109Articles
8Categories
2026-04-28Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 9[−]
28 Apr KEVMicrosoft Confirms Active Exploitation of Windows Shell CVE-2026-32202Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could a…THEHACKERNEWS.COM
28 AprCritical LiteLLM Flaw Enables Database Attacks Through SQL InjectionA critical pre-authentication SQL injection vulnerability, identified as CVE-2026-42208, has been discovered in the popular LiteLLM gateway, allowing attackers to access databases without credentials. Cybercriminals have already been observed exploiting this flaw to target high-v…GBHACKERS.COM
28 AprNotepad++ Vulnerability Lets Attackers Crash App and Expose Memory DataA new string injection vulnerability, tracked as CVE-2026-3008, has been discovered in Notepad++ version 8.9.3. This critical flaw allows attackers to crash the application or to instantly and secretly extract sensitive memory information. The Cybersecurity Agency of Singapore (C…GBHACKERS.COM
28 AprInfected Cisco firewalls need cold start to clear persistent Firestarter backdoorSecurity researchers have discovered a chilling backdoor aimed at Cisco System firewalls that exploits unpatched vulnerabilities to maintain persistence, even after patching. This means that attackers can continue to access compromised devices without re-exploiting the holes. At …CSOONLINE.COM
28 AprCritical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCECybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution. The vulnerability in question is CVE-2026-25874 …THEHACKERNEWS.COM
28 AprHugging Face LeRobot Flaw Opens Door to Remote Code Execution AttacksA critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to e…GBHACKERS.COM
28 AprCritical Cursor bug could turn routine Git into RCESecurity researchers have disclosed a high-severity vulnerability affecting the Cursor IDE, allowing arbitrary code execution on a developer’s machine through a seemingly routine repository interaction. According to findings by AI pentesting platform Novee Security, once a develo…CSOONLINE.COM
28 AprResearchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git PushCybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single "git push" command. The flaw, tracked as CVE-2026-3854 (CVS…THEHACKERNEWS.COM
28 AprCVE-2026-3854 GitHub flaw enables remote code executionCritical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability af…SECURITYAFFAIRS.COM
⚠️ VULNERABILITY DISCLOSURE 25[−]
28 AprMicrosoft Patches Entra ID Role Flaw That Enabled Service Principal TakeoverAn administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft …THEHACKERNEWS.COM
28 AprClickUp Security Flaw Exposes 959 Emails Linked to Major Fortune 500 FirmsA major security flaw in the popular productivity platform ClickUp has exposed sensitive data, including 959 email addresses tied to Fortune 500 companies and government agencies. The primary vulnerability stems from a hardcoded Split.io SDK token left inside ClickUp’s production…GBHACKERS.COM
28 AprClaude Opus 4.6-Powered AI Coding Agent Wipes Production Database in 9 SecondsA Claude Opus 4.6-powered AI coding agent operating through the Cursor editor autonomously deleted the production database and backups of SaaS startup PocketOS in just nine seconds. The incident highlights critical security failures in AI guardrails and infrastructure access cont…GBHACKERS.COM
28 AprWhat CISOs need to get right as identity enters the agentic eraIdentity has always been central to security, but the proliferation of AI agents is rapidly changing the challenge of managing and securing identity, spurring CISOs to rethink their identity strategies — even how it is defined. “Identity is now both a control surface and an attac…CSOONLINE.COM
28 AprStopping AiTM attacks: The defenses that actually work after authentication succeedsThe security industry has spent years building better authentication. Longer passwords, second factors, hardware tokens. And attackers responded by moving past authentication entirely. Adversary-in-the-middle (AiTM) phishing does not steal credentials and replay them. It sits bet…CSOONLINE.COM
28 AprTop 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380Portswigger's list of web hacking techniques is a long-running celebration of curiosity and research from the web hacking community. James Kettle shares his thoughts on the entries from 2025 and how he expects LLMs and agents to influence what the list will look like for next yea…YOUTUBE.COM
28 AprBuilding Resilience in a World of Constant ThreatsMegan Stifel, Chief Strategy Officer at the Institute for Security and Technology, joins Ann on this week’s episode of Afternoon Cyber Tea to discuss why cybersecurity must be treated as a shared governance responsibility, not just an IT issue. They explore how boardroom misalign…THECYBERWIRE.COM
28 AprVimeo suffers 3rd-party breach exposing user data, hackers threaten leakVimeo has disclosed a security incident stemming from a breach at third-party analytics provider Anodot, which resulted in unauthorized access to certain user and customer data. The company states that no video content, login credentials, or payment information were exposed, thou…CYBERINSIDER.COM
28 AprMDR Selection is a Partnership DecisionManaged Detection and Response (MDR) is a cybersecurity service that combines human expertise and technology to detect, investigate, and respond to threats 24/7. I write this as a Field CISO at Rapid7, but also as someone who has had to live with the operational reality of MDR on…RAPID7.COM
28 AprAfter Mythos: New Playbooks For a Zero-Window EraWhen patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s n…THEHACKERNEWS.COM
28 AprSecuring RAG pipelines in enterprise SaaSIn the enterprise SaaS space, AI agents are becoming an integral part of the SaaS product. To make these intelligent agents truly useful, they need contextual, customer-specific knowledge, something standard Large Language Models (LLMs), open source or otherwise, inherently lack …CSOONLINE.COM
28 AprWhat Anthropic’s Mythos Means for the Future of CybersecurityTwo weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software like operating systems and internet i…SCHNEIER.COM
28 AprMicrosoft fixes Entra ID flaw enabling privilege escalationMicrosoft fixed a Microsoft Entra ID flaw where the Agent ID Administrator role could enable privilege escalation and account takeover. Microsoft addressed a flaw in Microsoft Entra ID that could let attackers take over service accounts. The issue involved the Agent ID Administra…SECURITYAFFAIRS.COM
28 AprHTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)This weekend, we saw a few requests to our honeypot that included an "X-Vercel-Set-Bypass-Cookie" header. A sample request: ISC.SANS.EDU
28 AprSecuring the git push pipeline: Responding to a critical remote code execution vulnerabilityHow we validated, fixed, and investigated a critical vulnerability in under two hours, and confirmed no exploitation. The post Securing the git push pipeline: Responding to a critical remote code execution vulnerability appeared first on The GitHub Blog .GITHUB.BLOG
28 AprSignal Phishing Campaign Targets German Officials in Suspected Russian OperationSuspected Russian phishing via Signal targeted German officials, exploiting trust to access accounts and sensitive political communications. A new wave of cyber operations targeting European political leadership is once again highlighting how modern espionage increasingly relies …SECURITYAFFAIRS.COM
28 AprGet Motivated: What to Expect from Our Keynote at Rapid7's Global Cybersecurity SummitSecurity teams prepare for incidents every day. Alerts are tuned, playbooks are built, and processes are tested. But when something actually happens, the challenge shifts. It becomes not just about making decisions under pressure, but how well that preparation has set teams up to…RAPID7.COM
28 AprAccess control with IAM Identity Center session tagsAs organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes increasingly important. AWS IAM Identity Center offers a centralized, unified solution for managing workforce access to AWS acc…AWS.AMAZON.COM
28 AprA Vulnerability in OpenSSH Could Allow for Authentication BypassA vulnerability has been discovered in OpenSSH which could allow for authentication bypass. OpenSSH (Open Secdure Shell) is an open-source suite of secure networking utilities based on the SSH protocol. It provides encrypted communication sessions over unsecured networks in a cli…CISECURITY.ORG
28 AprWhy Sharing a Screenshot Can Get You Jailed in the UAEThe war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years.WIRED.COM
28 AprPitney Bowes confirms Salesforce breach after hacker leaks 25 million recordsPitney Bowes has confirmed to CyberInsider that it suffered a cybersecurity incident involving unauthorized access to customer data stored in its Salesforce environment. This admission follows claims by the ShinyHunters extortion group that it has stolen over 25 million records. …CYBERINSIDER.COM
28 AprMultiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution. Mozilla Firefox is a web browser used to access the Internet. Mozilla Firefox ESR is a version of the web browser intended to be deployed in large…CISECURITY.ORG
28 AprOracle Quarterly Critical Patches Issued April 21, 2026Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Dep…CISECURITY.ORG
28 AprVidar Rises to Top of Chaotic Infostealer MarketThe malware has filled the gap created by last year's law enforcement takedowns of Lumma and Rhadamanthys.DARKREADING.COM
28 AprSpy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhaulWhile tech leaders think about how to strategically deploy AI tools to support human intelligence needs, rank and filers express concerns about their livelihoods. The post Spy agency officials say job loss anxiety, moving fast ‘safely’ among top challenges in AI workforce overhau…CYBERSCOOP.COM
📋 SECURITY BULLETINS 1[−]
28 AprFake Tax Audits and Updates Fuel Silver Fox Malware CampaignA China-linked threat group known as Silver Fox is running a new wave of cyber campaigns using fake tax audit notifications and software update lures to deliver malware across Asia. Active since at least 2022, the group initially focused on financially motivated attacks but, sinc…GBHACKERS.COM
📢 SECURITY ADVISORIES 5[−]
28 AprFrench police arrest 21-year-old “HexDex” hacker over 100 alleged data breachesA 21-year-old man suspected of conducting approximately 100 data breaches since late 2025 - including a hack of the French Ministry of National Education that exposed records on almost a quarter of a million employees - has been arrested at his home in western France. Read more i…BITDEFENDER.COM
28 AprNo Metrics Are Better Than Bad Metrics in the SOC, Says NCSCThe National Cyber Security Centre has warned against measuring SOCs with ticket-based metricsINFOSECURITY-MAGAZINE.COM
28 AprNCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort linksNCSC’s SilentGlass blocks malicious HDMI/DisplayPort links, protecting monitors from hardware attacks. Now commercialized for global use. The UK’s National Cyber Security Centre (NCSC) has launched SilentGlass, a new device to protect one of the most overlooked parts of modern IT…SECURITYAFFAIRS.COM
28 AprSignal to roll out anti-phishing safeguards following account takeoversSignal says recent reports describing attacks against its users do not reflect a breach of its platform, while also announcing plans to introduce new protections aimed at stopping similar phishing campaigns in the future. The clarification follows a joint advisory issued earlier …CYBERINSIDER.COM
28 AprWar hits where it hurts.Conflict in the Middle East disrupts the circuit board supply chain. The Supreme Court considers arguments on geofence searches. A new report highlights Chinese digital transnational repression. The NCSC protects HDMI and DisplayPort links. Tennessee bans cryptocurrency ATMs. Res…THECYBERWIRE.COM
🔥 INCIDENT REPORTING 13[−]
28 AprWeekly Update 501Presently sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & prevent breaches #SecureYourSite This is so "peak 2026" - writing an equality policy to ensure people treat our AI bot with the same respect as they do their …TROYHUNT.COM
28 AprChinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research CyberattacksA Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.  Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating …THEHACKERNEWS.COM
28 AprCheckmarx Confirms Security Incident Involving GitHub Repository ExposureApplication security provider Checkmarx has officially confirmed a new security incident involving the exposure of its internal GitHub repository. On April 27, 2026, Udi-Yehuda Tamar, the company’s VP of Platform Engineering and Global CISO, revealed that a cybercriminal gr…GBHACKERS.COM
28 AprRansomware Turf War as 0APT and KryBit Groups Trade BlowsRansomware groups 0APT and KryBit have doxxed each other onlineINFOSECURITY-MAGAZINE.COM
28 AprVECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXiThreat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors. The…THEHACKERNEWS.COM
28 AprIran war updates.US Supreme Court leans toward requiring warrants for geofencing searches. ShinyHunters claims responsibility for Pitney Bowes breach.THECYBERWIRE.COM
28 AprMedtronic Confirms Data Breach After ShinyHunters ClaimsMedtronic confirms IT breach as ShinyHunters claims millions of records accessedaINFOSECURITY-MAGAZINE.COM
28 AprVECT: Ransomware by design, Wiper by accidentKey Takeaways Background VECT Ransomware is a Ransomware-as-a-Service (RaaS) program that made its first appearance in December 2025 on a Russian-language cybercrime forum. After claiming their first two victims in January 2026, the group got back into the public eye due to an an…RESEARCH.CHECKPOINT.COM
28 AprVideo site Vimeo blames security incident on Anodot breachThe hackers did not access video content, user logins or payment card information, and there was no disruption to Vimeo’s services,THERECORD.MEDIA
28 AprADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNsADT confirmed a data breach exposing customer names, addresses, phone numbers, and partial SSNs, with millions of records reportedly affected. The post ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprWhat the March 2026 Threat Technique Catalog update means for your AWS environmentThe AWS Customer Incident Response Team (AWS CIRT) regularly encounters patterns that repeat across their engagements when helping customers respond to security incidents. We’re passionate about making sure that information is widely accessible so that everyone can improve their …AWS.AMAZON.COM
28 AprFeuding Ransomware Groups Leak Each Other's DataWhen 0APT and KryBit attacked each other, they exposed infrastructure and operational data, giving defenders rare insight into ransomware operations.DARKREADING.COM
🕵️ THREAT INTELLIGENCE 40[−]
28 AprChinese national extradited to US for pandemic-era Silk Typhoon attacksXu Zewei was allegedly directed by China’s intelligence services to conduct a sweeping espionage campaign to steal data on COVID-19 research and other U.S. policy interests. The post Chinese national extradited to US for pandemic-era Silk Typhoon attacks appeared first on CyberSc…CYBERSCOOP.COM
28 AprISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908, (Tue, Apr 28th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
28 AprMicrosoft Expands Copilot Agent Mode for Outlook Inbox and Calendar TasksMicrosoft announced a major evolution for Copilot in Outlook, shifting the tool from a passive assistant to an autonomous agent. Instead of simply drafting emails or summarizing threads on command, the AI now actively manages ongoing daily tasks. This agentic update enables the s…GBHACKERS.COM
28 AprChinese-Backed Smishing Rings Scale Credential Theft via SMS and OTT AppsChinese-language phishing-as-a-service (PhaaS) platforms are rapidly expanding their global reach by leveraging SMS and over-the-top (OTT) messaging channels such as iMessage and Rich Communication Services (RCS). Over the past several months, researchers have conducted large-sca…GBHACKERS.COM
28 AprSandworm Uses SSH-over-Tor Tunnel for Stealthy Long-Term PersistenceA significant evolution in Sandworm (APT-C-13) tradecraft, revealing the group’s use of SSH-over-Tor tunneling to achieve long-term, covert persistence inside targeted networks. Sandworm, also known as FROZENBARENTS, is a state-sponsored threat group active since 2014. It has con…GBHACKERS.COM
28 AprWhatsApp Tests Encrypted Cloud Backup Service for Safer Message StorageWhatsApp is actively developing an independent, first-party cloud backup service featuring mandatory end-to-end encryption. This upcoming feature aims to reduce users’ reliance on third-party storage providers such as Google Drive and Apple’s iCloud. By bringing backup stor…GBHACKERS.COM
28 AprOilRig Hides C2 Config in Google Drive Image via LSB SteganographyAPT-C-49 (OilRig), an Iranian state-sponsored advanced persistent threat group also known as APT34 and Helix Kitten, has deployed a sophisticated new attack campaign that conceals command-and-control configurations inside Google Drive images using LSB steganography. The group, wh…GBHACKERS.COM
28 AprFake KYC Android Malware Spreads via WhatsApp to Hijack Bank AccountsA new Android malware campaign is masquerading as a “Banking KYC” verification app and spreading via WhatsApp messages to target banking users in India. The malware is delivered as an APK shared over WhatsApp, posing as an urgent bank KYC or account verification update similar to…GBHACKERS.COM
28 AprGUEST ESSAY: How augmented reality (AR) can turn building images into ad space with no controlEvery major building in America has three things: a physical address, a legal owner, and an unmonitored attack surface. Related: Sam Altman’s quest to usurp the browswer That surface extends from the ground up through every floor, every facade, and … (more…) The post …LASTWATCHDOG.COM
28 AprU.S. companies hit with record fines for privacy in 2025The increase is being driven by powerful privacy laws in states like California, new interstate partnerships and a renewed focus on the privacy impacts of AI and automation. The post U.S. companies hit with record fines for privacy in 2025 appeared first on CyberScoop .CYBERSCOOP.COM
28 AprNorth Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom LuresArctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus GroupINFOSECURITY-MAGAZINE.COM
28 AprGoogle Cloud Next AI Keynote: 5 Takeaways for IT LeadersThomas Kurian’s Google Cloud Next keynote framed Google’s agentic AI vision. Here are five key takeaways for IT leaders. The post Google Cloud Next AI Keynote: 5 Takeaways for IT Leaders appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprBest Legal Project Management Software in 2026What is the best legal project management software? Use our guide to help you compare pricing and features of our top picks. The post Best Legal Project Management Software in 2026 appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprFake CAPTCHA scam turns a quick click into a costly phone billScammers are using fake CAPTCHA pages to rack up international SMS charges on victims’ phone bills, and then take a cut.MALWAREBYTES.COM
28 AprSilk Typhoon Hacker Extradited to U.S. from ItalyChinese authorities-linked hacker Xu Zewei, accused of playing a central role in the notorious Silk Typhoon (HAFNIUM) cyber campaign, has been extradited from Italy to the United States, marking a significant development in ongoing efforts to combat state-sponsored cyber espionag…GBHACKERS.COM
28 AprPhishing-to-RMM Attacks: The Remote Access Blind Spot CISOs Can’t IgnoreCISOs are under pressure to prove that their security programs can detect threats early, reduce business risk, and support fast, confident response. But that becomes harder when attackers stop relying on obviously malicious tools. In recent phishing-to-RMM campaigns observed by A…ANY.RUN
28 AprChinese National Extradited Over Silk Typhoon Cyber CampaignExtradition links alleged MSS-directed hacker to Silk Typhoon and COVID-19 espionageINFOSECURITY-MAGAZINE.COM
28 Apr5 Stages of The Threat Intelligence Lifecycle5-stages-of-the-threat-intelligence-lifecycleSOCRADAR.IO
28 AprAI’s False Novelty TrapAsking AI for “novel techniques” can produce a mix of non-working ideas and recycled methods that already exist. In some cases, researchers mistakenly publish these as new findings. This creates a hidden risk where AI accelerates output but degrades originality. Without proper ve…YOUTUBE.COM
28 AprRep. Delia Ramirez takes over as top House cybersecurity Demhe replaces Rep. Eric Swalwell following his resignation, giving her the position of ranking member of the Subcommittee on Cybersecurity and Infrastructure Protection. The post Rep. Delia Ramirez takes over as top House cybersecurity Dem appeared first on CyberScoop .CYBERSCOOP.COM
28 Apr‘Fundamental tension’ undermines manufacturers’ cybersecurityA simple security mistake caused roughly one-quarter of all financial losses in the sector in 2025, cybersecurity insurer Resilience said.CYBERSECURITYDIVE.COM
28 AprStop Juggling AI Tools — This Lifetime Deal Puts GPT‑4o and More in One PlaceHarness multiple top-tier models like GPT‑4o, Claude, Gemini, and more in one unified platform, now $75. The post Stop Juggling AI Tools — This Lifetime Deal Puts GPT‑4o and More in One Place appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprVisual Studio 2026 Brings AI Deeper Into Development and It’s 90% Off Right NowMicrosoft's latest 64-bit IDE adds AI-assisted coding, faster performance, and advanced collaboration tools. The post Visual Studio 2026 Brings AI Deeper Into Development and It’s 90% Off Right Now appeared first on TechRepublic .TECHREPUBLIC.COM
28 Apr50k on YouTube!Built by this crew, powered by this community. 50,000 people decided cybersecurity content should be: real, unfiltered, occasionally chaotic, and always worth watching. We couldn’t agree more. Thank you for choosing Security Weekly. ❤️ Subscribe to our podcasts: https://securityw…YOUTUBE.COM
28 Apr50K Subscribers. This is Security Weekly.Built by this crew, powered by this community. 50,000 people decided cybersecurity content should be real, unfiltered, occasionally chaotic, and always worth watching. We couldn’t agree more. Thank you for choosing Security Weekly. ❤️ Subscribe to our podcasts: https://securitywe…YOUTUBE.COM
28 AprApple’s $599 Mac mini Sells Out, Resurfaces on eBay Above RetailApple’s sold-out $599 M4 Mac mini is getting marked up on eBay as buyers chase compact machines for local AI work while supplies stay tight. The post Apple’s $599 Mac mini Sells Out, Resurfaces on eBay Above Retail appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprGoogle, Kaggle Relaunch Free AI Course Focused on ‘Vibe Coding’Google and Kaggle’s free AI agents course returns June 15-19, with vibe coding lessons, live sessions, and a hands-on capstone project. The post Google, Kaggle Relaunch Free AI Course Focused on ‘Vibe Coding’ appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprSamsung Galaxy Glasses Leak: Pricing, Specs, and Launch Timeline RevealedSamsung’s rumored smart glasses may challenge Meta with AI features, display-free design, leaked pricing, and a possible 2027 AR roadmap. The post Samsung Galaxy Glasses Leak: Pricing, Specs, and Launch Timeline Revealed appeared first on TechRepublic .TECHREPUBLIC.COM
28 Apr‘Windows K2’ Could Be Microsoft’s Answer to Years of Windows 11 FrustrationMicrosoft’s Windows K2 effort aims to improve Windows 11 performance, reliability, updates, taskbar flexibility, and user feedback loops. The post ‘Windows K2’ Could Be Microsoft’s Answer to Years of Windows 11 Frustration appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprXpeng Flying Car Deliveries Target 2027 as Certification Gaps RemainXpeng’s flying car factory is moving from prototype to production, but certification gaps still separate delivery plans from public passenger service. The post Xpeng Flying Car Deliveries Target 2027 as Certification Gaps Remain appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprORMs Reopened Injection RisksSQL injection was largely mitigated by prepared statements. However, newer abstractions like ORMs reintroduce flexibility, allowing developers to construct queries in more dynamic ways. That added flexibility can recreate conditions similar to classic injection vulnerabilities. W…YOUTUBE.COM
28 AprPolice arrest 10 suspected members of Black Axe cybercrime gangA coordinated police operation in Switzerland has targeted suspected members of the Black Axe criminal network. On 28 April 2026, authorities carried out house searches across several Swiss cantons, leading to 10 arrests, including the Black Axe ‘Regional Head’ for Southern Europ…HELPNETSECURITY.COM
28 AprFederal CIO cautious on Anthropic’s Mythos despite planned rolloutGreg Barbaccia told CyberScoop that Anthropic's Mythos shows real promise for federal cyber defense, but warns that laboratory results and live network conditions are two very different things. The post Federal CIO cautious on Anthropic’s Mythos despite planned rollout appeared f…CYBERSCOOP.COM
28 AprElfsmasher, PYPI, Facebook, Glassworm, Medtronic, OpenSSH, Sararimen, Aaran Leyland - SWN #576Elfsmasher, PYPI, Facebook, Glassworm, Medtronic, OpenSSH, Entrepreneurs, Sararimen, Aaran Leyland, and More on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-576YOUTUBE.COM
28 AprClickUp Data Leak Exposes Enterprise Emails for Over a YearA hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security concerns. The post ClickUp Data Leak Exposes Enterprise Emails for Over a Year appeared first on TechRepublic .TECHREPUBLIC.COM
28 AprBlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack LuresThe North Korean group is using stolen victim videos, AI-generated avatars, and fake Zoom calls to scale malware attacks against cryptocurrency executives.DARKREADING.COM
28 AprPlay-to-Earn Collapse RiskA play-to-earn game offered crypto rewards, NFT assets, and “founder nodes” that distributed tokens to early adopters. As prices rose, early buyers profited. But the structure resembles a pump-and-dump, where gains depend on later participants entering the system. That creates as…YOUTUBE.COM
28 AprFIDO Alliance wants to keep AI agents from going rogue on online paymentsAI agents are beginning to shop, log in, and complete tasks with little direct input. That shift is pushing the security industry to rethink how trust works when actions are carried out on a user’s behalf. The FIDO Alliance has announced a set of initiatives to build shared stand…HELPNETSECURITY.COM
28 AprSN 1076: FAST16.SYS - Unmasking the NSA's Most Diabolical Digital SabotageWhat if your engineering calculations secretly sabotaged your nation's best efforts? This week, we reveal how a newly uncovered 21-year-old NSA rootkit quietly corrupted scientific research in hostile states and why it changes everything you think you know about cyberwarfare. Bit…TWIT.TV
🌐 CYBER THREAT LANDSCAPE 5[−]
28 AprNew Android spyware Morpheus linked to Italian surveillance firmOsservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools. The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno exposed a new spyware called Morpheus, distributed through fa…SECURITYAFFAIRS.COM
28 AprWhy Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks AboutEvery security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done. That assumption is wrong. It is also a major reason Zero Trust programs stall. New research my team just pu…THEHACKERNEWS.COM
28 AprFresh Wave of GlassWorm VS Code Extensions Slices Through Supply ChainAttackers continue to scale a campaign to seed Open VSX with seemingly benign VS Code extensions that spread self-propagating malware.DARKREADING.COM
28 AprBrazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer CampaignA cybercrime group of Brazilian origin has resurfaced after more than three years to orchestrate a campaign that targets Minecraft players with a new stealer called LofyStealer (aka GrabBot). "The malware disguises itself as a Minecraft hack called 'Slinky,'" Brazil-based cyberse…THEHACKERNEWS.COM
28 AprParagon is not collaborating with Italian authorities probing spyware attacks, report saysDespite promising to help determine what happened with the hacks targeting journalists and activists in Italy, Israeli-American spyware maker Paragon has reportedly not responded to authorities’ requests for information.TECHCRUNCH.COM
📡 INFOSEC NEWS 11[−]
28 AprChinese engineer stole US military and NASA software for yearsHe created Gmail accounts, impersonated real US researchers, and convinced NASA, the military, and universities to hand over sensitive code.MALWAREBYTES.COM
28 AprFrom DMV to Wallet: Understanding Verifiable Digital Credential IssuanceIn our last post in this series, we compared two credential formats that shape the digital identity ecosystem: ISO/IEC 18013-5 and -7 mobile documents (mdocs) and W3C Verifiable Credentials (VCs). Both formats define how a credential is structured and shared, but neither can func…NIST.GOV
28 AprThe Hunt for American Turncoats in World War II EuropeIt’s a story that journalist and veteran Stephen Harding uncovered: a secret component of the FBI’s “European Operation,” whereby agents traveled abroad working undercover to track down American citizens who had betrayed their country during World War II. These traitors ran the g…THECYBERWIRE.COM
28 AprFrom the Kaiser to the Führer: Inside the World of Lothar WitzkeOne of the more notorious German spies of the 20th century, Lothar Witzke lived a life of intrigue: from escaping the death penalty in the First World War to joining the Nazi party in the Second. It's a story that Robert Hornick and Paul Friedland stumbled on by chance. With help…THECYBERWIRE.COM
28 AprA practical guide to secure vibe-coding for small businesses | Kaspersky official blogConfiguration and prompting tips to get an AI assistant to write more secure code.KASPERSKY.COM
28 AprFive defender priorities from the Talos Year in ReviewWith attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and prioritize, amidst all the noise.TALOSINTELLIGENCE.COM
28 AprUkrainian police detain hackers suspected of stealing thousands of Roblox accounts for resalePolice said on Monday the victims included both Ukrainian and foreign players whose accounts contained valuable digital items, rare equipment and in-game currency purchased with real money.THERECORD.MEDIA
28 AprThe Race Is on to Keep AI Agents From Running Wild With Your Credit CardsAI agents may soon be buying your stuff for you. The FIDO Alliance has teamed up with Google and Mastercard to try to ensure that shopping in the near future isn't a complete disaster.WIRED.COM
28 AprUS Supreme Court appears split over controversial use of ‘geofence’ search warrantsThe U.S. top court is expected to rule on whether to allow police to identify criminal suspects by dragnet searching the databases of tech giants.TECHCRUNCH.COM
28 AprCyber Command, NSA chief warns foreign adversaries likely to target midtermsArmy Gen. Joshua Rudd told lawmakers “we are postured and ready to support as required or tasked, making sure that we safeguard our elections.”THERECORD.MEDIA
28 AprNSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years LaterChris Inglis was the head civilian in charge at the NSA when the Snowden leak exploded. He gets candid about mistakes the organization made, and what CISOs need to know about spotting potential threats, media disclosures, and "enculturation."DARKREADING.COM