Latest news as of 4/9/2026, 7:07:56 PM
Bleeping Computer
Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...]
The Register
Cops bust latest scam, return $12m to bilked victims US, UK, and Canadian law enforcement Thursday said that they disrupted a $45 million global cryptocurrency scam, freezing $12 million in stolen funds and identifying more than 20,000 cryptocurrency wallet addresses linked to fraud victims across 30 countries.…
Dark Reading
The cybersecurity community is waiting with bated breath to see if Iranian hackers will honor a ceasefire that doesn't actually name or directly involve them.
The Register
Possible link to Mr. Raccoon's claimed Adobe break-in A new extortion crew has targeted “several dozen high-value” corporations through phishing and helpdesk social-engineering, according to Google.…
The Hacker News
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and
Bleeping Computer
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]
The Register
UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline A cybersecurity incident has knocked FleetWave into a "major outage" across the UK and US after Chevin Fleet Solutions pulled parts of its SaaS platform offline and left customers scrambling for answers.…
The Register
Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload Hackers have been quietly exploiting what appears to be a zero-day in Adobe Acrobat Reader for months, using booby-trapped PDFs to profile targets and decide who's worth fully compromising.…
Bleeping Computer
Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication verifies the user—not the session—blocking phishing relays and MFA bypass. [...]
The Register
No emails, no warnings, no humans – just bots, catch-22s, and a 60-day appeals queue Microsoft says that it will work on how it communicates with developers after two leading open source figures were suddenly locked out of their accounts, leaving them unable to sign updates.…