Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-14 03:00 PDT
- 108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
The Hacker News • 2026-04-14 01:35 • thehackernews.com
Cybersecurity researchers have discovered a new campaign in which a cluster of 108 Google Chrome extensions has been found to communicate with the same command-and-control (C2) infrastructure with the goal of collecting user data and enabling browser-level abuse by injecting ads and arbitrary JavaScript code into every web page visited.
According to Socket, the extensions are published
https://thehackernews.com/2026/04/108-malicious-chrome-extensions-steal.html - Weekly Update 499
Troy Hunt • 2026-04-13 23:30 • www.troyhunt.comI'm starting to become pretty fond of Bruce. Actually, I've had a bit of an epiphany: an AI assistant like Bruce isn't just about auto-responding to tickets in an entirely autonomous manner; it's also pretty awesome at responding with just a little
- ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
The Hacker News • 2026-04-13 22:50 • thehackernews.com
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0.
It relates to a case of unrestricted file upload that stems from improper validation of
https://thehackernews.com/2026/04/showdoc-rce-flaw-cve-2025-0520-actively.html - CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
The Hacker News • 2026-04-13 22:39 • thehackernews.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The list of vulnerabilities is as follows –CVE-2026-21643 (CVSS score: 9.1) – An SQL injection vulnerability in Fortinet FortiClient EMS that could allow an unauthenticated attacker to
https://thehackernews.com/2026/04/cisa-adds-6-known-exploited-flaws-in.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
