Cyber Security News - FUSION GLOBAL

50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability Screenshot%202026-04-07%20120557%20%281%29.webp

50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability

Abinaya April 7, 2026

A critical security flaw in the popular WordPress plugin “Ninja Forms – File Upload” has left approximately...

OpenAI Codex Command Injection Vulnerability Let Attackers Steal GitHub User Access Tokens Screenshot%202026-04-07%20111745%20%281%29.webp

OpenAI Codex Command Injection Vulnerability Let Attackers Steal GitHub User Access Tokens

Abinaya April 7, 2026

The integration of AI coding agents has introduced new, high-impact attack surfaces for development teams. Phantom Labs...

Hackers Use Fake TradingView Premium Posts on Reddit to Deliver Vidar and AMOS Stealers

Tushar Subhra Dutta April 7, 2026

A threat actor has been running an active campaign on Reddit, using fake posts that promise free...

Researcher Released Windows Defender 0-Day Exploit Code, Allowing Attackers to Gain Full Access system%20prompt.webp

Researcher Released Windows Defender 0-Day Exploit Code, Allowing Attackers to Gain Full Access

Guru Baran April 6, 2026

A security researcher operating under the alias Chaotic Eclipse (@ChaoticEclipse0) has publicly dropped a working zero-day local privilege escalation...

CISA Warns of Fortinet 0-Day Vulnerability Actively Exploited in Attacks

Guru Baran April 6, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-35616, a critical improper access control vulnerability in...

Trojanized PyPI AI Proxy Uses Stolen Claude Prompt to Exfiltrates Data hermes-px%20README%20CLI%20Execution%20Command%20(Source%20-%20JFrog).webp

hermes-px%20README%20CLI%20Execution%20Command%20(Source%20-%20JFrog).webp

Trojanized PyPI AI Proxy Uses Stolen Claude Prompt to Exfiltrates Data

Tushar Subhra Dutta April 6, 2026

A malicious Python package has been discovered on PyPI that disguises itself as a privacy-focused AI inference...

Hackers Drain $286 Million From Drift Protocol in Suspected North Korea-Linked Exploit

Tushar Subhra Dutta April 6, 2026

The largest decentralized perpetual futures exchange on the Solana blockchain — became the target of a massive...

New GitHub Actions Attack Chain Uses Fake CI Updates to Exfiltrate Secrets and Tokens

Tushar Subhra Dutta April 6, 2026

A new attack campaign is actively targeting open-source repositories on GitHub by carefully disguising malicious code as...

DPRK Cyber Program Uses Modular Malware Strategy to Evade Attribution and Survive Takedowns

Tushar Subhra Dutta April 6, 2026

North Korea’s cyber program has fundamentally shifted how it builds and deploys malware. Rather than relying on...

North Korean IT Worker Unmasked After Refusing to Insult Kim Jong Un in Job Interview

Guru Baran April 6, 2026

A viral video circulating in cybersecurity and crypto circles has exposed a novel and surprisingly simple technique...