Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
High-end casino and hotel operator Wynn Resorts says more than 21,000 individuals are affected by the recently disclosed data breach. Wynn Resorts confirmed in late February that hackers had obtained employee data. The admission came after the notorious ShinyHunters cybercrime group claimed to have stolen more than 800,000 records containing personally identifiable information, including SSNs. The hackers later removed Wynn from their leak website. READ MORE...
Support platform breach exposes Hims & Hers customer data
Healthcare companies handle some of the most personal data imaginable. That makes them a magnet for hackers. And when those companies outsource their customer support to third-party platforms, every one of those platforms becomes another door someone can try to kick in. Telehealth giant Hims & Hers just learned that the hard way. The company is notifying customers that hackers broke into its customer service platform and stole support ticket data. READ MORE...
Automated Credential Harvesting Campaign Exploits React2Shell Flaw
A global cross-industry credential theft campaign is exploiting public-facing Web applications vulnerable to React2Shell and then deploying an automated collection tool to steal credentials and other valuable system data for further malicious activity. Researchers at Cisco Talos discovered the campaign, which they attribute to a threat cluster tracked as UAT-10608 and that uses an automated credential-harvesting framework dubbed "NEXUS Listener," according to a report published last week. READ MORE...
German authorities identify REvil and GandCrab ransomware bosses
The Federal Police in Germany (BKA) has identified two Russian nationals as the leaders of GandCrab and REvil ransomware operations between 2019 and 2021. According to BKA's disclosure, 31-year-old Daniil Maksimovich Shchukin and 43-year-old Anatoly Sergeevitsch Kravchuk acted as the heads of the two ransomware groups "from at least the beginning of 2019 until at least July 2021." Shchukin hid behind the monikers UNKN/UNKNOWN for years as a representative of the ransomware operation. READ MORE...
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
The Medusa ransomware group has been operating at a fast pace, seizing short windows of opportunity in attacks across multiple verticals, Microsoft says. Operating as a ransomware-as-a-service (RaaS), Medusa has been active since June 2021 and hit over 300 organizations in the critical infrastructure sector by February 2025. The group is known for engaging in double extortion, stealing victims' data in addition to encrypting it. READ MORE...
Axios Attack Shows Social Complex Engineering Is Industrialized
The Axios attack has highlighted the sophistication, scalability, and industrialization of social engineering attacks. Late last month, the NPM package of Axios, an extremely popular JavaScript HTTP client library, was compromised in a social engineering attack. A threat actor, believed to be North Korean threat group UNC1069, compromised lead maintainer Jason Saayman's account. The actor then published two malicious versions to NPM, which each contained a new malicious dependency. READ MORE...
New GPUBreach attack enables system takeover via GPU rowhammer
A new attack, dubbed GPUBreach, can induce Rowhammer bit-flips on GPU GDDR6 memories to escalate privileges and lead to a full system compromise. GPUBreach was developed by a team of researchers at the University of Toronto, and full details will be presented at the upcoming IEEE Symposium on Security & Privacy on April 13 in Oakland. The researchers demonstrated that Rowhammer-induced bit flips in GDDR6 can corrupt GPU page tables (PTEs) and grant arbitrary GPU memory read/write access. READ MORE...
Fortinet customers confront actively exploited zero-day, with a full patch still pending
Fortinet released an emergency software update over the weekend to address an actively exploited vulnerability in FortiClient EMS, an endpoint management tool for customer devices. The zero-day vulnerability - CVE-2026-35616 - has a CVSS rating of 9.8 and was added to the Cybersecurity and Infrastructure Security Agency's known exploited vulnerability catalog Monday. Fortinet said in a Saturday security advisory that it has seen the vulnerability being actively exploited in the wild. READ MORE...
Astronauts set distance record, revealing the Moon as a place to be explored
After staring at the Moon for almost eight hours Monday, the commander of NASA's Artemis II mission finally ran out of ways to describe what he was seeing. "No matter how long we look at this, our brains are not processing this image in front of us. It is absolutely spectacular, surreal," said Reid Wiseman, the 50-year-old Navy test pilot leading the four-person crew circumnavigating the Moon. "There are no adjectives. I'm going need to invent some new ones to describe what we're looking at outside this window." READ MORE...
- ...in 1954, international action film star Jackie Chan ("Rumble in the Bronx", "Rush Hour") is born in Hong Kong.
- ...in 1964, IBM announces the System/360, the first mainframe computer system designed to cover the full range of scientific and commercial applications.
- ...in 1983, astronauts Story Musgrave and Don Peterson make the first Space Shuttle spacewalk on Challenger's maiden voyage.
- ...in 2001, the Mars Odyssey orbiter is launched. It will go on to become the longest-serving spacecraft at Mars, with a mission duration of 19 years and counting.
