-

·
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code. SGLang is…
-

·
Bluesky Disrupted by Sophisticated DDoS Attack
Bluesky, the decentralised microblogging social media platform, reported service outages last week due to a distributed denial-of-service (DDoS) attack aimed at its systems. The DDoS attack appears to have started late on April 15 (Pacific Time) and continued into the next day. The company described it as a sophisticated attack that caused intermittent app outages.…
-

·
Russian GRU Hackers Mass Harvest Microsoft Office Tokens from 18,000 Networks
Hackers linked to Russia’s military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code. Microsoft…
-

·
Microsoft Patches 167 Vulnerabilities Including SharePoint Zero-Day and BlueHammer
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly disclosed weakness in Windows Defender dubbed “BlueHammer.” Redmond warns that attackers are already targeting CVE-2026-32201, a vulnerability in Microsoft SharePoint Server that allows attackers to spoof trusted…
-

·
Google Blocks 8.3 Billion Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
Google this week announced a new set of Play policy updates to strengthen user privacy and protect businesses against fraud, even as it revealed it blocked or removed over 8.3 billion ads globally and suspended 24.9 million accounts in 2025. The new policy updates relate to contact and location permissions in Android, allowing third-party apps…
-

·
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
An international law enforcement operation has taken down 53 domains and arrested four people in connection with commercial distributed denial-of-service (DDoS) operations that were used by more than 75,000 cybercriminals. The ongoing effort, dubbed Operation PowerOFF, disrupted access to the DDoS-for-hire services, took down the technical infrastructure supporting them, and obtained access to databases containing…
-

·
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
Threat actors are exploiting security flaws in TBK DVR and end-of-life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability…
-

·
McGraw-Hill Data Breach: 45 Million Salesforce Records Exposed
Educational publishing giant McGraw-Hill suffered a major data breach after hackers exploited Salesforce misconfigurations to access internal company data. The ShinyHunters ransomware group claimed responsibility for the attack, which exposed approximately 45 million Salesforce records containing personally identifiable information. This represents another significant cloud infrastructure breach targeting the education sector, following similar attacks on other…
-

·
Booking.com Data Breach Enables “Reservation Hijacks” Scam
A data breach at travel giant Booking.com exposed customer reservation details including full names, addresses, booking dates, email addresses, and phone numbers. Cybersecurity firm Norton reports criminals are now conducting reservation hijacks – contacting customers posing as hotels to trick them into sending money for fake reservation issues. The company has updated reservation PINs and…
-

·
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
An international law enforcement operation involving 21 countries (including Australia, the U.S., UK, Germany, and Japan) took down 53 domains and arrested four people running commercial DDoS-for-hire services. The operation disrupted “booter” services used by over 75,000 cybercriminals, with databases containing over 3 million criminal user accounts seized. Authorities are now sending warning emails to…



