Hackers linked to Russia's military intelligence are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users. The spying campaign allowed state-backed Russian hackers to siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. Microsoft identified more than 200 organizations and 5,000 devices that were caught up in spying network known as "Forest Blizzard." READ MORE...
Signature Healthcare in Brockton, Massachusetts, has diverted ambulances after a cyberattack caused significant disruptions. Signature Healthcare runs Brockton Hospital, a 200-bed community hospital, and the Signature Medical Group, which employs more than 150 physicians across 15 locations. The healthcare organization reported responding to a cybersecurity incident on Monday. READ MORE...
A Dutch healthcare software vendor has been knocked offline following a ransomware attack, officials say. ChipSoft's website went down on April 7 and remains unreachable at the time of writing. The company provides hospitals with patient record software, serving around 80 percent of all facilities in the country. The ransomware element of the cyberattack was confirmed in an advisory penned by Z-CERT. READ MORE...
Hundreds of organizations have been compromised daily by a Microsoft device-code phishing campaign that uses AI and automation at nearly every stage of the attack chain to ultimately snoop through corporate email inboxes and steal financial data. "Since March 15, 2026, we have observed 10 to 15 distinct campaigns launching every 24 hours," Microsoft VP of security research Tanmay Ganacharya told The Register. READ MORE...
Several critical infrastructure organizations in the US were disrupted by Iran-linked cyberattacks that impacted operational technology (OT) devices, according to an urgent warning from federal agencies on Tuesday. In a joint advisory, the FBI, CISA, NSA, EPA, DOE, and United States Cyber Command warned that attacks in recent weeks have targeted devices spanning multiple sectors, including government services and facilities, water and wastewater systems, and energy sectors. READ MORE...
OpenSSL 3.6.2 patches eight CVEs across a range of components. The project rates the most severe issue in the release as Moderate. The release fixes incorrect failure handling in RSA KEM RSASVE encapsulation (CVE-2026-31790) and a loss of key agreement group tuple structure when the DEFAULT keyword is used in server-side configuration of the key-agreement group list (CVE-2026-2673). An out-of-bounds read in AES-CFB-128 on x86-64 CPUs with AVX-512 support (CVE-2026-28386) is also addressed. READ MORE...
An issue with observability platform Grafana would have enabled attackers to trick its AI capabilities into leaking sensitive data. Grafana is a popular observability platform used to compile and track business data tied to finances, telemetry, operations, infrastructure, customer, and more. Because the platform's nature inherently connects it to the center of an organization's most valuable information, compromising a Grafana instance could prove devastating. READ MORE...
Chaos, Go-based malware first documented by Lumen's Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the malware operating against misconfigured Linux cloud servers, a category of infrastructure the botnet had not previously prioritized. Darktrace's malware research team documented the compromise through its CloudyPots program, a global honeypot network that captures attacker behavior across a range of services and cloud platforms. READ MORE...
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. Identified as CVE-2026-0740, the issue is currently exploited in attacks. According to WordPress security company Defiant, its Wordfence firewall blocked more than 3,600 attacks over the past 24 hours. The vulnerability affects Ninja Forms File Upload versions up to 3.3.26. READ MORE...