Latest Cybersecurity News
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions. A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your...
Google rolls out Gmail end-to-end encryption on mobile devices
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]
Multiple TP-Link Vulnerabilities Allow Attackers to Seize Control of the Device
Multiple TP-Link Vulnerabilities Allow Attackers to Seize Control of the Device Read more Published Date: Apr 10, 2026 (1 hour, 59 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-30818 CVE-2026-30817 CVE-2026-30816 CVE-2026-30815 CVE-2026-30814
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome...
Juniper Networks Default Password Vulnerability Let Attacker Take Full Control of the Device
Juniper Networks Default Password Vulnerability Let Attacker Take Full Control of the Device Read more Published Date: Apr 10, 2026 (3 hours, 35 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-33784
React Server Components Vulnerability Enables DoS Attacks
React Server Components Vulnerability Enables DoS Attacks Read more Published Date: Apr 10, 2026 (3 hours, 36 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-23869
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure Read more Published Date: Apr 10, 2026 (3 hours, 39 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-39987 CVE-2026-35616 CVE-2026-5281 CVE-2026-34040 CVE-2025-55182
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution...
April 2026 Patch Tuesday forecast: Spring-cleaning of a preview
April 2026 Patch Tuesday forecast: Spring-cleaning of a preview Read more Published Date: Apr 10, 2026 (3 hours, 54 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2026-34197 CVE-2026-5281
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress...
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]
New VENOM phishing attacks steal senior executives' Microsoft logins
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]
Healthcare IT solutions provider ChipSoft hit by ransomware attack
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. [...]
Google Chrome adds infostealer protection against session cookie theft
Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...]
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain...
What Is Credential Stuffing? Attackers Don’t Crack Passwords, They Buy Them
A massive Komiko AI data breach exposed over 1 million users, including OAuth tokens and session data—creating critical account takeover risks. Here’s what happened and how Brandefense detected it early. The post What Is Credential Stuffing? Attackers Don’t Crack Passwords, They Buy Them appeared first on Brandefense.
What Is Triple Extortion? The Anatomy of the Encryption + Leakage + DDoS Trio
Triple extortion ransomware is reshaping cyber threats. Discover how attackers operate and how to detect threats before encryption begins. The post What Is Triple Extortion? The Anatomy of the Encryption + Leakage + DDoS Trio appeared first on Brandefense.
MFA Doesn’t Protect You — Cookies Give You Away: The Rise of Session Hijacking
Session hijacking allows attackers to bypass MFA by stealing authentication cookies. Discover how it works and how to detect stolen session tokens before exploitation. The post MFA Doesn’t Protect You — Cookies Give You Away: The Rise of Session Hijacking appeared first on Brandefense.
Fake Mobile App: How Is Your Clone on the App Store Stealing Your Users?
Fake mobile apps replicate your brand to steal user credentials, financial data, and trust. Discover how attackers build, distribute, and monetize clone apps—and how to stop them early. The post Fake Mobile App: How Is Your Clone on the App Store Stealing Your Users? appeared first on Brandefense.
UAC-0102: Inside a Covert Espionage Operation Targeting Ukraine and Beyond
UAC-0102 is a stealth-focused cyber espionage group targeting Ukrainian government and infrastructure entities using spearphishing and cloud-based C2 techniques. The post UAC-0102: Inside a Covert Espionage Operation Targeting Ukraine and Beyond appeared first on Brandefense.
Refloow Geo Forensics: A Free Batch Image Geolocation and EXIF Forensics Tool for OSINT
Refloow Geo Forensics: A Free Batch Image Geolocation and EXIF Forensics Tool for OSINT
User Scanner: Scan a username across multiple social, developer, gaming and creator platforms to see if it’s available
User Scanner: Scan a username across multiple social, developer, gaming and creator platforms to see if it’s available
GitHub: Threat Actor Usernames Scrape
GitHub: Threat Actor Usernames Scrape
WebSift: An Open-Source OSINT Tool for Web-Based Threat Hunting
WebSift: An Open-Source OSINT Tool for Web-Based Threat Hunting
Scilla: Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Scilla: Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration