Microsoft adds Windows protections for malicious Remote Desktop files (2026-04-14 22:23 UTC)
Kurz: Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. […]
Crypto-exchange Kraken extorted by hackers after insider breach (2026-04-14 21:58 UTC)
Kurz: The Kraken cryptocurrency exchange announced that a cybercrime group is trying to extort the company by threatening to release videos showing internal systems that host client data. […]
Over 100 Chrome Web Store extensions steal user accounts, data (2026-04-14 20:33 UTC)
Kurz: More than 100 malicious extensions in the official Chrome Web Store are attempting to steal Google OAuth2 Bearer tokens, deploy backdoors, and carry out ad fraud. […]
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released (2026-04-14 15:57 UTC)
Kurz: Two high-severity security vulnerabilities have been disclosed in Composer, a package manager for PHP, that, if successfully exploited, could result in arbitrary command execution. The vulnerabilities have been described as command injectio…
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security (2026-04-14 14:56 UTC)
Kurz: Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing efforts to beef up the security of Pixel devices and push memory-safe code at a more foundational level. “Th…
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud (2026-04-14 14:30 UTC)
Kurz: Cybersecurity researchers have unmasked a novel ad fraud scheme that has been found to leverage search engine poisoning (SEO) techniques and artificial intelligence (AI)-generated content to push deceptive news stories into Google’s Discove…
Kurz: An improper neutralization of special elements used in an sql command (‘sql injection’) vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, Fort…
Kurz: A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS 6.4 all versions, For…
Kurz: An Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all ver…
Kurz: An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.0 all versions, Forti…
Kurz: An Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow a…