173Articles
9Categories
2026-04-10Date
🚨 CISA KEV 2[−]
10 Apr KEVAnalysis of one billion CISA KEV remediation records exposes limits of human-scale securityAnalysis of 1 billion CISA KEV remediation records reveal a breaking point for human-scale security. Qualys shows most critical flaws are exploited before defenders can patch them. [...]BLEEPINGCOMPUTER.COM
10 Apr KEVBreaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up AI Exploit Speed.Breaking the Patch Sound Barrier: Your Vulnerability Remediation Will Not Keep Up AI Exploit Speed. So? Many years ago while at Gartner , I wrote a blog post where I defined the concept of the “Patch Sound Barrier.” ( original via Archive if you don’t believe that I was that smar…MEDIUM.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 83[−]
10 AprJuniper Networks Default Credential Vulnerability Allows Unauthorized Full AccessJuniper Networks has issued a critical security alert regarding a severe vulnerability in its Support Insights (JSI) Virtual Lightweight Collector (vLWC). Tracked as CVE-2026-33784, this default credential flaw carries a near-maximum CVSS v3.1 severity score of 9.8. If left unres…GBHACKERS.COM
10 AprCVE-2026-40025 Sleuth Kit APFS Keybag Parser Out-of-Bounds ReadInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-40024 Sleuth Kit tsk_recover Path TraversalInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-39881 Vim Ex command injection in Vims NetBeans integrationInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23403 apparmor: fix memory leak in verify_headerInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23409 apparmor: fix differential encoding verificationInformation published.MSRC.MICROSOFT.COM
10 AprCVE-2026-23410 apparmor: fix race on rawdata dereferenceInformation published.MSRC.MICROSOFT.COM
10 AprNew React Server Components Flaw Could Let Attackers Trigger DoSA newly disclosed high-severity vulnerability in React Server Components could allow unauthenticated attackers to trigger a Denial of Service (DoS) condition. Tracked as CVE-2026-23869, this flaw poses a significant risk to web applications using specific server-side rendering pa…GBHACKERS.COM
10 AprHPE Aruba Private 5G Vulnerability Opens Door to Credential Theft AttacksA newly disclosed security flaw in HPE Aruba Networking Private 5G Core On-Prem is putting enterprise networks at severe risk of credential theft. Documented under the security bulletin HPESBNW05032EN_US, this vulnerability targets the platform’s graphical user interface an…GBHACKERS.COM
10 AprMarimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of DisclosureA critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: …THEHACKERNEWS.COM
10 AprClaude uncovers a 13‑year‑old ActiveMQ RCE bug within minutesAnthropic’s Claude dug up a critical remote code execution (RCE) bug that sat quietly inside Apache ActiveMQ Classic for over a decade. Researchers at Horizon3.ai say that it only took minutes for their team to work out an exploit chain for the bug with the help of AI. The resear…CSOONLINE.COM
10 AprHackers Exploit GitHub Copilot Flaw to Exfiltrate Sensitive DataA high-severity flaw in GitHub Copilot Chat recently allowed attackers to silently steal sensitive data like API keys and private source code. Tracked as CVE-2025-59145 with a critical CVSS score of 9.6, this vulnerability required no malicious code execution. Instead, hackers us…GBHACKERS.COM
10 AprBringing Rust to the Pixel BasebandPosted by Jiacheng Lu, Software Engineer, Google Pixel Team Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pix…SECURITY.GOOGLEBLOG.COM
10 AprOld Docker authorization bypass pops up despite previous patchResearchers warn about a new vulnerability that allows attackers to bypass authorization plug-ins in Docker Engine and gain root-level access to host systems. The flaw has the same root cause as another authorization bypass vulnerability patched in 2024, but the underlying proble…CSOONLINE.COM
10 AprChromium: CVE-2026-5899 Incorrect security UI in History NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5897 Incorrect security UI in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5898 Incorrect security UI in OmniboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5896 Policy bypass in AudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5894 Inappropriate implementation in PDFThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5893 Race in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5891 Insufficient policy enforcement in browser UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5892 Insufficient policy enforcement in PWAsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5886 Out of bounds read in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5888 Uninitialized Use in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5890 Race in WebCodecsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5884 Insufficient validation of untrusted input in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5885 Insufficient validation of untrusted input in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5895 Incorrect security UI in OmniboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5883 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5887 Insufficient validation of untrusted input in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5889 Cryptographic Flaw in PDFiumThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5880 Incorrect security UI in browser UIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5882 Incorrect security UI in FullscreenThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5881 Policy bypass in LocalNetworkAccessThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5876 Side-channel information leakage in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5878 Incorrect security UI in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5877 Use after free in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5874 Use after free in PrivateAIThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5871 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5872 Use after free in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5873 Out of bounds read and write in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5875 Policy bypass in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5869 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5870 Integer overflow in SkiaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5868 Heap buffer overflow in ANGLEThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5864 Heap buffer overflow in WebAudioThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5862 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5867 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5860 Use after free in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5863 Inappropriate implementation in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5858 Heap buffer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5859 Integer overflow in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5861 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5918 Inappropriate implementation in NavigationThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSocketsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5913 Out of bounds read in BlinkThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5915 Insufficient validation of untrusted input in WebMLThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5914 Type Confusion in CSSThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5911 Policy bypass in ServiceWorkersThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5909 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5912 Integer overflow in WebRTCThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5910 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5908 Integer overflow in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5907 Insufficient data validation in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5904 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5865 Type Confusion in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5906 Incorrect security UI in OmniboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5905 Incorrect security UI in PermissionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5900 Policy bypass in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5866 Use after free in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5903 Policy bypass in IFrameSandboxThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5902 Race in MediaThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprChromium: CVE-2026-5901 Policy bypass in DevToolsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2026) for more information.MSRC.MICROSOFT.COM
10 AprCVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing VulnerabilityUser interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
10 AprCVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
10 AprNews alert: Mallory launches AI-native platform to cut through alert noise and surface real riskAUSTIN, Texas, Apr. 9, 2026, CyberNewswire — Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: •What are the real threat vectors for our organization? •What’s actually exploitable ̷…LASTWATCHDOG.COM
10 AprAWS Fixes Severe RCE, Privilege Escalation Flaws in Research and Engineering StudioAWS recently issued a critical security bulletin addressing severe vulnerabilities in its Research and Engineering Studio (RES). RES is an open-source web portal that allows administrators to create and manage secure cloud-based research environments. Security researchers identif…GBHACKERS.COM
10 AprChatGPT, Claude, and Gemini Among 11 AI Models Vulnerable to One-Line JailbreakA newly discovered jailbreak technique named “sockpuppeting” successfully forces 11 leading artificial intelligence models, including ChatGPT, Claude, and Gemini, to bypass their safety guardrails. By exploiting a standard application programming interface (API) featu…GBHACKERS.COM
10 AprMicrosoft Finds Vulnerability Exposing Millions of Android Crypto Wallet UsersThe security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago. The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprTP-Link Devices at Risk as Multiple Security Flaws Enable TakeoverCybersecurity researchers have uncovered five significant security vulnerabilities in the TP-Link Archer AX53 v1.0 router. If left unpatched, these critical flaws could allow attackers to take full control of the device, steal sensitive network data, and compromise connected syst…GBHACKERS.COM
10 AprCritical Marimo Flaw Exploited Hours After Public DisclosureWithin nine hours, a hacker built an exploit from the unauthenticated bug’s advisory and started using it in the wild. The post Critical Marimo Flaw Exploited Hours After Public Disclosure appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprThe cyber winners and losers in Trump’s 2027 budgetFederal cybersecurity spending will decline in 2027 under Donald Trump’s proposed budget, with uneven shifts across agencies, as some see sizable increases while others face sharp reductions. According to the Office of Management and Budget (OMB) crosscut tables released with Tru…CSOONLINE.COM
10 AprCMMC compliance in the age of AICybersecurity Maturity Model Certification 2.0 ( CMMC 2.0 ) is pushing federal contractors to demonstrate, not just assert, that they can protect sensitive government data. Eligibility for contracts now depends on the ability to show how controlled unclassified information (CUI) …CSOONLINE.COM
10 AprWhy most zero-trust architectures fail at the traffic layerZero trust has become one of the most widely adopted security models in enterprise environments. Organizations invest heavily in identity systems, access policies, and modern security tooling. On paper, these environments look well-protected. Yet during incidents, a different rea…CSOONLINE.COM
10 AprFake BTS Tour Ticket Scams Target Fans WorldwideCybercriminals are exploiting the massive hype around BTS’s return to the global stage by launching a wave of fake ticketing websites targeting fans across multiple countries. The K-pop group recently reunited after nearly four years, during which members completed mandatory mili…GBHACKERS.COM
10 AprOrthanc DICOM Vulnerabilities Lead to Crashes, RCEAttackers could exploit these vulnerabilities in denial-of-service, information disclosure, and arbitrary code execution attacks. The post Orthanc DICOM Vulnerabilities Lead to Crashes, RCE appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprHungarian government email passwords exposed ahead of electionWhen voters in the forthcoming Hungarian election assess the current government, its record on internet security will not be one of its proudest achievements. An analysis by open source investigation organization Bellingcat has revealed that the passwords for almost 800 Hungarian…CSOONLINE.COM
10 AprJuniper Networks Patches Dozens of Junos OS VulnerabilitiesA critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device. The post Juniper Networks Patches Dozens of Junos OS Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprEngageSDK Vulnerability puts millions of crypto wallets at riskA newly disclosed vulnerability in the widely used Android library EngageSDK has raised serious concerns across the cryptocurrency ecosystem, potentially exposing millions of users to data theft and unauthorized access. Security researchers identified a critical “intent redirecti…GBHACKERS.COM
10 AprFCC Can’t Define a RouterThe FCC guidance discussed is described as ambiguous, even requiring updates to clarify that devices like phones with hotspots are not considered routers. Unclear definitions in regulation can lead to overreach or inconsistent enforcement, especially when agencies expand into sof…YOUTUBE.COM
10 AprIn Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer HackOther noteworthy stories that might have slipped under the radar: Jones Day hacked, Internet Bug Bounty program paused due to AI, new Mac stealer malware. The post In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack appeared first on SecurityWeek…SECURITYWEEK.COM
10 AprHacker Unknown now known, named on Europol’s most-wanted listGerman police have pinned a name to one of the world’s most notorious hackers. Danii Shchukin operated under the names of UNKN or Unknown and GandCrab and was, according to German police, the leader of one of the largest globally active ransomware groups, known as GandCrab/Revi. …CSOONLINE.COM
10 AprGoogle adds end-to-end Gmail encryption to Android, iOS devices for enterprisesGoogle has made a big step forward by extending end-to-end encryption to Android and iOS devices for Gmail client-side encryption (CSE) users, says an expert. “All in all, this is a welcome update, especially in light of recent concerns surrounding WhatsApp’s encryption methods,”…CSOONLINE.COM
10 AprCrushing the Axios supply chain threat with Tenable Hexa AI: Use cases for agentic AISee how you can use Tenable Hexa AI to determine in minutes if you’re impacted by the Axios npm supply chain attack. Learn how easy it is to automate configuration of scans, identify impacted assets, prioritize remediation, and more using agentic AI from Tenable. Key takeaways:&n…TENABLE.COM
10 Apr[local] NetBT e-Fatura - Privilege EscalationNetBT e-Fatura - Privilege EscalationEXPLOIT-DB.COM
10 AprMicrosoft: Third-Party Android Vulnerability Leaves Over 50M Users ExposedA flaw in the EngageLab SDK exposed 50 million Android users, allowing malicious apps to exploit trusted permissions and access sensitive data. The post Microsoft: Third-Party Android Vulnerability Leaves Over 50M Users Exposed appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprAI Expansion, Security Crises, and Workforce Upheaval Define This Week in TechSee what you missed in Daily Tech Insider from April 6–10. The post AI Expansion, Security Crises, and Workforce Upheaval Define This Week in Tech appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprWebloc surveillance system tracks millions using mobile ad dataA little-known surveillance platform called Webloc can track hundreds of millions of people worldwide by repurposing data harvested from mobile apps and digital advertising ecosystems. A related investigation confirms that government agencies across multiple countries, including …CYBERINSIDER.COM
10 AprWarten auf Sicherheitsupdate: Angreifer attackieren Adobe ReaderAngreifer nutzen derzeit eine Zero-Day-Lücke in Adobe Reader aus. Bis es ein Sicherheitsupdate gibt, sollte man keine PDFs aus unbekannten Quellen öffnen.HEISE.DE
📢 SECURITY ADVISORIES 5[−]
10 AprRising Compliance Oversight Pressure: From Audit Fatigue to Continuous ReadinessPublic sector cybersecurity leaders are no longer measured solely on whether they stop attacks, they are measured on whether they can prove it. Across federal, state, local and education environments, compliance obligations continue to expand. Frameworks and mandates include:KNOWBE4.COM
10 AprFriday Squid Blogging: Squid Overfishing in the South PacificRegulation is hard : The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a region double the size of Africa, where di…SCHNEIER.COM
10 Aprur best techno-babble to bypass clueless auditors?submitted by astrobird to cybersecurity 1 points | 0 comments https://dev.to/anderson_leite/stop-calling-everything-security-why-your-expert-doesnt-know-what-theyre-talking-about-1i4f quick question for the dev/cybersec folks here. dealing with a wave of non-tech dpo/compliance t…INFOSEC.PUB
10 Aprur best techno-babble to bypass clueless auditors?submitted by astrobird to cybersecurity 1 points | 0 comments https://dev.to/anderson_leite/stop-calling-everything-security-why-your-expert-doesnt-know-what-theyre-talking-about-1i4f quick question for the dev/cybersec folks here. dealing with a wave of non-tech dpo/compliance t…SH.ITJUST.WORKS
🔥 INCIDENT REPORTING 8[−]
10 AprBackdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend ServersUnknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Sm…THEHACKERNEWS.COM
10 AprIranian APT alert: 5,219 Rockwell PLCs exposed onlineCensys has warned that more than 5,000 Rockwell Automation/Allen-Bradley PLCs are currently exposed to the internet as Iranian-affiliated APT actors actively target these devices across U.S. critical infrastructure. The same operators were previously associated with a November 20…GBHACKERS.COM
10 AprMassive Data Breach Exposes 337K LAPD-Linked Recordssubmitted by kid to cybersecurity 4 points | 0 comments https://www.techrepublic.com/article/news-lapd-data-breach-337k-files-exposed/SH.ITJUST.WORKS
10 AprHealthcare IT solutions provider ChipSoft hit by ransomware attacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/healthcare-it-solutions-provider-chipsoft-hit-by-ransomware-attack/SH.ITJUST.WORKS
10 AprCryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack | The Record from Recorded Future Newssubmitted by kid to cybersecurity 3 points | 0 comments https://therecord.media/crypto-atm-bitcoin-depot-reports-cyberattackSH.ITJUST.WORKS
10 AprNearly 4,000 US industrial devices exposed to Iranian cyberattacksThe attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufactured by Rockwell Automation. [...]BLEEPINGCOMPUTER.COM
10 AprCPUID hijacked to serve malware as HWMonitor downloadssubmitted by Deebster to cybersecurity 3 points | 0 comments https://www.theregister.com/2026/04/10/cpuid_site_hijacked/ CPUID has since confirmed the breach, pinning it on a compromised backend component rather than tampering with its software builds. “Investigations are still o…INFOSEC.PUB
10 AprVIP Credential Monitoring BlogExecutives and high-privilege users are prime targets for credential theft — and standard monitoring often misses them. Learn how VIP Credential Monitoring in Recorded Future Identity Intelligence protects your most sensitive accounts across work and personal email, and why detec…RECORDEDFUTURE.COM
🕵️ THREAT INTELLIGENCE 33[−]
10 AprWhatsApp Adds Username Feature to Boost Privacy and Reduce Number SharingFor years, WhatsApp required users to share their personal phone numbers to communicate. This is finally changing. To improve user privacy and mitigate risks like doxing or targeted spam, WhatsApp is rolling out a highly anticipated username feature. This update allows individual…GBHACKERS.COM
10 AprDesckVB RAT Uses Fileless .NET Loader to Evade DetectionDesckVB RAT is emerging as a highly active and stealthy malware threat in 2026, leveraging layered obfuscation and fileless execution techniques to bypass traditional security defenses. The attack chain begins with a malicious JavaScript file that hides its true intent through co…GBHACKERS.COM
10 AprGlassWorm Trojan Hits VS Code, Cursor, Windsurf via OpenVSX ExtensionA newly discovered supply chain attack is spreading the GlassWorm malware across multiple developer environments by abusing the OpenVSX extension marketplace. GlassWorm is not new. Researchers have tracked the campaign since March 2025, when attackers hid malicious payloads insid…GBHACKERS.COM
10 AprObfuscated JavaScript or Nothing, (Thu, Apr 9th)I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called “cbmjlzan.JS” (SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as…ISC.SANS.EDU
10 AprMuddyWater Uses Russian MaaS in New ChainShell AttackMuddyWater is now weaponizing a Russian malware-as-a-service (MaaS) platform to run a new operation dubbed “ChainShell”, blending Iranian state targeting with commercially developed cybercrime tooling. The assessment is based on a misconfigured command‑and‑control (C2) web server…GBHACKERS.COM
10 AprGitHub, GitLab Abused for Malware and Phishing CampaignsHackers are increasingly abusing trusted software development platforms GitHub and GitLab to host malware and credential phishing campaigns, making defensive detection significantly harder for enterprises. Because these Git-based platforms are deeply integrated into development a…GBHACKERS.COM
10 AprGoogle Rolls Out Cookie Theft Protections in ChromeNew Device Bound Session Credentials render stolen session cookies unusable by cryptographically binding authentication. The post Google Rolls Out Cookie Theft Protections in Chrome appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprMallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action9th, 2026, CyberNewswire Built by a veteran security team and led by a former Google and Mandiant executive, Mallory delivers intelligence that drives action for enterprise security teams. Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the …GBHACKERS.COM
10 AprMiddle East Espionage Attack Uses Fake Secure Messaging Apps to Deliver ProSpyHackers are impersonating popular secure messaging apps to deploy a sophisticated Android spyware tool called ProSpy against journalists, activists, and political figures across the Middle East, in a hack‑for‑hire campaign linked to the BITTER APT group. The campaign has been act…GBHACKERS.COM
10 AprMITRE Releases Fight Fraud FrameworkThe document provides a behavior-based model of the tactics and techniques employed by fraudsters. The post MITRE Releases Fight Fraud Framework appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprSen. Sanders Talks to Claude About AI and PrivacyClaude is actually pretty good on the issues.SCHNEIER.COM
10 AprChrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000The critical vulnerabilities affect Chrome’s WebML component and they have been reported by anonymous researchers. The post Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000 appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprDo extremely short credential lifetimes actually help security?submitted by lnklnx to cybersecurity 1 points | 0 comments My company has an external auth provider for the whole organization, and MFA is required (push notification to a phone app). This all works well and I agree with it, BUT they have configured the credentials to expire in 2…SH.ITJUST.WORKS
10 AprMicrosoft: Canadian employees targeted in payroll pirate attacksA financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks. [...]BLEEPINGCOMPUTER.COM
10 AprSmart Slider updates hijacked to push malicious WordPress, Joomla versionssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/smart-slider-updates-hijacked-to-push-malicious-wordpress-joomla-versions/SH.ITJUST.WORKS
10 AprNew ‘LucidRook’ malware used in targeted attacks on NGOs, universitiessubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/new-lucidrook-malware-used-in-targeted-attacks-on-ngos-universities/SH.ITJUST.WORKS
10 AprIndustry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback FridayThe US government has warned that Iran-linked hackers are manipulating PLCs and SCADA systems to cause disruption. The post Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday appeared first on SecurityWeek .SECURITYWEEK.COM
10 AprEngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/engagelab-sdk-flaw-exposed-50m-android.htmlSH.ITJUST.WORKS
10 AprGoogle Warns of New Threat Group Targeting BPOs and Helpdesks - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/google-warns-group-targeting-bpos/SH.ITJUST.WORKS
10 AprFBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Databasesubmitted by cm0002 to cybersecurity 4 points | 1 comments https://www.404media.co/fbi-extracts-suspects-deleted-signal-messages-saved-in-iphone-notification-database-2/INFOSEC.PUB
10 AprStorm-2755 Uses AiTM Hijacking to Divert Employee SalariesHackers are abusing adversary-in-the-middle (AiTM) session hijacking to steal employee salaries in a new “payroll pirate” campaign tracked by Microsoft as Storm-2755 and targeting Canadian users. By hijacking live Microsoft 365 sessions, the group redirects payroll deposits to at…GBHACKERS.COM
10 AprPhishing Campaign Targets Japanese Firms During Tax SeasonA criminal threat actor called “Silver Fox” is launching tax-themed phishing attacks against Japanese companies during the country’s tax season, according to researchers at ESET.KNOWBE4.COM
10 AprStaypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet. - SWN #571Staypuft, Claude, One Pixel, deepfakes, Raccoon, BOFH, Satoshi Nakamoto, Josh Marpet, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-571YOUTUBE.COM
10 AprSamsung Eyes Vietnam for $4B Semiconductor Packaging ProjectSamsung is reportedly considering a $4 billion chip packaging and testing project in Vietnam, deepening the country’s role in the global semiconductor supply chain. The post Samsung Eyes Vietnam for $4B Semiconductor Packaging Project appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprAlibaba Launches AI Data Center Powered by 10,000 Homegrown ChipsAlibaba launches a new AI data center powered by 10,000 homegrown chips, signaling a major push toward self-reliance amid US export restrictions. The post Alibaba Launches AI Data Center Powered by 10,000 Homegrown Chips appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprGoogle Brings NotebookLM to Gemini for Easy Project OrganizationGoogle is rolling out notebooks in Gemini, giving users a new way to organize chats, files, and instructions into AI-powered project hubs. The post Google Brings NotebookLM to Gemini for Easy Project Organization appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprNew Apple Rumor: iPhone Air 2 Leak Suggests Major Upgrades After First-Gen CriticismApple is reportedly pushing ahead with iPhone Air 2 despite weak sales, with upgrades to battery, camera, and performance already in development. The post New Apple Rumor: iPhone Air 2 Leak Suggests Major Upgrades After First-Gen Criticism appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprMitsubishi Targets Hybrid Vehicle Production in the Philippines by 2028Mitsubishi now has a named plant and a mid-2028 target for hybrid production in the Philippines. What it still lacks are the numbers that would show how serious the plan really is. The post Mitsubishi Targets Hybrid Vehicle Production in the Philippines by 2028 appeared first on …TECHREPUBLIC.COM
10 AprWhen Are Payroll Taxes Due? 2026 Due Dates and RequirementsStaying on top of payroll tax deadlines is tough, so we created this guide to cover the key 2026 payroll tax due dates and explain how to ensure your business is compliant. The post When Are Payroll Taxes Due? 2026 Due Dates and Requirements appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprEmbedded Finance vs Banking as a Service in 2026: Key Differences ExplainedLearn the key differences between embedded finance and banking as a service, how they work together, and what they mean for modern businesses. The post Embedded Finance vs Banking as a Service in 2026: Key Differences Explained appeared first on TechRepublic .TECHREPUBLIC.COM
10 AprSession says funding will last until July, pauses developmentThe Session Technology Foundation (STF) confirmed that it has raised approximately $65,000 in donations, enough to keep essential infrastructure online for the next three months. This includes maintaining core services such as file storage and push notification servers, as well a…CYBERINSIDER.COM
10 AprSignal is testing a new plaintext chat export feature in Beta 8.7Signal is preparing to roll out version 8.7 in beta, introducing a new plaintext export feature that allows users to save their messaging data in a more accessible, human-readable format. The update was previewed by Greyson Parrelli, a member of Signal’s development team, in a re…CYBERINSIDER.COM
10 AprHWMonitor and CPU-Z downloads hijacked to deliver malware to usersUsers attempting to download HWMonitor and CPU-Z from the official CPUID website are reportedly being served malware-laced installers, in what appears to be an active compromise of the vendor’s distribution infrastructure. CPUID, the developer behind HWMonitor and CPU-Z, is a Fre…CYBERINSIDER.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
10 AprSupply chain attack at CPUID pushes malware with CPU-Z/HWMonitorHackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools. [...]BLEEPINGCOMPUTER.COM
10 AprFake Claude site installs malware that gives attackers access to your computerWe found a convincing fake site that installs a trojanized Claude app while quietly deploying PlugX malware.MALWAREBYTES.COM
🎙️ PODCASTS 1[−]
10 AprSnake Oilers: Burp AI, Sondera and Truffle SecurityIn this edition of the Snake Oilers podcast three vendors stop by to pitch the audience on their products: Burp AI and DAST: The founder of PortSwigger and creator of legendary security software Burp Suite, Dafydd Stuttard, drops by to pitch listeners on Burp AI and Burp Suite DA…RISKY.BIZ
📡 INFOSEC NEWS 15[−]
10 AprGoogle Rolls Out DBSC in Chrome 146 to Block Session Theft on WindowsGoogle has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on C…THEHACKERNEWS.COM
10 AprGoogle rolls out Gmail end-to-end encryption on mobile devicesGoogle says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]BLEEPINGCOMPUTER.COM
10 AprBrowser Extensions Are the New AI Consumption Channel That No One Is Talking AboutWhile much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions.  A new report from LayerX exposes just how deep this blind spot goes, and wh…THEHACKERNEWS.COM
10 AprGlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEsCybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine. The technique has been discovere…THEHACKERNEWS.COM
10 AprFrance to ditch Windows for Linux to reduce reliance on US techFrance's move to ditch Windows for Linux is its latest effort to reduce its reliance on American tech giants.TECHCRUNCH.COM
10 AprHow to protect your organization from AirSnitch Wi-Fi vulnerabilities | Kaspersky official blogPractical recommendations for Wi-Fi network isolation and defending against all AirSnitch-style attacks.KASPERSKY.COM
10 AprChatGPT rolls out new $100 Pro subscription to challenge ClaudeOpenAI has rolled out a new Pro subscription that costs $100 and is in line with Claude's pricing, which also has a $100 subscription, in addition to the $200 Max monthly plan. [...]BLEEPINGCOMPUTER.COM
10 AprRecovery scammers hit you when you’re down: Here’s how to avoid a second strikeIf you’ve been the victim of fraud, you’re likely already a lead on a ‘sucker list’ – and if you’re not careful, your ordeal may be about to get worse.WELIVESECURITY.COM
10 AprAI and cryptocurrency scams are costing Americans billions, FBI reportsThe fraud landscape has been changed by AI and cryptocurrency in a way that should concern organisations and individuals alike. Read more in my article on the Fortra blog.FORTRA.COM
10 Apr[webapps] D-Link DIR-650IN - Authenticated Command InjectionD-Link DIR-650IN - Authenticated Command InjectionEXPLOIT-DB.COM
10 AprClickFix finds a new way to infect MacsClickFix campaigns have found a way around macOS Tahoe's warnings against pasting commands in the Terminal. They're using Script Editor instead.MALWAREBYTES.COM
10 ApriOS: Gelöschte Signal-Daten von FBI via Benachrichtigungsdatenbank extrahiertTrotz der Tatsache, dass eine Verdächtige die gesamte App entfernt hatte, konnten FBI-Forensiker noch Signal-Nachrichten finden. Sie verwendeten einen Trick.HEISE.DE
10 AprFrankreichs Plan: Weg von Windows, hin zu LinuxFrankreichs Verwaltung soll weg von Windows und US-Tools: Die Regierung legt einen konkreten Fahrplan für digitale Souveränität vor.HEISE.DE
10 AprGoogle Chrome macht Cookie-Klau unter Windows sinnlosCyberangreifer sehen es auf Session-Cookies ab, mit denen sie Zugang erhalten. Google aktiviert in Chrome für Windows nun einen Schutz. macOS folgt.HEISE.DE
10 AprPornografische KI-Plattform MyLovely.ai: Datenleck von 106.000 KontenBei der pornografischen "KI-Freundin"-Plattform MyLovely.ai haben Kriminelle Daten von 106.000 Zugängen abgegriffen. Die sind nun im Darknet.HEISE.DE