Microsoft's Massive April Patch Tuesday Fixes Two Zero-Days; CISA Adds Critical Fortinet Flaw to KEV

Microsoft's Colossal April 2026 Patch Tuesday: 167 Flaws Patched, Two Zero-Days Under Fire

Microsoft has released one of its largest security updates ever for April 2026, patching 167 vulnerabilities across its product ecosystem. The update is critically important, as it addresses two zero-day vulnerabilities: an actively exploited spoofing flaw in...

Massive Hospitality Breach: 5 Million Guests' Data Exposed via Leaky Server Tied to Chekin, Gastrodat

A significant data breach in the hospitality industry has exposed the personal and booking information of nearly 5 million travelers. Researchers from Cybernews discovered an unprotected server operated by an unknown threat actor, which contained 6.5GB of data...

Readiness Reality Check: 73% of CISOs Admit They Are Unprepared for a Major Cyberattack

A new report from cybersecurity firm Sygnia paints a grim picture of enterprise cyber readiness. Despite 99% of organizations having a formal incident response (IR) plan, nearly three-quarters (73%) of senior security leaders feel their organization is not ade...

Adware with Fangs: 25,000 Systems Exposed to $10 Supply Chain Hijack by Dragon Boss Solutions

Security firm Huntress has exposed a dangerous operation where adware signed by 'Dragon Boss Solutions' went far beyond typical potentially unwanted programs (PUPs). The software, found on over 25,000 endpoints, used SYSTEM privileges to disable antivirus prod...

Barracuda Warns of Rapid Qilin Ransomware and Spike in Brute-Force Attacks from Middle East

Barracuda's April 2026 SOC Threat Radar report reveals two alarming trends: a massive spike in brute-force authentication attacks against SonicWall and FortiGate devices, with 88% originating from the Middle East, and the incredible speed of the Qilin ransomwa...

Black Shrantac Ransomware Targets Industrial Sector with Double Extortion and Living-off-the-Land Tactics

A new analysis from Marlink details the operations of the Black Shrantac ransomware group, a threat actor active since September 2025. The group employs a double extortion strategy, exfiltrating sensitive data before encrypting systems. They have been observed...

Springfield Hospital Data Breach Exposes Patient Info, Triggers Class-Action Lawsuit Probe

Springfield Hospital in Vermont has notified patients of a data breach that occurred after an employee's email account was compromised. The incident, discovered in December 2025, exposed sensitive patient information including names, Social Security numbers, m...

UK Civil Service Pension Scheme Suffers Data Breach Under Capita's Troubled Administration

The UK's Civil Service Pension Scheme (CSPS) has suffered a data breach under the administration of outsourcer Capita. On March 30, a technical glitch on the scheme's online portal allowed 138 members to view or download the Annual Benefit Statements of other...

Critical Auth Bypass in nginx-ui (CVE-2026-33032) Actively Exploited for Full Nginx Takeover

A critical authentication bypass vulnerability (CVSS 9.8), tracked as CVE-2026-33032, in the open-source nginx-ui management tool is being actively exploited in the wild. The flaw, codenamed 'MCPwn,' allows an unauthenticated attacker to gain complete control...

Mirax Android RAT Infects 220,000+ Devices via Meta Ads, Sold as Exclusive MaaS

A new Android Remote Access Trojan (RAT) named Mirax is being distributed through malicious advertisements on Meta's platforms, including Facebook and Instagram, primarily targeting Spanish-speaking users. Researchers at Outpost24 report that the malware has i...

Booking.com Breach Exposes Traveler Data, Fueling Fears of Targeted Scams

Update:Further details have emerged regarding the Booking.com data breach. While financial data remains uncompromised, the risk of highly targeted phishing scams is emphasized with a detailed example of how attackers leverage stolen booking information to trick custo...