114Articles
8Categories
2026-04-20Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
20 AprSecurity Researcher Goes To War Against MicrosoftMicrosoft Under Fire, NIST Scales Back NVD, FortiSandbox Critical Bugs, Vercel Breach Claims, Scattered Spider Member Pleads Guilty Host David Shipley covers five major stories: researcher "Chaotic Eclipse" publicly released Windows exploits—first "Blue Hammer," then "Red Sun," a…CYBERSECURITYTODAY.LIBSYN.COM
20 AprNIST Adopts Risk-Based NVD Model as CVE Submissions Jump 263% Since 2020According to a recent announcement from the National Institute of Standards and Technology (NIST), the agency is fundamentally restructuring how it manages the National Vulnerability Database (NVD). Driven by a massive 263% increase in Common Vulnerabilities and Exposures (CVE) s…GBHACKERS.COM
20 AprCopilot & Agentforce offen für Prompt-Injection-TricksKI-Agenten sind populär – und anfällig dafür, missbraucht zu werden. DC Studio / Shutterstock KI-Agenten fürs Enterprise können bekanntlich Arbeitsabläufe optimieren. Aber auch die Datenexfiltration – wie Sicherheitsforscher von Capsule Security herausgefunden haben. Sie haben so…CSOONLINE.COM
20 AprClaude Mythos – ist der Hype gerechtfertigt?Claude Mythos wird derzeit von ausgesuchten Organisationen getestet – in erster Linie großen Tech-Konzernen aus den USA. Anthropic | Screenshot Der Hype um Anthropics Security-Modell Mythos bekommt erste Risse: Während KI-Konkurrent OpenAI plant, mit einem eigenen Cybersecurity-f…CSOONLINE.COM
20 AprTBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS MalwareHackers are actively exploiting a critical vulnerability in TBK digital video recorder (DVR) devices to deploy a new Mirai-based botnet called Nexcorium. The campaign leverages CVE-2024-3721, an OS command injection vulnerability, highlighting how poorly secured IoT devices conti…GBHACKERS.COM
20 AprVU#915947: SGLang is vulnerable to remote code execution when rendering chat templates from a model fileOverview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint (/v1/rerank) . A CVE has been assigned to track the vulnerability; CVE-2026-5760. An attacker can create a malicious model for SGLang to achieve RCE. S…KB.CERT.ORG
20 AprAttackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based BotnetFortiGuard Labs has identified a Mirai-based Nexcorium campaign actively exploiting CVE-2024-3721 in TBK DVR devicesINFOSECURITY-MAGAZINE.COM
20 AprCVE-2023-33538 under attack for a year, but exploitation still unsuccessfulHackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far. Hackers have been trying for over a year to exploit a serious flaw, tracked as CVE-2023-33538 (CVSS score of 8.8), in outdated TP-Link routers, but so…SECURITYAFFAIRS.COM
20 AprNational Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges | Flashpointsubmitted by kid to cybersecurity 2 points | 0 comments https://flashpoint.io/blog/national-vulnerability-database-nvd-shifts-to-selective-enrichment-as-cve-volume-surges/SH.ITJUST.WORKS
20 AprSGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model FilesA critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems. The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of c…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 40[−]
20 Aprdeleteduser.com - a $15 Personally Identifiable Information (PII) Magnetsubmitted by artwork to cybersecurity 4 points | 0 comments https://mike-sheward.medium.com/deleteduser-com-a-15-pii-magnet-c4396eb21061 …deleting records could cause big problems. Referential integrity across database tables simply wouldn’t allow it… it would cause a resonance c…SH.ITJUST.WORKS
20 AprVercel Breach Tied to Context AI Hack Exposes Limited Customer CredentialsWeb infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems. The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an…THEHACKERNEWS.COM
20 AprVercel Reports Data Breach Amid Claims of Compromised Internal InfrastructureAccording to a recent security bulletin published by Vercel, the cloud platform company has suffered a data breach involving unauthorized access to its internal infrastructure. The incident, which was updated on April 20, 2026, highlights the growing risks associated with third-p…GBHACKERS.COM
20 AprQEMU Hijacked as Stealth Backdoor for Credential Theft, RansomwareAttackers are increasingly abusing QEMU virtual machines to hide credential theft and ransomware staging inside “invisible” virtual environments, making detection and forensics significantly harder for defenders. QEMU is a legitimate open-source emulator and virtualizer that allo…GBHACKERS.COM
20 AprCritical Gardyn Flaws Open Smart Garden Devices to Remote HijackingA recently updated advisory from the Cybersecurity and Infrastructure Security Agency (CISA) has revealed severe vulnerabilities in Gardyn Home Kit systems. These critical flaws carry a maximum CVSS score of 9.3 and could allow malicious actors to hijack smart gardening devices r…GBHACKERS.COM
20 AprHandling the CVE Flood With EPSS, (Mon, Apr 20th)Every morning, security people around the world face the same ritual: opening their vulnerability feed to find a lot of new CVE entries that appeared overnight. Over the past decade, this flood has become a defining challenge of modern defensive security. Some numbers[ 1 &#x…ISC.SANS.EDU
20 AprUngepatchte Windows-Zero-Days RedSun, UnDefend und BlueHammer werden attackiertDie Zero-Day-Lücken im Windows Defender mit den Namen BlueHammer, RedSun und UnDefend werden offenbar attackiert.HEISE.DE
20 AprAI Model Claude Opus turns bugs into exploits for just $2,283Claude Opus created a working Chrome exploit for $2,283, showing that widely available AI models can already find and weaponize vulnerabilities. Claude Opus managed to produce a functional Chrome exploit for just $2,283, raising concerns about how easily AI can be used to find an…SECURITYAFFAIRS.COM
20 AprAngriff auf Next.js-Hersteller Vercel: Kundendaten abgegriffenInterne Vercel-Systeme und damit auch Kundendaten wurden in einem Security-Vorfall kompromittiert. Ein externes KI-Tool diente als Einfallstor.HEISE.DE
20 AprMaking AI actually work in the enterprise and more RSAC Conference 2026 interviews - A... - ESW #455Interview with Jim Spignardo What does it take to build AI workflows that work? Why do so many fail? Jim isn’t a typical ESW guest. I think it’s essential for security folks to regularly step outside the security bubble and understand other perspectives and mindsets. That’s what …YOUTUBE.COM
20 AprAnthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply ChainCybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. "This flaw enables Arbitrar…THEHACKERNEWS.COM
20 AprCISOs reshape their roles as business risk strategistsNitin Raina ’s career history resembles that of many CISOs: He worked in IT infrastructure, operations, and services before moving into security and advancing through the ranks. He’s now global chief information security officer at technology consultancy Thoughtworks. But in a le…CSOONLINE.COM
20 AprNetwork ‘background noise’ may predict the next big edge-device vulnerabilityGreyNoise researchers spotted a consistent trend in forthcoming vulnerabilities affecting security tools, providing defenders an early-warning system for likely imminent attacks. The post Network ‘background noise’ may predict the next big edge-device vulnerability appeared first…CYBERSCOOP.COM
20 AprFracturing Software Security With Frontier AI ModelsUnit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching. The post Fracturing Software Security With Frontier AI Models appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
20 AprThird-party AI hack triggers Vercel breach, internal environments accessedVercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of a third-party AI tool, Context.ai, used by one of its emplo…SECURITYAFFAIRS.COM
20 AprAnthropic MCP Hit by Critical Vulnerability Enabling Remote Code ExecutionA critical, systemic vulnerability discovered in Anthropic’s Model Context Protocol (MCP) has exposed over 150 million downloads and up to 200,000 servers to complete takeover, according to research published April 15, 2026, by the OX Security Research team. The flaw enable…GBHACKERS.COM
20 Apr KEVThree Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatchedsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2026/04/three-microsoft-defender-zero-days.htmlSH.ITJUST.WORKS
20 AprAttackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbookAttackers are increasingly exploiting enterprise collaboration platforms such as Microsoft Teams to gain initial access, impersonating IT helpdesk staff and persuading employees to grant remote control, according to new research from Microsoft. In a blog post , Microsoft describe…CSOONLINE.COM
20 AprHackers exploit Vercel’s trust in AI integrationFrontend cloud platform Vercel, the creator of Next.js and Turbo.js, has warned about a data breach after a compromised third-party AI application abused OAuth to access its internal systems. A Vercel employee used the third party app, identified as Context.ai , which allowed the…CSOONLINE.COM
20 Apr KEVCISA flags Apache ActiveMQ flaw as actively exploited in attackssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-flags-apache-activemq-flaw-as-actively-exploited-in-attacks/SH.ITJUST.WORKS
20 AprVercel confirms breach as hackers claim to be selling stolen datasubmitted by kid to cybersecurity 3 points | 0 comments https://www.bleepingcomputer.com/news/security/vercel-confirms-breach-as-hackers-claim-to-be-selling-stolen-data/SH.ITJUST.WORKS
20 AprGh0st RAT, CloverPlus Hit Victims in Dual-Malware CampaignA new malware campaign is bundling a powerful remote access trojan (RAT) with intrusive adware, giving attackers both long-term control of infected systems and an immediate revenue stream from fraudulent advertising activity. The loader hides two encrypted payloads in its resourc…GBHACKERS.COM
20 AprShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeoverssubmitted by kid to cybersecurity 4 points | 0 comments https://hackread.com/showdoc-vulnerability-patch-2020-server-takeover/SH.ITJUST.WORKS
20 Apr⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & MoreMonday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels …THEHACKERNEWS.COM
20 AprApp host Vercel says it was hacked and customer data stolenVercel blamed its breach on an earlier hack at Context AI, which allowed hackers to hijack a Vercel employee's account to steal customer data.TECHCRUNCH.COM
20 AprAI Agents Are Insider RiskAI agents and chatbots are increasingly integrated into systems with access to data and services. However, they often lack traditional identity controls like MFA and may not be fully monitored. Without visibility and restrictions, these agents can behave like unmanaged insiders—a…YOUTUBE.COM
20 AprFireside Chat: PKI has carried digital trust through every tech advance—now comes the hardest onePublic key infrastructure — the authentication and encryption framework that has held digital commerce together through every chaotic leap forward in technology — is facing a double whammy. Related: Achieveing AI security won’t be easy Autonomous AI agents are f…LASTWATCHDOG.COM
20 AprVulnerability exploitation surges often precede disclosure, offering possible early warningsOrganizations can get ahead of major flaws with the right threat intelligence, according to a new report.CYBERSECURITYDIVE.COM
20 AprVercel systems targeted after third-party tool compromisedAn employee using a consumer app was breached after granting too many permissions.CYBERSECURITYDIVE.COM
20 AprCloud development platform Vercel confirms breach.White House officials meet with Anthropic CEO over Mythos concerns. Scattered Spider hacker pleads guilty.THECYBERWIRE.COM
20 Apr2026’s Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones VulnerableFrom the FBI breach to the DarkSword iPhone exploit, these are the biggest cyber attacks and security failures that have shaped 2026 so far. The post 2026’s Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones Vulnerable appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprVercel Confirms Major Security Incident as Hacker Claims $2M Ransom DemandVercel confirms a security incident after a threat actor claims internal access and demands a $2M ransom, raising concerns about API keys, CI/CD pipelines, and cloud security. The post Vercel Confirms Major Security Incident as Hacker Claims $2M Ransom Demand appeared first on Te…TECHREPUBLIC.COM
20 AprSurvey: Security Leaders Emphasize Need for Workforce EducationA new survey from LevelBlue has found that a majority of Chief Technology Officers (CTOs) believe the human-related elements of their cybersecurity strategies are falling short. These concerns are exacerbated by the emergence of new threats, such as AI-assisted attacks.KNOWBE4.COM
20 AprMicrosoft Defender Flaws Exploited on Windows, Two Left UnpatchedAlthough the team with Microsoft moved swiftly to patch the BlueHammer vulnerability, other exploits still threaten Microsoft Defender and Windows users. The post Microsoft Defender Flaws Exploited on Windows, Two Left Unpatched appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprThe MCP Disclosure Is the AI Era’s ‘Open Redirect’ MomentThe MCP flaw reveals a systemic AI security gap, exposing enterprise systems to supply chain attacks and forcing a shift toward data-layer governance. The post The MCP Disclosure Is the AI Era’s ‘Open Redirect’ Moment appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprWhen one weak link is enough.Cloud platform Vercel confirms a data breach. Microsoft releases emergency updates to fix Windows Server restart loops. Bluesky gets DDoSed. Insurers keep close watch on an AI hiring discrimination suit. Cybersecurity workforce turnover rises. Scammers abuse Apple’s email notific…THECYBERWIRE.COM
20 AprThe FTC’s AI portfolio is about to get biggerThe commission is preparing to enforce key parts of a new law against sexual deepfakes and searching for ways to block AI-driven scamming using voice clones. The post The FTC’s AI portfolio is about to get bigger appeared first on CyberScoop .CYBERSCOOP.COM
20 AprVercel’s security breach started with malware disguised as Roblox cheatsThe attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions. The post Vercel’s security breach started with malware disguised as Roblox cheats appeared first on CyberScoop .CYBERSCOOP.COM
20 AprSmall Banks at Risk of CollapseStablecoins could be used to inject large amounts of perceived “equity” into small community banks, even though that capital may not be واقعی or stable. If banks treat this as real money, they could start issuing loans based on unstable or fraudulent backing. That creates a syste…YOUTUBE.COM
20 AprVuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code executionGoogle’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection. The post Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution …CYBERSCOOP.COM
📢 SECURITY ADVISORIES 4[−]
20 AprNCSC Outlines Coordinated Plan to Boost NHS Cyber ResilienceThe National Cyber Security Centre has shared an update of its resilience-building efforts for the NHSINFOSECURITY-MAGAZINE.COM
20 AprIran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker PersonasA single Iranian state-directed operation is hiding behind several so‑called “hacktivist” brands, using different online identities to run one coordinated global cyber campaign. New analysis links three prominent personas Homeland Justice, Karma/KarmaBelow80, and Handala to Iran’…GBHACKERS.COM
20 AprMinister: Swedish heating plant targeted by pro-Russian cyberattacksubmitted by kid to cybersecurity 1 points | 0 comments https://energywatch.com/EnergyNews/grid/article19202558.eceSH.ITJUST.WORKS
20 AprCyberattack at French identity document agency may have exposed personal dataA cyberattack targeting a French government website used to manage identity documents and driver’s licenses may have exposed users’ personal data, the Interior Ministry said.THERECORD.MEDIA
🔥 INCIDENT REPORTING 10[−]
20 AprFake Helpdesk Attack Uses Teams and Quick Assist to Breach TargetsAttackers are increasingly abusing Microsoft Teams and Windows Quick Assist to run a helpdesk‑themed social engineering attack chain that leads to full enterprise compromise and stealthy data theft. By impersonating IT support and relying on legitimate tools and protocols, advers…GBHACKERS.COM
20 AprBritish Hacker Admits Stealing Millions in Virtual Currency From Targeted CompaniesA 24-year-old British national, Tyler Robert Buchanan, has pleaded guilty to orchestrating a massive cyberattack campaign that compromised over a dozen U.S. companies and resulted in the theft of at least $8 million in cryptocurrency. According to a Friday announcement from the U…GBHACKERS.COM
20 AprJanaWare Ransomware Hits Turkish Users via Tailored Adwind RATA newly analyzed ransomware campaign dubbed “JanaWare” is targeting users in Turkey by leveraging a customized version of the Adwind Remote Access Trojan (RAT). The campaign combines stealthy delivery techniques, geographic restrictions, and polymorphic malware to evade detection…GBHACKERS.COM
20 AprDFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the ProxyKey Points The Gentlemen RaaS The Gentlemen ransomware‑as‑a‑service (RaaS) operation is a relatively new group that emerged around mid‑2025. The operators advertise their services across multiple underground forums, promoting their ransomware platform and inviting penetration tes…RESEARCH.CHECKPOINT.COM
20 AprBluesky blames app outage on ‘sophisticated’ DDoS attackThe decentralized social network said the incident began on April 15, when the company received reports of intermittent outages affecting the app.THERECORD.MEDIA
20 Apr20th April – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 20th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Booking.com, the Amsterdam-based travel platform, has confirmed a data breach after unauthorized parties accessed reservation data l…RESEARCH.CHECKPOINT.COM
20 AprCrypto infrastructure company blames $290 million theft on North Korean hackersA theft of nearly $300 million worth of cryptocurrency has been attributed to hackers from North Korea, as the industry grapples with the fallout of a wide-ranging incident involving multiple prominent platforms.THERECORD.MEDIA
20 AprScattered Spider member Tyler Buchanan pleads guilty to major crypto theftTyler Buchanan, linked to Scattered Spider, pleaded guilty in the US to hacking companies and stealing millions in cryptocurrency. Tyler Buchanan, a 24-year-old from Scotland linked to the Scattered Spider group, admitted in a US court that he hacked dozens of companies, committe…SECURITYAFFAIRS.COM
20 AprAmtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger LeakAmtrak data breach exposes over 2.1 million customer records after CRM access. Learn what was leaked, risks, and steps users and IT teams should take now. The post Amtrak Data Breach Exposes 2.1M Records, Reports Suggest Larger Leak appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprFrance’s ANTS ID System website hit by cyberattack, possible data breachA cyberattack hit France’s ANTS website, possibly exposing personal data from users applying for IDs, passports, and driver’s licenses. A cyberattack targeted France’s ANTS platform, which handles applications for passports, ID cards, residence permits, and driver’s licenses. Aut…SECURITYAFFAIRS.COM
🕵️ THREAT INTELLIGENCE 30[−]
20 AprISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898, (Mon, Apr 20th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
20 AprPublic Notion Pages Expose Editors’ Profile Photos and Email AddressesA significant data exposure issue has been brought to light regarding Notion, a highly popular productivity and note-taking application. This exposure happens without requiring any authentication, cookies, or access tokens, leaving thousands of indexable company wikis and persona…GBHACKERS.COM
20 AprZionSiphon Hits Israeli Water Systems With OT Sabotage MalwareZionSiphon is a newly analyzed Operational Technology (OT) malware strain designed to target Israeli water treatment and desalination facilities, with a clear emphasis on sabotage rather than simple IT disruption. Darktrace’s investigation found that ZionSiphon restricts itself t…GBHACKERS.COM
20 AprNSA Confirms Use of Anthropic’s Mythos Despite Pentagon BlacklistThe National Security Agency (NSA) is actively using Anthropic’s highly restricted “Mythos” artificial intelligence model, despite the developer currently being on the Department of Defense (DoD) blacklist. According to recent intelligence reports highlighted by the I…GBHACKERS.COM
20 AprTop ERP Software Vendors in 2026Are you an IT manager or executive building the case for a new ERP vendor? Compare the top ERP software companies in 2026 for your business. The post Top ERP Software Vendors in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprWindows 11 Dev Build Introduces Improved Secure Boot Oversight and Storage SecurityMicrosoft has rolled out Windows 11 Insider Preview Build 26300.8170 to the Dev Channel, bringing crucial updates for system security and storage management. Announced by the Windows Insider Program Team on April 10, 2026, this release delivers enhanced oversight for Secure Boot …GBHACKERS.COM
20 ApriTerm2 Flaw Turns SSH Escape Sequences Into Arbitrary Code ExecutionIn the cybersecurity community, we often assume that simply reading a text file using a command like cat is a perfectly safe operation. However, security researchers have recently demonstrated that doing so inside the popular iTerm2 macOS terminal emulator can cross the line into…GBHACKERS.COM
20 AprMicrosoft-Signed Malware Built With FUD Crypt Packs Persistence and C2Hackers are abusing a service called FUD Crypt to generate fully undetected, Microsoft‑signed malware that installs persistence and connects to a dedicated command‑and‑control (C2) platform with zero effort on the buyer’s part. This Malware‑as‑a‑Service (MaaS) offering turn…GBHACKERS.COM
20 AprMiningDropper Spreads Infostealers, RATs, Banking Malware on AndroidHackers are abusing a modular Android framework called MiningDropper to mine cryptocurrency and silently install infostealers, remote access trojans (RATs), and banking malware on infected devices. MiningDropper is a multi-stage Android dropper that combines crypto-mining with th…GBHACKERS.COM
20 AprIs “Satoshi Nakamoto” Really Adam Back?The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back. I don’t know. The article is convincing, but it’s written to be convincing. I can’t remember …SCHNEIER.COM
20 AprNorth Korea-Linked UNC1069 Hacks Crypto Pros via Fake MeetingsNorth Korea-linked threat actor UNC1069 is running a highly targeted campaign that abuses fake Zoom, Google Meet, and Microsoft Teams meetings to compromise cryptocurrency and Web3 professionals across Windows, macOS, and Linux systems. The goal is long-term access and large-scal…GBHACKERS.COM
20 AprNotion pages have leaked user data via an unauthenticated API since 2022A security researcher has revealed that Notion’s public pages can expose the email addresses of all contributors through an unauthenticated API request, a behavior that has reportedly been known since 2022 and is still present today. The issue allows anyone to extract user data, …CYBERINSIDER.COM
20 AprIntel Utility Hijacked in AppDomain Attack to Launch MalwareHackers are abusing a trusted Intel utility to quietly launch advanced malware by hijacking the .NET AppDomain mechanism, allowing malicious code to run inside a signed executable and evade many enterprise defenses. The campaign, dubbed Operation PhantomCLR by researchers, target…GBHACKERS.COM
20 AprNew RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Appssubmitted by kid to cybersecurity 2 points | 0 comments https://hackread.com/recruitrat-saferrat-astrinox-massiv-android-malware/SH.ITJUST.WORKS
20 AprCritical sandbox bypass fixed in popular Thymeleaf Java template engine | CSO Onlinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.csoonline.com/article/4160520/critical-sandbox-bypass-fixed-in-popular-thymeleaf-java-template-engine.htmlSH.ITJUST.WORKS
20 AprThis $20 Career Prep Bundle Teaches Something Others NeglectStudy the soft skills employers praise, like communication, resilience on the job, and even interview prep. The post This $20 Career Prep Bundle Teaches Something Others Neglect appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprWhy the Axios attack proves AI is mandatory for supply chain securityTwo weeks ago, a suspected North Korean threat actor slipped malicious code into a package within Axios, a widely used JavaScript library. The immediate concern was the blast radius: roughly 100 million weekly downloads spanning enterprises, startups, and government systems. But …CYBERSCOOP.COM
20 AprMeta Plans Up to 8,000 Job Cuts in New Round of LayoffsMeta is preparing a major round of layoffs that could cut up to 8,000 jobs as the company restructures and leans further into AI-driven operations. The post Meta Plans Up to 8,000 Job Cuts in New Round of Layoffs appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprAnthropic secretly installs spyware when you install Claude Desktopsubmitted by codeinabox to security 44 points | 3 comments https://www.thatprivacyguy.com/blog/anthropic-spyware/PROGRAMMING.DEV
20 AprStellantis teams with Microsoft to strengthen digital capabilitiesAs part of the 5-year agreement, collaborative teams will co-develop more than 100 initiatives relating to AI and cybersecurity.CYBERSECURITYDIVE.COM
20 AprApple’s App Store found hosting ‘FakeWallet’ crypto-stealing appsA wave of malicious iOS apps posing as legitimate cryptocurrency wallets has been discovered on Apple’s App Store, aiming to steal users’ recovery phrases and compromise their funds. The campaign, uncovered by Kaspersky and tracked as FakeWallet, has likely been operating undetec…CYBERINSIDER.COM
20 AprNorth Korea hackers blamed for $290M crypto theftThe hack against Kelp DAO is the largest crypto heist of the year so far.TECHCRUNCH.COM
20 AprChrome Privacy Concerns Rise as Expert Warns of Fingerprinting RisksA privacy expert warns Chrome still allows browser fingerprinting and tracking, raising concerns after Google’s shift away from third-party cookie changes. The post Chrome Privacy Concerns Rise as Expert Warns of Fingerprinting Risks appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprAmazon Debuts ‘Slimmest Ever’ Fire TV Stick HD Starting at $34.99Amazon unveils its “slimmest ever” Fire TV Stick HD with Wi-Fi 6, Alexa+, faster performance, and portable USB-powered streaming for any TV. The post Amazon Debuts ‘Slimmest Ever’ Fire TV Stick HD Starting at $34.99 appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprItaly fines national postal service $14.7M over invasive data collectionItaly’s privacy watchdog has fined Poste Italiane and its digital payments arm Postepay more than €12.5 million ($14.7M) for unlawfully processing user data through their mobile apps. The regulator found that anti-fraud measures embedded in the apps collected excessive device inf…CYBERINSIDER.COM
20 AprOver 800 Android Apps Targeted in PIN-Stealing Trojan CampaignFour Android banking malware campaigns are targeting more than 800 apps by abusing overlays, Accessibility permissions, and sideloaded fake apps to steal PINs. The post Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprBad Data Breaks AI SystemsAI systems rely entirely on the quality of the data they are trained on and operate with. Many organizations still struggle with basic data hygiene—classification, deduplication, and organization. Without clean, structured, and relevant data, AI systems produce poor or unreliable…YOUTUBE.COM
20 AprMac Studio 2026: Apple’s New Desktop Faces a Delayed TimelineApple’s Mac Studio 2026 may be delayed due to supply chain issues and memory shortages, with reports pointing to a later-than-expected release timeline. The post Mac Studio 2026: Apple’s New Desktop Faces a Delayed Timeline appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprChina’s Robot Half Marathon Was More Than a StuntBeijing’s robot half marathon was part spectacle, part stress test, and a much better sign of humanoid progress than last year’s remote-controlled field. The post China’s Robot Half Marathon Was More Than a Stunt appeared first on TechRepublic .TECHREPUBLIC.COM
20 AprThis VPN Lets You Verify Your Business Privacy For $130VP.NET makes VPN privacy verifiable, not just policy-based, with secure enclave tech for up to five devices. The post This VPN Lets You Verify Your Business Privacy For $130 appeared first on TechRepublic .TECHREPUBLIC.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
20 AprA week in security (April 13 – April 19)A list of topics we covered in the week of April 13 to April 19 of 2026MALWAREBYTES.COM
20 AprResearchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT SystemsCybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems. The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamp…THEHACKERNEWS.COM
20 AprZionSiphon Malware Targets Water Infrastructure SystemsZionSiphon malware targets OT water systems with sabotage and ICS scanning capabilitiesINFOSECURITY-MAGAZINE.COM
20 AprFormbook Malware Campaign Uses Multiple Obfuscation Techniques to Avoid DetectionFormbook attacks use combination of DLL Side-Loading and Obfuscated JavaScript to stay hidden, researchers at WatchGuard have uncoveredINFOSECURITY-MAGAZINE.COM
🎙️ PODCASTS 3[−]
20 AprBeyond IT: Cybersecurity is a strategic business riskWhy cybersecurity now demands C-suite attention and accountability.CYBERSECURITYDIVE.COM
20 AprBig Tech can stop scams. They just don’t (Lock and Code S07E08)This week on the Lock and Code podcast, we speak with Marti DeLiema about what really works in protecting older adults from financial scams.MALWAREBYTES.COM
20 AprBuilding a unified security ecosystem with Melissa K. Smith from SentinelOneMelissa K. Smith, SVP of Global Strategic Partnerships and Initiatives at SentinelOne joins Dave Bittner on the CyberWire Daily podcast for a sponsored Industry Voices at the RSA Conference 2026. She discusses how strategic partnerships are helping organizations move beyond fragm…THECYBERWIRE.COMHTTPS:
📡 INFOSEC NEWS 13[−]
20 AprMicrosoft: Update außer der Reihe gegen ungewollte Server-RebootsEin ungeplantes Update von Microsoft soll automatisch neustartende Windows-Server heilen. Das kann nach den April-Updates auftreten.HEISE.DE
20 AprZahlreiche Attacken auf Dell PowerProtect Data Domain möglichIn aktuellen Versionen von Dell PowerProtect Data Domain haben die Entwickler Schwachstellen geschlossen.HEISE.DE
20 AprFakeWallet crypto stealer spreading through iOS apps in the App StoreIn March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.SECURELIST.COM
20 AprFakeWallet crypto stealer spreading through iOS apps in the App StoreIn March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.SECURELIST.COM
20 AprThe Weird, Twisting Tale of How China Spied on Alysa Liu and Her DadYears before the figure skater became an Olympic superstar, a Chinese operative tried to stalk her father and monitored other US residents deemed dissidents against China. And that’s just the beginning.WIRED.COM
20 AprCrypto Exchange Grinex Blames Western Spies for $13m TheftRussian crypto-exchange Grinex claims Western intelligence agencies were behind a $13m heistINFOSECURITY-MAGAZINE.COM
20 AprWhy Most AI Deployments Stall After the DemoThe fastest way to fall in love with an AI tool is to watch the demo. Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team. But most AI initiatives don't fail because of bad techn…THEHACKERNEWS.COM
20 AprBritish hacker tied to Scattered Spider campaign pleads guilty in $8M schemeA British hacker pleaded guilty in U.S. federal court to participating in a sweeping cybercrime campaign that siphoned at least $8 million in cryptocurrency from companies and individuals, federal prosecutors said.THERECORD.MEDIA
20 AprMythos: An AI tool too powerful for public releaseAnthropic is keeping Mythos out of public hands, with limited access for select organizations over fears it could be misused.MALWAREBYTES.COM
20 AprHow to clone an AWS CloudHSM cluster across RegionsImportant: As of January 1, 2025, Client SDK 3 tools (CMU and KMU) are no longer supported. This guide has been updated to use Client SDK 5 commands exclusively. Ensure you’re using the latest Client SDK 5 version (5.17 or later) for the most recent features and security improvem…AWS.AMAZON.COM
20 AprElon Musk fails to appear for questioning by French police over sexualized AI images on XMusk, the billionaire owner of X, and the company's chief executive Linda Yaccarino had both been summoned for voluntary interviews with police on April 20 in Paris.THERECORD.MEDIA
20 AprMastodon says its flagship server was hit by a DDoS attackThe DDoS attack against Mastodon's flagship server comes less than a week after Bluesky was targeted with junk web traffic.TECHCRUNCH.COM
20 AprItalian regulator fines national postal service orgs $15 million for data privacy violationsThe regulator fined Poste Italiane SpA, the postal service provider, €6.6 million ($7.8 million) and Postepay SpA, a digital payments subsidiary, €5.9 million ($7 million) for allegedly illegally processing millions of users’ personal data.THERECORD.MEDIA