Security Affairs
- Get link
- X
- Other Apps
"Cyber attacks fuel surge in cargo theft across logistics industry."
Views expressed in this cybersecurity, cyber crime update are those of the reporters.
Accessed on 20 April 2026, 0010 UTC.
Content and Source: "Security Affairs."
Content provided by email subscription from https://feedly.com.
https://feedly.com/i/subscription/content/feed%2Fhttp%3A%2F%2Fsecurityaffairs.co%2Fwordpress%2Ffeed
Please check subscription link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
43
Today
Hackers infiltrate logistics firms to steal cargo and divert payments, cyberattacks are linked to organized crime and rising losses. Proofpoint researchers observed crooks targeting trucking and logistics companies, running coordinated remote access campaigns to steal cargo and divert payments. These attacks appear to be linked to organized crime. The findings highlight a growing trend of cyber-e
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CPU-Z / HWMonitor watering hole infection – a copy-pasted attack Fake Claude site installs malware that gives attackers access to your computer Malware Analysis Static SKILL for Codex JanelaRAT: a financial threat targeting users in Latin America Mirax: a new Andro
Yesterday
by Pierluigi Paganini / 14h
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attac
17 TTPs
by Pierluigi Paganini / 1d
Attackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, an open-source emulator, to hide malicious activity inside virtual machines. By running malware in a VM, attackers avoid endpoint security controls and leave minimal traces on the host system. This appr
15 TTPs
by Pierluigi Paganini / 1d
A Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are exploiting vulnerabilities in TBK DVRs and end-of-life TP-Link routers to spread a Mirai variant called Nexcorium. “IoT devices are increasingly prime targets for large-scale attacks due to their widespr
Apr 17, 2026
Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Microsoft Defender to gain higher privileges on compromised systems. The vulnerabilities, called BlueHammer, RedSun, and UnDefend, were revealed by a researcher known as Chaotic Eclipse after criticizing Mic
Grinex halted operations after a $13.7M hack, blaming Western intelligence. Stolen funds came from wallets of Russian users on the platform. Kyrgyz crypto exchange Grinex halted operations after a threat actor stole $13.7 million in a cyber attack that the company attributes to Western intelligence agencies. The stolen funds belonged to Russian users, as the platform supported crypto-ruble transa
A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30-month prison sentence for his role in a 2022 credential stuffing attack against DraftKings . He continued selling stolen login data online even after pleading guilty. The court also ordered three years
Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts. Operation PowerOFF is an international law enforcement action that dismantled 53 domains linked to DDoS-for-hire services used by over 75,000 cybercriminals. Authorities arrested four suspects, seized infrastructure, and gained access to databases containing mo
Apr 16, 2026
New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed to target water treatment and desalination systems, which aims to disrupt operations by altering hydraulic pressure and increasing chlorine levels to unsafe levels. The malware combines common technique
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog . CVE-2026-34197 is a critical flaw in Apache ActiveMQ cau
2 TTPs
by Pierluigi Paganini / 3d
that could allow code execution and user impersonation. Cisco has addressed four critical vulnerabilities affecting its Identity Services and Webex platforms. The flaws could allow attackers to execute arbitrary code and impersonate any user within the affected services. The issues pose serious security risks, prompting urgent updates to protect systems and prevent potential exploitation. Below
A ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware attack on Cookeville Regional Medical Center (CRMC) in Tennessee led to a major data breach affecting about 337,000 people. The attack, carried out by the Rhysida group , involved the theft of around 500GB o
11 TTPs
by Pierluigi Paganini / 3d
Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow automation platform n8n to launch advanced phishing campaigns, deliver malware, and collect device data through automated emails. By using trusted infrastructure, they can bypass traditional security control
28 TTPs
by Pierluigi Paganini / 3d
CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor UAC-0247 targeting Ukrainian government entities and municipal healthcare facilities, including clinics and emergency hospitals. The operation between March and April 2026, used malware designed to stea
Apr 15, 2026
Sweden says a pro-Russian group attacked a heating plant in 2025. The failed cyberattack highlights growing threats to Europe’s energy infrastructure. Sweden has blamed a pro-Russian group linked to Russian intelligence for a failed cyberattack on a heating plant in 2025. Officials say the incident is part of a broader wave of attacks targeting critical infrastructure across Europe. Similar opera
2 TTPs
by Pierluigi Paganini / 4d
An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026-33032 (CVSS score of 9.8), is being actively exploited, allowing attackers to bypass authentication and fully take over Nginx servers. The issue stems from improper protection of the /mcp_message endpoi
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the flaws added to the catalog: CVE-2009-02
Mirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan spreading through ads on Meta platforms, targeting mainly Spanish-speaking users and reaching over 220,000 accounts. The malicious code lets attackers fully control infected devices in real time and goes furt
Apr 14, 2026
by Pierluigi Paganini / 4d
Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in PHP Composer could allow attackers to execute arbitrary commands. PHP Composer is a dependency manager for PHP that helps developers install and manage libraries their projects need. By defining packages
Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulnerabilities, making it one of the largest updates by CVE count. One of the most interesting flaws fixed by the IT giant is a critical SharePoint zero-day, tracked as CVE-2026-32201 , already exploited in
A breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affecting around 1 million members. Hackers gained unauthorized access to the company systems and stole personal. The gym chain said it recently detected the intrusion and is investigating the incident while n
by Pierluigi Paganini / 5d
US, UK and Canada ran Operation Atlantic, uncovering $45M in crypto theft and freezing $12M to return to victims. An international law enforcement operation from the US, UK and Canada, codenamed Operation Atlantic, has targeted large-scale cryptocurrency theft schemes. Authorities identified more than $45 million in stolen digital assets and successfully froze around $12 million. The seized funds
Leak of 8.1GB data tied to Rockstar Games includes anti-cheat code, game data, analytics and more, reportedly exposed by ShinyHunters. An 8.1GB data leak reportedly linked to Rockstar Games has surfaced, with files shared by ShinyHunters after being obtained via Anodot. The dataset includes anti-cheat source code, player analytics, game assets, Zendesk support tickets and financial information. B
Apr 13, 2026
5 TTPs
by Pierluigi Paganini / 5d
A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration and communication efficiency. Versio
5 TTPs
by Pierluigi Paganini / 5d
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog . Below are the flaws added to the catalog: C
Fake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic’s Claude service was found distributing the PlugX remote access trojan, according to Malwarebytes. The rogue site abuses the chatbot’s popularity to trick users into downloading a ZIP archive presented as a “pro version” installer. The malware uses DLL s
Hackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer data linked to travel reservations. Exposed details could include names, email addresses, phone numbers, and information shared with accommodations. Booking.com is one of the world’s leading online travel a
by Pierluigi Paganini / 6d
An FBI case in Texas shows Signal messages can still be recovered from iPhones even after app uninstall, via system artifacts, challenging privacy assumptions. The recent revelations about FBI forensic access to Signal messages on an iPhone have reignited a long-standing misunderstanding about mobile privacy: the belief that disappearing messages and encrypted apps guarantee that no trace of comm
Citizen Lab reported that law enforcement used the surveillance tool Webloc to track up to 500M devices via ad data globally. A report by Citizen Lab revealed that law enforcement agencies in the U.S.,
- Get link
- X
- Other Apps
Comments
Post a Comment
Please leave a comment about our recent post.