Breaking News – Cyber Threats (last 6h)
Generated: 2026-04-07 17:00 PDT
- Hackers exploit critical flaw in Ninja Forms WordPress plugin
BleepingComputer • 2026-04-07 15:03 • www.bleepingcomputer.com
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. […]
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-flaw-in-ninja-forms-wordpress-plugin/ - FBI: Americans lost a record $21 billion to cybercrime last year
BleepingComputer • 2026-04-07 13:41 • www.bleepingcomputer.com
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. […]
https://www.bleepingcomputer.com/news/security/fbi-americans-lost-a-record-21-billion-to-cybercrime-last-year/ - Snowflake customers hit in data theft attacks after SaaS integrator breach
BleepingComputer • 2026-04-07 12:39 • www.bleepingcomputer.com
Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. […]
https://www.bleepingcomputer.com/news/security/snowflake-customers-hit-in-data-theft-attacks-after-saas-integrator-breach/ - A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
SANS ISC Diary (full) • 2026-04-07 11:28 • isc.sans.eduWebshells remain a popular method for attackers to maintain persistence on a compromised web server. Many “arbitrary file write” and “remote code execution” vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these files keep changing and are often chosen to “fit in” with other files. Webshells themselves are also often used by parasitic attacks to compromise a server. Sadly (?), attackers are not always selecting good passwords either. In some cases, webshells come with pre-set backdoor credentials, which may be overlooke…
https://isc.sans.edu/diary/rss/32874 - US warns of Iranian hackers targeting critical infrastructure
BleepingComputer • 2026-04-07 11:02 • www.bleepingcomputer.com
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. […]
https://www.bleepingcomputer.com/news/security/us-warns-of-iranian-hackers-targeting-critical-infrastructure/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
