106Articles
10Categories
2026-04-21Date
🚨 CISA KEV 3[−]
21 Apr KEVCISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal DeadlinesThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vuln…THEHACKERNEWS.COM
21 Apr KEVU.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalogU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency…SECURITYAFFAIRS.COM
21 Apr KEVTrust Lags Behind Technology.Anthropic’s Mythos proves irresistible despite claimed supply chain risks.Iran claims U.S. backdoors hit its networks. New Coast Guard rules target maritime OT security. A fresh NGate Android malware variant emerges. Thousands of ActiveMQ servers face active exploitation risk. CI…THECYBERWIRE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
21 AprMalicious GGUF Models Could Trigger Remote Code Execution on SGLang ServersSecurity researchers have uncovered a critical vulnerability in SGLang, a widely used framework for running large language models, that allows threat actors to compromise inference servers. Tracked as CVE-2026-5760, this flaw enables Remote Code Execution (RCE) when a server load…GBHACKERS.COM
21 Apr6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197Over 6,000 internet-facing Apache ActiveMQ servers are currently affected by a critical security flaw, leaving enterprise networks wide open to attack. The Shadowserver Foundation, a prominent nonprofit security research organization, reported finding exactly 6,364 vulnerable IP …GBHACKERS.COM
21 AprCVE-2026-41254Information published.MSRC.MICROSOFT.COM
21 AprApache Syncope RCE Vulnerability Detailed After Public Exploit Code ReleaseSecurity researchers have released full technical details and a working proof-of-concept (PoC) exploit for CVE-2025-57738, a high-severity remote code execution (RCE) vulnerability in Apache Syncope, a widely deployed open-source identity management platform used across enterpris…GBHACKERS.COM
21 AprAzure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operationsA high-severity authentication flaw in Microsoft’s Azure SRE Agent exposed sensitive agent data to unauthorized network access, according to a confirmed vulnerability disclosure. The issue was identified by Enclave AI researcher Yanir Tsarimi, who detailed the findings in a blog …CSOONLINE.COM
21 AprVU#414811: Terrarium contains a vulnerability that allows arbitrary code executionOverview Terrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution w…KB.CERT.ORG
21 AprVU#890999: Radware Alteon has a reflected XSS vulnerability that can execute JavaScript in the host browserOverview Radware Alteon has a reflected Cross-Site Scripting (XSS) vulnerability in the parameter ReturnTo of the route /protected/login. This vulnerability allows an attacker to execute JavaScript in the host browser. Description CVE-2026-5754: Reflected Cross-Site Scripting (XS…KB.CERT.ORG
21 Apr KEVThousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discoveredTwo weeks after researchers using an AI tool discovered a major hole in Apache’s ActiveMQ messaging middleware, there are still thousands of unpatched instances open to the internet, more evidence that many application developers and IT leaders aren’t paying close attention to wa…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 29[−]
21 AprLovable AI App Builder Hit by Reported API Flaw Exposing Thousands of ProjectsThe popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revealed that a critical flaw exposes sensitive project data, source code, and user credentials for any project created on the p…GBHACKERS.COM
21 AprAI-Driven Exploitation Could Shrink Defenders’ Patch WindowAI-powered cyberattacks are entering a new phase, with frontier AI models now capable of autonomously discovering and exploiting software vulnerabilities at unprecedented speed. Unit 42’s hands-on testing reveals that modern AI models are no longer مجرد coding assistants. Instead…GBHACKERS.COM
21 Apr173: TarjeterosIn the streets of the Dominican Republic, a new economy thrives in the shadows. It’s built not on tourism or sugar, but on stolen data. They call them tarjeteros. And they are making a lot of money from stolen credit cards. This is a story about one group of tarjeteros who came t…DARKNETDIARIES.COM
21 AprGitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting DevelopersHackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are now prime targets because comp…GBHACKERS.COM
21 Apr KEVCISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security FlawsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to network defenders regarding the active exploitation of Cisco Catalyst SD-WAN Manager. On April 20, 2026, CISA officially added three distinct security flaws affecting the platform to its K…GBHACKERS.COM
21 AprBluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibilityBluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption. Bluesky experienced a sophisticated DDoS attack that disrupted its services for about 24 hours, starting on April 15. Bluesky is a decentralized, open-so…SECURITYAFFAIRS.COM
21 AprTop techniques attackers use to infiltrate your systems todayMuch of the talk around cybersecurity these days revolves around AI and the threat it poses to corporate systems when used by nefarious actors. But the reality on the ground remains a little more mundane than polymorphic AI malware and criminal masterminds putting machine learnin…CSOONLINE.COM
21 AprThe thin gray line: Handala, CyberAv3ngers and Iran’s proxy opsOn April 7, six US government agencies issued a critical advisory warning domestic private sector organizations of potential infrastructural cyberattacks conducted by Iranian-affiliated Advanced Persistent Threat (APT) actors. The advisory stops short of attributing these threats…CSOONLINE.COM
21 AprThe Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379Red team exercises set goals to see if a particular outcome can be accomplished through a simulated attack, but the ultimate outcome should be educating the org about how to improve tools and processes that make attacks more difficult to succeed. Gwyddon "Data" Owen shares his ex…YOUTUBE.COM
21 AprVercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party ToolCloud app developer Vercel appears to have suffered a security breachINFOSECURITY-MAGAZINE.COM
21 AprMicrosoft spots Sapphire Sleet macOS attack using AppleScript and social engineeringA new macOS-focused cyber campaign linked to the North Korean threat actor Sapphire Sleet, highlighting how attackers are increasingly relying on social engineering rather than software vulnerabilities to compromise systems. Rather than exploiting security flaws, the attackers ma…GBHACKERS.COM
21 AprWhy identity is the driving force behind digital transformationIdentity centric technologies have undergone a significant transformation in recent times. Gone are the days when it was all about logging in and out of any given system. Today, identity has become the backbone of all digital enterprises. It’s the ‘invisible engine’ that powers e…CSOONLINE.COM
21 AprMythos can find the vulnerability. It can’t tell you what to do about it.Anthropic’s new model can find vulnerabilities faster and cheaper than ever. The hardest part is still everything that comes after. The post Mythos can find the vulnerability. It can’t tell you what to do about it. appeared first on CyberScoop .CYBERSCOOP.COM
21 AprNo Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based AttacksThe cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI-generated exploits. However, the most reliable entry point for attackers still hasn't changed: stolen credentials. Identity-based attacks rem…THEHACKERNEWS.COM
21 AprGoogle Patches Antigravity IDE Flaw Enabling Prompt Injection Code ExecutionCybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment (IDE), Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an ins…THEHACKERNEWS.COM
21 AprUK probes Telegram and other chat apps over child safety failuresThe UK’s communications regulator Ofcom has opened formal investigations into Telegram, Teen Chat, and Chat Avenue over concerns they are failing to prevent the spread of child sexual abuse material (CSAM) and protect minors from online grooming. The enforcement action follows ev…CYBERINSIDER.COM
21 AprPrompt injection turned Google’s Antigravity file search into RCESecurity researchers have revealed a prompt injection flaw in Google’s Antigravity IDE that could be weaponized to bypass its sandbox protections and achieve remote code execution (RCE). The issue came from Antigravity’s ability to allow AI agents to invoke native functions, like…CSOONLINE.COM
21 AprThe Vercel breach started at a tool nobody was watchingsubmitted by codeinabox to security 1 points | 0 comments https://siddhantkhare.com/writing/vercel-breach-oauth-blast-radiusPROGRAMMING.DEV
21 AprAlert: WhatsApp Phishing Campaign Delivers MalwareA new phishing campaign is using WhatsApp messages to deliver malware, according to researchers at Microsoft. The attackers are attempting to trick users into installing malicious Visual Basic Script (VBS) files. “The campaign relies on a combination of social engineering and liv…KNOWBE4.COM
21 AprPhishing and MFA exploitation: Targeting the keys to the kingdomIn 2025, attackers increasingly targeted weaknesses in multi-factor authentication (MFA) workflows, and phishing attacks leveraged valid, compromised credentials to launch lures from trusted accounts. The trends focused entirely on trust, or the lack thereof, in everyday business…TALOSINTELLIGENCE.COM
21 AprCloud platform Vercel says company breached through third-party AI toolVercel released a statement acknowledging a breach and warning a “limited subset of customers” that their Vercel credentials were compromised.THERECORD.MEDIA
21 Apr22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP ConvertersCybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codename…THEHACKERNEWS.COM
21 AprCISA confirms exploitation of 3 more Cisco networking device vulnerabilitiesCisco revealed six critical flaws in widely used products in February. The government has now seen evidence that hackers are abusing four of them.CYBERSECURITYDIVE.COM
21 AprThe Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI IdentitiesWashington D.C., USA, April 21st, 2026, CyberNewswire Cybersecurity Insiders, in collaboration with Saviynt, has released new research indicating that AI identities are increasingly operating within core enterprise systems, often without established governance or visibility. The …GBHACKERS.COM
21 AprSecurity Game Isn’t FairIn cybersecurity, attackers and defenders are often described as unequal—but not always in the way people assume. Defenders shape the environment: they define the rules, deploy layered defenses, and control the systems attackers must navigate. This creates a fundamentally asymmet…YOUTUBE.COM
21 AprMozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150CTO says new AI model is "every bit as capable" as world's best security researchers.ARSTECHNICA.COM
21 AprRobosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More... - SWN #574Robosawmill, Gentleman, Vercel, GitHub, Claude, RS232, Josh Marpet, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-574YOUTUBE.COM
21 AprOracle April 2026 Critical Patch Update Addresses 241 CVEsOracle addresses 241 CVEs in its second quarterly update of 2026 with 481 patches, including 34 critical updates. Key takeaways: The second Critical Patch Update (CPU) for 2026 contains fixes for 241 unique CVEs in 481 security updates   34 issues (7.1% of all patches) were …TENABLE.COM
21 AprFormer DigitalMint ransomware negotiator pleads guilty to extortion schemeAngelo Martino helped accomplices extort a combined $75.3 million in ransom payments from five victim companies. The post Former DigitalMint ransomware negotiator pleads guilty to extortion scheme appeared first on CyberScoop .CYBERSCOOP.COM
📢 SECURITY ADVISORIES 4[−]
21 AprSideWinder Spoofs Chrome PDF Viewer, Zimbra to Steal Government Webmail LoginsSideWinder is running an active credential‑harvesting campaign that uses a fake Chrome PDF viewer and a pixel‑perfect Zimbra clone on Cloudflare Workers to steal government webmail credentials from South Asian targets, including the Bangladesh Navy and Pakistan’s Ministry of Fore…GBHACKERS.COM
21 AprCISA Warns Compromised Axios npm Package Fueled Major Supply Chain AttackThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a severe software supply chain compromise affecting the widely used Axios node package manager (npm). Axios is a highly popular JavaScript library that developers rely on to handle HT…GBHACKERS.COM
21 AprEuropean Commission Moving to Classify ChatGPT as ‘Very Large Online Search Engine’ Under Digital Services ActThe European Commission is set to designate ChatGPT as a ‘Very Large Online Search Engine,’ subjecting OpenAI to strict Digital Services Act compliance rules. The post European Commission Moving to Classify ChatGPT as ‘Very Large Online Search Engine’ Under Digital Services Act a…TECHREPUBLIC.COM
21 AprCISA urges security teams to view environments following axios compromiseA suspected North Korea-linked actor is behind a supply chain attack on the widely used library.CYBERSECURITYDIVE.COM
🔥 INCIDENT REPORTING 13[−]
21 Apr12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K UsersLayerX security researchers have uncovered a massive, highly coordinated campaign involving at least 12 malicious browser extensions on the Google Chrome and Microsoft Edge marketplaces. Disguised as legitimate TikTok video downloaders, these extensions secretly track user activi…GBHACKERS.COM
21 AprGentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based LockerGentlemen is a fast‑growing ransomware‑as‑a‑service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi‑platform design and strong defense‑evasion features make it a high‑impact threat to c…GBHACKERS.COM
21 AprPureRAT Hides PE Payloads in PNGs for Fileless ExecutionA multi-stage PureRAT campaign that hides portable executable (PE) payloads inside PNG images and executes them almost entirely in memory, making detection and forensics significantly harder for defenders. The campaign combines steganography, PowerShell-based loaders, UAC bypass,…GBHACKERS.COM
21 AprUnchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of FirmsData exposure, operational disruption and financial losses among issues faced by businesses struggling with the rapid rise of AI agents, warns Cloud Security Alliance reportINFOSECURITY-MAGAZINE.COM
21 Apr5 Places where Mature SOCs Keep MTTR Fast and Others Waste TimeSecurity teams often present MTTR as an internal KPI. Leadership sees it differently: every hour a threat dwells inside the environment is an hour of potential data exfiltration, service disruption, regulatory exposure, and brand damage.  The root cause of slow MTTR is almos…THEHACKERNEWS.COM
21 AprThe Gentlemen Ransomware Expands With Rapid Affiliate GrowthGentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infectionsINFOSECURITY-MAGAZINE.COM
21 AprRansomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting ransomware attacks against U.S. companies in 2023. Angelo Martino, 41, of Land O'Lakes, Florida, teamed up with the operators of the BlackCat ransomware starting in April 2023 to assis…THEHACKERNEWS.COM
21 AprRansomware negotiator pleads guilty to helping ransomware gangA former employee of a cybersecurity firm pleaded guilty to aiding ransomware criminals to maximize their profits, with the goal of taking a cut of the ransom.TECHCRUNCH.COM
21 AprBreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure ValidationNew York, United States, April 21st, 2026, CyberNewswire BreachLock, a global leader in offensive security, today announced it has been named a representative vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation.   This recognition marks the …GBHACKERS.COM
21 AprLawmakers ponder terrorism designations, homicide charges over hospital ransomware attacksThe ideas came up at a House Homeland Security Committee hearing, as health care ransomware attacks are on the rise. The post Lawmakers ponder terrorism designations, homicide charges over hospital ransomware attacks appeared first on CyberScoop .CYBERSCOOP.COM
21 AprSystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware OperationThreat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemB…THEHACKERNEWS.COM
21 AprRansomware negotiator caught secretly assisting BlackCat extortion schemeAngelo Martino pleaded guilty to helping BlackCat ransomware group while acting as a ransomware negotiator. Another U.S. cybersecurity expert, Angelo Martino, admitted helping the BlackCat ransomware group while working as a ransomware negotiator. Angelo Martino (41) admitted hel…SECURITYAFFAIRS.COM
21 AprWeekly Update 500Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite Looking back at this milestone video, it's the audience question towards the end I liked most: "are you happy"? Charlott…TROYHUNT.COM
🕵️ THREAT INTELLIGENCE 34[−]
21 AprEnd of an Era: Tim Cook Steps Down as Apple CEO, John Ternus to Take OverApple CEO Tim Cook steps down, handing leadership to hardware chief John Ternus in a major shift that could shape the company’s next era. The post End of an Era: Tim Cook Steps Down as Apple CEO, John Ternus to Take Over appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprISC Stormcast For Tuesday, April 21st, 2026 https://isc.sans.edu/podcastdetail/9900, (Tue, Apr 21st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
21 AprSquare POS Review 2026: Pricing, Features, Pros and ConsSquare POS stands out for its free entry point, flexible software, and wide hardware range. However, its all-in-one approach can fall short depending on your business type and growth needs. The post Square POS Review 2026: Pricing, Features, Pros and Cons appeared first on TechRe…TECHREPUBLIC.COM
21 AprA .WAV With A Payload, (Tue, Apr 21st)There have been reports of threat actors using a .wav file as a vector for malware . ISC.SANS.EDU
21 AprNew Lazarus APT Campaign: “Mach-O Man” macOS Malware Kit Hits BusinessesEditor’s note: The research is authored by Mauro Eldritch, offensive security expert and a founder of BCA LTD, a company dedicated to threat intelligence and hunting. You can find Mauro on X.  The recent wave of ClickFix attacks has introduced several new…ANY.RUN
21 AprNorth Korean Blamed for $290m KelpDAO Crypto HeistNorth Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAOINFOSECURITY-MAGAZINE.COM
21 AprGet Microsoft Office 2024 Plus a Full Training Bundle for Just $114Skip the subscription fees and grab Office 2024 Home & Business + 8 Microsoft training courses in one bundle. The post Get Microsoft Office 2024 Plus a Full Training Bundle for Just $114 appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprSet Your Business Up With Microsoft Office 2019 & Windows 11 Pro, $26Skip the subscription fees and own a complete Microsoft productivity and OS bundle for a one-time payment. The post Set Your Business Up With Microsoft Office 2019 & Windows 11 Pro, $26 appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprFakeWallet cryptostealer propagating via iOS App Store applicationssubmitted by beep to cybersecurity 2 points | 0 comments https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/INFOSEC.PUB
21 AprNew NGate Android malware variant uses NFC app to steal card dataA newly discovered variant of the NGate Android malware is abusing a legitimate NFC payment app to steal victims’ card data and PINs, enabling attackers to perform contactless withdrawals and payments. According to ESET researchers, who detailed their findings in a report shared …CYBERINSIDER.COM
21 Aprpompelmi – ClamAV antivirus scanning for Node.js, zero dependenciessubmitted by justsouichi to security 1 points | 0 comments https://github.com/pompelmi/pompelmiPROGRAMMING.DEV
21 AprMexican Surveillance CompanyGrupo Seguritech is a Mexican surveillance company that is expanding into the US.SCHNEIER.COM
21 AprNGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINsCybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has been found to abuse a legitimate application called HandyPay instead of NFCGate. "The threat actors took the app, which is used to relay NFC data, and patched it with …THEHACKERNEWS.COM
21 AprAI-Powered NGate Malware Evades Detection Inside NFC Payment AppsA new NGate malware variant that hides inside a trojanized version of HandyPay, a legitimate NFC payment relay app for Android, to steal card data and PINs for ATM cash-outs and fraudulent payments. The injected code shows clear signs of being produced with generative AI, highlig…GBHACKERS.COM
21 AprClaude Code, Gemini CLI, and GitHub Copilot Exposed to Prompt Injection via GitHub CommentsComment and Control prompt injection vulnerabilities discovered in AI agents, including Claude Code Security Review, Google Gemini CLI Action, and GitHub Copilot Agent. The research, spearheaded by Aonan Guan and Johns Hopkins University researchers, highlights critical architect…GBHACKERS.COM
21 AprAll-in-One PDFtoolkit Unlimited Is $79 (reg. $619)Cut software subscription costs—and save $540—on unlimited AI-powered, secure browser-based PDF editing tools. The post All-in-One PDFtoolkit Unlimited Is $79 (reg. $619) appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprGoogle’s AI Overviews Produce Hundreds of Millions of Inaccurate Answers Every Day, Analysis SuggestsA new Oumi analysis reveals Google's AI Overviews may produce up to 225 billion false summaries annually. Learn about the accuracy gap between Gemini 2 and Gemini 3. The post Google’s AI Overviews Produce Hundreds of Millions of Inaccurate Answers Every Day, Analysis Suggests app…TECHREPUBLIC.COM
21 AprAmazon Deepens Anthropic Partnership, Eyeing Up to $25B as Claude Demand SurgesAmazon is investing another $5 billion in Anthropic, deepening its AWS partnership as Claude expands across chips, cloud, and enterprise access. The post Amazon Deepens Anthropic Partnership, Eyeing Up to $25B as Claude Demand Surges appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprLLMs Push Red Team BoundariesLLMs remix existing information to generate outputs, enabling red teams to move faster and build more convincing attack scenarios. This speed and synthesis capability can improve testing—but also introduce risk. Local LLMs without safeguards may allow teams to bypass ethical cons…YOUTUBE.COM
21 AprBig banks seek to ease security worries as AI push accelerates“AI is our friend, OK?” said Morgan Stanley CEO Ted Pick during the bank’s earnings call as the industry grapples with its disruptive potential. CYBERSECURITYDIVE.COM
21 Apr67% of Android apps log data not mentioned in their privacy policiesA large-scale academic study found that roughly two-thirds of Android apps fail to accurately disclose how they collect sensitive data through logging, exposing a significant transparency gap between privacy policies and real-world behavior. The research, conducted by a team from…CYBERINSIDER.COM
21 AprThis Sophisticated Scam Should Be a Warning To All CompaniesScams are becoming more sophisticated over time, but this latest scam should be a wake-up call to all organizations and employees as to how far some scammers will go to damage your organization or its stakeholders.KNOWBE4.COM
21 AprLeak Points to Google’s ‘Fitbit Air’ as a Screen-Free Wearable for Health TrackingGoogle’s rumored Fitbit Air could launch soon as a screen-free fitness band, while leaks point to a broader Google Health rebrand. The post Leak Points to Google’s ‘Fitbit Air’ as a Screen-Free Wearable for Health Tracking appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprApple May Drop iOS 27 Support for Four iPhones, Leaving Millions BehindA new leak suggests iOS 27 may drop support for the iPhone 11 lineup and the second-generation iPhone SE. The post Apple May Drop iOS 27 Support for Four iPhones, Leaving Millions Behind appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprHuawei Just Beat Apple and Samsung to a New Foldable Format in ChinaHuawei’s Pura X Max is now official in China, bringing a wide foldable design, a 7.7-inch inner display, Kirin 9030 Pro, and a 5,300mAh battery. The post Huawei Just Beat Apple and Samsung to a New Foldable Format in China appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprGoogle Photos Rolls Out New AI-Powered Portrait Editing FeaturesGoogle Photos is rolling out AI-powered portrait touch-up tools that make skin smoothing, eye brightening, and quick facial edits easier on Android. The post Google Photos Rolls Out New AI-Powered Portrait Editing Features appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprQuantum Computers Are Not a Threat to 128-bit Symmetric Keyssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://words.filippo.io/128-bits/INFOSEC.PUB
21 AprScottish man pleads guilty to attack spree that created Scattered Spider’s notorietyTyler Robert Buchanan “was the glue that held this gang together,” a cybercrime researcher said. He faces up to 22 years in federal prison. The post Scottish man pleads guilty to attack spree that created Scattered Spider’s notoriety appeared first on CyberScoop .CYBERSCOOP.COM
21 AprNorth Korea’s Lazarus APT stole $290M from Kelp DAONorth Korea-linked Lazarus Group stole $290M from Kelp DAO by abusing LayerZero. A second $95M attempt was stopped. Hackers tied to the North-Korea linked group Lazarus APT carried out a $290M crypto theft targeting Kelp DAO. Kelp DAO is a decentralized finance (DeFi) protocol bu…SECURITYAFFAIRS.COM
21 AprMacBook Neo Cheat Sheet: Everything to Know About Apple’s Budget MacMacBook Neo starts at $599 with an A18 Pro chip, a bright 13-inch display, and clear trade-offs in ports, battery claims, and premium features. The post MacBook Neo Cheat Sheet: Everything to Know About Apple’s Budget Mac appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprIntel Handheld Gaming Chip Core G3: Can It Challenge AMD in 2026?Intel’s Core G3 handheld chip could give AMD real competition in 2026, but only if it delivers where gaming handhelds actually live: low power, stable frame rates, and battery-conscious performance. The post Intel Handheld Gaming Chip Core G3: Can It Challenge AMD in 2026? appear…TECHREPUBLIC.COM
21 AprMeta Tests Paid WhatsApp Features With New ‘Plus’ TierMeta is testing a WhatsApp Plus subscription that includes themes, stickers, and chat tools in a limited rollout to select users. The post Meta Tests Paid WhatsApp Features With New ‘Plus’ Tier appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprGalaxy S27 Could Debut Samsung’s Biggest Battery Upgrade in YearsA new leak suggests Samsung could bring silicon-carbon batteries to the Galaxy S27, potentially delivering a major battery life upgrade. The post Galaxy S27 Could Debut Samsung’s Biggest Battery Upgrade in Years appeared first on TechRepublic .TECHREPUBLIC.COM
21 AprChina Deploys Robot Dogs, Drones, and Humanoids to Run a ‘Full-Space’ Metro SystemChina’s Hefei metro is testing robot dogs, drones, and humanoids to inspect trains, patrol platforms, and assist passengers during busy travel periods. The post China Deploys Robot Dogs, Drones, and Humanoids to Run a ‘Full-Space’ Metro System appeared first on TechRepublic .TECHREPUBLIC.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
21 AprThe US NSA is using Anthropic’s Claude Mythos despite supply chain riskAxios reports the National Security Agency uses Anthropic Mythos model despite Department of Defense concerns, blurring AI risk vs defense lines. The reported use of Anthropic’s Mythos model by the U.S. National Security Agency is a reminder that the line between AI as a defensiv…SECURITYAFFAIRS.COM
21 AprFake Google Antigravity downloads are stealing accounts in minutesAnother AI launch, another trap. A trojanized Google Antigravity installer runs like normal, but secretly hands over your accounts to the attackers.MALWAREBYTES.COM
21 AprTrojanized Android App Fuels New Wave of NFC FraudNGate malware abuses HandyPay app to steal NFC card data and PINs in BrazilINFOSECURITY-MAGAZINE.COM
📰 CYBERSECURITY BRIEFINGS 1[−]
21 AprDaily Briefing for 04.21.26THECYBERWIRE.COM
🎙️ PODCASTS 2[−]
21 AprThe Three-Layer Strategy for Autonomous Agent Governance with Joe Hladik and Amit MalikHost Caleb Tolin is joined by Joe Hladik and Amit Malik of Rubrik Zero Labs to dissect the "Agentic Paradox" where 86% of leaders expect AI to outrun their guardrails. As enterprises rush to adopt autonomous bots for revenue growth, they are creating a massive security vacuum in …THECYBERWIRE.COM
21 Apr[Podcast] It's not you, it's your printer: State-sponsored and phishing threats in 2025In this episode of Talos Takes, Amy and Martin Lee unpack state-sponsored and phishing trends from the 2025 Talos Year in Review.TALOSINTELLIGENCE.COM
📡 INFOSEC NEWS 9[−]
21 AprBad Apples: Weaponizing native macOS primitives for movement and executionCisco Talos documents several macOS living-off-the-land (LOTL) techniques, demonstrating that native pathways for movement and execution remain accessible to those who understand the underlying architecture.TALOSINTELLIGENCE.COM
21 AprAndroid 17 ends all-or-nothing access to your contactsApps have been taking your whole contact list for years. Android 17 finally makes them ask for less.MALWAREBYTES.COM
21 AprThey Built a Legendary Privacy Tool. Now They’re Sworn EnemiesThere’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history.WIRED.COM
21 AprReal Apple notifications are being used to drive tech support scamsScammers have found a way to abuse legitimate Apple notification emails to trick people into calling fake tech support numbers.MALWAREBYTES.COM
21 AprEU targets two Russian propaganda networks with new sanctionsThe measures target Euromore, a media outlet that EU officials say amplifies Kremlin narratives, and the Foundation for the Support and Protection of the Rights of Compatriots Living Abroad (Pravfond), a Moscow-funded group accused of promoting propaganda aligned with Russia’s fo…THERECORD.MEDIA
21 Apr‘Scattered Spider’ Member ‘Tylerb’ Pleads GuiltyA 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert Buchanan admitted his role in a series of text-message phishing attacks in the summer of 2022 that a…KREBSONSECURITY.COM
21 AprUK regulator to probe Telegram, teen chat sites for potential child safety violationsThe Telegram probe was launched after the Canadian Centre for Child Protection shared information that allegedly showed CSAM is present and shared on the platform, according to a press release from Ofcom.THERECORD.MEDIA
21 AprMeta Is Sued Over Scam Ads on Facebook and InstagramA lawsuit from the Consumer Federation of America accuses Meta of misleading consumers about its efforts to combat scams advertisements on its platforms.WIRED.COM
21 AprMozilla Used Anthropic’s Mythos to Find and Fix 151 Bugs in FirefoxThe Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition.WIRED.COM