A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image.

When clicking the checkout button, the victim is shown a convincing overlay that can validate card details and billing data.

The campaign was discovered by eCommerce security company Sansec, whose researchers believe that the attacker likely gained access by exploiting the PolyShell vulnerability disclosed in mid-March.

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands.

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution.

Identified as CVE-2026–0740, the issue is currently exploited in attacks. According to WordPress security company Defiant, its Wordfence firewall blocked more than 3,600 attacks over the past 24 hours.

With over 600,000 downloads, Ninja Forms is a popular WordPress form builder that lets users create forms without coding using a drag-and-drop interface. Its File Upload extension, included in the same suite, serves 90,000 customers.

Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions.

Dubbed BlueHammer, the vulnerability was published by a security researcher discontent with how Microsoft’s Security Response Center (MSRC) handled the disclosure process.

Since, the security issue has no official patch and there is no update to address it, the flaw is considered a zero-day by Microsoft’s definition.

Cisco patches two 9.8 CVSS flaws (CVE-2026–20093, CVE-2026–20160), preventing authentication bypass and root access.

Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of devices to protect users from the risk posed by a recently disclosed exploit kit known as DarkSword.

“We enabled the availability of iOS 18.7.7 for more devices on April 1, 2026, so users with Automatic Updates turned on can automatically receive important security protections from web attacks called DarkSword,” the company said. “The fixes associated with the DarkSword exploit first shipped in 2025.”

Remote access and trusted administrative tools play a central role in how organizations operate today. According to Blackpoint Cyber’s 2026 Annual Threat Report, they are also increasingly central to how intrusions begin.

Informed by analysis of thousands of security investigations conducted during the reporting period, the report highlights a shift in attacker behavior. Rather than relying primarily on vulnerability exploitation, threat actors frequently gained access by using valid credentials, legitimate tools, and routine user-driven actions.

The report examines these patterns, documents where intrusion activity was disrupted, and presents defensive priorities derived from analyzed incident response outcomes observed throughout 2025.