BuzzSec

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, according to findings from the Microsoft Defender Security Research Team. "Instead of exposing command execution through URL parameters or request bodies, these web shells rely on threat actor-supplied cookie values to gate execution, from The Hacker News https://thehackernews.com/2026/04/microsoft-details-cookie-controlled-php.html

John N Just, Ed.D. - Chief Learning Officer IT & Technical Staff Need More Training, Not Less There is a common misconception that IT and technical staff "know about security awareness" and that they should should simply take the same training that all other employees take. However, those with privileged access are often targeted more than a standard user. A recent trend is conducting training for these roles being monthly or quarterly with microcontent rather than the old-fashioned once per year method. With this in mind, you will notice we are highlighting two new pieces of training content for IT staff, bringing the total for these individuals with privileged access to 85 pieces of content in the ModStore. Look for more to be released in the coming months as we keep content fresh for this important group. "Understandable, digestible, and timely!" Attacks on IT Help Desks Video Module Stop social engineering at the help desk. This video shows IT...

Criminal threat actors are taking advantage of the fear and uncertainty surrounding the conflict in the Middle East, according to researchers at Bitdefender. The researchers observed a 130% spike in phishing emails targeting Gulf countries following the first US-Israeli strikes on Iran on February 28th. “After Feb. 28, phishing and malware emails targeting Gulf countries surged and stayed elevated,” the researchers write. “Within days, activity doubled, and at peak reached nearly four times the baseline levels, signaling a sustained and coordinated spike rather than a one-off campaign. This clearly suggests that phishing and malware delivery campaigns are being deployed and adjusted in real time, with attackers capitalizing on heightened regional sensitivity and business disruptions.” While state-sponsored threat actors are conducting phishing campaigns in the region, Bitdefender believes much of this surge is driven by financially motivated attackers. Criminals frequently exploit...

The next major breach hitting your clients probably won't come from inside their walls. It'll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That's the new attack surface, and most organizations are underprepared for it. Cynomi's new guide, Securing the Modern Perimeter: The Rise of Third-Party from The Hacker News https://thehackernews.com/2026/04/why-third-party-risk-is-biggest-gap-in.html

WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes (alternate link ) the recordings. It doesn’t use the Zoom record feature, so Zoom can’t do anything about it. from Schneier on Security https://www.schneier.com/blog/archives/2026/04/company-that-secretly-records-and-publishes-zoom-meetings.html

A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale. Cisco Talos has attributed the operation to a threat cluster it tracks as from The Hacker News https://thehackernews.com/2026/04/hackers-exploit-cve-2025-55182-to.html