Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. […]
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims’ account credentials and attempt more than $20 million in fraud.
In tandem, authorities detained the alleged developer, who has&
In tandem, authorities detained the alleged developer, who has&
Booking.com Says Hackers Accessed User Information
The online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained.
The post Booking.com Says Hackers Accessed User Information appeared first on SecurityWeek.
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
New “Storm” infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. […]
BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings
Claims that “Microsoft is running one of the largest corporate espionage operations in modern history” face scrutiny as researchers analyze LinkedIn’s browser extension probing
The post BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings appeared first on SecurityWeek.
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
The AI giant is taking action after determining that a macOS code signing certificate may have been compromised.
The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek.
Your MTTD Looks Great. Your Post-Alert Gap Doesn’t
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks’ Wendi Whitmorewarned that similar capabilities are weeks or months from proliferation. CrowdStrike’s 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant’s M-Trends 2026
International Operation Targets Multimillion-Dollar Crypto Theft Schemes
Law enforcement in the US, UK and Canada identified more than $45 million in cryptocurrency and froze $12 million.
The post International Operation Targets Multimillion-Dollar Crypto Theft Schemes appeared first on SecurityWeek.
CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads
Download links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT.
The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek.