Episode 22 — 10 Apr 2026
1. Hackers exploiting Acrobat Reader zero-day flaw since December
Source: Bleeping Computer
Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. The attacks have been discovered by security researcher Haifei Li (the founder of the sandbox-based exploit-detection platform EXPMON), who...
2. Healthcare IT solutions provider ChipSoft hit by ransomware attack
Source: Bleeping Computer
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. ChipSoft is a large provider of Electronic Health Record (EHR) systems in the...
3. Smart Slider updates hijacked to push malicious WordPress, Joomla versions
Source: Bleeping Computer
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. The developer says that only the Pro version 3.5.1.35 of the plugin is affected and recommends switching immediately to the...
4. Hackers use pixel-large SVG trick to hide credit card stealer
Source: Bleeping Computer
A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image. When clicking the checkout button, the victim is shown a convincing overlay that can validate...
5. Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
Source: The Hacker News
An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and...
6. Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
Source: The Hacker News
Cybersecurity researchers have lifted the curtain on a stealthy botnet that's designed for distributed denial-of-service (DDoS) attacks. Called Masjesu, the botnet has been advertised via Telegram as a DDoS-for-hire service since it first surfaced in 2023. It's capable of...
7. APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
Source: The Hacker News
The Russian threat actor known as APT28 (aka Forest Blizzard and Pawn Storm) has been linked to a fresh spear-phishing campaign targeting Ukraine and its allies to deploy a previously undocumented malware suite codenamed PRISMEX. "PRISMEX combines advanced steganography,...
8. New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
Source: Bleeping Computer
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. Cisco Talos researchers attribute the malware to a threat group tracked internally as UAT-10362, who they describe as a...
