Industry News

SecurityWeekApr 14, 20262m5

Google Adds Rust DNS Parser to Pixel Phones for Better Security

The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment.

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

The Hacker NewsApr 14, 20261m5

Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan (R...

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

The Hacker NewsApr 14, 20262m5

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Critical risk surged nearly 400% as AI-driven development increased vulnerabilities across 250 organizations.

Nightclub Giant RCI Hospitality Reports Data Breach

SecurityWeek

SecurityWeekApr 14, 20262m5

Nightclub Giant RCI Hospitality Reports Data Breach

The company said in an SEC filing that an IDOR vulnerability affecting RCI Internet Services exposed contractor data.

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

SecurityWeek

SecurityWeekApr 14, 20262m5

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

The security defects allow attackers to escalate privileges and execute arbitrary code remotely.

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

The Hacker NewsApr 14, 20263m5

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

108 Chrome extensions routed stolen Google and Telegram data to shared C2 infrastructure, impacting 20,000 users.

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

The Hacker NewsApr 14, 20262m5

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

ShowDoc CVE-2025-0520 exploited due to unpatched versions before 2.8.7, enabling remote code execution on 2,000+ instances.

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

The Hacker NewsApr 14, 20261m5

CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2026-21643 (CVSS score: 9.1) - An SQL injectio...

Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads

Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads

Security teams can't test distributed denial-of-service defenses in a vacuum. They need to test during periods of high demand, such as tax filing deadlines.

CSA: CISOs Should Prepare for Post-Mythos Exploit Storm

CSA: CISOs Should Prepare for Post-Mythos Exploit Storm

Security experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos in a new paper from the Cloud Security Alliance (CSA).

Adobe Patches Actively Exploited Zero-Day That Lingered for Months

Adobe Patches Actively Exploited Zero-Day That Lingered for Months

An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months.

Empty Attestations: OT Lacks the Tools for Cryptographic Readiness

Empty Attestations: OT Lacks the Tools for Cryptographic Readiness

OT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in paperwork dressed up to look like genuine security.