A new advanced persistent threat group, identified as GopherWhisper, has been linked to cyberattacks targeting a Mongolian government entity. This group, which appears to be aligned with China, is utilizing popular collaboration tools like Slack and Discord to conceal its command and control communications. By embedding malicious traffic within normal enterprise activities, they are making detection more difficult. This trend of leveraging widely used platforms for malicious purposes raises concerns for organizations that rely on these tools for communication and collaboration. As attackers continue to innovate in their methods, it is crucial for companies to remain vigilant and enhance their security measures to protect against such tactics.
Latest Cybersecurity Threats
Real-time threat intelligence from trusted sources
Infosecurity Magazine
The UK's National Cyber Security Centre (NCSC) has endorsed the use of passkeys as the preferred method for consumer logins, marking a significant shift in digital security practices. This endorsement comes after successful implementations of passkey technology within the National Health Service (NHS) and advancements from the FIDO Alliance, which promotes strong authentication methods. By supporting passkeys, the NCSC aims to enhance security for users by reducing reliance on traditional passwords, which are often vulnerable to hacking. This move is particularly relevant as more organizations look to bolster their cybersecurity measures in response to increasing online threats. Implementing passkeys could lead to safer digital interactions for millions of users across various sectors.
A newly discovered vulnerability in Microsoft Defender has been exploited as a zero-day, allowing attackers to access the Security Account Manager (SAM) database. This flaw enables them to extract NTLM hashes, potentially granting them system-level privileges. This is particularly concerning as it affects a widely used security solution, which could put numerous systems at risk. Organizations using Microsoft Defender should be vigilant, as this exploitation may lead to unauthorized access to sensitive data and systems. The urgency of addressing this vulnerability cannot be overstated, given its potential impact on user security.
The 2026 InsurSec Report from At-Bay reveals a significant increase in cyber insurance claims, with a 7% rise in frequency and an average claim severity reaching $221,000. Ransomware attacks are notably costly, with an average severity of $508,000, marking a 16% increase from the previous year. A key finding is that remote access services were the entry point for 87% of ransomware claims in 2025, indicating a major vulnerability for organizations. This rise in claims underscores the growing threat of cyber incidents, particularly ransomware, and highlights the need for businesses to strengthen their security measures. As cyber threats evolve, companies must prioritize securing remote access points to mitigate risks and potential financial losses.
SCM feed for Latest
A report from Infosecurity Magazine warns that organizations are increasingly vulnerable to cyberattacks due to a lack of effective strategies for managing AI agents. As companies adopt AI technologies without appropriate oversight, the risk of these systems being exploited by attackers rises. This situation poses a significant threat to data security and system integrity, as poorly governed AI can facilitate malicious activities. Organizations that fail to implement clear guidelines for AI use may find themselves facing increased incidents of cybersecurity breaches. Addressing this issue is crucial for protecting sensitive information and maintaining trust in digital systems.
SCM feed for Latest
Agoda, a popular booking platform in Asia, has denied rumors of a significant data breach that allegedly compromised 82 million user records. This denial comes shortly after its parent company, Booking Holdings, reported a data breach affecting Booking.com, which exposed sensitive user reservation information. The claims about Agoda's breach were fueled by concerns over the recent vulnerability at Booking.com, raising alarms about the security of user data across these platforms. While Agoda insists that no such breach occurred, the situation highlights ongoing concerns over data security in the travel industry. Users should remain vigilant about their personal information, especially in light of recent incidents affecting major companies.
SCM feed for Latest
A severe vulnerability in Apache ActiveMQ, identified as CVE-2026-34197, has put over 6,400 servers at risk of exploitation. This widely used open-source message broker is utilized globally, with 6,476 instances exposed to the internet. Attackers could potentially execute code remotely, which could lead to significant security breaches. Organizations using ActiveMQ should take immediate action to assess their systems and implement protective measures. The urgency of this situation highlights the need for timely updates and monitoring of server configurations to prevent unauthorized access.
SCM feed for Latest
Citizens Financial Group and Frost Bank, two significant U.S. banks, have reportedly fallen victim to the Everest ransomware group. This operation has claimed to have stolen large volumes of sensitive data from both institutions and is threatening to release this information by April 26. The breach is concerning not only for the banks but also for their customers, as it raises fears about the exposure of personal and financial information. Ransomware attacks on financial institutions can lead to severe consequences, including financial loss and damage to customer trust. As the situation develops, both banks will need to respond quickly to mitigate the impact of this breach and reassure their clients.
The ransomware group known as 'The Gentlemen' has quickly gained notoriety for its rapid operational growth and advanced tactics. Researchers have noted that this gang is not only expanding its reach but also enhancing its methods, making it a significant player in the ransomware space. Their swift rise poses a serious risk to various organizations, as they can potentially exploit vulnerabilities faster than many can respond. This development emphasizes the need for companies to strengthen their cybersecurity measures and remain vigilant against such emerging threats. As ransomware attacks continue to evolve, understanding the capabilities of groups like The Gentlemen is crucial for effective defense.
House Republicans have introduced a new national privacy bill aimed at regulating data collection and usage across the United States. This legislation appears to draw inspiration from existing privacy laws in states like Virginia and Kentucky. However, experts warn that the bill may struggle to gain sufficient bipartisan support, which could hinder its passage. The bill's introduction comes amid growing concerns over data privacy and consumer protection, making it a significant topic in the current political landscape. If passed, this legislation could set a new standard for how companies handle personal data, impacting both businesses and consumers nationwide.
BleepingComputer
A new campaign linked to the Mirai malware is exploiting a serious command-injection vulnerability in D-Link DIR-823X routers, identified as CVE-2025-29635. This vulnerability allows attackers to take control of the routers and integrate them into a botnet. Users of these routers are at risk as their devices can be hijacked for malicious purposes, including launching distributed denial-of-service (DDoS) attacks. This situation is particularly concerning since the affected routers are at the end of their life cycle, meaning they are unlikely to receive security updates. It’s crucial for users to be aware of this exploit and take necessary precautions to secure their networks.
SCM feed for Latest
A recent report from Mozilla reveals that the Claude Mythos AI model has identified hundreds of bugs within the Firefox browser. While this discovery can enhance the security of Firefox by allowing developers to patch vulnerabilities, it also poses a risk by potentially lowering the barriers for attackers. With these bugs exposed, malicious actors could exploit them before they are addressed. This situation raises concerns about the balance between improving security through vulnerability detection and the risk of making it easier for attackers to find and exploit weaknesses. Users of Firefox should stay alert for updates and patches to ensure their browsing experience remains secure.
Security Affairs
Mastodon experienced a significant DDoS attack shortly after Bluesky faced a similar disruption. Both platforms, which serve as decentralized social networking sites, were temporarily knocked offline due to these attacks. Mastodon managed to restore its services within a few hours, but the timing of these incidents raises concerns about the security of emerging social media platforms. DDoS attacks can severely impact user experience and trust, making it crucial for these services to enhance their defenses against such threats. Users and developers alike should remain vigilant as these incidents highlight the ongoing challenges in securing online communication tools.
Hackread – Cybersecurity News, Data Breaches, AI and More
Anthropic is currently investigating a security breach involving its Claude Mythos AI model after a group linked to Discord gained unauthorized access. Fortunately, the company has stated that there is no evidence suggesting that its core systems were affected by this incident. The breach raises concerns about the security measures in place for vendor relationships, especially as more companies rely on third-party services. This incident underscores the importance of robust security protocols to protect sensitive AI models and data from potential exploitation. As Anthropic continues its investigation, it remains crucial for organizations to review their vendor security practices to prevent similar breaches.
Researchers have discovered that malicious Docker images were uploaded to the official 'checkmarx/kics' repository on Docker Hub. Unknown attackers managed to overwrite existing tags such as v2.1.20 and alpine, and they also created a new tag, v2.1.21, which does not match any legitimate release. This poses a significant risk to users who may unknowingly download these compromised images, potentially exposing their systems to vulnerabilities. Companies relying on these Docker images for software development or deployment should take immediate action to ensure their environments are secure. This incident highlights the ongoing challenges in securing software supply chains against malicious actors.