Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

CISA orders feds to patch Windows flaw exploited as zero-day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks.

Tracked as CVE-2026–32202, this security flaw was reported by cybersecurity firm Akamai, which described it as a zero-click NTLM hash leak vulnerability left behind after Microsoft incompletely patched a remote code execution flaw (CVE-2026–21510) in February.

As CERT-UA revealed, the Russian APT28 (aka UAC-0001 and Fancy Bear) cyberespionage group exploited CVE-2026–21510 in attacks against Ukraine and EU countries in December 2025 as part of an exploit chain that also targeted a LNK file flaw (CVE-2026–21513).

GitHub fixes RCE flaw that gave access to millions of private repos

In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026–3854) that could have allowed attackers to access millions of private repositories.

The flaw was reported on March 4, 2026, by researchers at cybersecurity firm Wiz through GitHub’s bug bounty program. GitHub Chief Information Security Officer Alexis Wales said the company’s security team reproduced and confirmed the vulnerability within 40 minutes and deployed a fix to GitHub.com less than two hours after receiving the report.

CVE-2026–3854 affects GitHub.com, GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise Managed Users, and GitHub Enterprise Server.

Popular WordPress redirect plugin hid dormant backdoor for years

The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users’ sites.

The malware was uncovered by Austin Ginder, the founder of WordPress hosting provider Anchor, who found it after 12 infected sites on his fleet triggered a security alert.

Quick Page/Post Redirect plugin, available on WordPress.org for several years, is a basic utility plugin used for creating redirects in posts, pages, and custom URLs.

Hackers arrested for hijacking and selling 610,000 Roblox accounts

The Ukrainian police have arrested three individuals who hacked more than 610,000 Roblox gaming accounts and sold them for a profit of $225,000.

The arrests were made by the police in Lviv after conducting ten searches on targeted locations, seizing $35,000 in cash, 37 mobile phones, 11 desktop computers, seven laptops, five tablets, and four USB drives.

Although the police did not specify the game platform targeted by the hackers, aged 19, 21, and 22, the Prosecutor General’s Office stated that it was Roblox.

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors.

The fact that VECT’s locker permanently destroys large files rather than encrypting them means even victims who opt to pay the ransom cannot get their data back, as the decryption keys are discarded by the malware during the time encryption occurs.

“VECT is being marketed as ransomware, but for any file over 131KB – which is most of what enterprises actually care about – it functions as a data destruction tool,” Eli Smadja, group manager at Check Point Research, said in a statement shared with The Hacker News.

US reportedly charges Scattered Spider hacker arrested in Finland

A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective.

According to temporarily unsealed court records obtained by the Chicago Tribune, the suspect (who used the online alias “Bouquet”) helped extort millions of dollars from multiple large corporations worldwide.

The suspected Scattered Spider member, who was allegedly arrested by Finnish law enforcement at Helsinki’s airport on April 10 while attempting to board a flight to Japan, is facing wire fraud, conspiracy, and computer intrusion charges.

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets.

The dangerous release is 0.23.3, and it extended to the Docker image due to the package’s workflow that creates the image from the code and uploads it to a container registry for deployment.

Community member crisperik spotted the malicious upload and opened an issue on the project’s GitHub on Saturday, alerting the maintainer and decreasing the exposure window.

Canada arrests three for operating “SMS blaster” device in Toronto

Canadian authorities have arrested three men for operating an “SMS blaster” device that pretends to be a cellular tower to send phishing texts to nearby phones.

Such tools trick devices into connecting to them by emitting signals that mimic a legitimate tower. Mobile phones in its range automatically link to them as there is stronger reception.

Once the connection is established, the operators of these rogue cellular base stations can push SMS messages directly to connected devices, which appear to come from trusted entities such as banks or the government.

Home security giant ADT data breach affects 5.5 million people

The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned.

Founded in 1874 as American District Telegraph, ADT is the oldest and largest home security company in the United States, currently providing monitored security and smart home solutions to over 6 million residential and small-business customers.

ADT has previously disclosed two other data breaches in August 2024 and October 2024 that exposed employee and customer information.

/* */