Cyber Security News
Start. Stay. Grow.
Curated daily. The latest hacks, breaches, and cyber trends—humanized.
Daily cyber brief
## Hacking Brief – April 13, 2026
Multiple data breaches dominated the threat landscape today, with fitness chain Basic-Fit confirming unauthorized access affecting approximately 200,000 members in the Netherlands and additional users across multiple countries. The breach exposed names, addresses, email addresses, phone numbers, dates of birth, and bank account details, though the company states passwords and identity documents were not compromised. Separately, Rockstar Games confirmed a breach of its infrastructure linked to compromised Snowflake servers, with threat actors issuing "pay or leak" ransom demands. Booking.com also disclosed that unauthorized third parties gained access to customer booking data, though the scope remains unclear.
Supply chain attacks continued to pose significant risks, with OpenAI revoking macOS app certificates following a malicious incident involving the Axios dependency, attributed to threat group UNC1069. In a separate WordPress supply chain compromise, unknown actors hijacked the update system for Smart Slider 3 Pro plugin to distribute version 3.5.1.35 containing a weaponized remote access toolkit. Meanwhile, a critical pre-authenticated RCE vulnerability in Marimo Python Notebook (CVE-2026-39987, CVSS 9.3) was exploited within 10 hours of public disclosure, and Google's Threat Intelligence Group identified UNC6783 conducting social engineering extortion campaigns using fake Okta login pages to target dozens of organizations.
Emerging threats include the XP95 hacker group claiming access to half a million files from Dublin-based recruitment platform Healthdaq, prompting alerts across Northern Irish health trusts. In the cryptocurrency sector, Polkadot's DOT token experienced unauthorized minting on Ethereum following a hack. On the offensive security front, Anthropic's Claude Mythos AI model reportedly identified thousands of zero-day vulnerabilities across major operating systems and browsers, producing working exploits in under 24 hours.
Sources: Silicon Republic · The Hacker News · The Hacker News · The Hacker News · NL Times · NL Times · TweakTown · Cybersecurity Dive · Blooming Bit · Help Net Security
Around the Web
Last Updated: N/A
Hacks + Heists
Google Releases Emergency Patch for Chrome Zero-Day CVE-2026-5281 Being Actively Exploited
Google released an out-of-band Chrome 146 update to fix CVE-2026-5281, a use-after-free vulnerability in WebGPU with active exploit code in the wild.
Read more →Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
Adobe released emergency updates to fix a critical security flaw in Acrobat Reader (CVE-2026-34621, CVSS 8.6) that is being actively exploited in the ...
Read more →CPUID Website Compromised to Distribute STX RAT Malware via CPU-Z and HWMonitor
Unknown threat actors compromised the CPUID website for less than 24 hours to serve malicious executables and deploy remote access trojan STX RAT thro...
Read more →Unknown Attackers Hijack Smart Slider 3 Pro Plugin Update System to Distribute Weaponized Backdoor
An unauthorized party gained access to the Smart Slider 3 Pro plugin update infrastructure and distributed a malicious version containing a fully weap...
Read more →Anthropic's Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think
The new AI model is being heralded—and feared—as a hacker's superweapon. Experts say its arrival is a wake-up call for developers who have long ...
Read more →
Big Cyber
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
Microsoft disclosed a severe intent redirection vulnerability in the widely-used EngageLab Android SDK that exposed over 50 million app installations,...
Read more →CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
Unknown threat actors compromised CPUID's official website to serve malicious versions of popular hardware monitoring tools CPU-Z and HWMonitor with a...
Read more →Healthdaq: Recruitment platform used by health trusts targeted by cyber attackers - BBC
Hackers claim to have stolen hundreds of thousands of files containing ... Hacking group XP95 are claiming to be behind the attack and are ...
Read more →Anthropic Announces Project Glasswing: AI-Powered Vulnerability Discovery Initiative
Anthropic announced Project Glasswing, providing its Claude Mythos frontier model to over 40 organizations including major tech giants to discover and...
Read more →
Hard Tech
React2Shell (CVE-2025-55182)
A 10.0 critical severity vulnerablility affecting server-side use of React.js, tracked as CVE-2025-55182 in React.js and CVE-2025-66478 specifically f...
Read more →Breaking Into a Brother (MFC-J1010DW): Three Security Flaws in a Seemingly Innocent Printer
We discovered three vulnerabilities that when chained together, allow for complete remote compromise:
Read more →Check Point - Wrong Check Point (CVE-2024-24919)
Gather round, gather round - it’s time for another blogpost tearing open an SSLVPN appliance and laying bare a recent in-the-wild exploited bug. This ...
Read more →Backdoor in XZ Utils allows RCE: everything you need to know - CVE-2024-3094
Detect and mitigate CVE-2024-3094, a critical supply chain compromise, affecting XZ Utils Data compression library. Organizations should patch urgentl...
Read more →Loading...
The Cybersecurity Chronicles
‘The Cybersecurity Chronicles: 2024‘ pulls back the curtain on the digital threats that shaped our world last year, revealing the human stories behind the headlines. From art galleries frozen by ransomware to prison tablets hacked with a minus sign, from British Library archivists racing to protect centuries of knowledge to Spotify users meticulously curating their digital identities – these stories illuminate how cybersecurity touches every aspect of modern life.
Author Mark Nole weaves together intimate portraits of the people on all sides of the digital battlefield: the defenders working through sleepless nights to protect critical infrastructure, the victims grappling with stolen identities and lost savings, and even the attackers themselves, operating from nondescript offices with project management software and performance metrics.
Through detailed reporting and narrative storytelling, Nole reveals how 2024 became the year when cybersecurity stopped being just a technical problem and emerged as a fundamentally human challenge. Whether you’re a security professional or simply someone trying to understand our increasingly digital world, these chronicles offer an unprecedented look at how technology shapes – and sometimes betrays – our trust, our privacy, and our lives.
Stay Updated with Cyber Security News
Get the latest cybersecurity headlines, breaking news, and expert insights delivered directly to your inbox. Stay ahead of threats and informed about the digital landscape.
Join thousands of cybersecurity professionals and enthusiasts. No spam, just valuable insights.