Security News & Research

Vulnerability

CVE-2026-34621: Adobe Acrobat Reader Zero-Day Exploited for 135 Days Before Patch — Full Attack Chain Analysis

tarang.parmar0 Apr 13, 2026 6 min read

Adobe’s emergency patch for CVE-2026-34621 arrived 135 days after threat actors began exploiting this critical zero-day in Adobe Reader. The attack uses a prototype pollution flaw to execute privileged JavaScript from a malicious PDF — no click required beyond opening the document. CISA has added it to KEV with an April 27 federal deadline. Here is the full technical breakdown.

#Critical#Cybersecurity#RCE#ThreatIntel#Vulnerability

Read Full Article

Supply Chain

CPUID Supply Chain Attack: STX RAT Delivered via Trojanized CPU-Z and HWMonitor Downloads

tarang.parmar0 Apr 13, 2026 6 min read

Threat actors compromised a side API on cpuid.com and replaced download links for CPU-Z and HWMonitor with malicious executables deploying STX RAT — a sophisticated remote access trojan with HVNC and infostealer capabilities. The breach lasted 19 hours and affected users in retail, manufacturing and telecoms across Brazil, Russia and China. Here is the full technical breakdown.

#Cybersecurity#High#Malware#SupplyChain#ThreatIntel

Read Full Article

Vulnerability

CVE-2026-39987: Marimo Python Notebook RCE Exploited in Under 10 Hours — Full Technical Breakdown

tarang.parmar0 Apr 12, 2026 5 min read

A critical pre-authentication RCE vulnerability in Marimo, the open-source Python notebook platform, was weaponized by threat actors in under 10 hours of disclosure — with no public PoC available. Here is the full technical breakdown of the attack chain, attacker TTPs, and what defenders must do right now.

#Critical#CVE-2026-39987#Cybersecurity#Marimo#Python

Read Full Article

Blog

Hello world!

tarang.parmar0 Apr 11, 2026 1 min read

Welcome to WordPress. This is your first post. Edit or delete it, then start writing!

Read Full Article

Security News

Google Enhances Chrome Security with DBSC on Windows

tarang.parmar0 Apr 10, 2026 2 min read

Google announces general availability of Device Bound Session Credentials (DBSC) for Chrome on Windows, eliminating cookie theft attacks.

#Chrome#Cybersecurity#DBSC#Google#SessionSecurity

Read Full Article

Malware

The Hidden Dangers of AI Browser Extensions: A Growing Security Threat

tarang.parmar0 Apr 10, 2026 2 min read

AI browser extensions present a new and largely unaddressed attack surface capable of exfiltrating session data, bypassing enterprise security controls.

#AI#Browser#Enterprise#Extension#High

Read Full Article

APT

Hybrid P2P Botnet and 13-Year-Old Apache RCE Vulnerability Expose Security Risks

tarang.parmar0 Apr 10, 2026 1 min read

A sophisticated hybrid P2P botnet and active exploitation of a 13-year-old Apache RCE vulnerability highlight this week’s most critical security risks.

#Apache#APT#Botnet#High#P2P

Read Full Article

Supply Chain

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

tarang.parmar0 Apr 10, 2026 2 min read

Unknown threat actors hijacked the update system for Smart Slider 3 Pro plugin, distributing a backdoored version to thousands of WordPress sites.

#Backdoor#Critical#Nextend#SupplyChain#WordPress

Read Full Article

Malware

EngageLab SDK Vulnerability Puts 50M Android Users at Risk Including 30M Crypto Wallet Installs

tarang.parmar0 Apr 10, 2026 1 min read

A recently patched security vulnerability in the EngageLab SDK has exposed approximately 50 million Android users to potential data theft and unauthorized access.

#Android#Crypto#EngageLab#High#Malware

Read Full Article

Vulnerability

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

tarang.parmar0 Apr 10, 2026 2 min read

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been actively exploited within just 10 hours of public disclosure.

#Critical#CVE-2026-39987#Marimo#Python#RCE

Read Full Article