🚨 CISA KEV 2[−]
27 Apr KEVAs the NVD scales back CVE enrichment, here’s what Tenable customers need to knowNIST’s shift toward selective CVE enrichment creates significant visibility gaps for teams relying solely on the National Vulnerability Database. As AI accelerates vulnerability disclosure rates, organizations need independent, high-fidelity intelligence to prioritize risks that …TENABLE.COM
27 Apr KEVTeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)This update succeeds&#;x26;#;xc2;&#;x26;#;xa0; TeamPCP Supply Chain Campaign Update 007 , published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source code theft via Trivy-linke…ISC.SANS.EDU
🐛 COMMON VULNERABILITIES AND EXPOSURES 6[−]
27 AprCVE-2018-0735 Timing attack against ECDSA signature generationInformation published.MSRC.MICROSOFT.COM
27 AprNessus Agent Windows Flaw Enables SYSTEM-Level Code ExecutionTenable has disclosed a high-severity security vulnerability in its Nessus Agent software for Windows that could allow attackers to execute malicious code with full SYSTEM-level privileges. The flaw, tracked as CVE-2026-33694, has been patched in the newly released Nessus Agent v…GBHACKERS.COM
27 AprMetabase Enterprise RCE Flaw Now Has Public Proof-of-Concept ExploitSecurity researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary files on targeted systems. Th…GBHACKERS.COM
27 AprAI is reshaping DevSecOps to bring security closer to the codeArtificial intelligence tools are revamping DevSecOps processes, enabling security and development teams to more effectively build safeguards into software products from the get-go. But AI’s impact on DevSecOps goes well beyond tooling and processes, altering the scope, skills, a…CSOONLINE.COM
27 AprFirefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprintingCVE-2026-6770 let attackers fingerprint Firefox and Tor users, even in Private mode. Firefox 150 and Tor Browser 15.0.10 fixed it. A vulnerability, tracked as CVE-2026-6770, allowed attackers to fingerprint Firefox users, even in Private Browsing, and also impacted the Tor Browse…SECURITYAFFAIRS.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
27 AprFake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto FraudCybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the thre…THEHACKERNEWS.COM
27 AprCritical Gemini CLI Flaw Raises Supply Chain Security ConcernsGoogle has rolled out urgent security updates for its Gemini CLI and the accompanying GitHub Action to address a critical vulnerability. Tracked as GHSA-wpqr-6v78-jr5g, this flaw exposes continuous integration and continuous deployment (CI/CD) pipelines to Remote Code Execution (…GBHACKERS.COM
27 AprAttackers Chain CODESYS Vulnerabilities to Backdoor ApplicationsNozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a…GBHACKERS.COM
27 AprADT - 5,488,888 breached accountsIn April 2026, home security firm ADT confirmed a data breach by ShinyHunters , which listed the company on its website as part of a "pay or leak" extortion attempt. The breach impacted 5.5M unique email addresses along with names, phone numbers and physical addresses. ADT also a…HAVEIBEENPWNED.COM
27 AprU.S. utility giant Itron discloses a security breachItron detected unauthorized access to part of its IT environment on April 13, 2026, and launched incident response and notified authorities. Itron disclosed a cyber incident involving unauthorized access to part of its internal IT systems, detected on April 13, 2026. The company …SECURITYAFFAIRS.COM
27 Apr25 open-source cybersecurity tools that don’t care about your budgetRegardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respon…HELPNETSECURITY.COM
27 AprProduct showcase: LuLu reveals unauthorized outbound connections from Mac appsLuLu is a free, open-source firewall for macOS that lets you control which apps are allowed to send data from your computer. macOS includes a built-in firewall, but it mainly handles incoming connections. LuLu also monitors outgoing traffic. Installing and setting Up LuLu After d…HELPNETSECURITY.COM
27 AprOpenClaw Flaws Expose Systems to Policy Bypass AttacksOpenClaw, a rapidly adopted open-source autonomous AI agent framework, has released critical security updates to address three moderate-severity vulnerabilities. Found in npm package versions before 2026.4.20, these complex flaws expose systems to severe policy bypasses, unauthor…GBHACKERS.COM
27 AprThe ‘manager of agents’: How AI evolves the SOC analyst roleEvery SOC analyst has heard it by now: “AI is coming for your job”. I hear it in conversations with SOC teams. I see it in the hesitation during evaluations. And increasingly, I feel it as a source of resistance — especially from the very people AI is supposed to help. But the re…CSOONLINE.COM
27 AprRethinking Security from the OS Up in the Age of AI and more RSAC 2026 Interviews - ESW #456Rethinking Security from the OS Up in the Age of AI Karen Heart discusses a file-system–first approach to security, arguing that most modern attacks—including ransomware and supply chain compromises—succeed because they inherit user permissions and operate inside overly trusted s…YOUTUBE.COM
27 AprFake Income Tax Notices Used to Spread MalwareCybercriminals are exploiting India’s tax season by launching sophisticated phishing campaigns that impersonate the Income Tax Department to deliver dangerous malware to unsuspecting taxpayers. The malicious operation uses fake assessment notices and tax compliance warnings…GBHACKERS.COM
27 AprItron Discloses Data Breach After Hackers Access Internal SystemsItron, Inc., a leading smart metering and energy infrastructure technology company, has disclosed a cybersecurity incident after an unauthorized third party gained access to certain of its internal systems, according to a Form 8-K filing submitted to the U.S. Securities and Excha…GBHACKERS.COM
27 AprMythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation SideAnthropic’s Claude Mythos Preview has dominated security discussions since its April 7 announcement. Early reporting describes a powerful cybersecurity-focused AI system capable of identifying vulnerabilities at scale and raising serious questions about how quickly organizations …THEHACKERNEWS.COM
27 AprPhantomCore Exploits TrueConf Vulnerabilities to Breach Russian NetworksA pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing software in Russia since September 2025. That's according to a report published by Positive Technologies, which found the threat actor…THEHACKERNEWS.COM
27 AprMicrosoft patched an ‘agent-only’ role that was notAn administrative role meant for AI agents within Microsoft’s Entra ID ecosystem could allow privilege escalation and tenant takeover attacks, as it had privileges over more than agent-related objects. Researchers at Silverfort found that users assigned to Microsoft’s “Agent ID A…CSOONLINE.COM
27 Apr27th April – Threat Intelligence ReportFor the latest discoveries in cyber research for the week of 27th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Vercel, a frontend cloud platform, has disclosed a security incident linked to a compromise at Context.ai, where stolen OAuth tokens…RESEARCH.CHECKPOINT.COM
27 AprEU Proposes Forcing Google to Share Search Data With Rivals Under DMAThe European Commission has proposed new measures that could force Google to share key search engine data with rival platforms under the Digital Markets Act, or DMA. The move is part of the EU’s wider push to reduce the market power of major technology companies and create fairer…GBHACKERS.COM
27 AprUS, UK authorities warn that Firestarter backdoor malware survives patchingA federal agency was impacted by a hacking campaign that exploited flaws in Cisco devices.CYBERSECURITYDIVE.COM
27 AprMedical device giant Medtronic confirms data breach incidentMedtronic has disclosed that an unauthorized party accessed portions of its corporate IT environment, while stating there is currently no evidence of disruption to medical devices, patient care, or core operations. The healthcare technology giant revealed the incident in a public…CYBERINSIDER.COM
27 AprCheckmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 AttackCheckmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub rep…THEHACKERNEWS.COM
27 AprUnpatched 'PhantomRPC' Flaw in Windows Enables Privilege EscalationA researcher discovered five different exploit paths that stem from an architectural weakness in how Windows' Remote Procedure Call (RPC) mechanism handles connections to unavailable services.DARKREADING.COM
27 AprOptimize security operations through an AWS Security Hub POCApril 27, 2026: This post was first published in September 2025 when the enhanced AWS Security Hub was in public preview. It has since been updated to reflect the general availability of Security Hub. This revision also provides a more detailed, step-by-step framework for plannin…AWS.AMAZON.COM
27 AprOpen source package with 1 million monthly downloads stole user credentialssubmitted by schnurrito to security 5 points | 1 comments https://arstechnica.com/security/2026/04/open-source-package-with-1-million-monthly-downloads-stole-user-credentials/PROGRAMMING.DEV
📋 SECURITY BULLETINS 1[−]
27 AprMicrosoft Releases Enterprise Policy Option to Disable Windows 11 CopilotMicrosoft has introduced a new enterprise policy setting that allows IT administrators to silently uninstall the Microsoft Copilot app from managed Windows 11 devices, marking a significant shift in how organizations can control AI tool deployment across their fleets. The new Rem…GBHACKERS.COM
📢 SECURITY ADVISORIES 1[−]
27 AprTLS Connect gives SMBs a right-sized automated tool to manage TLS certificatesGMO GlobalSign today launched TLS Connect, a Certificate Lifecycle Management (CLM) tool designed specifically for SMBs. TLS Connect automates public trust TLS certificate deployment and renewal, allowing SMBs to strengthen security, maintain regulatory compliance and reduce busi…HELPNETSECURITY.COM
🔥 INCIDENT REPORTING 14[−]
27 AprCyber Weapon in Toronto, Grid Attack, Stuxnet Lie ExposedA rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today's Cybersecurity Today with…CYBERSECURITYTODAY.LIBSYN.COM
27 AprCritical infrastructure giant Itron says it was hackedThe American technology giant provides water and energy monitoring and utility meters to hundreds of millions of homes and businesses.TECHCRUNCH.COM
27 AprHackers impersonate Microsoft Teams help desk to breach corporate networksHackers are impersonating Microsoft Teams help desk workers to trick victims into installing data-stealing malware, researchers found.THERECORD.MEDIA
27 AprUtilities Tech Supplier Itron Discloses Cyber-Attack, Operations UnaffectedItron confirmed a cyber incident but does not believe it is likely to have a material impact on the companyINFOSECURITY-MAGAZINE.COM
27 AprLINKEDIN BROWSERGATEBrowserGate claims LinkedIn secretly fingerprints users via extensions and device data, sending encrypted results to third parties for tracking. BrowserGate is an investigation conducted by Fairlinked (https://browsergate.eu/), an association of commercial LinkedIn users, which d…SECURITYAFFAIRS.COM
27 AprFIRESIDE CHAT: Leaked secrets are now the go-to attack vector — and AI is accelerating exposuresA consequential shift is underway in how enterprise breaches begin. The leaked credential — once treated as a hygiene problem — has become the primary on-ramp. Related: No easy fixes for AI risk Last August’s Salesloft campaign was the pattern … (more…) The post FIRESIDE CH…LASTWATCHDOG.COM
27 AprRansomware Uses Your Own PermissionsRansomware operates using the same permissions as the infected user. If your account can access and modify files, so can the malware running under it. This turns the permission system into a liability. Instead of blocking malicious activity, it enables it—because the system assum…YOUTUBE.COM
27 AprMajor critical infrastructure supplier reports cyberattackItron, which makes devices that measure energy and water use, said its operations were continuing, despite the intrusion.CYBERSECURITYDIVE.COM
27 AprSenators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip lineSens. Maggie Hassan and Jim Banks wrote to Navigate360 after a hacker claimed to compromise the school safety tool. The post Senators seek answers about hackers obtaining sensitive student data from ostensibly anonymous tip line appeared first on CyberScoop .CYBERSCOOP.COM
27 AprHacker who allegedly carried out cyberattacks for China is extradited to U.S.Xu Zewei is accused of participating in a Chinese government hacking group that broke into thousands of U.S. organizations and stole COVID-19-related research.TECHCRUNCH.COM
27 AprSimplicity Stops Data ExfiltrationThis approach limits both file access and network connectivity using allowlisting—only approved actions are permitted, reducing the attack surface. By controlling sockets (network access) and files together, it becomes much harder for attackers to exfiltrate data or pull down mal…YOUTUBE.COM
27 AprMedtronic discloses security incident after ShinyHunters claimed theft of 9M+ recordsMedtronic confirmed a breach of its IT systems after ShinyHunters claimed the theft of over 9 million records. Medtronic confirmed a cyberattack on its corporate IT systems after the hacker group ShinyHunters claimed to have stolen over 9 million records. The company did not shar…SECURITYAFFAIRS.COM
27 AprThe Supreme Court sits on the geofence.The Supreme Court weighs geofence warrants. Iran leans toward quieter cyber ops. Researchers unpack Fast16 sabotage malware. Microsoft tracks an Outlook outage. Snow malware moves deep inside networks. Itron reports a breach. SMS blasters hit Canada. Italy extradites an accused h…THECYBERWIRE.COM
27 AprPitney Bowes - 8,243,989 breached accountsIn April 2026, the hacking collective ShinyHunters claimed to have obtained data from Pitney Bowes as part of a broader extortion campaign that also named several other organisations. After negotiations allegedly failed, the group publicly released the data which included 8.2M un…HAVEIBEENPWNED.COM
🕵️ THREAT INTELLIGENCE 34[−]
27 AprNPM Worm Hits Namastex Packages, Steals Secrets Across RegistriesA newly uncovered npm malware campaign is targeting packages linked to Namastex Labs, abusing developer trust to steal sensitive secrets and silently spread across both npm and PyPI ecosystems. The malicious activity centers on Namastex.ai, a company that promotes AI consulting s…GBHACKERS.COM
27 AprClickFix Attack Swaps PowerShell for Cmdkey, Remote Regsvr32 PayloadsA newly identified ClickFix attack variant is raising concerns among cybersecurity researchers after it was observed replacing traditional PowerShell-based delivery with a stealthier technique leveraging native Windows utilities. The infection begins with a familiar ClickFix tact…GBHACKERS.COM
27 AprVidar Malware Conceals Payloads in JPEG, TXT Files to Evade DetectionVidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses. First observed in 2018, Vidar now operates as a mature Malware‑as‑a‑Service (MaaS…GBHACKERS.COM
27 AprFast16 Malware Targets High-Value Systems With Sabotage CapabilitiesA previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consists of two primary components…GBHACKERS.COM
27 AprSuspicious Microsoft Store App Vibing.exe Allegedly Harvests Screens and AudioA recently discovered application called Vibing.exe has raised major privacy and security alarms after researchers caught it stealthily recording user screens and audio. Originally available on the Microsoft Store as an AI productivity interface, the app was pulled in late April …GBHACKERS.COM
27 AprItaly moves to extradite Chinese national to the U.S. over hacking chargesItaly plans to extradite Xu Zewei to the U.S. over alleged hacks on COVID-19 research tied to state-backed operations. Italy is moving to extradite Xu Zewei, the Chinese national arrested in 2025 at the request of U.S. authorities on cyber-espionage charges, Bloomberg reported. T…SECURITYAFFAIRS.COM
27 AprAptori expands its platform with autonomous offensive testing to reduce security bottlenecksAptori has expanded its Runtime-Driven Validation Platform with autonomous offensive testing capabilities to address the growing gap between code output and security team capacity. By moving beyond passive scanning to active validation, the platform helps organizations identify, …HELPNETSECURITY.COM
27 AprYour IAM was built for humans, AI agents don’t careIdentity and access management was built for a simpler world. One where the hardest problem was a human logging in, and where “Who are you?” was sufficient to decide what someone could do. That model served enterprises well for decades. It was not built for a world wh…HELPNETSECURITY.COM
27 AprThe AI criminal mastermind is already hiring on gig platformsLabor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs directly. Listed tasks include attending in-person mee…HELPNETSECURITY.COM
27 AprNorth Korean Hackers Target Pharma Firms with Malware-Laced Excel AttacksNorth Korean state-backed hackers are using weaponized Excel-themed files to infect pharmaceutical and life science companies with malware, abusing Windows shortcut files, PowerShell, and cloud storage for stealthy data theft. The campaign begins with highly tailored spear‑phishi…GBHACKERS.COM
27 AprWhy I Chose This $19.97 Lifetime Deal Over MasterClassCompared to MasterClass, this platform offers lifetime access to 1,000+ courses, and it’s worth $600 MSRP. The post Why I Chose This $19.97 Lifetime Deal Over MasterClass appeared first on TechRepublic .TECHREPUBLIC.COM
27 Apr7 Best Project Budgeting Software in 2026Looking for the best project budgeting software for your business? Discover the pros and cons of the top tools with our guide. The post 7 Best Project Budgeting Software in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprLinux ELF Malware Generator Evades ML Detection With Semantic-Preserving ChangesAs Linux continues to dominate high-performance computing, cloud services, and Internet of Things (IoT) devices, it has become a prime target for cybercriminals. However, while much research has focused on manipulating Windows executables to bypass security, the Linux Executable …GBHACKERS.COM
27 AprResearchers Warn macOS textutil, KeePassXC Can Fuel Automation AttacksResearchers are warning that widely trusted local tools such as macOS’s textutil and KeePassXC can pose unexpected security risks when used within automated workflows. The issue is not traditional vulnerabilities such as memory corruption or code execution, but how normal f…GBHACKERS.COM
27 AprMedieval Encrypted Letter DecodedSent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860.SCHNEIER.COM
27 AprPrice Drop: Upgrade to Windows 11 Pro for Only $10Unlock the latest user interface, enhanced security features, and new tools for hybrid and remote workers. The post Price Drop: Upgrade to Windows 11 Pro for Only $10 appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprNew Malware Hides Behind Obfuscation and Staged PayloadsA newly identified malware campaign is leveraging advanced obfuscation techniques and multi-stage payload delivery to bypass traditional security defenses, according to recent analysis from Joe Sandbox. The attack begins with a highly targeted spear-phishing email sent to employe…GBHACKERS.COM
27 AprFake YouTube Downloads Spread Vidar Malware to Steal Corporate LoginsA new Vidar infostealer campaign is abusing fake software download links on YouTube to compromise corporate employees and sell their stolen credentials on Russian cybercrime marketplaces. In the investigated case, the victim was searching for software on YouTube and likely follow…GBHACKERS.COM
27 AprAnthropic Draws Google’s $40B Bet in Latest AI MegadealGoogle is preparing an investment in Anthropic worth up to $40B, pairing cash with cloud capacity as demand for Claude fuels the latest major AI megadeal. The post Anthropic Draws Google’s $40B Bet in Latest AI Megadeal appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprGet Lifetime Access to Microsoft Office 2021 for Just $30Whether you're starting a new business venture and need Microsoft Office's help or you just want to get better organized in your personal life, it's a good time to take advantage of this deal. The post Get Lifetime Access to Microsoft Office 2021 for Just $30 appeared first on Te…TECHREPUBLIC.COM
27 AprBlackFile actively extorting data-theft victims in retail and hospitality sectorSome attackers, which researchers link to The Com, have swatted company executives to increase leverage and pressure victims to pay their ransom demands. The post BlackFile actively extorting data-theft victims in retail and hospitality sector appeared first on CyberScoop .CYBERSCOOP.COM
27 AprNew Hack Lets 30-Year-Old Windows PCs Run Modern LinuxWSL9x lets Windows 9x systems run a modern Linux 6.19 kernel without virtualization, showing how vintage PCs can still stretch beyond old limits. The post New Hack Lets 30-Year-Old Windows PCs Run Modern Linux appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprChina’s Honor Just Launched an iPhone Lookalike in EuropeHonor’s new 600 series arrives in Europe with iPhone-like styling, strong specs, and a 7,000mAh battery, but it is not really a budget phone. The post China’s Honor Just Launched an iPhone Lookalike in Europe appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprApple Watch Blood Oxygen Monitoring Gets Major BreakthroughApple can keep selling Apple Watches with its redesigned blood oxygen feature in the US after the ITC declined to revive Masimo’s ban. The post Apple Watch Blood Oxygen Monitoring Gets Major Breakthrough appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprEU’s proposed Google data access rule could enable large-scale surveillanceThe European Commission is facing criticism from security and privacy experts over a proposed Digital Markets Act (DMA) measure that would require Google to share vast amounts of search data with third parties via an automated API. Critics warn the plan could expose sensitive use…CYBERINSIDER.COM
27 AprEU Funds Sovereign Cloud Infrastructure with €180 Million ContractThe European Commission has awarded a €180 million contract to four providers—Post Telecom, STACKIT, Scaleway, and Proximus—to provide sovereign cloud services, ensuring EU data remains under European legal and strategic control. The post EU Funds Sovereign Cloud Infrastructure w…TECHREPUBLIC.COM
27 AprChina Startup Secures $8.4B in Credit Lines for Orbital Data Center PushChina’s Orbital Chenguang secured major credit lines for space-based data centers as AI demand strains power, land, and cooling capacity. The post China Startup Secures $8.4B in Credit Lines for Orbital Data Center Push appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprThe Prompt Engineering Cheat Sheet: How to Write Better AI PromptsLearn prompt engineering with this practical cheat sheet that covers frameworks, techniques, and tips for producing more accurate and useful AI outputs. The post The Prompt Engineering Cheat Sheet: How to Write Better AI Prompts appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprChina Shuts Down Meta’s $2.5B Bid for AI Startup ManusChina has blocked Meta’s $2.5 billion Manus AI acquisition, raising new questions about cross-border AI deals and who controls agent technology. The post China Shuts Down Meta’s $2.5B Bid for AI Startup Manus appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprApple ‘Ultra’ 2026: A New iPhone, MacBook Tier May Be ComingApple may expand Ultra branding to a foldable iPhone and MacBook Ultra, creating a new premium tier above Pro devices. The post Apple ‘Ultra’ 2026: A New iPhone, MacBook Tier May Be Coming appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprTruecaller Faces New Pressure in India as Growth MaturesTruecaller has hit 500 million monthly users, but slower growth in India, CNAP rollout, and ad pressure are testing whether its next phase can be as strong as its first. The post Truecaller Faces New Pressure in India as Growth Matures appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprWhatsApp to End Support for Millions of Older Android Phones in 2026WhatsApp will stop supporting Android 5 devices in September 2026, requiring users to upgrade to Android 6 or newer. The post WhatsApp to End Support for Millions of Older Android Phones in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
27 AprUNC6692 Combines Social Engineering, Malware, Cloud AbuseA newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged campaign.DARKREADING.COM
27 AprSupreme Court justices skeptically question both sides in geofence surveillance caseA ruling could come this summer in Chatrie v. United States, which could have bigger ramifications about the scope of government surveillance. The post Supreme Court justices skeptically question both sides in geofence surveillance case appeared first on CyberScoop .CYBERSCOOP.COM
🌐 CYBER THREAT LANDSCAPE 7[−]
27 AprA week in security (April 20 – April 26)A list of topics we covered in the week of April 20 to April 26 of 2026MALWAREBYTES.COM
27 AprFast16: Pre-Stuxnet malware that targeted precision engineering softwareFast16 is a pre-Stuxnet malware that tampered with precision software and spread itself. Evidence suggests links to U.S. operations during early cyber tensions. SentinelOne uncovered Fast16, a sabotage malware used in 2005, years before Stuxnet. The malicious code is written in L…SECURITYAFFAIRS.COM
27 AprResearchers Identify Fast16 Sabotage Malware That Pre-Dates StuxnetThe “fast16” malware may have been used to target Iran’s nuclear program prior to StuxnetINFOSECURITY-MAGAZINE.COM
27 AprResearchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 MalwareCybersecurity researchers have flagged dozens of Microsoft Visual Studio Code (VS Code) extensions on the Open VSX repository that are linked to a persistent information-stealing campaign dubbed GlassWorm. The cluster of 73 extensions has been identified as cloned versions of the…THEHACKERNEWS.COM
27 Apr20-Year-Old Malware Rewrites History of Cyber SabotageResearchers have uncovered a malware framework dubbed "fast16" that predates Stuxnet by 5 years.DARKREADING.COM
27 Apr⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & MoreEverything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed yea…THEHACKERNEWS.COM
27 AprPhishing crypto-wallet clones in the App Store and other attacks on iOS and macOS crypto owners | Kaspersky official blogNew waves of attacks on Apple users are leading to stolen cryptocurrency: fake crypto wallets in the App Store, trojanized legitimate macOS crypto apps, and other threats. Here’s how to stay protected.KASPERSKY.COM
📡 INFOSEC NEWS 15[−]
27 AprWhen security becomes the attack surface: Why endpoint protection must evolveWhen attackers target security tools, protection must be resilient, self-healing and always on.CYBERSECURITYDIVE.COM
27 AprBlackFile Group Targets Retail and Hospitality with Vishing AttacksResearchers uncover a new data theft and extortion group dubbed “BlackFile”INFOSECURITY-MAGAZINE.COM
27 AprMost Cybersecurity Professionals Feel Undervalued and UnderpaidA new report by global technology recruitment firm, Harvey Nash, found that three quarters of cybersecurity staff are pessimistic on pay and half are looking for a new jobINFOSECURITY-MAGAZINE.COM
27 AprParsing Agentic Offensive Security's Existential ThreatSome fear frontier LLMs like Claude Mythos and Anthropic's GPT-5.5 will lead to cybersecurity annihilation. Ari Herbert-Voss notes this could be an opportunity.DARKREADING.COM
27 AprWidely Used Browser Extensions Selling User DataDozens of browser extensions openly sell user data via privacy policy disclosuresINFOSECURITY-MAGAZINE.COM
27 AprChinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense softwareA Chinese national posed as a U.S. researcher, tricking NASA staff in a phishing campaign to steal sensitive data tied to defense software and exports. A Chinese national ran a spear-phishing campaign by posing as a U.S. researcher and tricked NASA employees into sharing sensitiv…SECURITYAFFAIRS.COM
27 AprUS Sanctions Target Cambodian Scam Network LeadersUS sanctions target Cambodian scam networks tied to crypto fraud and traffickingINFOSECURITY-MAGAZINE.COM
27 AprDisinformation campaign targeted Tibetan parliament-in-exile electionsThe operation, identified by the Digital Forensic Research Lab (DFRLab), was part of Spamouflage, a long-running influence network linked to Beijing.THERECORD.MEDIA
27 AprItaly extradites alleged Chinese state hacker to USA Chinese national accused of being a member of a state-backed hacking group that allegedly broke into systems to steal COVID-19 vaccine information has been extradited to the U.S. from Milan.THERECORD.MEDIA
27 AprCan I do that with policy? Understanding the AWS Service Authorization ReferenceUnderstanding what AWS Identity and Access Management (IAM) policies can control helps you build better security controls and avoid spending time on approaches that won’t work. You’ve likely encountered questions like: Can I use AWS Organizations service control policies (SCPs) t…AWS.AMAZON.COM
27 AprUS Supreme Court weighs legality of geofence warrants.Researchers analyze a cyber sabotage framework that predates Stuxnet. Toronto police arrest three men accused of operating an SMS blaster.THECYBERWIRE.COM
27 AprMoney launderer for crypto thieves given 5-year sentenceA California man was sentenced to more than five years in prison for his role in supporting a cybercriminal organization that stole about $260 million worth of cryptocurrency from victims.THERECORD.MEDIA
27 AprCole Allen Charged With Attempting to Assassinate TrumpThe suspected shooter at Saturday night’s White House Correspondents’ Dinner faces three felony charges. He remains in custody following Monday’s hearing.WIRED.COM
27 AprSupreme Court signals location data searches should require a warrantPrivacy advocates had worried that the high court would rule that geofencing does not qualify as a constitutionally protected search, opening the door to much broader use of warrantless reverse searches of all types.THERECORD.MEDIA
27 AprTennessee becomes second state to ban cryptocurrency ATMs over scam concernsState officials said they observed overseas criminals carrying out government impersonation or tech support cons, as well as romance and pig butchering scams using cryptocurrency ATMs.THERECORD.MEDIA