Qilin Ransomware Cripples US Governments, Adobe Rushes Critical RCE Patch, and Germany Accuses Russia of Widespread Phishing

Germany Accuses Russia of Orchestrating Large-Scale Signal Phishing Attack on Politicians

The German government has officially stated its belief that Russia was behind a widespread and sophisticated phishing campaign targeting the Signal messenger accounts of hundreds of high-profile individuals. The targets included Members of Parliament, governme...

Adobe Scrambles to Patch Critical, Actively Exploited RCE Flaw in Commerce and Magento

Adobe has released an emergency, out-of-band security update for a critical remote code execution (RCE) vulnerability, CVE-2026-11234, affecting Adobe Commerce and Magento Open Source. The flaw, which has a CVSS score of 9.8, is being actively exploited in the...

Global Wings Airline Breach Exposes Personal Data of 5 Million Passengers via Third-Party Vendor

Global Wings Airline has disclosed a major data breach affecting approximately 5 million of its passengers. The breach originated not within the airline's own systems, but from a third-party service provider responsible for managing the 'SkyMiles' loyalty prog...

APT 'ChronoDragon' Deploys New 'CoinThief' Backdoor in Financial Sector Espionage Campaign

The state-sponsored threat group 'ChronoDragon' is behind a new economic espionage campaign targeting major financial institutions in North America and Europe, according to a report from Mandiant. The advanced persistent threat (APT) actor is using a new, cust...

US Treasury Sanctions Crypto Exchange and Mixers for Laundering Ransomware Proceeds

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has taken decisive action against the financial infrastructure supporting cybercrime by sanctioning a virtual currency exchange, 'Cortexchange', and two cryptocurrency mixing service...

Log4j Deja Vu: Critical RCE Flaw in 'LogSpresso' Library Averts Major Supply Chain Crisis

A potential Log4j-level crisis has been averted with the emergency patching of CVE-2026-23456, a critical (10.0 CVSS) remote code execution vulnerability in the popular open-source Java logging library 'LogSpresso'. Discovered by researchers at Checkmarx, the...

Cura360 HealthTech Startup Leaks 250,000 Patient Records via Public AWS S3 Bucket

A severe data leak at health-tech startup Cura360 has exposed the protected health information (PHI) and personal data of over 250,000 patients. The cause was a misconfigured Amazon Web Services (AWS) S3 bucket that was left publicly accessible, allowing anyon...

Researchers Detail 'GlacierRAT,' a New Modular Malware Targeting Linux Servers

Cybersecurity firm CrowdStrike has released a detailed report on 'GlacierRAT,' a new and sophisticated modular Remote Access Trojan (RAT) designed specifically to compromise Linux-based servers. The malware, which is being sold on dark web forums, targets the...

CISA Warns of 'ShadowProxy' Phishing-as-a-Service that Bypasses MFA

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have issued a joint advisory about the growing threat from 'ShadowProxy,' a sophisticated Phishing-as-a-Service (PhaaS) platform. Sold on dark web forums, ShadowProxy enables even low-skil...

LockBit and ShinyHunters Claim Major Breaches at Citizens Bank, Canada Life, and Law Firm

Update:The LockBit 5.0 ransomware operation has confirmed its breach of Bardehle Pagenberg, a European IP law firm, which was previously reported as an allegation. Additionally, LockBit has listed two new victims on its dark web leak site: Radio Studio Più, an Italia...

Qilin Ransomware Group Targets City of Napoleon, Ohio, Threatening Municipal Data Leak

Update:The Qilin ransomware group has significantly escalated its operations, claiming 19 new victims within a 24-hour period around April 25, 2026. This aggressive campaign includes major disruptions to US public sector entities like Winona County, Minnesota, and Ha...