Cyber Security Week in Review: April 17, 2026
In brief: Microsoft and Adobe fix zero-days, the Russian Grinex crypto exchange hacked for 1 billion rubles, and more.
Cybersecurity News - Page 1
AgingFly malware targets Ukrainian institutions, steals browser and WhatsApp data
CERT-UA believes the attacks may also target individuals connected to Ukraine’s Defense Forces
Chinese-linked APT41 deploys stealthy Linux backdoor to target cloud platforms
Once inside a system, the malware targets cloud metadata services to extract temporary credentials.
Microsoft addresses over 160 flaws, including exploited SharePoint zero-day
In addition to the SharePoint zero-day, Microsoft also patched a publicly disclosed privilege-escalation flaw.
Multiple Microsoft, FortiClientEMS, Adobe bugs exploited in the wild
There are no other public reports so far confirming active exploitation of CVE-2020-9715, CVE-2023-36424, or CVE-2025-60710 besides CISA’s KEV list.
108 malicious Chrome extensions found stealing user data
Researchers found that 54 of the extensions specifically target Google account data using OAuth2, while 45 include a hidden backdoor.
North Korean hackers use Facebook to spread malware
The hackers used a tactic called “pretexting,” tricking victims into downloading a fake PDF viewer.
FBI, Indonesian police dismantle W3LL phishing operation
Authorities also detained the alleged developer of the operation and seized key domains linked to the scheme.
Malicious VS Code extension spreads across developer tools in new GlassWorm campaign
The attack involves an Open VSX extension disguised as the popular time-tracking tool WakaTime.
AI agents targeted via router flaws that enable code injection and data theft
Since routers sit between users and AI systems, they can see all unencrypted data like API keys and user prompts.
Showing elements 1 - 10