Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. The tool is highly popular in the Node Package Manager (npm) registry, with an average of nearly 50 million weekly downloads. It is used for inter-service communication, in real-time applications, and […]

NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support

The new release adds automated replication, support for newer VMware vSphere and Proxmox versions, and modern authentication for faster, safer recovery. Sparks, Nevada – April 3rd, 2026 – NAKIVO Inc., trusted by over 16,000 organizations in 191 countries, announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data […]

Grinex exchange blames “Western intelligence” for $13.7M crypto hack

Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies. The funds were stolen from cryptocurrency wallets belonging to Russian users, as the platform enables crypto-ruble exchange operations between Russian businesses and individuals. Launched early last year, Grinex has Russian links and is believed to be […]

Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops

The underground market for stolen credit card data has long operated as a volatile and highly deceptive ecosystem, where even experienced actors routinely fall victim to scams, exit schemes, and compromised services. In recent years, this environment has become even more unstable, driven by increased law enforcement pressure, internal distrust among criminals, and the rapid […]

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that a high-severity Apache ActiveMQ vulnerability patched earlier this month is now actively exploited in attacks. Apache ActiveMQ is the most popular open-source Java-based message broker for asynchronous communication between applications. Tracked as CVE-2026-34197, the security flaw has gone undetected for 13 years and […]

Microsoft: Some Windows servers enter reboot loops after April patches

Microsoft has confirmed that some Windows domain controllers are entering restart loops due to Local Security Authority Subsystem Service (LSASS) crashes after installing the April 2026 security updates. The company also warned that Windows admins may encounter this issue when setting up new domain controllers, or even on existing ones, if the server processes authentication […]

Man gets 30 months for selling thousands of hacked DraftKings accounts

23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts. According to court documents, the accounts were hijacked by Nathan Austad (aka Snoopy) with the help of Joseph Garrison (a third accomplice charged in May 2023) in a massive November 2022 credential-stuffing attack that compromised nearly 68,000 DraftKings accounts. U.S. prosecutors […]