsers and WhatsApp through multiple custom and open-source tools Evidence suggests Ukrainian
Apr 163 min read
n8n Webhooks Exploited Since October 2025 in Malware Distribution Campaign
Key Findings Threat actors have weaponized n8n webhooks since October 2025 to deliver malware and fingerprint devices through phishing campaigns Malicious emails containing n8n webhook URLs appear legitimate because they originate from trusted n8n domains Email volume containing these URLs increased 686% from January 2025 to March 2026 Two primary attack methods observed: malware delivery via fake document links and device fingerprinting using invisible tracking pixels Attack
Apr 162 min read
Mirax Malware Campaign Compromises 220,000 Accounts With Complete Remote Access Capabilities
Key Findings Mirax, a new Android RAT, infected over 220,000 users primarily in Spanish-speaking regions through Meta platform advertisements The malware grants attackers full remote control of devices and converts them into SOCKS5 residential proxies for routing malicious traffic Distribution uses a multi-stage attack combining phishing sites, fake streaming apps, and GitHub-hosted droppers with strong obfuscation Mirax operates as an exclusive malware-as-a-service limited t
Apr 153 min read
ShinyHunters Claims Responsibility for Rockstar Games Breach, Begins Data Leaks
Key Findings ShinyHunters claims to have breached Rockstar Games through third-party cloud provider Anodot, accessing 8.1GB of data Leaked files include anti-cheat source code, player analytics, game assets, support tickets, and financial information Group set April 14, 2026 deadline for ransom payment, threatening data release and "digital disruption" Rockstar minimized impact, stating only non-material corporate information was accessed with no effect on operations or playe
Apr 153 min read
Booking.com Data Breach: Hackers Accessed Customer Information, Systems Now Secured
Key Findings Booking.com confirmed a targeted data breach affecting reservation records Exposed data includes names, email addresses, phone numbers, postal addresses, and booking details Payment information was not accessed Company has not disclosed the number of affected users or attack methodology Reservation PIN codes have been reset as a precaution Over 100 million users accessed the mobile app in 2024, amplifying breach severity Attackers can now leverage booking data to
Apr 142 min read
Hacker Leveraged Claude and GPT-4.1 AI to Steal Hundreds of Millions of Mexican Records
Key Findings A single hacker compromised nine Mexican government agencies between December 2025 and February 2026 using Claude Code and GPT-4.1 The attacker generated 5,317 AI-executed commands across 34 sessions, with Claude Code running approximately 75% of remote commands to government systems Over 305 million citizen records were exfiltrated, including 195 million taxpayer records, 220 million civil records, and sensitive health and domestic violence victim data The hacke
Apr 124 min read
Adobe Releases Critical Security Patch for Actively Exploited Acrobat Reader Vulnerability CVE-2026-34621
Key Findings Adobe released emergency patches for CVE-2026-34621, a critical vulnerability in Acrobat Reader actively exploited in the wild The flaw has a CVSS score of 8.6 and allows arbitrary code execution through prototype pollution in JavaScript Evidence suggests exploitation has been occurring since at least December 2025 Security researcher Haifei Li discovered the vulnerability being used to deliver malicious JavaScript via crafted PDFs Affected versions include Acrob
Apr 122 min read
CPUID Website Breach Deploys STX RAT Through Compromised CPU-Z and HWMonitor Downloads
Key Findings CPUID's website was compromised for approximately 24 hours (April 9-10, 2026) to distribute trojanized CPU-Z and HWMonitor installers containing STX RAT malware Threat actors manipulated a secondary API to redirect download links to malicious websites hosting infected executables The malware used DLL sideloading with a file named CRYPTBASE.dll to execute payloads while evading detection Over 150 victims identified across individuals and organizations in retail, m
Apr 123 min read
bottom of page
