🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
24 AprHackers Track 900+ React2Shell Exploits via Telegram BotsHackers are using Telegram bots and AI tooling to run a structured, at-scale exploitation campaign abusing the critical React2Shell vulnerability (CVE-2025-55182), with evidence of 900+ confirmed compromises. Investigators found an exposed server tied to the Bissa scanner platfor…GBHACKERS.COM
24 AprHackers Exploit Ollama Model Uploads to Leak Server DataCybersecurity researchers have uncovered a severe, unpatched vulnerability in Ollama, a popular open-source platform used for running large language models locally. Tracked as CVE-2026-5757, this critical flaw exists in Ollama’s model quantization engine. If exploited, it allows …GBHACKERS.COM
24 AprCVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()Information published.MSRC.MICROSOFT.COM
24 AprCVE-2026-31532 can: raw: fix ro->uniq use-after-free in raw_rcv()Information published.MSRC.MICROSOFT.COM
24 AprPython Vulnerability Enables Out-of-Bounds Write on WindowsA high-severity security vulnerability has been discovered in Python’s asyncio module on Windows, potentially allowing attackers to write data beyond the boundaries of an allocated memory buffer. The flaw, tracked as CVE-2026-3298, was publicly disclosed on April 21, 2026, …GBHACKERS.COM
24 AprLMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of DisclosureA high-severity security flaw in LMDeploy, an open-source toolkit for compressing, deploying, and serving LLMs, has come under active exploitation in the wild less than 13 hours after its public disclosure. The vulnerability, tracked as CVE-2026-33626 (CVSS score: 7.5), relates t…THEHACKERNEWS.COM
24 AprHackers Exploit Cisco Firepower N-Day Flaws for Unauthorized AccessA state-sponsored threat actor known as UAT-4356 is actively exploiting known vulnerabilities in Cisco Firepower devices to deploy a sophisticated custom backdoor. UAT-4356 exploited two n-day vulnerabilities, CVE-2025-20333 and CVE-2025-20362m affecting Cisco’s Firepower e…GBHACKERS.COM
24 Apr12-year-old Pack2TheRoot bug lets Linux users gain root privileges‘Pack2TheRoot’ flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The Pack2TheRoot flaw, tracked as CVE-2026-41651, lets unprivileged users install or remove system packages without authorization, potentially ga…SECURITYAFFAIRS.COM
24 AprMetasploit Wrap-Up 04/25/2026Check Method Visibility Metasploit has supported check methods for many years now. It’s not always desirable to jump straight into exploiting a vulnerability but instead to determine if the target is vulnerable. Metasploit tries to be very conservative with classifying a target a…RAPID7.COM
⚠️ VULNERABILITY DISCLOSURE 16[−]
24 AprInside The Vercel Supply Chain ExploitInside the Vercel Breach: Highlighting OAuth Token Risk In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by…CYBERSECURITYTODAY.LIBSYN.COM
24 AprHackers Exploit SS7 and Diameter Flaws to Track Mobile Users GloballyA recent investigation by Citizen Lab has uncovered sophisticated, multi-year surveillance campaigns exploiting foundational vulnerabilities in global mobile networks. The report, titled “Bad Connection,” reveals how suspected commercial surveillance vendors (CSVs) we…GBHACKERS.COM
24 AprPhantomRPC: A new privilege escalation technique in Windows RPCKaspersky researcher discovered a vulnerability in RPC architecture that enables an attacker to create a fake RPC server and escalate their privileges.SECURELIST.COM
24 AprTropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access. Zscale…THEHACKERNEWS.COM
24 AprXiongmai IP Camera Flaw Lets Attackers Bypass AuthenticationA critical security vulnerability has been identified in Hangzhou Xiongmai Technology’s XM530 IP Cameras, putting countless commercial facilities at risk. This severe flaw allows remote attackers to bypass authentication protocols and access sensitive device information eas…GBHACKERS.COM
24 AprHackers Exploit Pastebin PowerShell Script to Hijack Telegram SessionsHackers are experimenting with a new Telegram‑focused session stealer that hides in a Pastebin‑hosted PowerShell script posing as a Windows telemetry update, giving defenders a rare view into how such tools are built and tested. The script does not attempt to grab passwords or br…GBHACKERS.COM
24 AprFirefox flaw enables cross-site tracking, undermines Tor Browser defensesA newly disclosed vulnerability in Firefox and Tor Browser allowed websites to generate a stable, process-level identifier using IndexedDB, undermining private browsing protections and cross-site isolation. The issue has been fixed in recent Firefox releases following responsible…CYBERINSIDER.COM
24 AprHackers Exploit Agent ID Administrator Role to Hijack Service PrincipalsA severe scoping vulnerability was recently discovered in Microsoft Entra ID’s new Agent Identity Platform. The security flaw allowed users assigned the Agent ID Administrator role to hijack arbitrary service principals across an organization’s tenant, leading to pote…GBHACKERS.COM
24 AprUK Biobank Data Breach: Health Data of 500,000 Listed for Sale in ChinaUK government Minister confirms that breached health records of UK Biobank volunteers were up for sale on Chinese ecommerce platforms before being removedINFOSECURITY-MAGAZINE.COM
24 Apr3 Reasons to Attend our Global Cybersecurity Summit if you’re Focused on AI, Threats, and CTEMSecurity teams are dealing with a different kind of pressure now. It is not just the volume of alerts or the pace of attacks, but also the gap between what teams can see and what they can act on with confidence. That gap shows up in different ways. Threats move across identity an…RAPID7.COM
24 AprCIS Control Becomes LawRegulators such as NYDFS are requiring financial institutions to formally attest to MFA adoption and maintain accurate inventories of their IT assets, aligning directly with CIS Control 1. These are considered foundational cybersecurity practices, yet they are still not universal…YOUTUBE.COM
24 AprFIRESTARTER malware remained on Cisco devices after patches were applied.Open-source AI models may match Mythos's capabilities. White House moves to fight foreign extraction of US AI capabilities.THECYBERWIRE.COM
24 AprMeta’s Biggest Layoff of 2026 Is Confirmed to Start Next MonthMeta will cut 10% of its workforce, impacting about 8,000 employees, as it shifts resources to AI and reduces costs amid ongoing restructuring efforts. The post Meta’s Biggest Layoff of 2026 Is Confirmed to Start Next Month appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprCISA last in line for access to Anthropic MythosThe US Cybersecurity and Infrastructure Security Agency (CISA) does not yet have access to Anthropic’s bug-hunting AI model, Claude Mythos, even though other government agencies do, Axios reported earlier this week . As if that weren’t a big enough slap in the face for the nation…CSOONLINE.COM
24 AprNew US House privacy bills raise hard questions about enterprise data collectionUS House Republicans have introduced two major privacy proposals that would reshape how US companies collect, process, and retain consumer data: the SECURE Data Act for general consumer privacy and the GUARD Financial Data Act for financial institutions. The bills would create na…CSOONLINE.COM
24 AprWhen Updates Turn Into MalwareThe “Canister Worm” attack compromises legitimate NPM publishers and replaces package contents with malware that executes during installation or updates. Developers can unknowingly pull malicious code directly into their environments. Because the source appears trusted, tradition…YOUTUBE.COM
📢 SECURITY ADVISORIES 11[−]
24 AprChinese attackers are pwning your infrastructure to use in attacks, 10 countries warnsubmitted by Sepia to cybersecurity 1 points | 0 comments https://www.theregister.com/2026/04/23/china_covert_networks/ Here is the report, Defending against China-nexus covert networks of compromised devices (pdf) . A majority of China-linked threat actors are using compromised …SH.ITJUST.WORKS
24 AprChinese attackers are pwning your infrastructure to use in attacks, 10 countries warnsubmitted by Sepia to cybersecurity 5 points | 1 comments https://www.theregister.com/2026/04/23/china_covert_networks/ cross-posted from: mander.xyz/post/50988211 Here is the report, Defending against China-nexus covert networks of compromised devices (pdf) . A majority of China…INFOSEC.PUB
24 AprChina-linked threat actors use consumer device botnets to evade detection, warn UK and partnersUK National Cyber Security Centre (NCSC) warns China-linked hackers use hijacked devices as proxy networks to hide activity and evade detection. UK National Cyber Security Centre (NCSC) and global partners warn that China-linked threat actors now rely on large proxy networks buil…SECURITYAFFAIRS.COM
24 AprCompromised everyday devices power Chinese cyber espionage operationsChina-linked threat actors have shifted from individually procured infrastructure to large-scale covert networks, botnets built from compromised routers and other edge devices, the National Cyber Security Centre (NCSC) warns. To help organizations address this threat, the NCSC, t…HELPNETSECURITY.COM
24 AprNew Cisco firewall malware can only be killed by pulling the plugSuspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco Firepower …HELPNETSECURITY.COM
24 AprNorway's prime minister proposes ban on social media access for young teensAn upcoming proposed bill will include language that holds big tech accountable for using age verification tools to block young users.THERECORD.MEDIA
24 AprNASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense SoftwareThe Office of Inspector General (OIG) of the U.S. National Aeronautics and Space Administration (NASA) has revealed how a Chinese national posed as a U.S. researcher as part of a spear-phishing campaign to obtain sensitive information from the space agency, as well as from govern…THEHACKERNEWS.COM
24 AprFIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security PatchesThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed federal civilian agency's Cisco Firepower device running Adaptive Security Appliance (ASA) software was compromised in September 2025 with malware called FIRESTARTER. FIRESTARTER, per CI…THEHACKERNEWS.COM
24 AprIran’s cyber threat may be less ‘shock and awe’ than ‘low and slow,’ officials sayOfficials and experts believe the most likely threat from Iranian hackers is not a digital shock-and-awe campaign, but something quieter: opportunistic intrusions, dressed up to look bigger than they are.THERECORD.MEDIA
24 AprA digital battlefield in practice.Locked Shields wraps another year. Open models challenge Mythos. CISA tracks FIRESTARTER inside a federal agency. The White House targets foreign AI model extraction. Microsoft lets admins remove Copilot. Treasury sanctions a Cambodian scam-compound senator. Breeze Cache rushes a…THECYBERWIRE.COM
24 AprLatest spy power reauthorization bill leaves critics unimpressedAn April 30 deadline is looming to extend expiring Section 702 powers, and the newest legislation to re-up it is drawing fire from the left and right. The post Latest spy power reauthorization bill leaves critics unimpressed appeared first on CyberScoop .CYBERSCOOP.COM
🔥 INCIDENT REPORTING 14[−]
24 AprBitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Attacksubmitted by cm0002 to cybersecurity 4 points | 0 comments https://socket.dev/blog/bitwarden-cli-compromisedINFOSEC.PUB
24 AprCarnival - 7,531,359 breached accountsIn April 2026, the notorious hacking collective ShinyHunters claimed they had obtained a substantial volume of data belonging to the Carnival cruise operator and attempted to extort the organisation to prevent the data from being leaked. The following week, the group published th…HAVEIBEENPWNED.COM
24 AprRansomware Gang Unveils Custom Data-Theft ToolRansomware operators introduced a custom-built data exfiltration tool, signaling a notable evolution in attack techniques. Unlike most ransomware groups that rely on publicly available utilities such as Rclone or MegaSync, Trigona affiliates are now using a proprietary tool to st…GBHACKERS.COM
24 AprHackers Impersonate IT Helpdesk Staff to Breach Firms via Microsoft TeamsA newly identified cyber threat group, UNC6692, is using a clever mix of social engineering and custom malware to infiltrate corporate networks. By impersonating IT helpdesk personnel on Microsoft Teams, these hackers trick employees into downloading a sophisticated malware suite…GBHACKERS.COM
24 AprBitwarden CLI Compromised After Malicious GitHub Actions WorkflowCybersecurity researchers at Socket have uncovered a major supply chain compromise affecting the Bitwarden CLI. Attackers successfully abused a GitHub Action in Bitwarden’s CI/CD pipeline to inject malicious code into the popular password manager’s npm package. This breach …GBHACKERS.COM
24 AprChina-Linked Hackers Hide Behind Compromised RoutersHackers linked to China are increasingly abusing compromised routers and edge devices to build covert networks, enabling stealthy cyber operations that are harder to detect and block. Instead of relying on dedicated servers or purchased hosting, threat actors are now leveraging l…GBHACKERS.COM
24 AprAI is speeding up nation-state cyber programsIn this Help Net Security interview, Kaja Ciglic, Senior Director, Cybersecurity Policy and Diplomacy at Microsoft, discusses how nation-state cyber programs have changed over three years. Cyber has become a core instrument of state power, integrated with military, economic, and …HELPNETSECURITY.COM
24 AprCheckmarx supply chain attack impacts Bitwarden npm distribution pathBitwarden CLI was hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action. Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, researchers warn. The affected version, @bitwa…SECURITYAFFAIRS.COM
24 AprAI Phishing Is No. 1 With a Bullet for CyberattackersIn the last six months, companies have seen a significant influx of AI-powered phishing, as cyberattackers progress from small campaigns to 1-to-1 personalized attacks.DARKREADING.COM
24 AprSignal phishing campaign targets Germany’s Bundestag President Julia KlöcknerGermany’s Bundestag President Klöckner was targeted in a Signal phishing attack via a fake CDU group chat. Germany’s Bundestag President Julia Klöckner has reportedly become the latest European political figure targeted through a Signal-based phishing attack, reported Der Spiegel…SECURITYAFFAIRS.COM
24 AprHasbro expects March cyberattack to impact second-quarter revenueThe toy maker is reviewing files and working to fully bring certain systems back online. The company will incur some costs related to the investigation.CYBERSECURITYDIVE.COM
24 AprScattered Spider co-conspirator pleads guiltyAnother member of the notorious Scattered Spider gang of cyber criminals has pleaded guilty in a US court, and will be sentenced later this year. Tyler Buchanan pleaded guilty in a Florida court to conspiring with others to hack into companies’ computer systems with the intent of…CSOONLINE.COM
24 AprADT says customer data stolen in cyber intrusionThe home security company ADT said cybercriminals breached company systems on Monday and stole a “limited set” of customer and prospective customer information.THERECORD.MEDIA
24 AprADT confirms data breach after hacker claims 10 million records stolenThe American security company ADT has confirmed via a statement to CyberInsider a cybersecurity incident involving unauthorized access to a subset of customer data. The admission follows claims by the ShinyHunters extortion group that it breached the company and stole over 10 mil…CYBERINSIDER.COM
🕵️ THREAT INTELLIGENCE 25[−]
24 AprISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906, (Fri, Apr 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 AprPLC Cybersecurity — Securing Industrial Control Systemssubmitted by monica_b1998 to cybersecurity 2 points | 0 comments https://slicker.me/plc/cybersecurity.htmlINFOSEC.PUB
24 AprTurn Your iPad Into a Work Machine While This Keyboard Case Is $30 OffImprove multitasking on iPad with responsive keys, gesture controls, and flexible viewing angles built in. The post Turn Your iPad Into a Work Machine While This Keyboard Case Is $30 Off appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprSign, Send, and Manage Documents Online for Just $79SignIt gives teams a complete eSignature platform with audit trails, bulk sending, and SSO for one low price. The post Sign, Send, and Manage Documents Online for Just $79 appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprUbuntu 26.04 LTS delivers memory-safe system tools and live patching for Arm serversLinux distributions have spent the past few years absorbing GPU vendor toolchains, Rust-based system components, and more stringent encryption defaults. Ubuntu 26.04 LTS, codenamed Resolute Raccoon, pulls most of those threads together into a single release that will receive stan…HELPNETSECURITY.COM
24 AprOpenAI’s GPT-5.5 is out with expanded cybersecurity safeguardsCompetition to release stronger AI models is accelerating, and just weeks after the release of GPT-5.4, OpenAI has introduced GPT-5.5, pointing to expanded safeguards in the new model. GPT-5.5 is being rolled out to Plus, Pro, Business, and Enterprise users in ChatGPT and Codex, …HELPNETSECURITY.COM
24 AprVoid Dokkaebi Hackers Spread Malware Through Fake Job InterviewsVoid Dokkaebi, also known as Famous Chollima, is expanding its cyber operations by turning fake job interviews into a large-scale malware distribution campaign targeting developers. The campaign begins with attackers posing as recruiters from cryptocurrency or AI companies. Devel…GBHACKERS.COM
24 AprCovert telecom spying campaign “Ghost Operators” tracks users worldwideCitizen Lab has identified two advanced surveillance campaigns abusing weaknesses in global telecom networks to track mobile users and, in some cases, turn SIM cards into silent spying tools. The investigation began in late 2024 after anomalous activity was detected in signaling …CYBERINSIDER.COM
24 AprMeta is overhauling how you sign in, manage settings, and protect your accountsMeta Account gives users of Meta apps and devices a simpler way to access and manage their accounts. Accounts Center will automatically be updated to a Meta Account as part of a gradual rollout over the next year. Users will be notified when the change occurs. It supports Meta te…HELPNETSECURITY.COM
24 AprFake CAPTCHA Scam Triggers Costly SMS FraudHackers are abusing fake CAPTCHA pages to run a silent but lucrative international SMS fraud scheme, turning routine “prove you’re human” checks into a revenue engine built on international revenue share fraud (IRSF). Attackers set up lookalike and scam domains that eventually re…GBHACKERS.COM
24 AprHiding Bluetooth Trackers in MailIt was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker inside. Because of this, they were able to tra…SCHNEIER.COM
24 AprGPT-5.5 Bio Bug Bounty Program Aims to Improve AI Safety and PerformanceOpenAI has officially launched the GPT-5.5 Bio Bug Bounty program to strengthen safeguards against emerging biological risks. As artificial intelligence models become more advanced, the potential for malicious actors to generate dangerous biological information increases. Advance…GBHACKERS.COM
24 AprClaude Desktop Reportedly Adds Browser Access Bridge for Chromium BrowsersA detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establish…GBHACKERS.COM
24 AprMythos Mystery in Mozilla Numbers: How 22 Vulns Became 271 or Maybe 3 in Aprilsubmitted by codeinabox to security 1 points | 0 comments https://www.flyingpenguin.com/mythos-mystery-in-mozilla-numbers-how-22-vulns-became-271-or-maybe-3-in-april/PROGRAMMING.DEV
24 AprInside agenteV2: How Brazilian Attackers Use Fake Court Summons to Steal Banking Credentials in Real TimeA new phishing campaign targeting Brazilian users demonstrates how modern financial malware has evolved from simple credential theft into full-scale, operator-driven fraud platforms. Disguised as a judicial summons, this campaign leverages social engineering, multi…ANY.RUN
24 AprOff-Topic Fridaysubmitted by shellsharks to cybersecurity 2 points | 0 comments Wanna chat about something non-infosec amongst those of us who frequent /c/cybersecurity? Here’s your chance! (Keep things civil & respectful please)INFOSEC.PUB
24 AprNorth Korea's Lazarus Targets macOS Users via ClickFixLazarus continues leveraging ClickFix for initial access and data theft, in this case, against Mac-centric organizations and their high-value leaders.DARKREADING.COM
24 AprWindows 10 Support Is Over. Here Are 6 Options for UsersWindows 10 support has ended, leaving millions exposed. Here are six options, from upgrading to Windows 11 to switching to Linux or ChromeOS Flex. The post Windows 10 Support Is Over. Here Are 6 Options for Users appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprUS lawmakers introduce bill to require warrants for government data searchesUS lawmakers have introduced a new bill that would dramatically tighten government surveillance powers by requiring warrants for nearly all data searches involving Americans. The proposed “Surveillance Accountability Act” would also give individuals the right to sue federal offic…CYBERINSIDER.COM
24 AprHealth Records of 500,000 UK Biobank Volunteers Listed Online in ChinaHealth data from 500,000 UK Biobank participants was found listed for sale online in China, raising concerns over research access misuse and data security. The post Health Records of 500,000 UK Biobank Volunteers Listed Online in China appeared first on TechRepublic .TECHREPUBLIC.COM
24 AprTGR-STA-1030: New Activity in Central and South AmericaUnit 42 research reports that TGR-STA-1030 remains an active threat, particularly in Central and South America. The post TGR-STA-1030: New Activity in Central and South America appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
24 AprFriday Squid Blogging: How Squid Survived Extinction EventsScience news : Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 …SCHNEIER.COM
24 AprScylla &Charybdis, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland - SWN #575SScylla and Charybdis, Latin Phrasebook, Kyber, Trigonia, Namastex, GitHub, Crypto, Cables, Aaran Leyland, and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-575YOUTUBE.COM
24 AprThe npm Threat Landscape: Attack Surface and MitigationsUnit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more. The post The npm Threat Landscape: Attack Surface and Mitigations appeared first on Unit 42 .UNIT42.PALOALTONETWORKS.COM
24 AprDeepSeek Drops Cheaper V4 AI as Huawei Jumps InDeepSeek launches V4 AI model with Huawei chip support, offering lower costs and intensifying global AI competition. The post DeepSeek Drops Cheaper V4 AI as Huawei Jumps In appeared first on TechRepublic .TECHREPUBLIC.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
24 AprNpm Supply Chain Malware Attack Targets Developers With Worm-Like PropagationMalicious npm packages spread via worm-like propagation and steal developer credentialsINFOSECURITY-MAGAZINE.COM
24 Apr26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed PhrasesCybersecurity researchers have discovered a set of malicious apps on the Apple App Store that impersonate popular cryptocurrency wallets in an attempt to steal recovery phrases and private keys since at least fall 2025. "Once launched, these apps redirect users to browser pages d…THEHACKERNEWS.COM
24 AprAnother spyware maker caught distributing fake Android snooping appsResearchers have found a new case where government authorities used a fake Android app to plant spyware on a target’s phone. The company that allegedly developed the spyware was not previously known to sell this type of software.TECHCRUNCH.COM
📡 INFOSEC NEWS 10[−]
24 AprBridging the AI Agent Authority Gap: Continuous Observability as the Decision EngineThe AI Agent Authority Gap - From Ungoverned to Delegation As discussed in our previous article, AI agents are exposing a structural gap in enterprise security, but the problem is often framed too narrowly. The issue is not simply that agents are new actors. It is that agents are…THEHACKERNEWS.COM
24 AprMedical data of 500,000 UK volunteers listed for sale on AlibabaDespite strict access controls, medical data from half a million UK Biobank volunteers ended up listed for sale on Alibaba.MALWAREBYTES.COM
24 AprAI Rush is Reviving Old Cybersecurity Mistakes, Mandiant VP WarnsAI tools are not just creating new vulnerabilities, they are reviving old security failures, warned Jurgen Kutscher, VP of Mandiant ConsultingINFOSECURITY-MAGAZINE.COM
24 AprToronto police arrest three in Canada’s first mobile SMS blaster caseCanadian police arrested three men over the use of a mobile “SMS blaster,” a device capable of impersonating a cellular tower to send mass phishing messages and disrupt mobile networks.THERECORD.MEDIA
24 AprThe Latest Push to Extend Key US Spy Powers Is Still a MessA US surveillance program that lets the FBI view Americans’ communications without a warrant is up for renewal. A new bill aims to address mounting lawmaker concerns—with smoke and mirrors.WIRED.COM
24 AprGlasswing Secured the Code. The Rest of Your Stack Is Still on YouForgotten integrations, shadow IT, SaaS, and now shadow AI and agents are everywhere, and attackers don't need sophisticated AI models to take advantage.DARKREADING.COM
24 AprPentagon grapples with securing AI as it moves toward autonomous warfareAutonomous weapons are becoming an "essential" part of modern war, Chairman of the Joint Chiefs of Staff Gen. Dan Caine told an audience at Vanderbilt University’s Asness Summit on Modern Conflict and Emerging Threats.THERECORD.MEDIA
24 AprProtecting your secrets from tomorrow’s quantum risksAs outlined in the AWS post-quantum cryptography (PQC) migration plan, addressing the risk of harvest now, decrypt later (HNDL) attack is an important part of your post-quantum plan. Upgrading the client-side of your workloads to support quantum-resistant confidentiality is an im…AWS.AMAZON.COM
24 AprUS Busts Myanmar Ring Targeting US Citizens in Financial FraudSome 29 people were charged, including a Cambodian senator, and authorities seized more than 500 Web domains tied to fake investment sites.DARKREADING.COM
24 AprEavesdropping via fiber-optic cables | Kaspersky official blogA side-channel attack that allows a fiber-optic cable to be used as a microphone.KASPERSKY.COM