News Feed

Black Hat USA

Microsoft adds Windows protections for malicious Remote Desktop files

Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. [...]

Crypto-exchange Kraken extorted by hackers after insider breach

The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data. [...]

Privilege Elevation Dominates Massive Microsoft Patch Update

Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix.

Over 100 Chrome extensions in Web Store target users accounts and data

More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. [...]

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses

Stopping EDR killers, which employ bring-your-own-vulnerable-driver (BYOVD) attack techniques, is difficult, but not impossible.

New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments

The researchers said the ransomware operation has been ongoing since 2020 and is associated with a strain of malware that enforces execution constraints based on system locale and external IP geolocation.

Microsoft releases Windows 10 KB5082200 extended security update

Microsoft has released the Windows 10 KB5082200 extended security update to fix the April 2026 Patch Tuesday vulnerabilities, including 2 zero-days. [...]

McGraw-Hill confirms data breach following extortion threat

Education company McGraw-Hill has confirmed in a statement to BleepingComputer that hackers exploited a Salesforce misconfiguration and accessed its internal data. [...]

Windows 11 cumulative updates KB5083769 & KB5082052 released

Microsoft has released Windows 11 KB5083769 and KB5082052 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features. [...]

Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days

Today is Microsoft's April 2026 Patch Tuesday with security updates for 167 flaws, including 2 zero-day vulnerabilities. [...]

Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto

A malicious Ledger Live app for macOS available from Apple's App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month. [...]

War Game Exercise Demonstrates How Social Media Manipulation Works

In an educational game called "Capture the Narrative," students created bots to sway a fictional election, simulating influence in real-world political scenarios.

Microsoft rolls out fast-track to reinstate Windows hardware dev accounts

Microsoft has rolled out a fast-track process to help developers regain access to accounts recently suspended from its Windows Hardware Program, following widespread complaints that they were locked out without warning. [...]

5 Ways Zero Trust Maximizes Identity Security

Stolen credentials remain a top breach vector, often leading to unchecked privilege escalation. Specops explains how identity-first Zero Trust limits access, enforces device trust, and blocks lateral movement. [...]

Scamdemic: Over $1 Trillion Annually Lost To Online Fraud; AI Lends A Helping Hand

This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 14, 2026 – Read the full story in Time For the past few years, it’s escaped no one that levels of Internet and telephone fraud have skyrocketed. TIME reports that one in four The post Scamdemic: Over $1 …

European Gym giant Basic-Fit data breach affects 1 million members

Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. [...]

Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads

Security teams can't test distributed denial-of-service defenses in a vacuum. They need to test during periods of high demand, such as tax filing deadlines.

CSA: CISOs Should Prepare for Post-Mythos Exploit Storm

Security experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos in a new paper from the Cloud Security Alliance (CSA).

Adobe Patches Actively Exploited Zero-Day That Lingered for Months

An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.