Hackers use pixel-large SVG trick to hide credit card stealer

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate card details and billing data. The campaign was discovered by eCommerce security company Sansec, whose researchers believe […]

Google: New UNC6783 hackers steal corporate Zendesk support tickets

A threat actor tracked as UNC6783 is compromising business process outsourcing (BPO) providers to gain access to high-value companies across multiple sectors. According to the Google Threat Intelligence Group, dozens of corporate entities have been targeted through this method to exfiltrate sensitive data for extortion. Austin Larsen, GTIG principal threat analyst, says that UNC6783 typically relies on social engineering and phishing […]

CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday

CISA has given U.S. government agencies four days to secure their systems against a critical-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in attacks since January. Tracked as CVE-2026-1340, this critical-severity code injection flaw enables threat actors without privileges to gain remote code execution on Internet-exposed and unpatched EPMM appliances. Ivanti flagged this and […]

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone undetected for 13 years and could be exploited to execute arbitrary commands. The flaw was uncovered using the Claude AI assistant, which identified an exploit path by analyzing how independently developed components interact. Tracked as CVE-2026-34197, the security issue […]

Hackers exploit critical flaw in Ninja Forms WordPress plugin

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. Identified as CVE-2026-0740, the issue is currently exploited in attacks. According to WordPress security company Defiant, its Wordfence firewall blocked more than 3,600 attacks over the past 24 hours. […]

Snowflake customers hit in data theft attacks after SaaS integrator breach

Over a dozen companies have suffered data theft attacks after a SaaS integration provider was breached and authentication tokens stolen. While numerous cloud storage and SaaS vendors were targeted using the stolen tokens, BleepingComputer has learned that the majority of the data theft attacks targeted the cloud data platform Snowflake. Snowflake confirmed “unusual activity” to BleepingComputer, […]

US warns of Iranian hackers targeting critical infrastructure

Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations. The warning came earlier today in the form of a joint advisory authored by the FBI, CISA, NSA, the Environmental Protection Agency (EPA), Department of Energy (DOE), and the United States Cyber Command – Cyber National Mission […]

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. The flaw allows injecting JavaScript code without any security checks and was publicly disclosed last September, with the warning that successful exploitation leads to command execution and file system […]