Attackers hijacked the update system for Smart Slider 3 Pro and pushed a malicious version (3.5.1.35) that installed multiple backdoors, created a hidden administrator account, and exfiltrated site credentials. PatchStack analysis shows the toolkit is multi-layered and persistent—using mu-plugins, theme and core file implants, and a database-independent loader—so affected WordPress and Joomla sites should restore a clean backup or immediately update to 3.5.1.36 and follow full cleanup procedures. #SmartSlider3 #PatchStack #WordPress #Joomla
Category: Cyber Security News
The U.S. Treasury’s OCCIP will begin sharing timely, actionable cyber threat intelligence with eligible U.S. digital asset firms at no cost to help them better identify, prevent, and respond to attacks. The move follows a series of large crypto thefts — including an alleged $280 million heist tied to North Korean…
Researchers warn that hardcoded Google API keys embedded in Android apps can be extracted to authenticate to Google’s Gemini AI, exposing developer resources and potentially user data. CloudSEK, Truffle Security, and Quokka found thousands of vulnerable keys across apps and websites, enabling attackers to access files, exhaust quotas, and bill LLM…
Businesses risk overreliance on large language models because they are probabilistic, ungrounded, and prone to hallucinations, bias, sycophancy, and model collapse—weaknesses attackers and misuse can exploit. A growing AI security industry (e.g., DeepKeep, AI Sequrity, Kamiwaza) is building provenance, guardrails, drift detection and agent-level controls to mitigate operational, reputational and adversarial…
RSAC researchers demonstrated a reliable method to bypass Apple Intelligence’s on-device LLM safeguards by combining adversarial techniques. By using Neural Execs prompt injection plus a Unicode right-to-left override to encode outputs, they achieved a 76% success rate and forced manipulations of private app data before Apple deployed fixes in iOS 26.4…
The rise of SOHO router compromise campaigns, led by the Russia-linked threat actor Forest Blizzard, has turned poorly secured home and small-office devices into covert infrastructure for DNS hijacking and large-scale surveillance. By altering router DNS settings (often using dnsmasq) and conducting adversary-in-the-middle attacks against services like Outlook on the web…
BleepingComputer will host a live webinar on April 30, 2026 exploring how threat actors leave observable signals across dark web forums, Telegram channels, and access broker marketplaces before launching attacks. Speakers from RansomLook and Flare Systems will explain how to identify meaningful chatter, track shifting attacker tactics, and turn external threat intelligence into prioritized defensive actions. #RansomLook #FlareSystems
Figure’s February 2026 breach exposed 967,200 email records, creating a large operational input that enables credential stuffing, AI-driven phishing, and help-desk social engineering without any exploited vulnerability. Legacy MFA is structurally insufficient against real-time relay (AiTM) attacks and MFA fatigue; true protection requires cryptographic origin binding, hardware-bound keys, and live biometric verification. #Figure #Evilginx
UNC6783 is targeting business process outsourcing (BPO) companies as a pathway to infiltrate major organizations, using phishing, social engineering, live-chat impersonation, and fake updates to steal sensitive data and deploy remote access malware. Google’s analysis and Mandiant recommendations emphasize measures such as FIDO2 hardware keys, live-chat monitoring, blocking Zendesk-like domains, and…
Bitcoin Depot, operator of over 25,000 Bitcoin ATMs, disclosed that attackers stole approximately 50.903 BTC (about $3.665 million) from company-controlled wallets after a March 23, 2026 breach. The company says the incident was contained to its corporate environment, engaged external cybersecurity experts and law enforcement, and warned its insurance may not fully cover resulting losses. #BitcoinDepot #ByteFederal
Attackers have been exploiting a zero-day in Adobe Reader via specially crafted PDFs since at least December, using a sophisticated fingerprinting-style exploit that runs on the latest Reader without user interaction. The exploit harvests local data using Acrobat APIs and can deploy follow-on RCE/SBX stages, so researchers advise not opening PDFs from untrusted sources until Adobe issues a patch. #AdobeReader #HaifeiLi
Eurail B.V. disclosed a December 2025 data breach that exposed the personal information of 308,777 travelers, including names, passport numbers, bank IBANs, health details, and contact information. Stolen data samples were posted on Telegram and offered for sale on the dark web, prompting customer notifications and advisory actions. #Eurail #ShinyHunters
European rail-pass operator Eurail disclosed that a December 2025 network breach resulted in stolen files from its AWS S3, Zendesk, and GitLab instances and that attackers published sample data on dark web channels. The company is notifying 308,777 customers about exposed identity details, including names and passport numbers. #Eurail #AWS_S3…
Researcher Haifei Li detected an actively exploited zero-day in Adobe Reader using his Expmon sandbox, identifying a malicious PDF that collects and exfiltrates system data and may enable sandbox escape and remote code execution. The exploit works against the latest Reader build, samples were submitted to Expmon and VirusTotal, and Adobe…
A financially motivated actor tracked as UNC6783 is targeting business process outsourcing firms and support staff to steal sensitive corporate data and extort high-value companies. GTIG links UNC6783 to a “Raccoon” persona that allegedly stole Adobe data from a BPO, and the actor lures staff with live chats to spoofed Okta…