⚠️ VULNERABILITY DISCLOSURE 5[−]
4 AprSongTrivia2 - 291,739 breached accountsIn April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum . The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter al…HAVEIBEENPWNED.COM
4 AprLinkedIn Hidden Code Secretly Scans Users’ Computers for Installed SoftwareA new investigation by Fairlinked e.V. claims that Microsoft-owned LinkedIn is running a massive, undisclosed corporate surveillance operation. According to the “BrowserGate” report, hidden code on LinkedIn’s website secretly scans the computers of its one billi…GBHACKERS.COM
4 AprTop 10 Best Identity And Access Management (IAM) Companies 2026In the rapidly evolving digital landscape of 2026, Identity and Access Management (IAM) has transcended its traditional role to become the foundational pillar of enterprise security. As organizations navigate the complexities of multi-cloud environments, remote workforces, burgeo…GBHACKERS.COM
4 AprA Vulnerability in Fortinet FortiClientEMS Could Allow for Arbitrary Code ExecutionA Vulnerability has been discovered in Fortinet FortiClientEMS that could allow for arbitrary code execution. FortiClientEMS is a centralized management platform for deploying, configuring, monitoring, and enforcing security policies across numerous endpoints (computers) running …CISECURITY.ORG
4 AprHow Attackers Bypass MFA TodayAttackers are exploiting authentication flows and APIs to capture MFA data, register their own devices, and take over accounts—sometimes using techniques like device code flow abuse. This shifts MFA from a strong defense into a potential attack surface. With organized tools and s…YOUTUBE.COM
📢 SECURITY ADVISORIES 2[−]
4 AprTop 10 Best Privileged Access Management (PAM) Solutions 2026In the dynamic and increasingly complex cybersecurity landscape of 2026, privileged accounts remain the most coveted targets for cybercriminals and malicious insiders alike. From system administrators and database managers to automated scripts and applications, these “digit…GBHACKERS.COM
4 AprIntroducing the Landing Zone Accelerator on AWS Universal Configuration and LZA Compliance WorkbookNovember 20, 2025: Original publication date of this post. This post has been updated to reference the most recent version of the LZA Compliance Workbook published to AWS Artifact in March 2026. We’re pleased to announce the availability of the latest sample security baseline fro…AWS.AMAZON.COM
🔥 INCIDENT REPORTING 3[−]
4 AprCrunchyroll - 1,195,684 breached accountsIn March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users . The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic loc…HAVEIBEENPWNED.COM
4 AprHackers Launch Social Engineering Offensive Against Key Node.js MaintainersFollowing the high-profile supply chain compromise of the widely used Axios package, a highly coordinated social engineering campaign has been uncovered targeting top-tier Node.js and npm maintainers. Security researchers confirm that the Axios breach was part of a scalable opera…GBHACKERS.COM
4 AprEuropean Commission Confirms Data Breach Linked to Trivy Supply Chain AttackHackers stole over 300GB of data from the Commission’s AWS environment, including personal information. The post European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
🕵️ THREAT INTELLIGENCE 4[−]
4 AprAnthropic Ends Claude Subscription Access for Third-Party Tools Like OpenClawAnthropic has officially shut down third-party AI agent access to its Claude subscription services, pulling the plug on unauthorized external integrations. This move marks a major shift in how developers and power users can interact with Claude’s frontier models outside the…GBHACKERS.COM
4 AprStop Committing Your Secrets (You Know Who You Are)submitted by codeinabox to security 2 points | 0 comments https://jfmaes.me/blog/stop-committing-your-secrets-you-know-who-you-are/ Plaintext .env files are a stupid little footgun. Here’s the SOPS + age + direnv setup I use to keep secrets encrypted, auto-loaded, and out of Git.PROGRAMMING.DEV
4 AprOpenClaw gives users yet another reason to be freaked out about securitysubmitted by codeinabox to security 3 points | 0 comments https://arstechnica.com/security/2026/04/heres-why-its-prudent-for-openclaw-users-to-assume-compromise/PROGRAMMING.DEV
4 AprAxios npm hack used fake Teams error fix to hijack maintainer accountThe maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors. [...]BLEEPINGCOMPUTER.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
4 AprAfter fighting malware for decades, this cybersecurity veteran is now hacking dronesMikko Hyppönen is one of the most recognizable faces of the cybersecurity industry. After fighting computer viruses, worms, and malware, for more than 35 years, he tells TechCrunch why he is now working on systems to stop killer drones.TECHCRUNCH.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
4 AprElastic Security Integrations Roundup: Q1 2026Elastic Security Labs announces nine new integrations for Elastic Security spanning cloud security, endpoint visibility, email threat detection, identity and SIEM.ELASTIC.CO
📡 INFOSEC NEWS 1[−]
4 AprDevice code phishing attacks surge 37x as new kits spread onlineDevice code phishing attacks that abuse the OAuth 2.0 Device Authorization Grant flow to hijack accounts have surged more than 37 times this year. [...]BLEEPINGCOMPUTER.COM