Information

27 Apr

Incomplete Windows Patch Opens Door to Zero-Click Attacks

Information, News

Incomplete patch for a Windows SmartScreen and Windows Shell security prompts bypass created a new bug enabling zero-click attacks, Akamai reports. The initial vulnerability, tracked as CVE-2026-21510 and patched in February, could be exploited for remote code execution (RCE) if the attacker could convince the victim to open a malicious shortcut file. Microsoft warned at the time that the flaw had been exploited as a zero-day, without providing details on the observed attacks. Now, Akamai…

Read More
25 Apr

China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks

Information, News

A newly uncovered APT is relying on legitimate services for command-and-control (C&C) communication and data exfiltration, ESET warns. Tracked as GopherWhisper (PDF) and active since at least November 2023, the hacking group is operating out of China, as timestamp inspection of chat messages and emails has revealed. The APT came to the spotlight in January 2025, during the investigation into a Go-based backdoor found on the systems of a governmental entity in Mongolia, which led…

Read More
24 Apr

GopherWhisper: A burrow full of malware

Information

ESET Research ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions Eric Howard 23 Apr 2026  •  , 6 min. read ESET researchers have discovered a previously undocumented China-aligned APT group that we named GopherWhisper. The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute various backdoors in its arsenal. In the observed campaign, the threat…

Read More
24 Apr

Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions

Information, Malware, News

SentinelOne has discovered a Lua-based sabotage malware created years before the notorious Stuxnet malware and designed to tamper with high-precision calculation software. Dubbed Fast16, the malware was referenced in the ShadowBrokers’ leak of National Security Agency (NSA) offensive tools and was used in an attack in 2005. SentinelOne has found evidence indicating that Fast16, just like Stuxnet, may have been developed by the United States. Looking for the first use of Lua in Windows malware,…

Read More
24 Apr

In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device

Information, News

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: Tennessee hacker gets probation for Supreme Court breaches Nicholas Moore, 25,…

Read More
23 Apr

New NGate variant hides in a trojanized NFC payment app

Information

ESET Research has discovered a new variant of the NGate malware family that abuses a legitimate Android application called HandyPay, instead of the previously leveraged NFCGate tool. The threat actors took the app, which is used to relay NFC data, and patched it with malicious code that appears to have been AI-generated. As with previous iterations of NGate, the malicious code allows the attackers to transfer NFC data from the victim’s payment card to their…

Read More
21 Apr

What the ransom note won’t say

Information

In March 2024, an affiliate of the BlackCat ransomware gang took to a cybercrime forum with a complaint. They’d carried out the attack on Change Healthcare – one of the largest healthcare data breaches in U.S. history – but never got their cut of the $22 million ransom payment. BlackCat’s operators had taken the money and vanished, putting up a fake FBI seizure notice on their leak site to cover the exit. The grievance almost…

Read More
21 Apr

‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty

Data Breaches, Information, Insights

A 24-year-old British national and senior member of the cybercrime group “Scattered Spider” has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that allowed the group to hack into at least a dozen major technology companies and steal tens of millions of dollars worth of cryptocurrency from investors. Buchanan’s hacker handle “Tylerb” once graced a…

Read More
18 Apr

That data breach alert might be a trap

Information

Ignoring a real breach notification invites risk, but falling for a bogus one could be even worse. Stop reacting on autopilot. Phil Muncaster 17 Apr 2026  •  , 5 min. read Receiving a data breach notice may have once been a rare event. With data breaches hitting record numbers, however, these notifications are no longer as surprising as they once were. In the US alone, there were 3,322 such breaches reported last year, resulting in…

Read More
17 Apr

Supply chain dependencies: Have you checked your blind spot?

Information

Some cyber business risks only show up when you take a closer look. Supply chain blind spots are a perfect example. Behind these essential third-party connections, products and services can lurk unseen vulnerabilities that precipitate major cyber incidents – halting operations, triggering downstream chaos, and making headlines with their financial, reputational, and legal/compliance impacts. As supply chains become increasingly digitized and complex, they provide cybercriminals a bigger “risk surface” to aim for. Organizations need to…

Read More