VulnHub

Real-time Cybersecurity News

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region

The Hacker News
Actively Exploited

Overview

A hack-for-hire campaign has been uncovered, believed to be linked to an actor with possible connections to the Indian government. This campaign has primarily targeted journalists, activists, and officials across the Middle East and North Africa (MENA) region. Notably, two Egyptian journalists known for their criticisms of the government were among the individuals affected. The findings, reported by Access Now, Lookout, and SMEX, raise significant concerns about the safety and privacy of those who report on sensitive issues in these regions. The implications of such targeted attacks extend beyond individual safety, potentially stifling freedom of expression and press in the affected areas.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Journalists, activists, government officials in MENA region, particularly Egyptian journalists.
  • Timeline: Newly disclosed

Original Article Summary

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included prominent Egyptian journalists and government critics, Mostafa

Impact

Journalists, activists, government officials in MENA region, particularly Egyptian journalists.

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Not specified

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

Healthcare IT solutions provider ChipSoft hit by ransomware attack

BleepingComputer

ChipSoft, a Dutch healthcare software provider, has been hit by a ransomware attack that has disrupted its online services. The attack forced the company to take its website and digital services offline, affecting both patients and healthcare providers who rely on their systems for medical information and services. This incident raises concerns about the security of healthcare IT systems, especially as they handle sensitive patient data. The downtime could lead to delays in patient care and disrupt operations for healthcare professionals. As ransomware attacks continue to pose a significant threat to the healthcare sector, this incident serves as a reminder of the vulnerabilities present in digital health infrastructure.

Apr 9, 2026

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

The Hacker News

A recently patched vulnerability in the EngageLab SDK, a third-party software development kit used in many Android applications, has potentially exposed the private data of around 50 million users, including 30 million cryptocurrency wallet holders. The flaw allowed apps on the same device to bypass Android's security measures, enabling unauthorized access to sensitive information. This incident raises significant concerns about the security of users' cryptocurrency assets, as the compromised data could have led to theft or fraud. Developers using the EngageLab SDK are urged to update their applications to protect users from potential attacks. The vulnerability was identified and addressed, but users should remain vigilant about app permissions and security practices.

Apr 9, 2026

Do Ceasefires Slow Cyberattacks? History Suggests Not

darkreading

The cybersecurity community is closely observing whether Iranian hackers will adhere to a ceasefire that does not specifically mention them. Historically, ceasefires in geopolitical conflicts have not significantly impacted the frequency of cyberattacks. Experts suggest that despite a temporary halt in physical hostilities, cyber operations often continue unabated. This raises concerns for organizations and governments that might be targeted by Iranian cyber actors, as they may not feel bound by such agreements. The situation underscores the ongoing risk that cyber threats pose, irrespective of diplomatic efforts.

Apr 9, 2026

Smart Slider updates hijacked to push malicious WordPress, Joomla versions

BleepingComputer

Hackers have compromised the update system for the Smart Slider 3 Pro plugin, which is used in WordPress and Joomla websites. These attackers managed to distribute a malicious version of the plugin that contains multiple backdoors, allowing them to access and control affected sites. This incident puts users of both platforms at risk, as the malicious code can lead to data breaches and unauthorized actions on their websites. Website administrators should be particularly vigilant, as the compromised update could have far-reaching consequences if not addressed promptly. Users are strongly advised to check their installations and update to the latest secure versions to mitigate any potential damage.

Apr 9, 2026

Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’

CyberScoop

The FBI has taken significant action against the Russian hacking group APT28, which is linked to the GRU, the Russian military intelligence agency. This operation targeted routers that APT28 had compromised, allowing them to access a range of networks. According to Brett Leatherman, the FBI's cyber chief, this group's ability to propagate attacks from routers made their threat particularly concerning. By disrupting this access, the FBI aims to protect various organizations from potential espionage and data breaches. This incident underscores the persistent risk posed by state-sponsored cyber actors and highlights the importance of securing network infrastructure to prevent similar intrusions in the future.

Apr 9, 2026

Sensitive LAPD documents reportedly leaked online by World Leaks

SCM feed for Latest

Sensitive documents from the Los Angeles Police Department have reportedly been leaked online by a group known as World Leaks. The breach has exposed around 7.7 terabytes of data, which includes over 337,000 files. This incident raises serious concerns about the security of law enforcement data and the potential implications for public safety and privacy. With such a large volume of sensitive information now accessible, there is a heightened risk of misuse or further exploitation. The LAPD and other authorities will need to take immediate action to assess the extent of the breach and protect against future incidents.

Apr 9, 2026