Recent Blog Posts

Lorem Ipsum has been the industry's standard dummy text.

Showing posts from April, 2026Show all
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories

it4int Pvt Ltd

iT4iNT SERVER The internet is noisy this week. We are seeing some wild new tactics, like people using fake cell towers to send scam texts, while some…

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions

it4int Pvt Ltd

iT4iNT SERVER Cybersecurity researchers have disclosed details of a Linux local privilege escalation (LPE) flaw that could allow an unprivileged loca…

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

it4int Pvt Ltd

iT4iNT SERVER Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "goo…

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks

it4int Pvt Ltd

iT4iNT SERVER In February 2026, researchers uncovered a shift that completely changed the game: threat actors are now using custom AI setups to autom…

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

it4int Pvt Ltd

iT4iNT SERVER In yet another instance of threat actors quickly jumping on the exploitation bandwagon, a newly disclosed critical security flaw in Ber…

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

it4int Pvt Ltd

iT4iNT SERVER Cybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server…

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi

it4int Pvt Ltd

iT4iNT SERVER Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critica…

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover

it4int Pvt Ltd

iT4iNT SERVER An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and id…

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack

it4int Pvt Ltd

iT4iNT SERVER Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal gro…

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side

Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side

it4int Pvt Ltd

iT4iNT SERVER Anthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerf…

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud

it4int Pvt Ltd

iT4iNT SERVER Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to d…

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches

it4int Pvt Ltd

iT4iNT SERVER The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firep…

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software

it4int Pvt Ltd

iT4iNT SERVER The Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese natio…

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2

it4int Pvt Ltd

iT4iNT SERVER Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the Adaptix…

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

it4int Pvt Ltd

iT4iNT SERVER A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsof…

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign

it4int Pvt Ltd

iT4iNT SERVER Bitwarden CLI has been compromised as part of the newly discovered and ongoing Checkmarx supply chain campaign, according to new findin…

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

it4int Pvt Ltd

iT4iNT SERVER Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (A…

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

it4int Pvt Ltd

iT4iNT SERVER Cybersecurity researchers have warned of malicious images pushed to the official "checkmarx/kics" Docker Hub repository. In …

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

it4int Pvt Ltd

iT4iNT SERVER The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely…

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

it4int Pvt Ltd

iT4iNT SERVER Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could allow an attacker to escalate…

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

it4int Pvt Ltd

iT4iNT SERVER The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulne…

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

it4int Pvt Ltd

iT4iNT SERVER Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architect…

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

it4int Pvt Ltd

iT4iNT SERVER Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water…

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

it4int Pvt Ltd

iT4iNT SERVER Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain&…

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

it4int Pvt Ltd

iT4iNT SERVER Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending opera…

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

it4int Pvt Ltd

iT4iNT SERVER Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated pr…

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

it4int Pvt Ltd

iT4iNT SERVER Cybersecurity researchers have warned of an active malicious campaign that's targeting the workforce in the Czech Republic with a p…

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

it4int Pvt Ltd

iT4iNT SERVER You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've go…

[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment

[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment

it4int Pvt Ltd

iT4iNT SERVER In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unman…

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

it4int Pvt Ltd

iT4iNT SERVER Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate so…

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover

it4int Pvt Ltd

iT4iNT SERVER A recently disclosed critical security flaw impacting nginx-ui, an open-source, web-based Nginx management tool, has come under active …

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

it4int Pvt Ltd

iT4iNT SERVER Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability …

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security

it4int Pvt Ltd

iT4iNT SERVER Google has announced the integration of a Rust-based Domain Name System (DNS) parser into the modem firmware as part of its ongoing eff…

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)

it4int Pvt Ltd

iT4iNT SERVER OX Security recently analyzed 216 million security findings across 250 organizations over a 90-day period. The primary takeaway: while …

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers

it4int Pvt Ltd

iT4iNT SERVER A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under a…

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware

it4int Pvt Ltd

iT4iNT SERVER The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign…

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

it4int Pvt Ltd

iT4iNT SERVER OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but no…

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

it4int Pvt Ltd

iT4iNT SERVER Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, H…

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data

it4int Pvt Ltd

iT4iNT SERVER Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been …

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

it4int Pvt Ltd

iT4iNT SERVER Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that…

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns

it4int Pvt Ltd

iT4iNT SERVER A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-gover…

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

it4int Pvt Ltd

iT4iNT SERVER Thursday. Another week, another batch of things that probably should've been caught sooner but weren't. This one's got som…

The Hidden Security Risks of Shadow AI in Enterprises

The Hidden Security Risks of Shadow AI in Enterprises

it4int Pvt Ltd

iT4iNT SERVER As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools m…

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)

it4int Pvt Ltd

iT4iNT SERVER The Fragmented State of Modern Enterprise Identity Enterprise IAM is approaching a breaking point. As organizations scale, identity be…

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

it4int Pvt Ltd

iT4iNT SERVER Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a previe…

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

it4int Pvt Ltd

iT4iNT SERVER Iran-affiliated cyber actors are targeting internet-facing operational technology (OT) devices across critical infrastructures in the U…

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips

it4int Pvt Ltd

iT4iNT SERVER New academic research has identified multiple RowHammer attacks against high-performance graphics processing units (GPUs) that could be…

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware

it4int Pvt Ltd

iT4iNT SERVER A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and …

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

it4int Pvt Ltd

iT4iNT SERVER Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver (BY…

BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks

BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks

it4int Pvt Ltd

iT4iNT SERVER Germany's Federal Criminal Police Office (aka BKA or the Bundeskriminalamt) has unmasked the real identity of the main threat actor…