NRG Networks Inc.

  Booking.com is dealing with a confirmed reservation‑data breach , and the picture is now fairly clear across multiple international reports. Here’s the distilled, security‑grade breakdown you’d expect. What Happened Hackers or other unauthorized third parties accessed customer reservation data , prompting Booking.com to email affected users beginning April 13, 2026. The company says the incident is now “under control” , but it has not disclosed the scale of impact. 1 2 3 Data Exposed Across all confirmed reports, the compromised data includes: Booking details (dates, property, reservation metadata) Names Email addresses Home/physical addresses Phone numbers Any notes or information shared with the accommodation Not exposed: Credit card or financial data (confirmed by Booking.com ) Passwords How Attackers Are Using the Data Several victims reported receiving highly convincing phishing messages , including WhatsApp messages containing real booking details — a strong indicator t...

  The Campbell University breach is a major ransomware incident claimed by the INCRANSOM group on April 11, 2026 — with attackers alleging they stole roughly 500GB of highly sensitive data. Below is a clean, structured, security‑grade breakdown based on the search results you triggered. Citations are included for verification. Executive Summary Campbell University (campbell.edu), a private institution in North Carolina, was listed as a victim on the INCRANSOM ransomware leak site on April 11, 2026 . The group claims to have exfiltrated ~500GB of data, including extremely sensitive internal files and personal information. Verification is still pending — INCRANSOM is known for occasionally posting unverified or exaggerated claims — but multiple threat‑intel trackers have reported the listing. Timeline April 11, 2026 — INCRANSOM posts Campbell University as a victim on its dark‑web leak site. Discovery time reported by threat‑intel feeds: 2026‑04‑11 02:17 UTC . Claimed...

The Mercor breach was a major supply‑chain–driven cyberattack that exposed sensitive data from one of the AI industry’s most important training‑data vendors. It originated from a poisoned update to the open‑source LiteLLM library and quickly escalated into a multi‑terabyte compromise claimed by the Lapsus$ extortion group.  What Triggered the Breach The root cause was a supply‑chain compromise of LiteLLM , a Python library downloaded millions of times per day and used to connect applications to AI services. A threat group known as TeamPCP hijacked LiteLLM’s CI/CD pipeline and pushed malicious versions 1.82.7 and 1.82.8 to PyPI for ~40 minutes. These versions contained credential‑harvesting malware . Mercor confirmed it was “one of thousands of companies” affected by the poisoned package. How Attackers Reached Mercor The malicious LiteLLM update harvested credentials from systems that imported the library. Those credentials were then used to pivot deeper into Mercor’s env...

Venom phishing attacks refer to a newly uncovered, highly sophisticated phishing‑as‑a‑service (PhaaS) platform called VENOM, used in targeted credential‑theft campaigns against senior executives. The platform is notable for its stealth, precision targeting, and advanced MFA‑bypass techniques. What VENOM Is VENOM is a closed‑access PhaaS platform—not advertised on underground forums—that enables threat actors to run highly personalized phishing operations. It has been active since at least late 2025 and is used to target C‑suite executives (CEOs, CFOs, VPs, chairpersons) across more than 20 industries. Its secrecy and selective access make it harder for researchers to track and for defenders to detect. Who It Targets VENOM focuses on high‑value corporate leadership, using tailored lures that mimic internal business communications. These attacks are not mass‑mailed; they are hand‑crafted for specific individuals, often using real names, company details, and fabricated email threads. How ...

Microsoft terminated the VeraCrypt developer’s Windows publisher account because the company said the account “did not meet verification requirements,” but did not provide any specific explanation, warning, or appeal path . All available reporting indicates the termination was abrupt, automated, and poorly communicated — not tied to any known security issue with VeraCrypt itself. What actually happened Across multiple credible reports, the situation is consistent: Mounir Idrassi , the longtime maintainer of VeraCrypt, reported that Microsoft terminated the account he used to sign Windows bootloaders and drivers , with no prior notice, no explanation, and no ability to appeal . The termination prevents him from publishing Windows updates , even though he can still update Linux and macOS versions. Microsoft’s automated systems told him his organization “does not currently meet the requirements to pass verification,” but did not specify what requirement failed. Attempts to reach a h...

  CVE‑2026‑35616 — Patch Status (FortiClient EMS) Vulnerability summary CVE‑ID: CVE‑2026‑35616 Severity: Critical (CVSS 9.1) Type: Improper access control / pre‑authentication API access bypass Impact: Unauthenticated remote code or command execution Exploitation: Confirmed active exploitation in the wild Discovered by: Defused (Simo Kohonen) and Nguyen Duc Anh [thehackernews.com] , [bleepingcomputer.com] , [tenable.com] Affected and fixed versions Vulnerable FortiClient EMS 7.4.5 FortiClient EMS 7.4.6 Not affected FortiClient EMS 7.2.x and earlier [securityweek.com] , [bleepingcomputer.com] Available patches (as of April 7 2026) Immediate remediation (recommended now) Fortinet has released out‑of‑band hotfixes for the affected builds: EMS 7.4.5 hotfix https://docs.fortinet.com/document/forticlient/7.4.5/ems-release-notes/832484 EMS 7.4.6 hotfix https://docs.fortinet.com/document/forticlient/7.4.6/ems-release-notes/832484 Fortinet confirms these hotfixes fully mitigate CVE‑2...

On April 7, 2026 , international law enforcement agencies—working with Microsoft and private-sector researchers— disrupted a large-scale DNS hijacking operation that was actively stealing Microsoft 365 credentials by manipulating internet routers worldwide. [bleepingcomputer.com] The campaign, tracked as FrostArmada , was linked to APT28 (also known as Fancy Bear , Forest Blizzard , or STRONTIUM ), a Russia-backed cyber‑espionage group associated with GRU military unit 26165. [bleepingcomputer.com] , [ncsc.gov.uk] Authorities involved in the takedown included: The FBI The U.S. Department of Justice The Polish government Microsoft and Lumen’s Black Lotus Labs Together, they dismantled key attacker-controlled infrastructure used to redirect traffic and steal credentials. [bleepingcomputer.com] How the attack worked (in plain English) This was not phishing email spam . Instead, attackers compromised routers at the network edge , mainly: MikroTik TP‑Link Some Fortinet and Nethesis fi...