InfoSecRadar InfoSecRadar
  • Home
    • Vulnerabilities & Exploits
    • Malware & Ransomware
    • Data Breaches & Leaks
    • Threat Actors & Campaigns
    • Policy & Regulation
    • Industry & Career
    • Tools & Techniques
    • Cloud & Infrastructure
    • AI & Cybersecurity
    • Privacy & Surveillance
    • Signal School
  • Friend
  • Foe
  • Archive
  • About

Archive: April 2026

1345 stories.

← May 2026 All months March 2026 →
FOE Apr 30 CSO Online
Bank regulator sounds warning over cybersecurity threat posed by AI models
FOE Apr 30 EFF Deeplinks
Utah’s New Law Targeting VPNs Goes Into Effect Next Week
FOE Apr 30 The Register (Security)
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
FOE Apr 30 The Register (Security)
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
FOE Apr 30 Dark Reading
TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
FOE Apr 30 Dark Reading
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug
FOE Apr 30 The Register (Security)
Bot her emails: most modern phishing campaigns are AI-enabled
FOE Apr 30 The Register (Security)
Bot her emails: most modern phishing campaigns are AI-enabled
FOE Apr 30 Ars Technica (Security)
The most severe Linux threat to surface in years catches the world flat-footed
FOE Apr 30 The Intercept (Privacy)
Ron Wyden Is Pissing Off the NSA’s Biggest Backers. Tom Cotton Warns There Will Be “Consequences.”
FOE Apr 30 The Register (Security)
FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'
FOE Apr 30 The Register (Security)
FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'
FOE Apr 30 Dark Reading
Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber
FOE Apr 30 Bleeping Computer
New Bluekit phishing service includes an AI assistant, 40 templates
FOE Apr 30 SecurityWeek
Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge
FOE Apr 30 SecurityWeek
AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours
FRIEND Apr 30 BrightTALK InfoSec
Mastering Resilience in Modern Security
FOE Apr 30 Bleeping Computer
Romanian leader of online swatting ring gets 4 years in prison
FRIEND Apr 30 EPIC
To protect kids online, don’t ban them from social media. Regulate design.
FOE Apr 30 The Register (Security)
Google's fix for critical Gemini CLI bug might break your CI/CD pipelines
FOE Apr 30 The Register (Security)
Google's fix for critical Gemini CLI bug might break your CI/CD pipelines
FOE Apr 30 EFF Deeplinks
Open Records Laws Reveal ALPRs’ Sprawling Surveillance. Now States Want to Block What the Public Sees.
FOE Apr 30 The Register (Security)
French prosecutors link 15-year-old to mega-breach at state’s secure document agency
FOE Apr 30 The Register (Security)
French prosecutors link 15-year-old to mega-breach at state’s secure document agency
FOE Apr 30 Bleeping Computer
FBI links cybercriminals to sharp surge in cargo theft attacks
FOE Apr 30 The Hacker News
PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
FOE Apr 30 BrightTALK InfoSec
Synthetic Risk, Authentic Trust: Enterprise Security in the Age of AI
FOE Apr 30 Bleeping Computer
April KB5083769 Windows 11 update causes backup software failures
FRIEND Apr 30 Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: They’ll never know
FOE Apr 30 SecurityWeek
SonicWall Urges Immediate Patching of Firewall Vulnerabilities
FOE Apr 30 SecurityWeek
SAP NPM Packages Targeted in Supply Chain Attack
FOE Apr 30 Krebs on Security
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
FOE Apr 30 Bleeping Computer
What Happens in the First 24 Hours After a New Asset Goes Live
FOE Apr 30 The Hacker News
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
FOE Apr 30 Bleeping Computer
New Linux ‘Copy Fail’ flaw gives hackers root on major distros
FRIEND Apr 30 Dark Reading
Oracle Red Bull Racing Team Revs Up Automation to Boost Security
FOE Apr 30 The Hacker News
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
FOE Apr 30 SecurityWeek
Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks
FOE Apr 30 CSO Online
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators
FRIEND Apr 30 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: That’s what I thought you said
FOE Apr 30 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE Apr 30 CISA Alerts
ABB Ability OPTIMAX
FOE Apr 30 CISA Alerts
ABB PCM600
FOE Apr 30 CISA Alerts
ABB Edgenius Management Portal
FOE Apr 30 CISA Alerts
ABB AWIN Gateways
FOE Apr 30 CISA Alerts
ABB System 800xA, Symphony Plus IEC 61850
FOE Apr 30 CISA Alerts
ABB Ability Symphony Plus Engineering
FOE Apr 30 SecurityWeek
EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
FOE Apr 30 Bleeping Computer
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
FOE Apr 30 The Register (Security)
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005
FOE Apr 30 The Register (Security)
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005
FOE Apr 30 CSO Online
Max-severity RCE flaw found in Google Gemini CLI
FOE Apr 30 The Hacker News
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
FOE Apr 30 Bleeping Computer
Police dismantles 9 crypto scam centers, arrests 276 suspects
FOE Apr 30 SecurityWeek
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
FOE Apr 30 The Register (Security)
What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
FOE Apr 30 The Register (Security)
What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
FOE Apr 30 Schneier on Security
Fast16 Malware
FOE Apr 30 The Register (Security)
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
FOE Apr 30 The Register (Security)
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
FOE Apr 30 SecurityWeek
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
FOE Apr 30 CSO Online
SAP npm package attack highlights risks in developer tools and CI/CD pipelines
FOE Apr 30 The Hacker News
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
FOE Apr 30 CSO Online
Stopping the quiet drift toward excessive agency with re-permissioning
FOE Apr 30 CSO Online
ODNI to CISOs on threat assessments: You’re on your own
FOE Apr 30 SecurityWeek
Sandhills Medical Says Ransomware Breach Affects 170,000
FOE Apr 30 The Register (Security)
Finance company stores DB credentials in helpfully labeled spreadsheet
FOE Apr 30 The Register (Security)
Finance company stores DB credentials in helpfully labeled spreadsheet
FRIEND Apr 30 EFF Deeplinks
Digital Hopes, Real Power: From Connection to Collective Action
FOE Apr 30 The Hacker News
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
FRIEND Apr 30 CSO Online
10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei
FOE Apr 30 Risky Business News
Srsly Risky Biz: US Vows to Fight Distillation Attacks
FOE Apr 30 CSO Online
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
FOE Apr 30 EPIC
Texas Observer: As License Plate Readers Expand in Texas, Privacy Advocates are Fighting Back
FOE Apr 30 SANS Internet Storm Center
Danger of Libredtail [Guest Diary], (Wed, Apr 29th)
FOE Apr 30 The Register (Security)
Linux cryptographic code flaw offers fast route to root
FOE Apr 30 The Register (Security)
Linux cryptographic code flaw offers fast route to root
FOE Apr 30 CISA KEV
CVE-2026-41940: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
FOE Apr 30 Dark Reading
Claude Mythos Fears Startle Japan's Financial Services Sector
FRIEND Apr 29 Professor Messer
Professor Messer’s SY0-701 Security+ Study Group – April 2026
FOE Apr 29 Bleeping Computer
Official SAP npm packages compromised to steal credentials
FOE Apr 29 Bleeping Computer
Popular WordPress redirect plugin hid dormant backdoor for years
FOE Apr 29 The Intercept (Privacy)
Mike Johnson Used Crypto Catnip to Get Freedom Caucus Support for Domestic Spy Law
FOE Apr 29 EFF Deeplinks
EFF Submission to UN Report on the Role of Media in the Context of Israel’s Policies Toward Palestinians
FOE Apr 29 Bleeping Computer
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
FRIEND Apr 29 The Register (Security)
Researchers move in the right direction, develop powerful GPS interference alarm
FRIEND Apr 29 The Register (Security)
Researchers move in the right direction, develop powerful GPS interference alarm
FOE Apr 29 Dark Reading
Reverse Engineering With AI Unearths High-Severity GitHub Bug
FOE Apr 29 Dark Reading
AI Finds 38 Security Flaws in Electronic Health Record Platform
FOE Apr 29 EFF Deeplinks
Former EFF Activism Director's New Book, Transaction Denied, Explores What Happens When Financial Companies Act like Censors
FOE Apr 29 The Register (Security)
Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
FOE Apr 29 The Register (Security)
Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
FRIEND Apr 29 The Register (Security)
Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
FRIEND Apr 29 The Register (Security)
Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
FOE Apr 29 Bleeping Computer
Hackers arrested for hijacking and selling 610,000 Roblox accounts
FOE Apr 29 The Register (Security)
Yet another experiment proves it's too damn simple to poison large language models
FOE Apr 29 The Hacker News
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
FOE Apr 29 Bleeping Computer
cPanel, WHM emergency update fixes critical auth bypass bug
FOE Apr 29 The Register (Security)
CISA flags data-theft bug in NSA-built OT networking tool
FOE Apr 29 The Register (Security)
CISA flags data-theft bug in NSA-built OT networking tool
FOE Apr 29 Dark Reading
Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
FOE Apr 29 The Hacker News
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
FOE Apr 29 Bleeping Computer
European police dismantles €50 million crypto investment fraud ring
FOE Apr 29 Privacy International
Dual-use tech: the BAE Systems example
FRIEND Apr 29 Black Hills Information Security
A Practical Guide to BloodHound Data Collection
FOE Apr 29 Privacy International
Dual-use tech: the Lockheed Martin example
FOE Apr 29 SANS Internet Storm Center
Today's Odd Web Requests, (Wed, Apr 29th)
FOE Apr 29 Bleeping Computer
Learning from the Vercel breach: Shadow AI & OAuth sprawl
FOE Apr 29 SecurityWeek
Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
FRIEND Apr 29 The Register (Security)
GitHub: Zounds, a genuinely helpful AI-assisted bug report that isn't total slop! Here, Wiz, take this wad of cash
FOE Apr 29 The Register (Security)
GitHub: Woah, a genuinely helpful AI-assisted bug report that isn't total slop. Here, Wiz, take this wad of cash
FOE Apr 29 Dark Reading
Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities
FOE Apr 29 Bleeping Computer
GitHub fixes RCE flaw that gave access to millions of private repos
FOE Apr 29 SecurityWeek
Hundreds of Internet-Facing VNC Servers Expose ICS/OT
FRIEND Apr 29 The Register (Security)
EU waves through open source age-check tool to keep kids safe online
FOE Apr 29 The Hacker News
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
FRIEND Apr 29 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Ten questions, ten different answers
FRIEND Apr 29 CISA Alerts
Adapting Zero Trust Principles to Operational Technology
FOE Apr 29 CSO Online
Critical GitHub RCE bug exposed millions of repositories
FRIEND Apr 29 The Hacker News
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
FOE Apr 29 SecurityWeek
Checkmarx Confirms Data Stolen in Supply Chain Attack
FOE Apr 29 Ars Technica (Security)
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
FOE Apr 29 SecurityWeek
Iranian Cyber Group Handala Targets US Troops in Bahrain
FOE Apr 29 Bleeping Computer
CISA orders feds to patch Windows flaw exploited as zero-day
FRIEND Apr 29 Schneier on Security
Claude Mythos Has Found 271 Zero-Days in Firefox
FOE Apr 29 The Register (Security)
GoDaddy customer claims registrar transferred 27-year-old domain without any security checks
FOE Apr 29 SecurityWeek
38 Vulnerabilities Found in OpenEMR Medical Software
FOE Apr 29 The Hacker News
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
FRIEND Apr 29 SecurityWeek
Chrome 147, Firefox 150 Security Updates Rolling Out
FRIEND Apr 29 CSO Online
AWS leans on prior ingenuity to face future AI and quantum threats
FOE Apr 29 The Hacker News
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
FOE Apr 29 Bleeping Computer
Microsoft says backend change broke Teams Free chat and calls
FOE Apr 29 The Register (Security)
30 ClawHub skills secretly turn AI agents into a crypto swarm
FOE Apr 29 The Register (Security)
30 ClawHub skills secretly turn AI agents into a crypto swarm
FOE Apr 29 SecurityWeek
Critical GitHub Vulnerability Exposed Millions of Repositories
FOE Apr 29 The Hacker News
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
FRIEND Apr 29 CSO Online
Third Party Risk Management: So vermeiden Sie Compliance-Unheil
FOE Apr 29 Risky Business News
Risky Bulletin: UK NCSC blasts SOC metrics
FOE Apr 29 CSO Online
More fake extensions linked to GlassWorm found in Open VSX code marketplace
FOE Apr 29 EPIC
Federal News Network: GAO report on DOGE payments access ‘just the tip of the iceberg’
FOE Apr 29 Sophos News
'Mini Shai-Hulud' supply chain attack targets SAP npm packages
FOE Apr 28 EPIC
CNET: Supreme Court Weighs Arguments Over How Police Request Location Data to Solve Crimes
FOE Apr 28 Dark Reading
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
FOE Apr 28 Bleeping Computer
Broken VECT 2.0 ransomware acts as a data wiper for large files
FOE Apr 28 Bleeping Computer
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
FRIEND Apr 28 EFF Deeplinks
The Open Social Web Needs Section 230 to Survive
FOE Apr 28 Dark Reading
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
FRIEND Apr 28 EPIC
EPIC Testifies in Support of Bill to Expand Privacy Protections for Vermonters
FRIEND Apr 28 Dark Reading
Feuding Ransomware Groups Leak Each Other's Data
FOE Apr 28 Dark Reading
Vidar Rises to Top of Chaotic Infostealer Market
FOE Apr 28 Bleeping Computer
Video service Vimeo confirms Anodot breach exposed user data
FOE Apr 28 The Register (Security)
Don't pay Vect a ransom - your data's likely already wiped out
FOE Apr 28 The Register (Security)
Don't pay Vect a ransom - your data's likely already wiped out
FRIEND Apr 28 SecurityWeek
Cyber Insurance Data Gives CISOs New Ammo for Budget Talks
FOE Apr 28 The Hacker News
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
FOE Apr 28 The Hacker News
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
FOE Apr 28 SecurityWeek
Vimeo Confirms User and Customer Data Breach
FRIEND Apr 28 BrightTALK InfoSec
Fire, Brimstone and Bad Security Decisions
FOE Apr 28 BrightTALK InfoSec
Closing the Browser Gap: Defending Against AiTM and Shadow AI
FOE Apr 28 EPIC
EPIC and Coalition Renew Calls on Congress to Oppose Bad Financial Privacy Bill
FOE Apr 28 SecurityWeek
The Mythos Moment: Enterprises Must Fight Agents with Agents
FOE Apr 28 Bleeping Computer
US reportedly charges Scattered Spider hacker arrested in Finland
FRIEND Apr 28 SecurityWeek
Webinar Today: A Step-by-Step Approach to AI Governance
FRIEND Apr 28 Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: There’s an empty seat over there
FOE Apr 28 Dark Reading
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
FOE Apr 28 Bleeping Computer
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
FOE Apr 28 SecurityWeek
Robinhood Vulnerability Exploited for Phishing Attacks
FOE Apr 28 The Register (Security)
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
FOE Apr 28 The Register (Security)
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
FOE Apr 28 EPIC
League of Women Voters, EPIC Renew Call for Court to Protect Privacy and Voting Rights in Case Challenging Illegal SAVE Overhaul
FOE Apr 28 The Hacker News
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
FOE Apr 28 BrightTALK InfoSec
Mitigating AI Risks: Understanding and Addressing the Risks of AI Systems
FOE Apr 28 SecurityWeek
Alleged Chinese State Hacker Extradited to US
FOE Apr 28 SANS Internet Storm Center
HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
FRIEND Apr 28 Bleeping Computer
Microsoft to deprecate legacy TLS in Exchange Online starting July
FOE Apr 28 CSO Online
Critical Cursor bug could turn routine Git into RCE
FOE Apr 28 Bleeping Computer
Inside an OPSEC Playbook: How Threat Actors Evade Detection
FOE Apr 28 SecurityWeek
Dozens of Open VSX Extension Clones Linked to GlassWorm Malware
FRIEND Apr 28 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: The problem is reading it
FOE Apr 28 CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE Apr 28 CISA Alerts
NSA GRASSMARLIN
FRIEND Apr 28 SecurityWeek
Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable
FRIEND Apr 28 NIST Cybersecurity Insights
From DMV to Wallet: Understanding Verifiable Digital Credential Issuance
FOE Apr 28 The Hacker News
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
FOE Apr 28 SecurityWeek
Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety
FOE Apr 28 SecurityWeek
No Patch for New PhantomRPC Privilege Escalation Technique in Windows
FOE Apr 28 The Hacker News
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
FOE Apr 28 Schneier on Security
What Anthropic’s Mythos Means for the Future of Cybersecurity
FOE Apr 28 SecurityWeek
Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
FOE Apr 28 The Hacker News
After Mythos: New Playbooks For a Zero-Window Era
FOE Apr 28 The Register (Security)
SUSE's sovereignty pitch meets an inconvenient $6 billion question
FOE Apr 28 CSO Online
Securing RAG pipelines in enterprise SaaS
FOE Apr 28 Bleeping Computer
Microsoft: New Remote Desktop warnings may display incorrectly
FOE Apr 28 CSO Online
What CISOs need to get right as identity enters the agentic era
FOE Apr 28 CSO Online
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
FRIEND Apr 28 Bleeping Computer
Microsoft asks iPhone users to reauthenticate after Outlook outage
FRIEND Apr 28 SecurityWeek
Spectrum Security Emerges From Stealth Mode With $19 Million
FOE Apr 28 The Hacker News
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
FOE Apr 28 The Hacker News
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
FOE Apr 28 SecurityWeek
Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak
FOE Apr 28 The Hacker News
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
FRIEND Apr 28 CSO Online
EDR-Software – ein Kaufratgeber
FOE Apr 28 CSO Online
Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor
FRIEND Apr 28 Recorded Future Blog
The Money Mule Problem Solution: What Every Scam Has in Common
FOE Apr 28 CISA KEV
CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability
FOE Apr 28 CISA KEV
CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability
FOE Apr 28 Recorded Future Blog
Lazarus Doesn't Need AGI
FOE Apr 27 The Register (Security)
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
FOE Apr 27 The Register (Security)
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
FOE Apr 27 EPIC
The Guardian: US Supreme Court Hears Whether Smartphone Location Data Warrants Infringe Users’ Privacy
FOE Apr 27 EPIC
CyberScoop: Supreme Court justices skeptically question both sides in geofence surveillance case
FOE Apr 27 EPIC
PPC Land: Your work apps collect more data than you think, study finds
FOE Apr 27 EFF Deeplinks
The GUARD Act Isn’t Targeting Dangerous AI—It’s Blocking Everyday Internet Use
FOE Apr 27 Bleeping Computer
Robinhood account creation flaw abused to send phishing emails
FOE Apr 27 EFF Deeplinks
Congress Must Reject New Insufficient 702 Reauthorization Bill
FOE Apr 27 Bleeping Computer
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
FOE Apr 27 The Register (Security)
Cursor-Opus agent snuffs out startup’s production database
FOE Apr 27 Ars Technica (Security)
Open source package with 1 million monthly downloads stole user credentials
FOE Apr 27 Dark Reading
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
FOE Apr 27 Bleeping Computer
Canada arrests three for operating “SMS blaster” device in Toronto
FOE Apr 27 Bleeping Computer
Alleged Silk Typhoon hacker extradited to US for cyberespionage
FOE Apr 27 The Register (Security)
Medical and utility tech companies admit digital breakins
FOE Apr 27 The Register (Security)
Medical and utility tech companies hacked by digital intruders
FRIEND Apr 27 EFF Deeplinks
The Internet Still Works: SmugMug Powers Online Photography
FOE Apr 27 Bleeping Computer
FTC: Americans lost over $2.1 billion to social media scams in 2025
FOE Apr 27 Dark Reading
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
FOE Apr 27 Bleeping Computer
PyPI package with 1.1M monthly downloads hacked to push infostealer
FOE Apr 27 Bleeping Computer
Home security giant ADT data breach affects 5.5 million people
FRIEND Apr 27 Bleeping Computer
Webinar: Spotting cyberattacks before they begin
FOE Apr 27 The Hacker News
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
FOE Apr 27 SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)
FOE Apr 27 Bleeping Computer
Medtronic confirms breach after hackers claim 9 million records theft
FOE Apr 27 The Hacker News
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
FOE Apr 27 Dark Reading
20-Year-Old Malware Rewrites History of Cyber Sabotage
FOE Apr 27 SecurityWeek
Incomplete Windows Patch Opens Door to Zero-Click Attacks
FOE Apr 27 Bleeping Computer
Money launderer linked to $230M crypto heist gets 70 months in prison
FOE Apr 27 Bleeping Computer
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
FOE Apr 27 Dark Reading
Parsing Agentic Offensive Security's Existential Threat
FOE Apr 27 CSO Online
Microsoft patched an ‘agent-only’ role that was not
FOE Apr 27 SecurityWeek
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
FOE Apr 27 The Register (Security)
Cybersec is a thankless job: expanding workload and shrinking pay packet
FOE Apr 27 The Register (Security)
Cybersec is a thankless job: expanding workload and shrinking pay packet
FOE Apr 27 SecurityWeek
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
FOE Apr 27 Bleeping Computer
Microsoft says Outlook.com outage is causing sign‑in failures
FRIEND Apr 27 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Lots of dinging noises
FOE Apr 27 The Hacker News
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
FOE Apr 27 The Hacker News
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
FOE Apr 27 The Register (Security)
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
FOE Apr 27 The Register (Security)
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
FOE Apr 27 The Hacker News
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
FRIEND Apr 27 The Register (Security)
Microsoft updates the Windows Update Experience: You can hit pause now
FOE Apr 27 SecurityWeek
Energy and Water Management Firm Itron Hacked
FRIEND Apr 27 Schneier on Security
Medieval Encrypted Letter Decoded
FOE Apr 27 SecurityWeek
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
FOE Apr 27 SecurityWeek
Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
FRIEND Apr 27 SecurityWeek
US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator
FRIEND Apr 27 The Register (Security)
ICO chief John Edwards steps back as workplace probe quietly unfolds
FOE Apr 27 The Intercept (Privacy)
Meet the Four Democrats Who’ll Decide If Trump Gets His Domestic Spying Law
FRIEND Apr 27 CSO Online
AI is reshaping DevSecOps to bring security closer to the code
FRIEND Apr 27 CSO Online
The ‘manager of agents’: How AI evolves the SOC analyst role
FOE Apr 27 SecurityWeek
Firefox Vulnerability Allows Tor User Fingerprinting
FOE Apr 27 The Register (Security)
Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now
FOE Apr 27 The Register (Security)
Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now
FRIEND Apr 27 OWASP Blog
The OWASP Foundation appoints Missie Lindsey as Director of Corporate Relations
FOE Apr 27 The Hacker News
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
FRIEND Apr 27 CSO Online
4 Wege aus der Security-Akronymhölle
FOE Apr 27 Risky Business News
Risky Bulletin: New fingerprinting technique can track Tor users
FOE Apr 27 The Register (Security)
Google Cloud Next proves what we suspected: Everything is AI now
FOE Apr 26 Bleeping Computer
American utility firm Itron discloses breach of internal IT network
FOE Apr 26 The Register (Security)
AI's not going to kill open source code security
FOE Apr 26 The Register (Security)
Hot take: AI's not going to kill open source code security
FOE Apr 25 Bleeping Computer
Threat actor uses Microsoft Teams to deploy new “Snow” malware
FOE Apr 25 SecurityWeek
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
FOE Apr 25 The Register (Security)
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
FOE Apr 25 The Register (Security)
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
FOE Apr 25 The Hacker News
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
FOE Apr 25 The Hacker News
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
FOE Apr 24 EFF Deeplinks
Act Now to Stop California’s Paternalistic and Privacy-Destroying Social Media Ban
FRIEND Apr 24 EFF Deeplinks
EFF Challenges Secrecy In Eastern District of Texas Patent Case
FOE Apr 24 Bleeping Computer
ADT confirms data breach after ShinyHunters leak threat
FOE Apr 24 Dark Reading
Helping Romance Scam Victims Require a Proactive, Empathic Approach
FOE Apr 24 Bleeping Computer
Firestarter malware survives Cisco firewall updates, security patches
FOE Apr 24 CSO Online
New US House privacy bills raise hard questions about enterprise data collection
FRIEND Apr 24 Bleeping Computer
Windows Update gets new controls to reduce forced restarts
FOE Apr 24 EFF Deeplinks
California Coastal Community Must Reject CBP's AI-Powered Surveillance Tower
FOE Apr 24 Ars Technica (Security)
Why are top university websites serving porn? It comes down to shoddy housekeeping.
FOE Apr 24 CSO Online
Scattered Spider co-conspirator pleads guilty
FOE Apr 24 Bleeping Computer
New BlackFile extortion group linked to surge of vishing attacks
FOE Apr 24 CSO Online
CISA last in line for access to Anthropic Mythos
FRIEND Apr 24 Bleeping Computer
Microsoft to roll out Entra passkeys on Windows in late April
FOE Apr 24 Bleeping Computer
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
FOE Apr 24 The Hacker News
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
FOE Apr 24 Sophos News
Supply chain attacks hit Checkmarx and Bitwarden developer tools
FOE Apr 24 Dark Reading
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
FOE Apr 24 The Register (Security)
US clarifies mobile hotspots part of foreign router ban despite rarity of American made consumer kit
FOE Apr 24 The Register (Security)
ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface
FOE Apr 24 The Register (Security)
ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface
FOE Apr 24 Dark Reading
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
FOE Apr 24 The Intercept (Privacy)
Palantir Is Helping Trump’s IRS Conduct “Massive-Scale” Data Mining
FOE Apr 24 SecurityWeek
Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions
FOE Apr 24 The Register (Security)
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
FOE Apr 24 The Register (Security)
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
FOE Apr 24 SecurityWeek
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device
FRIEND Apr 24 The Register (Security)
More ancient Linux device support faces the chop
FOE Apr 24 The Hacker News
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
FRIEND Apr 24 Bleeping Computer
DORA and operational resilience: Credential management as a financial risk control
FOE Apr 24 Bleeping Computer
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
FOE Apr 24 Dark Reading
AI Phishing Is No. 1 With a Bullet for Cyberattackers
FOE Apr 24 Dark Reading
North Korea's Lazarus Targets macOS Users via ClickFix
FRIEND Apr 24 The Register (Security)
Intel bets the farm on AI inference to drag CPU back to the top table
FOE Apr 24 The Register (Security)
Intel bets the farm on AI inference to drag CPU back to the top table
FOE Apr 24 SecurityWeek
Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents
FRIEND Apr 24 SecurityWeek
Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise
FRIEND Apr 24 Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It’s not recording
FOE Apr 24 CISA Alerts
CISA Adds Four Known Exploited Vulnerabilities to Catalog
FOE Apr 24 The Hacker News
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
FOE Apr 24 The Hacker News
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
FOE Apr 24 The Register (Security)
Microsoft beefs up Remote Desktop security with ... hard-to-read messages
FRIEND Apr 24 The Register (Security)
It's a myth that you need Mythos to find bugs: Open source models can do it just as well
FRIEND Apr 24 The Register (Security)
It's a myth that you need Mythos to find bugs: Open source models can do it just as well
FRIEND Apr 24 Bleeping Computer
Microsoft now lets admins uninstall Copilot on enterprise devices
FOE Apr 24 SecurityWeek
US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor
FOE Apr 24 SecurityWeek
Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US
FOE Apr 24 Schneier on Security
Hiding Bluetooth Trackers in Mail
FOE Apr 24 SecurityWeek
Vulnerabilities Patched in CrowdStrike, Tenable Products
FOE Apr 24 The Hacker News
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
FOE Apr 24 The Register (Security)
UK gov pays public £550 to discuss Digital ID – then bans journalists from the room
FOE Apr 24 SecurityWeek
Bitwarden NPM Package Hit in Supply Chain Attack
FRIEND Apr 24 SecurityWeek
Copperhelm Raises $7 Million for Agentic Cloud Security Platform
FOE Apr 24 The Hacker News
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
FOE Apr 24 The Register (Security)
Researchers find cyber-sabotage malware that may predate Stuxnet by five years
FOE Apr 24 The Register (Security)
Researchers find cyber-sabotage malware that may predate Stuxnet by five years
FOE Apr 24 Risky Business News
Risky Bulletin: There are now SIM-Farm-as-a-Service providers
FOE Apr 24 The Register (Security)
Weak security means attackers could disable all of a city's public EV chargers
FOE Apr 24 The Register (Security)
Weak security means attackers could disable all of a city's public EV chargers
FRIEND Apr 24 CSO Online
Security-KPIs und -KRIs: So messen Sie Cybersicherheit
FOE Apr 24 Dark Reading
Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets
FOE Apr 24 Sophos News
Supply chain attacks hit Checkmarx and Bitwarden developer tools
FRIEND Apr 24 Recorded Future Blog
From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026
FOE Apr 24 CISA KEV
CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability
FOE Apr 24 CISA KEV
CVE-2024-57728: SimpleHelp Path Traversal Vulnerability
FOE Apr 24 CISA KEV
CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability
FOE Apr 23 CSO Online
Bitwarden CLI password manager trojanized in supply chain attack
FRIEND Apr 23 EFF Deeplinks
EFF to 9th Circuit (Again): App Stores Shouldn’t Be Liable for Processing Payments for User Content
FOE Apr 23 The Register (Security)
Dev targeted by sophisticated job scam: 'I let my guard down, and ran the freaking code'
FOE Apr 23 Bleeping Computer
Hackers exploit file upload bug in Breeze Cache WordPress plugin
FOE Apr 23 Dark Reading
China-Backed Hackers Are Industrializing Botnets
FOE Apr 23 Ars Technica (Security)
In a first, a ransomware family is confirmed to be quantum-safe
FRIEND Apr 23 CSO Online
3 practical ways AI threat detection improves enterprise cyber resilience
FOE Apr 23 CSO Online
The curious case of Sean Plankey’s derailed CISA nomination
FRIEND Apr 23 EFF Deeplinks
Speaking Freely: Lizzie O'Shea
FOE Apr 23 The Register (Security)
Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn
FOE Apr 23 Bleeping Computer
Bitwarden CLI npm package compromised to steal developer credentials
FOE Apr 23 Bleeping Computer
Trigona ransomware attacks use custom exfiltration tool to steal data
FOE Apr 23 The Hacker News
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
FOE Apr 23 The Register (Security)
Age checks could turn internet into an ID checkpoint, complains Proton CEO
FOE Apr 23 Bleeping Computer
New Checkmarx supply-chain breach affects KICS analysis tool
FOE Apr 23 Dark Reading
Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
FRIEND Apr 23 SecurityWeek
Cloudsmith Raises $72 Million in Series C Funding
FRIEND Apr 23 Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: Let’s get a soda
FOE Apr 23 Dark Reading
Bad Memories Still Haunt AI Agents
FOE Apr 23 Bleeping Computer
Cosmetics giant Rituals discloses data breach affecting customers
FOE Apr 23 Bleeping Computer
Regular Password Resets Aren’t as Safe as You Think
FOE Apr 23 The Hacker News
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
FRIEND Apr 23 The Register (Security)
American farms have a new steward for their safety net, disaster programs... Palantir
FOE Apr 23 Bleeping Computer
Microsoft: Some Teams users can’t join meetings after Edge update
FOE Apr 23 The Hacker News
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
FRIEND Apr 23 CSO Online
Offer customers passkeys by default, UK’s NCSC tells enterprises
FOE Apr 23 SecurityWeek
Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos
FOE Apr 23 The Register (Security)
Medical data of 500k Biobank volunteers listed for sale on Alibaba, UK minister reveals
FOE Apr 23 Bleeping Computer
UK warns of Chinese hackers using proxy networks to evade detection
FOE Apr 23 The Register (Security)
Hybrid clouds have two attack surfaces and you’re not paying enough attention to either
FRIEND Apr 23 CSO Online
Google drafts AI agents secure systems against AI hackers
FRIEND Apr 23 CSO Online
Google gets agent-ready for the Mythos age
FOE Apr 23 Bleeping Computer
New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
FOE Apr 23 The Hacker News
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
FRIEND Apr 23 Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It’s all chalk drawings
FOE Apr 23 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE Apr 23 CISA Alerts
Yadea T5 Electric Bicycle
FOE Apr 23 CISA Alerts
Carlson Software VASCO-B GNSS Receiver
FOE Apr 23 CISA Alerts
Intrado 911 Emergency Gateway (EGW)
FOE Apr 23 CISA Alerts
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
FOE Apr 23 CISA Alerts
SpiceJet Online Booking System
FOE Apr 23 CISA Alerts
Milesight Cameras
FOE Apr 23 CISA Alerts
FIRESTARTER Backdoor
FOE Apr 23 CISA Alerts
Defending Against China-Nexus Covert Networks of Compromised Devices
FRIEND Apr 23 SecurityWeek
Rilian Raises $17.5 Million for AI-Native Security Orchestration
FRIEND Apr 23 The Hacker News
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
FOE Apr 23 SecurityWeek
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface
FOE Apr 23 Bleeping Computer
CISA orders feds to patch BlueHammer flaw exploited as zero-day
FOE Apr 23 Schneier on Security
FBI Extracts Deleted Signal Messages from iPhone Notification Database
FOE Apr 23 SecurityWeek
Luxury Cosmetics Giant Rituals Discloses Data Breach
FRIEND Apr 23 The Register (Security)
If malware via monitor cables is a matter of national security, this might be the gadget for you
FOE Apr 23 SANS Internet Storm Center
Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)
FOE Apr 23 SecurityWeek
AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers
FOE Apr 23 The Intercept (Privacy)
ChatGPT Confessed to a Crime It Couldn’t Possibly Have Committed
FOE Apr 23 Dark Reading
'Zealot' Shows What AI's Capable of in Staged Cloud Attack
FOE Apr 23 The Register (Security)
Sharing isn’t caring if it’s an admin password
FOE Apr 23 CSO Online
Microsoft taps Anthropic’s Mythos to strengthen secure software development
FOE Apr 23 The Hacker News
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
FOE Apr 23 SecurityWeek
Apple Patches iOS Flaw Allowing Recovery of Deleted Chats
FOE Apr 23 The Hacker News
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
FOE Apr 23 The Hacker News
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
FOE Apr 23 SecurityWeek
Recent Microsoft Defender Vulnerability Exploited as Zero-Day
FRIEND Apr 23 The Register (Security)
Pass the key, passwords have passed their sell-by date
FOE Apr 23 Dark Reading
Africa Relinquishes Cyberattack Lead to Latin America — For Now
FRIEND Apr 23 CSO Online
CNAPP – ein Kaufratgeber
FOE Apr 23 Risky Business News
Srsly Risky Biz: Musk Snubs French Authorities
FOE Apr 23 CSO Online
Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure
FRIEND Apr 23 CSO Online
Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox
FOE Apr 23 CSO Online
Malicious pgserve, automagik developer tools found in npm registry
FOE Apr 23 CISA KEV
CVE-2026-39987: Marimo Remote Code Execution Vulnerability
FOE Apr 23 Recorded Future Blog
Critical minerals and cyber operations
FOE Apr 22 The Register (Security)
Another npm supply chain worm is tearing through dev environments
FOE Apr 22 Ars Technica (Security)
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage
FRIEND Apr 22 The Register (Security)
Anthropic's super-scary bug hunting model Mythos is shaping up to be a nothingburger
FOE Apr 22 Bleeping Computer
Apple fixes iOS bug that retained deleted notification data
FOE Apr 22 Dark Reading
'The Gentlemen' Rapidly Rises to Ransomware Prominence
FRIEND Apr 22 TCM Security Blog
11 Types of Ethical Hacking: The Definitive Guide for 2026
FOE Apr 22 Bleeping Computer
New Mirai campaign exploits RCE flaw in EoL D-Link routers
FRIEND Apr 22 Sophos News
Strengthening authentication with passkeys: A CISO playbook
FOE Apr 22 EPIC
EPIC’s statement on the House GOP SECURE Data Act and GUARD Financial Data Act
FOE Apr 22 Ars Technica (Security)
Microsoft issues emergency update for macOS and Linux ASP.NET threat
FOE Apr 22 Bleeping Computer
Kyber ransomware gang toys with post-quantum encryption on Windows
FOE Apr 22 CSO Online
Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core
FOE Apr 22 EFF Deeplinks
📁 How ICE Got My Data | EFFector 38.8
FOE Apr 22 The Hacker News
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
FOE Apr 22 EPIC
PRESS RELEASE: EPIC and civil rights groups sue Alaska Division of Elections for sharing unredacted voter registration list
FRIEND Apr 22 EPIC
EPIC Joins Coalition Comment to FTC Supporting Swift Restoration of Click-to-Cancel Protections
FOE Apr 22 The Hacker News
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
FRIEND Apr 22 EPIC
EPIC Urges Sixth Circuit to Protect Voter Privacy and Refuse to Enforce DOJ’s Voter Roll Demand
FOE Apr 22 EFF Deeplinks
EFF Sues DHS and ICE For Records on Subpoenas Seeking to Unmask Online Critics
FRIEND Apr 22 Black Hills Information Security
Network Engineering Basics
FOE Apr 22 The Hacker News
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
FRIEND Apr 22 Bleeping Computer
Spain dismantles major $4.7M manga piracy platform, arrests four
FOE Apr 22 Dark Reading
DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
FOE Apr 22 SecurityWeek
After Bluesky, Mastodon Targeted in DDoS Attack
FOE Apr 22 Dark Reading
Electricity Is a Growing Area of Cyber Risk
FOE Apr 22 Bleeping Computer
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
FOE Apr 22 Bleeping Computer
New npm supply-chain attack self-spreads to steal auth tokens
FOE Apr 22 SecurityWeek
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says
FOE Apr 22 SecurityWeek
New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention
FRIEND Apr 22 The Register (Security)
Google unleashes even more AI security agents to fight the baddies
FOE Apr 22 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE Apr 22 SecurityWeek
Mirai Botnet Targets Flaw in Discontinued D-Link Routers
FOE Apr 22 CSO Online
NFC tap-to-pay gets tapped by hackers
FOE Apr 22 The Register (Security)
France's 'Secure' ID agency probes breach as crooks claim 19M records
FOE Apr 22 SecurityWeek
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
FOE Apr 22 SecurityWeek
Claude Mythos Finds 271 Firefox Vulnerabilities
FOE Apr 22 The Register (Security)
Scotland Yard can keep using live facial recognition on Londoners, say judges
FOE Apr 22 Schneier on Security
ICE Uses Graphite Spyware
FOE Apr 22 The Hacker News
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
FOE Apr 22 SecurityWeek
North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks
FOE Apr 22 The Hacker News
Toxic Combinations: When Cross-App Permissions Stack into Risk
FOE Apr 22 Bleeping Computer
Microsoft traces Universal Print issues to Graph API code change
FOE Apr 22 Bleeping Computer
New GoGra malware for Linux uses Microsoft Graph API for comms
FOE Apr 22 SecurityWeek
Google Antigravity in Crosshairs of Security Researchers, Cybercriminals
FOE Apr 22 The Hacker News
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
FOE Apr 22 CSO Online
Anthropic bets on EPSS for the coming bug surge
FOE Apr 22 SecurityWeek
Oracle Patches 450 Vulnerabilities With April 2026 CPU
FRIEND Apr 22 The Register (Security)
Oil crisis? What oil crisis? IT spending de-coupled from wider war shock
FOE Apr 22 Bleeping Computer
Microsoft releases emergency patches for critical ASP.NET flaw
FOE Apr 22 The Hacker News
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
FOE Apr 22 The Hacker News
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
FOE Apr 22 Bleeping Computer
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
FOE Apr 22 Risky Business News
Risky Bulletin: Former FBI official calls for terrorism designations for ransomware groups that target hospitals and critical infrastructure
FRIEND Apr 22 The Register (Security)
Mythos found 271 Firefox flaws – but none a human couldn’t spot
FRIEND Apr 22 CSO Online
SBOM erklärt: Was ist eine Software Bill of Materials?
FOE Apr 22 SANS Internet Storm Center
[Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
FOE Apr 22 Recorded Future Blog
Evolution of Chinese-Language Guarantee Telegram Marketplaces
FRIEND Apr 22 Sophos News
Strengthening authentication with passkeys: A CISO playbook
FOE Apr 22 CISA KEV
CVE-2026-33825: Microsoft Defender Insufficient Granularity of Access Control Vulnerability
FRIEND Apr 22 Recorded Future Blog
AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?
FOE Apr 21 Bleeping Computer
French govt agency confirms breach as hacker offers to sell data
FOE Apr 21 Ars Technica (Security)
Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150
FOE Apr 21 The Register (Security)
Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor
FOE Apr 21 Dark Reading
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
FOE Apr 21 CSO Online
Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered
FOE Apr 21 The Register (Security)
Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide
FOE Apr 21 Dark Reading
Exploits Turn Windows Defender into Attacker Tool
FOE Apr 21 Bleeping Computer
New Lotus data wiper used against Venezuelan energy, utility firms
FRIEND Apr 21 EFF Deeplinks
Copyright and DMCA Best Practices for Fediverse Operators
FOE Apr 21 The Hacker News
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
FOE Apr 21 The Register (Security)
More Cisco SD-WAN bugs battered in attacks
FOE Apr 21 The Register (Security)
macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
FOE Apr 21 The Hacker News
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters
FOE Apr 21 Dark Reading
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
FOE Apr 21 Dark Reading
Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
FOE Apr 21 Krebs on Security
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
FOE Apr 21 SecurityWeek
Third US Security Expert Admits Helping Ransomware Gang
FOE Apr 21 The Hacker News
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
FOE Apr 21 The Register (Security)
Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
FOE Apr 21 SecurityWeek
Dozens of Malicious Crypto Apps Land in Apple App Store
FRIEND Apr 21 Bleeping Computer
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
FOE Apr 21 Bleeping Computer
UK probes Telegram, teen chat sites over CSAM sharing concerns
FRIEND Apr 21 The Hacker News
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
FOE Apr 21 SecurityWeek
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs
FOE Apr 21 CSO Online
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
FRIEND Apr 21 Ars Technica (Security)
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
FOE Apr 21 Bleeping Computer
CISA flags new SD-WAN flaw as actively exploited in attacks
FOE Apr 21 The Register (Security)
AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account
FOE Apr 21 CSO Online
Prompt injection turned Google’s Antigravity file search into RCE
FOE Apr 21 SecurityWeek
Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster
FOE Apr 21 CISA Alerts
Siemens SINEC NMS
FOE Apr 21 CISA Alerts
Zero Motorcycles Firmware
FOE Apr 21 CISA Alerts
Siemens SINEC NMS
FOE Apr 21 CISA Alerts
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
FOE Apr 21 CISA Alerts
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)
FOE Apr 21 CISA Alerts
Siemens Industrial Edge Management
FOE Apr 21 CISA Alerts
Hardy Barth Salia EV Charge Controller
FOE Apr 21 CISA Alerts
Siemens Analytics Toolkit
FOE Apr 21 CISA Alerts
Siemens TPM 2.0
FOE Apr 21 CISA Alerts
SenseLive X3050
FOE Apr 21 CISA Alerts
Silex Technology SD-330AC and AMC Manager
FOE Apr 21 CISA Alerts
Siemens SCALANCE
FOE Apr 21 Dark Reading
Chinese APT Targets Indian Banks, Korean Policy Circles
FOE Apr 21 The Register (Security)
Crook claims to leak 'video surveillance footage' of companies
FOE Apr 21 The Hacker News
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
FOE Apr 21 SecurityWeek
Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
FOE Apr 21 Bleeping Computer
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
FOE Apr 21 Schneier on Security
Mexican Surveillance Company
FOE Apr 21 SecurityWeek
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
FOE Apr 21 The Register (Security)
Met police trials snoop tech platform in push to cuff more London shoplifters
FOE Apr 21 The Hacker News
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
FOE Apr 21 The Hacker News
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
FOE Apr 21 Bleeping Computer
Former ransomware negotiator pleads guilty to BlackCat attacks
FOE Apr 21 SecurityWeek
$290 Million Kelp DAO Crypto Heist Blamed on North Korea
FRIEND Apr 21 CSO Online
Why identity is the driving force behind digital transformation
FOE Apr 21 CSO Online
Top techniques attackers use to infiltrate your systems today
FOE Apr 21 Bleeping Computer
NGate Android malware uses HandyPay NFC app to steal card data
FOE Apr 21 CSO Online
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops
FOE Apr 21 The Register (Security)
Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
FRIEND Apr 21 The Register (Security)
Panasonic creates device-locked QR codes to speed facial biometric capture
FOE Apr 21 SANS Internet Storm Center
A .WAV With A Payload, (Tue, Apr 21st)
FOE Apr 21 The Hacker News
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
FOE Apr 21 The Register (Security)
Iran claims US used backdoors to knock out networking equipment during war
FOE Apr 21 EFF Deeplinks
Palantir Has a Human Rights Policy. Its ICE Work Tells a Different Story
FOE Apr 21 Recorded Future Blog
Emerging Enterprise Security Risks of AI
FOE Apr 20 The Register (Security)
Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
FOE Apr 20 EPIC
FTC’s New Strategic Plan Falls Short for Consumers
FOE Apr 20 Bleeping Computer
KelpDAO suffers $290 million heist tied to Lazarus hackers
FOE Apr 20 Bleeping Computer
China's Apple App Store infiltrated by crypto-stealing wallet apps
FRIEND Apr 20 EFF Deeplinks
The Internet Still Works: Reddit Empowers Community Moderation
FOE Apr 20 Dark Reading
Vercel Employee's AI Tool Access Led to Data Breach
FOE Apr 20 Bleeping Computer
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
FOE Apr 20 Dark Reading
Serial-to-IP Devices Hide Thousands of Old and New Bugs
FOE Apr 20 The Register (Security)
Claude Desktop changes app access settings for browsers you don't even have installed yet
FOE Apr 20 Bleeping Computer
Seiko USA website defaced as hacker claims customer data theft
FOE Apr 20 The Register (Security)
Scot becomes second Scattered Spider-linked crook to plead guilty in US
FOE Apr 20 The Hacker News
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
FRIEND Apr 20 Sophos News
Sophos Firewall v22 MR1 is now available
FOE Apr 20 SecurityWeek
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
FOE Apr 20 Bleeping Computer
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
FOE Apr 20 Dark Reading
WhatsApp Leaks User Metadata to Attackers
FOE Apr 20 EPIC
EPIC Files Amicus Brief Arguing City’s Use of Flock ALPRs Violated Fourth Amendment
FRIEND Apr 20 Bleeping Computer
The backup myth that is putting businesses at risk
FOE Apr 20 The Hacker News
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
FOE Apr 20 Bleeping Computer
British Scattered Spider hacker pleads guilty to crypto theft charges
FOE Apr 20 The Register (Security)
Microsoft releases Windows Server update fix to fix its April update fixes
FOE Apr 20 The Intercept (Privacy)
LAPD Deployed Drones to Spy on No Kings Protest
FOE Apr 20 CSO Online
Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook
FOE Apr 20 SecurityWeek
British Scattered Spider Hacker Pleads Guilty in the US
FOE Apr 20 CSO Online
Hackers exploit Vercel’s trust in AI integration
FOE Apr 20 CISA Alerts
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
FOE Apr 20 CISA Alerts
​​Supply Chain Compromise Impacts Axios Node Package Manager​
FOE Apr 20 SecurityWeek
Hackers Abuse QEMU for Defense Evasion
FOE Apr 20 The Hacker News
Why Most AI Deployments Stall After the Demo
FOE Apr 20 Schneier on Security
Is “Satoshi Nakamoto” Really Adam Back?
FOE Apr 20 SecurityWeek
Bluesky Disrupted by Sophisticated DDoS Attack
FOE Apr 20 The Hacker News
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
FOE Apr 20 SecurityWeek
Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House
FRIEND Apr 20 CSO Online
CISOs reshape their roles as business risk strategists
FOE Apr 20 SecurityWeek
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
FRIEND Apr 20 Bleeping Computer
Microsoft pulls service update causing Teams launch failures
FOE Apr 20 CSO Online
Copilot & Agentforce offen für Prompt-Injection-Tricks
FOE Apr 20 CSO Online
Claude Mythos – ist der Hype gerechtfertigt?
FOE Apr 20 Bleeping Computer
Microsoft releases emergency updates to fix Windows Server issues
FOE Apr 20 SecurityWeek
Next.js Creator Vercel Hacked
FRIEND Apr 20 SecurityWeek
Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers
FOE Apr 20 The Hacker News
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
FOE Apr 20 The Register (Security)
Next.js developer Vercel warns of customer credential compromise
FRIEND Apr 20 SANS Internet Storm Center
Handling the CVE Flood With EPSS, (Mon, Apr 20th)
FRIEND Apr 20 Risky Business News
Risky Bulletin: New malware tries to sabotage Israel's water system but fails because it's buggy
FRIEND Apr 20 CSO Online
Für Cyberattacken gewappnet – Krisenkommunikation nach Plan
FOE Apr 20 The Hacker News
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
FOE Apr 20 CISA KEV
CVE-2024-27199: JetBrains TeamCity Relative Path Traversal Vulnerability
FOE Apr 20 CISA KEV
CVE-2025-2749: Kentico Xperience Path Traversal Vulnerability
FOE Apr 20 CISA KEV
CVE-2023-27351: PaperCut NG/MF Improper Authentication Vulnerability
FOE Apr 20 CISA KEV
CVE-2025-32975: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
FOE Apr 20 CISA KEV
CVE-2025-48700: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
FOE Apr 20 CISA KEV
CVE-2026-20133: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
FOE Apr 20 CISA KEV
CVE-2026-20128: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
FOE Apr 20 CISA KEV
CVE-2026-20122: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
FRIEND Apr 20 Sophos News
Sophos Firewall v22 MR1 is now available
FOE Apr 19 The Register (Security)
Just like phishing for gullible humans, prompt injecting AIs is here to stay
FOE Apr 19 Bleeping Computer
Vercel confirms breach as hackers claim to be selling stolen data
FOE Apr 19 Bleeping Computer
Apple account change alerts abused to send phishing emails
FOE Apr 19 Bleeping Computer
NIST to stop rating non-priority flaws due to volume increase
FOE Apr 19 The Register (Security)
I meant to do that! AI vendors shrug off responsibility for vulns
FOE Apr 18 Bleeping Computer
Critical flaw in Protobuf library enables JavaScript code execution
FRIEND Apr 18 Bleeping Computer
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
FOE Apr 18 SecurityWeek
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks
FOE Apr 18 The Hacker News
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
FOE Apr 18 The Hacker News
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
FOE Apr 17 CSO Online
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
FOE Apr 17 Ars Technica (Security)
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
FRIEND Apr 17 Schneier on Security
Friday Squid Blogging: New Giant Squid Video
FOE Apr 17 CSO Online
Flawed Cisco update threatens to stop APs from getting further patches
FOE Apr 17 Dark Reading
How NIST's Cutback of CVE Handling Impacts Cyber Teams
FRIEND Apr 17 EFF Deeplinks
Keep Pushing: We Get 10 More Days to Reform Section 702
FOE Apr 17 Bleeping Computer
Payouts King ransomware uses QEMU VMs to bypass endpoint security
FOE Apr 17 Dark Reading
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
FRIEND Apr 17 SecurityWeek
White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
FOE Apr 17 The Register (Security)
CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack
FOE Apr 17 The Register (Security)
Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker
FOE Apr 17 Bleeping Computer
Grinex exchange blames "Western intelligence" for $13.7M crypto hack
FRIEND Apr 17 SecurityWeek
CoChat Launches AI Collaboration Platform to Combat Shadow AI
FOE Apr 17 Dark Reading
Every Old Vulnerability Is Now an AI Vulnerability
FOE Apr 17 Bleeping Computer
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
FOE Apr 17 The Hacker News
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
FRIEND Apr 17 Dark Reading
Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs
FOE Apr 17 CSO Online
White House moves to give federal agencies access to Anthropic’s Claude Mythos
FOE Apr 17 Bleeping Computer
Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery
FOE Apr 17 SecurityWeek
In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested
FOE Apr 17 CSO Online
Caught, Quarantined, Re-installed: RedSun turns Microsoft Defender on itself
FOE Apr 17 Schneier on Security
Mythos and Cybersecurity
FRIEND Apr 17 Ars Technica (Security)
Recent advances push Big Tech closer to the Q-Day danger zone
FRIEND Apr 17 The Hacker News
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
FOE Apr 17 SecurityWeek
Another DraftKings Hacker Sentenced to Prison
FOE Apr 17 SecurityWeek
Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed
FRIEND Apr 17 CSO Online
Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances
FOE Apr 17 The Register (Security)
Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug
FOE Apr 17 SecurityWeek
Recent Apache ActiveMQ Vulnerability Exploited in the Wild
FOE Apr 17 Bleeping Computer
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
FOE Apr 17 Privacy International
Voter Disenfranchisement: A Privacy Issue
FOE Apr 17 SecurityWeek
Two North Korean IT Worker Scheme Facilitators Jailed in the US
FOE Apr 17 SecurityWeek
ZionSiphon Malware Targets ICS in Water Facilities
FOE Apr 17 Bleeping Computer
Microsoft: Some Windows servers enter reboot loops after April patches
FOE Apr 17 SecurityWeek
Cursor AI Vulnerability Exposed Developer Devices
FOE Apr 17 The Hacker News
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
FOE Apr 17 Bleeping Computer
Man gets 30 months for selling thousands of hacked DraftKings accounts
FOE Apr 17 The Register (Security)
Claude Opus wrote a Chrome exploit for $2,283
FRIEND Apr 17 SecurityWeek
53 DDoS Domains Taken Down by Law Enforcement
FOE Apr 17 Bleeping Computer
Recently leaked Windows zero-days now exploited in attacks
FRIEND Apr 17 The Hacker News
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
FRIEND Apr 17 CSO Online
Positiv denken für Sicherheitsentscheider: 6 Mindsets, die Sie sofort ablegen sollten
FOE Apr 17 Risky Business News
Risky Bulletin: NIST gives up enriching most CVEs
FOE Apr 17 The Hacker News
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
FOE Apr 17 SANS Internet Storm Center
Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)
FOE Apr 17 Sophos News
Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday
FOE Apr 16 The Register (Security)
Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researcher says
FOE Apr 16 CSO Online
Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
FRIEND Apr 16 Bleeping Computer
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
FOE Apr 16 CSO Online
RCE by design: MCP architectural choice haunts AI agent ecosystem
FOE Apr 16 Bleeping Computer
ZionSiphon malware designed to sabotage water treatment systems
FOE Apr 16 CSO Online
NIST cuts down CVE analysis amid vulnerability overload
FRIEND Apr 16 Dark Reading
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
FOE Apr 16 EFF Deeplinks
Stop New York's Attack on 3D Printing
FOE Apr 16 Bleeping Computer
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
FOE Apr 16 Dark Reading
North Korea Uses ClickFix to Target macOS Users' Data
FOE Apr 16 Dark Reading
'Harmless' Global Adware Transforms Into an AV Killer
FOE Apr 16 The Register (Security)
North Korea targets macOS users in latest heist
FRIEND Apr 16 EPIC
EPIC, U.S. Civil Society Groups, Call on EU Leaders to Stand Up for Digital Rights
FOE Apr 16 The Hacker News
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
FRIEND Apr 16 SecurityWeek
Government Can’t Win the Cyber War Without the Private Sector
FOE Apr 16 Bleeping Computer
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
FOE Apr 16 EFF Deeplinks
How Push Notifications Can Betray Your Privacy (and What to Do About It)
FRIEND Apr 16 TCM Security Blog
TCM Academy Course Release: Securing AI Applications
FRIEND Apr 16 Dark Reading
Two-Factor Authentication Breaks Free from the Desktop
FRIEND Apr 16 Bleeping Computer
Google expands Gemini AI use to fight malicious ads on its platform
FOE Apr 16 Dark Reading
Microsoft's Original Windows Secure Boot Certificate Is Expiring
FOE Apr 16 The Register (Security)
Americans who masterminded Nork IT worker fraud sentenced to 200 months behind bars
FRIEND Apr 16 SecurityWeek
OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal
FOE Apr 16 Bleeping Computer
New ATHR vishing platform uses AI voice agents for automated attacks
FOE Apr 16 Bleeping Computer
Most "AI SOCs" Are Just Faster Triage. That's Not Enough.
FOE Apr 16 Privacy International
What is digital fingerprinting: Is my device ever truly anonymous?
FOE Apr 16 The Hacker News
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
FOE Apr 16 The Register (Security)
Git identity spoof fools Claude into giving bad code the nod
FOE Apr 16 SecurityWeek
Data Breach at Tennessee Hospital Affects 337,000
FRIEND Apr 16 SecurityWeek
Artemis Emerges From Stealth With $70 Million in Funding
FOE Apr 16 CSO Online
Microsoft’s Windows Recall still allows silent data extraction
FOE Apr 16 Bleeping Computer
Cisco says critical Webex Services flaw requires customer action
FOE Apr 16 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE Apr 16 CISA Alerts
Horner Automation Cscape and XL4, XL7 PLC
FOE Apr 16 CISA Alerts
Delta Electronics ASDA-Soft
FOE Apr 16 CISA Alerts
AVEVA Pipeline Simulation
FOE Apr 16 CISA Alerts
Anviz Multiple Products
FOE Apr 16 The Hacker News
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
FOE Apr 16 CSO Online
Behind the Mythos hype, Glasswing has just one confirmed CVE
FOE Apr 16 SecurityWeek
Splunk Enterprise Update Patches Code Execution Vulnerability
FOE Apr 16 The Register (Security)
Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
FOE Apr 16 The Hacker News
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
FRIEND Apr 16 SecurityWeek
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
FOE Apr 16 The Hacker News
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
FRIEND Apr 16 SecurityWeek
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software
FOE Apr 16 Bleeping Computer
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
FOE Apr 16 The Hacker News
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
FOE Apr 16 SecurityWeek
Cisco Patches Critical Vulnerabilities in Webex, ISE
FOE Apr 16 The Register (Security)
Microsoft announces product it doesn't want you to buy: Extended security updates for old Exchange, and Skype for Biz
FOE Apr 16 CSO Online
Insurance carriers quietly back away from covering AI outputs
FOE Apr 16 Schneier on Security
Human Trust of AI Agents
FOE Apr 16 SecurityWeek
Ransomware Hits Automotive Data Expert Autovista
FRIEND Apr 16 CSO Online
The endless CISO reporting line debate — and what it says about cybersecurity leadership
FOE Apr 16 SecurityWeek
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
FOE Apr 16 Bleeping Computer
US nationals behind DPRK IT worker 'laptop farm' sent to prison
FOE Apr 16 The Register (Security)
Server-room lock was nothing but a crock
FOE Apr 16 Bleeping Computer
Microsoft: April Windows Server 2025 update may fail to install
FOE Apr 16 The Hacker News
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
FOE Apr 16 Dark Reading
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
FOE Apr 16 Risky Business News
Srsly Risky Biz: It Is Time to Ban Sale of Precise Geolocation
FOE Apr 16 CSO Online
Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht
FOE Apr 16 The Register (Security)
Google Chrome lacks protection against one of the most basic and common ways to track users online
FOE Apr 16 Recorded Future Blog
From Bazooka to Fake Nikes
FOE Apr 16 CISA KEV
CVE-2026-34197: Apache ActiveMQ Improper Input Validation Vulnerability
FOE Apr 16 Sophos News
QEMU abused to evade detection and enable ransomware delivery
FOE Apr 15 SANS Internet Storm Center
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
FOE Apr 15 Sophos News
QEMU abused to evade detection and enable ransomware delivery
FOE Apr 15 Bleeping Computer
Critical Nginx UI auth bypass flaw now actively exploited in the wild
FOE Apr 15 Bleeping Computer
New AgingFly malware used in attacks on Ukraine govt, hospitals
FOE Apr 15 Dark Reading
Critical MCP Integration Flaw Puts NGINX at Risk
FOE Apr 15 The Register (Security)
Anthropic's Project Glasswing CVE tally is still anyone's guess
FOE Apr 15 CSO Online
Critical nginx UI tool vulnerability opens web servers to full compromise
FOE Apr 15 Ars Technica (Security)
"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database
FOE Apr 15 Bleeping Computer
WordPress plugin suite hacked to push malware to thousands of sites
FOE Apr 15 EPIC
Maine Legislature Fails to Enact Maine Online Data Privacy Act
FOE Apr 15 EPIC
EPIC Supports South Carolina Bills to Rein in Chatbot Harms
FOE Apr 15 Dark Reading
Navigating the Unique Security Risks of Asia's Digital Supply Chain
FOE Apr 15 Bleeping Computer
Signed software abused to deploy antivirus-killing scripts
FOE Apr 15 The Register (Security)
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
FOE Apr 15 The Hacker News
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
FOE Apr 15 SecurityWeek
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
FRIEND Apr 15 Bleeping Computer
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
FOE Apr 15 The Register (Security)
Automotive data biz Autovista blames ransomware for service disruption
FOE Apr 15 Dark Reading
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
FOE Apr 15 EFF Deeplinks
EFF Calls on Kuwait to Release Journalist Ahmed Shihab-Eldin
FOE Apr 15 Bleeping Computer
CISA flags Windows Task Host vulnerability as exploited in attacks
FOE Apr 15 SecurityWeek
Exploited Vulnerability Exposes Nginx Servers to Hacking
FOE Apr 15 Dark Reading
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
FOE Apr 15 Bleeping Computer
Rolling Networks: Securing the Transportation Sector
FOE Apr 15 Black Hills Information Security
Signed, Trusted, and Abused: Proxy Execution via WebView2
FRIEND Apr 15 SecurityWeek
Capsule Security Emerges From Stealth With $7 Million in Funding
FOE Apr 15 SecurityWeek
‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
FOE Apr 15 The Register (Security)
French cops free mother and son after 20-hour crypto kidnap ordeal
FOE Apr 15 SecurityWeek
100 Chrome Extensions Steal User Data, Create Backdoor
FOE Apr 15 SecurityWeek
CISO Conversations: Ross McKerchar, CISO at Sophos
FOE Apr 15 The Hacker News
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
FRIEND Apr 15 The Hacker News
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
FOE Apr 15 SecurityWeek
Mirax RAT Targeting Android Users in Europe
FOE Apr 15 CSO Online
Copilot and Agentforce fall to form-based prompt injection tricks
FOE Apr 15 Dark Reading
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
FOE Apr 15 The Register (Security)
Ancient Excel bug comes out of retirement for active attacks
FOE Apr 15 Bleeping Computer
Microsoft: April updates trigger BitLocker key prompts on some servers
FOE Apr 15 EFF Deeplinks
Digital Hopes, Real Power: The Rise of Network Shutdowns
FOE Apr 15 SecurityWeek
Two Vulnerabilities Patched in Ivanti Neurons for ITSM
FRIEND Apr 15 The Register (Security)
Raspberry Pi OS ends open-door policy for sudo
FOE Apr 15 The Hacker News
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
FOE Apr 15 SecurityWeek
$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks
FRIEND Apr 15 Schneier on Security
Defense in Depth, Medieval Style
FOE Apr 15 SecurityWeek
Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections
FRIEND Apr 15 Bleeping Computer
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
FOE Apr 15 The Register (Security)
UK told its Big Tech habit is now a national security risk
FOE Apr 15 CSO Online
The deepfake dilemma: From financial fraud to reputational crisis
FOE Apr 15 SecurityWeek
Fortinet Patches Critical FortiSandbox Vulnerabilities
FOE Apr 15 CSO Online
7 biggest healthcare security threats
FOE Apr 15 CSO Online
The need for a board-level definition of cyber resilience
FOE Apr 15 The Hacker News
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
FOE Apr 15 The Register (Security)
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
FOE Apr 15 SecurityWeek
ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories
FRIEND Apr 15 OWASP Blog
Bridging the Gap in Product Lifecycle Management: How OpenEoX and CLE Work Together
FRIEND Apr 15 CSO Online
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
FOE Apr 15 Risky Business News
Risky Bulletin: Malicious LLM proxy routers found in the wild
FRIEND Apr 15 The Hacker News
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
FOE Apr 15 CSO Online
Curity looks to reinvent IAM with runtime authorization for AI agents
FOE Apr 15 CSO Online
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
FOE Apr 15 SANS Internet Storm Center
Scanning for AI Models, (Tue, Apr 14th)
FRIEND Apr 15 Dark Reading
Microsoft Bets $10 Billion to Boost Japan's AI, Cybersecurity
FRIEND Apr 15 Recorded Future Blog
4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future
FRIEND Apr 15 Sophos News
Secure by Design: Building cybersecurity into the foundation
FOE Apr 15 Recorded Future Blog
Your Supply Chain Breach Is Someone Else's Payday
FRIEND Apr 14 Bleeping Computer
Microsoft adds Windows protections for malicious Remote Desktop files
FOE Apr 14 Bleeping Computer
Crypto-exchange Kraken extorted by hackers after insider breach
FOE Apr 14 Krebs on Security
Patch Tuesday, April 2026 Edition
FOE Apr 14 Dark Reading
Privilege Elevation Dominates Massive Microsoft Patch Update
FRIEND Apr 14 The Register (Security)
Commvault has a Ctrl+Z for rogue AI agents
FOE Apr 14 The Register (Security)
Microsoft's massive Patch Tuesday: It's raining bugs
FOE Apr 14 Bleeping Computer
Over 100 Chrome extensions in Web Store target users accounts and data
FRIEND Apr 14 CSO Online
4 questions to ask before outsourcing MDR
FOE Apr 14 Dark Reading
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
FOE Apr 14 CSO Online
5 trends defining the future of AI-powered cybersecurity
FOE Apr 14 The Intercept (Privacy)
Dem Leaders Aren’t Even Bothering to Rally Caucus Against Trump Domestic Spying Powers
FRIEND Apr 14 Ars Technica (Security)
UK gov's Mythos AI tests help separate cybersecurity threat from hype
FOE Apr 14 SecurityWeek
Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
FRIEND Apr 14 Bleeping Computer
Microsoft releases Windows 10 KB5082200 extended security update
FOE Apr 14 Bleeping Computer
McGraw-Hill confirms data breach following extortion threat
FRIEND Apr 14 Bleeping Computer
Windows 11 cumulative updates KB5083769 & KB5082052 released
FRIEND Apr 14 SANS Internet Storm Center
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
FOE Apr 14 Bleeping Computer
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
FOE Apr 14 SecurityWeek
Adobe Patches 55 Vulnerabilities Across 11 Products
FOE Apr 14 Bleeping Computer
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
FOE Apr 14 CSO Online
EU regulators largely denied access to Anthropic Mythos
FOE Apr 14 Dark Reading
Wargame Exercise Demonstrates How Social Media Manipulation Works
FOE Apr 14 EFF Deeplinks
Google Broke Its Promise to Me. Now ICE Has My Data.
FRIEND Apr 14 Schneier on Security
Upcoming Speaking Engagements
FOE Apr 14 EFF Deeplinks
EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government
FOE Apr 14 BrightTALK InfoSec
Learning from Mistakes: Hard Lessons in Building Cyber Defenses
FOE Apr 14 BrightTALK InfoSec
AI Agents Unleashed: Governing the Invisible Workforce
FOE Apr 14 The Hacker News
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
FRIEND Apr 14 Bleeping Computer
Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
FRIEND Apr 14 The Hacker News
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
FRIEND Apr 14 EPIC
Virginia Governor Signs Bill Banning Sale of Precise Location Data
FOE Apr 14 The Hacker News
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
FOE Apr 14 EPIC
Government AI Is Coming for Your Data
FRIEND Apr 14 Bleeping Computer
5 Ways Zero Trust Maximizes Identity Security
FOE Apr 14 BrightTALK InfoSec
The Pitfalls of Cybersecurity, Privacy and AI Law in 2026
FOE Apr 14 The Register (Security)
No honor among thieves as 0APT threatens rival ransomware gang Krybit
FOE Apr 14 SecurityWeek
‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats
FOE Apr 14 SecurityWeek
Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members
FOE Apr 14 CSO Online
China-linked cloud credential heist runs on typos and SMTP
FOE Apr 14 CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE Apr 14 SecurityWeek
SAP Patches Critical ABAP Vulnerability
FOE Apr 14 SecurityWeek
Triad Nexus Evades Sanctions to Fuel Cybercrime
FOE Apr 14 Schneier on Security
How Hackers Are Thinking About AI
FRIEND Apr 14 SecurityWeek
Google Adds Rust DNS Parser to Pixel Phones for Better Security
FOE Apr 14 The Hacker News
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
FOE Apr 14 The Hacker News
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
FOE Apr 14 SecurityWeek
Nightclub Giant RCI Hospitality Reports Data Breach
FRIEND Apr 14 CSO Online
How AI is transforming threat detection
FOE Apr 14 CSO Online
The AI inflection point: What security leaders must do now
FOE Apr 14 SecurityWeek
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities
FOE Apr 14 The Hacker News
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
FOE Apr 14 CSO Online
Cyber-Inspekteur: Hybride Attacken nehmen weiter zu
FOE Apr 14 The Hacker News
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
FOE Apr 14 The Hacker News
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
FRIEND Apr 14 Recorded Future Blog
A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape
FRIEND Apr 14 Recorded Future Blog
A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape
FOE Apr 13 CSO Online
Anthropic’s Mythos signals a structural cybersecurity shift
FOE Apr 13 EFF Deeplinks
The Dangers of California’s Legislation to Censor 3D Printing
FOE Apr 13 Bleeping Computer
European Gym giant Basic-Fit data breach affects 1 million members
FOE Apr 13 Dark Reading
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
FOE Apr 13 The Register (Security)
Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
FOE Apr 13 Dark Reading
CSA: CISOs Should Prepare for Post-Mythos Exploit Storm
FOE Apr 13 Dark Reading
Adobe Patches Actively Exploited Zero-Day That Lingered for Months
FOE Apr 13 Bleeping Computer
Stolen Rockstar Games analytics data leaked by extortion gang
FOE Apr 13 EPIC
EPIC joins ACLU’s ‘Eyewear, Not Spyware!’ campaign to fight Meta’s surveillance glasses
FOE Apr 13 Bleeping Computer
Critical flaw in wolfSSL library enables forged certificate use
FRIEND Apr 13 EPIC
EPIC Files Amicus Brief Countering Big Tech Claim that Surveillance-Based Feeds Are Protected by the First Amendment
FRIEND Apr 13 EFF Deeplinks
EFF 🤝 HOPE: Join Us This August!
FOE Apr 13 Dark Reading
Empty Attestations: OT Lacks the Tools for Cryptographic Readiness
FOE Apr 13 Bleeping Computer
FBI takedown of W3LL phishing service leads to developer arrest
FOE Apr 13 The Register (Security)
Fake Linux leader using Slack to con devs into giving up their secrets
FOE Apr 13 Bleeping Computer
OpenAI rotates macOS certs after Axios attack hit code-signing workflow
FOE Apr 13 EFF Deeplinks
Hot Off the Press: EFF's Updated Guide to Tech at the US-Mexico Border
FOE Apr 13 Bleeping Computer
New Booking.com data breach forces reservation PIN resets
FOE Apr 13 The Hacker News
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
FRIEND Apr 13 Schneier on Security
On Anthropic’s Mythos Preview and Project Glasswing
FRIEND Apr 13 EFF Deeplinks
Speaking Freely: Dr. Jean Linis-Dinco
FOE Apr 13 Bleeping Computer
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
FOE Apr 13 EFF Deeplinks
War as a Pretext: Gulf States Are Tightening the Screws on Speech—Again
FOE Apr 13 Dark Reading
APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials
FOE Apr 13 The Hacker News
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
FOE Apr 13 The Register (Security)
Booking.com warns reservation data may have checked out with intruders
FOE Apr 13 SecurityWeek
Booking.com Says Hackers Accessed User Information
FOE Apr 13 Bleeping Computer
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
FOE Apr 13 SecurityWeek
BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings
FOE Apr 13 Privacy International
Moving Goalposts: Football, Facial Recognition and the Expansion of Surveillance
FOE Apr 13 SANS Internet Storm Center
Scans for EncystPHP Webshell, (Mon, Apr 13th)
FOE Apr 13 The Hacker News
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
FOE Apr 13 CSO Online
Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure
FOE Apr 13 SecurityWeek
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
FOE Apr 13 CISA Alerts
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
FOE Apr 13 CSO Online
Seven IBM WebSphere Liberty flaws can be chained into full takeover
FOE Apr 13 The Hacker News
Your MTTD Looks Great. Your Post-Alert Gap Doesn't
FRIEND Apr 13 SecurityWeek
International Operation Targets Multimillion-Dollar Crypto Theft Schemes
FOE Apr 13 The Register (Security)
Gym giant Basic-Fit confirms data on a million members stolen in cyberattack
FOE Apr 13 SecurityWeek
CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads
FOE Apr 13 The Register (Security)
Rockstar Games gets a taste of grand theft data amid ShinyHunters threat of 'Pay or leak'
FOE Apr 13 Schneier on Security
AI Chatbots and Trust
FOE Apr 13 SecurityWeek
Fake Claude Website Distributes PlugX RAT
FRIEND Apr 13 The Register (Security)
NHS pays £46K to prep next Microsoft licensing round
FOE Apr 13 The Hacker News
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
FOE Apr 13 CSO Online
CISOs tackle the AI visibility gap
FRIEND Apr 13 SecurityWeek
Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users
FOE Apr 13 The Hacker News
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
FRIEND Apr 13 CSO Online
Was ist Federated Identity Management?
FRIEND Apr 13 Risky Business News
Risky Bulletin: France takes first steps to ditch Windows for Linux
FOE Apr 13 The Register (Security)
China wants AI to prepare school lessons and mark homework
FOE Apr 13 Recorded Future Blog
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day
FOE Apr 12 The Register (Security)
Anthropic's mysterious Mythos AI threatens to upend the infosec world
FOE Apr 12 Bleeping Computer
Critical Marimo pre-auth RCE flaw now under active exploitation
FOE Apr 12 SecurityWeek
Adobe Patches Reader Zero-Day Exploited for Months
FOE Apr 12 The Hacker News
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
FOE Apr 12 The Hacker News
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
FOE Apr 11 Bleeping Computer
Over 20,000 crypto fraud victims identified in international crackdown
FOE Apr 11 The Register (Security)
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
FOE Apr 11 The Register (Security)
Hungarian government creds left in the safe hands of 'FrankLampard'
FOE Apr 11 The Hacker News
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
FOE Apr 11 Bleeping Computer
ChatGPT rolls out new $100 Pro subscription to challenge Claude
FRIEND Apr 10 CSO Online
Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises
FOE Apr 10 EPIC
Oklahoma, Alabama enact weak privacy laws
FOE Apr 10 Dark Reading
Hims Breach Exposes the Most Sensitive Kinds of PHI
FOE Apr 10 Dark Reading
Your Next Breach Will Look Like Business as Usual
FOE Apr 10 CSO Online
Old Docker authorization bypass pops up despite previous patch
FOE Apr 10 EPIC
Massachusetts Supreme Judicial Court Recognizes Section 230 Is No Bar to Social Media Design Claims
FOE Apr 10 Bleeping Computer
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
FRIEND Apr 10 Dark Reading
FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats
FRIEND Apr 10 Dark Reading
Orange Business Reimagines Enterprise Voice Communications With Trust and AI
FOE Apr 10 SecurityWeek
In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack
FOE Apr 10 CSO Online
Hacker Unknown now known, named on Europol’s most-wanted list
FOE Apr 10 Bleeping Computer
Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
FOE Apr 10 EFF Deeplinks
We Need You: Our Privacy Cannot Afford a Clean Extension of Section 702
FOE Apr 10 SecurityWeek
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
FOE Apr 10 Dark Reading
Industrial Controllers Still Vulnerable As Conflicts Move to Cyber
FOE Apr 10 The Hacker News
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
FOE Apr 10 CSO Online
Hungarian government email passwords exposed ahead of election
FOE Apr 10 Bleeping Computer
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
FOE Apr 10 Dark Reading
Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?
FOE Apr 10 The Register (Security)
CPUID site hijacked to serve malware instead of HWMonitor downloads
FOE Apr 10 SecurityWeek
Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday
FOE Apr 10 Bleeping Computer
Microsoft: Canadian employees targeted in payroll pirate attacks
FOE Apr 10 SecurityWeek
Orthanc DICOM Vulnerabilities Lead to Crashes, RCE
FOE Apr 10 CSO Online
Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes
FRIEND Apr 10 The Register (Security)
Project Glasswing and open source software: The good, the bad, and the ugly
FRIEND Apr 10 The Register (Security)
Britain seeks views before it drops the hammer on signal jammers
FOE Apr 10 The Hacker News
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
FOE Apr 10 SecurityWeek
Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000
FRIEND Apr 10 Bleeping Computer
Google rolls out Gmail end-to-end encryption on mobile devices
FRIEND Apr 10 Schneier on Security
Sen. Sanders Talks to Claude About AI and Privacy
FOE Apr 10 Privacy International
Dangerous data
FOE Apr 10 CSO Online
Why most zero-trust architectures fail at the traffic layer
FRIEND Apr 10 SecurityWeek
MITRE Releases Fight Fraud Framework
FOE Apr 10 SecurityWeek
Critical Marimo Flaw Exploited Hours After Public Disclosure
FOE Apr 10 CSO Online
The cyber winners and losers in Trump’s 2027 budget
FOE Apr 10 CSO Online
CMMC compliance in the age of AI
FOE Apr 10 The Register (Security)
Unpacking AI security in 2026 from experimentation to the agentic era
FOE Apr 10 The Intercept (Privacy)
A Redditor Criticized ICE. Trump Is Trying to Unmask Them by Dragging the Company to a Secret Grand Jury.
FRIEND Apr 10 The Hacker News
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
FRIEND Apr 10 SecurityWeek
Google Rolls Out Cookie Theft Protections in Chrome
FOE Apr 10 The Hacker News
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
FOE Apr 10 SecurityWeek
Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users
FOE Apr 10 SANS Internet Storm Center
Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
FOE Apr 10 The Hacker News
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
FOE Apr 10 Risky Business News
Risky Bulletin: FBI extracted Signal chats from iPhone notifications logs
FOE Apr 10 CSO Online
Was CISOs von Moschusochsen lernen können
FOE Apr 10 Recorded Future Blog
VIP Credential Monitoring Blog
FOE Apr 09 CSO Online
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
FOE Apr 09 Bleeping Computer
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
FOE Apr 09 Bleeping Computer
New VENOM phishing attacks steal senior executives' Microsoft logins
FOE Apr 09 EFF Deeplinks
Yikes, Encryption’s Y2K Moment is Coming Years Early
FOE Apr 09 Dark Reading
Russia's 'Fancy Bear' APT Continues Its Global Onslaught
FOE Apr 09 Dark Reading
'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
FOE Apr 09 Bleeping Computer
Healthcare IT solutions provider ChipSoft hit by ransomware attack
FRIEND Apr 09 EPIC
EPIC Testifies in Support of Rhode Island Age-Appropriate Design Code Approach
FOE Apr 09 CSO Online
Cloudflare ‘actively adjusting’ quantum priorities in wake of Google warning
FRIEND Apr 09 Bleeping Computer
Google Chrome adds infostealer protection against session cookie theft
FOE Apr 09 The Register (Security)
Crypto? Huh. Good gawd y'all, what is it good for? $45M in this case
FRIEND Apr 09 EPIC
EPIC Endorses Youth AI Privacy Act to Protect Minors from Chatbot Harms
FOE Apr 09 Dark Reading
Do Ceasefires Slow Cyberattacks? History Suggests Not
FOE Apr 09 The Hacker News
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
FOE Apr 09 EFF Deeplinks
Comparison Shopping Is Not a (Computer) Crime
FOE Apr 09 The Register (Security)
'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree
FOE Apr 09 EFF Deeplinks
EFF is Leaving X
FOE Apr 09 The Hacker News
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
FOE Apr 09 Bleeping Computer
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
FOE Apr 09 The Register (Security)
Chevin pulls the handbrake on FleetWave software after security scare
FOE Apr 09 The Register (Security)
Months-old Adobe Reader zero-day uses PDFs to size up targets
FOE Apr 09 Bleeping Computer
When attackers already have the keys, MFA is just another door to open
FOE Apr 09 The Register (Security)
Microsoft locks out VeraCrypt and WireGuard devs, blames verification process
FOE Apr 09 SecurityWeek
Apple Intelligence AI Guardrails Bypassed in New Attack
FOE Apr 09 SecurityWeek
Can we Trust AI? No – But Eventually We Must
FOE Apr 09 The Register (Security)
Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse
FOE Apr 09 The Hacker News
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
FOE Apr 09 Sophos News
We let OpenClaw loose on an internal network. Here’s what it found
FOE Apr 09 Sophos News
The vulnerability flood is here. Here’s what it means – and how to prepare
FOE Apr 09 CSO Online
Weak at the seams
FOE Apr 09 SecurityWeek
Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
FRIEND Apr 09 Bleeping Computer
Webinar: From noise to signal - What threat actors are targeting next
FOE Apr 09 CISA Alerts
Contemporary Controls BASC 20T
FOE Apr 09 CISA Alerts
GPL Odorizers GPL750
FOE Apr 09 SecurityWeek
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
FOE Apr 09 CSO Online
New ClickFix variant bypasses Apple safeguards with one‑click script execution
FOE Apr 09 The Register (Security)
Zephyr Energy loses £700K in cyber hit that rerouted contractor payment
FOE Apr 09 The Hacker News
The Hidden Security Risks of Shadow AI in Enterprises
FOE Apr 09 The Hacker News
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
FRIEND Apr 09 SecurityWeek
The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
FOE Apr 09 Schneier on Security
On Microsoft’s Lousy Cloud Security
FOE Apr 09 The Hacker News
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
FOE Apr 09 Bleeping Computer
Eurail says December data breach impacts 300,000 individuals
FOE Apr 09 SecurityWeek
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
FOE Apr 09 Bleeping Computer
Hackers exploiting Acrobat Reader zero-day flaw since December
FOE Apr 09 CSO Online
Patch windows collapse as time-to-exploit accelerates
FOE Apr 09 CSO Online
Weak at the seams
FOE Apr 09 SecurityWeek
Adobe Reader Zero-Day Exploited for Months: Researcher
FOE Apr 09 SecurityWeek
300,000 People Impacted by Eurail Data Breach
FOE Apr 09 The Register (Security)
Sticky-note security turned gym into hall of '80s horrors
FOE Apr 09 Bleeping Computer
Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
FOE Apr 09 The Register (Security)
Cryptographers place $5,000 bet whether quantum will matter
FOE Apr 09 Bleeping Computer
Microsoft suspends dev accounts for high-profile open source projects
FOE Apr 09 SecurityWeek
$3.6 Million Stolen in Bitcoin Depot Hack
FRIEND Apr 09 CSO Online
So geht Post-Incident Review
FRIEND Apr 09 Risky Business News
Srsly Risky Biz: American Diplomats to Fight Propaganda… on X
FOE Apr 09 SecurityWeek
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
FOE Apr 09 CSO Online
Questions raised about how LinkedIn uses the petabytes of data it collects
FOE Apr 09 Dark Reading
Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
FOE Apr 09 SANS Internet Storm Center
Number Usage in Passwords: Take Two, (Thu, Apr 9th)
FOE Apr 09 Sophos News
Adobe Reader zero-day vulnerability in active exploitation
FOE Apr 09 Sophos News
We let OpenClaw loose on an internal network. Here’s what it found
FRIEND Apr 09 Recorded Future Blog
Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.
FOE Apr 09 Sophos News
The vulnerability flood is here. Here’s what it means – and how to prepare
FOE Apr 09 Sophos News
We let OpenClaw loose on an internal network. Here’s what it found
FOE Apr 08 Bleeping Computer
Hackers use pixel-large SVG trick to hide credit card stealer
FOE Apr 08 Bleeping Computer
Google: New UNC6783 hackers steal corporate Zendesk support tickets
FOE Apr 08 The Register (Security)
Criminal wannabes even more dangerous than the pros, says ex-FBI cyber chief
FOE Apr 08 Ars Technica (Security)
Iran-linked hackers disrupt operations at US critical infrastructure sites
FOE Apr 08 Dark Reading
Threat Actors Get Crafty With Emojis to Escape Detection
FOE Apr 08 Dark Reading
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
FOE Apr 08 EFF Deeplinks
Banning New Foreign Routers Mistargets Products to Fix Real Problem
FOE Apr 08 Bleeping Computer
New macOS stealer campaign uses Script Editor in ClickFix attack
FOE Apr 08 Bleeping Computer
CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
FRIEND Apr 08 CSO Online
Arelion employs NETSCOUT Arbor DDoS protection products
FRIEND Apr 08 CSO Online
6 Winter 2026 G2 Leader Badges prove this DDoS protection stands out
FOE Apr 08 The Hacker News
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
FOE Apr 08 CSO Online
How botnet-driven DDoS attacks evolved in 2H 2025
FOE Apr 08 Bleeping Computer
13-year-old bug in ActiveMQ lets hackers remotely execute commands
FOE Apr 08 SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
FOE Apr 08 The Hacker News
Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
FOE Apr 08 EFF Deeplinks
👁 Selling Mass Surveillance | EFFector 38.7
FOE Apr 08 Dark Reading
Fraud Rockets Higher in Mobile-First Latin America
FRIEND Apr 08 CSO Online
Yael Nardi joins Minimus as Chief Business Officer to drive hyper-growth
FRIEND Apr 08 SecurityWeek
Data Leakage Vulnerability Patched in OpenSSL
FRIEND Apr 08 Dark Reading
Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus
FOE Apr 08 SecurityWeek
RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years
FOE Apr 08 SANS Internet Storm Center
More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
FRIEND Apr 08 Dark Reading
Niobium Introduces The Fog
FRIEND Apr 08 Dark Reading
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
FOE Apr 08 Bleeping Computer
Is a $30,000 GPU Good at Password Cracking?
FRIEND Apr 08 Black Hills Information Security
Getting Started In Pentesting – Advice From The BHIS Pentest Lead
FOE Apr 08 The Hacker News
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
FOE Apr 08 Dark Reading
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
FOE Apr 08 Sophos News
Is compliance complexity outpacing IT capacity?
FOE Apr 08 SecurityWeek
FBI: Cybercrime Losses Neared $21 Billion in 2025
FOE Apr 08 SecurityWeek
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
FOE Apr 08 CSO Online
Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
FOE Apr 08 CSO Online
Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites
FOE Apr 08 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE Apr 08 SecurityWeek
Evasive Masjesu DDoS Botnet Targets IoT Devices
FOE Apr 08 The Register (Security)
Dutch healthcare software vendor goes dark after ransomware attack
FRIEND Apr 08 The Hacker News
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
FOE Apr 08 SecurityWeek
Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
FOE Apr 08 Ars Technica (Security)
Thousands of consumer routers hacked by Russia's military
FOE Apr 08 CSO Online
LLM-generated passwords are indefensible. Your codebase may already prove it
FOE Apr 08 SecurityWeek
US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking
FOE Apr 08 CSO Online
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
FOE Apr 08 Schneier on Security
Python Supply-Chain Compromise
FOE Apr 08 The Register (Security)
NHS Scotland-linked domains caught serving pr0n and dodgy sports streams
FOE Apr 08 CSO Online
The zero-day timeline just collapsed. Here’s what security leaders do next
FRIEND Apr 08 CSO Online
Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents
FRIEND Apr 08 The Hacker News
Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
FRIEND Apr 08 CSO Online
The tabletop exercise grows up
FOE Apr 08 EFF Deeplinks
Digital Hopes, Real Power: How the Arab Spring Fueled a Global Surveillance Boom
FOE Apr 08 The Hacker News
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
FRIEND Apr 08 Bleeping Computer
Microsoft rolls out fix for broken Windows Start Menu search
FOE Apr 08 The Register (Security)
Microsoft hints at bit bunkers for war zones
FOE Apr 08 Risky Business News
Risky Bulletin: Cybercrime losses passed $20 billion last year
FOE Apr 08 The Hacker News
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
FOE Apr 08 CSO Online
Tipps für CISOs, die die Branche wechseln wollen
FOE Apr 08 SecurityWeek
Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks
FOE Apr 08 Sophos News
Is compliance complexity outpacing IT capacity?
FOE Apr 08 Sophos News
Is compliance complexity outpacing IT capacity?
FOE Apr 07 The Register (Security)
Anthropic: All your zero-days are belong to Mythos
FOE Apr 07 The Register (Security)
Iran cyber actors disrupting US water, energy facilities, FBI warns
FRIEND Apr 07 CSO Online
What Anthropic Glasswing reveals about the future of vulnerability discovery
FOE Apr 07 Bleeping Computer
Hackers exploit critical flaw in Ninja Forms WordPress plugin
FOE Apr 07 Bleeping Computer
FBI: Americans lost a record $21 billion to cybercrime last year
FOE Apr 07 CSO Online
Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw
FOE Apr 07 The Register (Security)
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
FOE Apr 07 Dark Reading
Storm-1175 Deploys Medusa Ransomware at 'High Velocity'
FOE Apr 07 Dark Reading
Grafana Patches AI Bug That Could Have Leaked User Data
FOE Apr 07 Bleeping Computer
Snowflake customers hit in data theft attacks after SaaS integrator breach
FRIEND Apr 07 EFF Deeplinks
EU Parliament Blocks Mass-Scanning of Our Chats—What's Next?
FRIEND Apr 07 CSO Online
5 practical steps to strengthen attack resilience with attack surface management
FOE Apr 07 CSO Online
5 steps to strengthen supply chain security and improve cyber resilience
FRIEND Apr 07 CSO Online
5 ways to strengthen identity security and improve attack resilience
FOE Apr 07 SecurityWeek
Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
FOE Apr 07 SANS Internet Storm Center
A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
FOE Apr 07 Bleeping Computer
US warns of Iranian hackers targeting critical infrastructure
FOE Apr 07 The Register (Security)
US cybercrime losses pass $20B for first time as AI boosts online fraud
FRIEND Apr 07 Schneier on Security
Cybersecurity in the Age of Instant Software
FOE Apr 07 Krebs on Security
Russia Hacked Routers to Steal Microsoft Office Tokens
FOE Apr 07 Bleeping Computer
Max severity Flowise RCE vulnerability now exploited in attacks
FOE Apr 07 The Register (Security)
Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns
FOE Apr 07 The Hacker News
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
FOE Apr 07 SecurityWeek
The New Rules of Engagement: Matching Agentic Attack Speed
FRIEND Apr 07 SecurityWeek
Trent AI Emerges From Stealth With $13 Million in Funding
FRIEND Apr 07 Bleeping Computer
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
FOE Apr 07 SecurityWeek
Critical Flowise Vulnerability in Attacker Crosshairs
FOE Apr 07 The Hacker News
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
FOE Apr 07 Dark Reading
RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever
FOE Apr 07 Dark Reading
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
FOE Apr 07 Dark Reading
Lies, Damned Lies, and Cybersecurity Metrics
FRIEND Apr 07 SecurityWeek
Severe StrongBox Vulnerability Patched in Android
FOE Apr 07 Bleeping Computer
Why Your Automated Pentesting Tool Just Hit a Wall
FOE Apr 07 SecurityWeek
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
FRIEND Apr 07 SecurityWeek
Webinar Today: Why Automated Pentesting Alone Is Not Enough
FRIEND Apr 07 Dark Reading
Focusing on the People in Cybersecurity at RSAC 2026 Conference
FOE Apr 07 CSO Online
Zero‑click Grafana AI attack can enable enterprise data exfiltration
FOE Apr 07 The Hacker News
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
FOE Apr 07 The Hacker News
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
FOE Apr 07 CISA Alerts
Mitsubishi Electric GENESIS64 and ICONICS Suite products
FOE Apr 07 CISA Alerts
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
FOE Apr 07 SecurityWeek
GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack
FOE Apr 07 The Hacker News
The Hidden Cost of Recurring Credential Incidents
FOE Apr 07 SecurityWeek
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
FOE Apr 07 CSO Online
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks
FOE Apr 07 CSO Online
Supply chain security is now a board-level issue: Here’s what CSOs need to know
FOE Apr 07 Schneier on Security
Hong Kong Police Can Force You to Reveal Your Encryption Keys
FRIEND Apr 07 SecurityWeek
German Police Unmask REvil Ransomware Leader
FOE Apr 07 CSO Online
The rise of proactive cyber: Why defense is no longer enough
FOE Apr 07 CSO Online
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
FOE Apr 07 The Hacker News
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
FOE Apr 07 SecurityWeek
White House Seeks to Slash CISA Funding by $707 Million
FOE Apr 07 The Hacker News
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
FOE Apr 07 SecurityWeek
Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
FOE Apr 07 The Hacker News
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
FRIEND Apr 07 The Register (Security)
Yahoo<i>!</i> Japan’s owner consolidating 164 OpenStack clusters into one
FOE Apr 06 Bleeping Computer
German authorities identify REvil and GangCrab ransomware bosses
FOE Apr 06 The Register (Security)
AI agents found vulns in this popular Linux and Unix print server
FOE Apr 06 Bleeping Computer
New GPUBreach attack enables system takeover via GPU rowhammer
FOE Apr 06 Dark Reading
AI-Assisted Supply Chain Attack Targets GitHub
FOE Apr 06 Dark Reading
Axios Attack Shows Social Complex Engineering Is Industrialized
FOE Apr 06 Dark Reading
Fortinet Issues Emergency Patch for FortiClient Zero-Day
FOE Apr 06 Bleeping Computer
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
FRIEND Apr 06 Bleeping Computer
Microsoft fixes Classic Outlook bug causing email delivery issues
FOE Apr 06 Schneier on Security
New Mexico’s Meta Ruling and Encryption
FOE Apr 06 The Hacker News
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
FRIEND Apr 06 TCM Security Blog
What is Ethical Hacking
FOE Apr 06 The Register (Security)
Attackers exploited this critical FortiClient EMS bug as a 0-day
FOE Apr 06 Bleeping Computer
Microsoft removes Support and Recovery Assistant from Windows
FOE Apr 06 Bleeping Computer
Microsoft links Medusa ransomware affiliate to zero-day attacks
FOE Apr 06 Bleeping Computer
Drift $280M crypto theft linked to 6-month in-person operation
FOE Apr 06 The Hacker News
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
FOE Apr 06 Bleeping Computer
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
FOE Apr 06 SecurityWeek
Google DeepMind Researchers Map Web Attacks Against AI Agents
FOE Apr 06 Dark Reading
Automated Credential Harvesting Campaign Exploits React2Shell Flaw
FOE Apr 06 Dark Reading
Shadow AI in Healthcare Is Here to Stay
FOE Apr 06 Bleeping Computer
Why Simple Breach Monitoring is No Longer Enough
FRIEND Apr 06 Dark Reading
OWASP GenAI Security Project Gets Update, New Tools Matrix
FOE Apr 06 The Hacker News
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
FOE Apr 06 The Hacker News
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
FOE Apr 06 CSO Online
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
FOE Apr 06 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE Apr 06 The Hacker News
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
FOE Apr 06 SecurityWeek
Guardarian Users Targeted With Malicious Strapi NPM Packages
FOE Apr 06 SecurityWeek
North Korean Hackers Target High-Profile Node.js Maintainers
FRIEND Apr 06 Schneier on Security
Google Wants to Transition to Post-Quantum Cryptography by 2029
FOE Apr 06 The Hacker News
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
FOE Apr 06 CSO Online
Authentication is broken: Here’s how security leaders can actually fix it
FOE Apr 06 SecurityWeek
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
FOE Apr 06 CSO Online
6 ways attackers abuse AI services to hack your business
FOE Apr 06 CSO Online
Escaping the COTS trap
FOE Apr 06 SANS Internet Storm Center
How often are redirects used in phishing in 2026&#x3f;, (Mon, Apr 6th)
FOE Apr 06 The Hacker News
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
FOE Apr 06 Risky Business News
Risky Bulletin: New Cambodian law will put scam compound operators in prison for life
FOE Apr 06 Krebs on Security
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
FOE Apr 06 The Register (Security)
Anthropic sure has a mess on its hands thanks to that Claude Code source leak
FOE Apr 05 Bleeping Computer
Traffic violation scams switch to QR codes in new phishing texts
FOE Apr 05 Bleeping Computer
New FortiClient EMS flaw exploited in attacks, emergency patch released
FOE Apr 05 The Hacker News
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
FOE Apr 05 Bleeping Computer
Hackers exploit React2Shell in automated credential theft campaign
FOE Apr 05 The Register (Security)
Researchers didn’t want to glamorize cybercrims. So they roasted them
FOE Apr 05 Ars Technica (Security)
CBP facility codes sure seem to have leaked via online flashcards
FOE Apr 05 The Hacker News
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
FOE Apr 05 The Hacker News
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
FOE Apr 04 Bleeping Computer
Axios npm hack used fake Teams error fix to hijack maintainer account
FOE Apr 04 Bleeping Computer
Device code phishing attacks surge 37x as new kits spread online
FOE Apr 04 SecurityWeek
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
FRIEND Apr 03 EFF Deeplinks
Triple Header for Privacy’s Defender in New York
FOE Apr 03 The Register (Security)
Trump wants to take a battle axe to CISA again and slash $707M from budget
FOE Apr 03 EFF Deeplinks
The FAA’s “Temporary” Flight Restriction for Drones is a Blatant Attempt to Criminalize Filming ICE
FRIEND Apr 03 Schneier on Security
Friday Squid Blogging: Jurassic Fish Chokes on Squid
FOE Apr 03 Dark Reading
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
FOE Apr 03 Bleeping Computer
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
FOE Apr 03 Bleeping Computer
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
FOE Apr 03 Ars Technica (Security)
OpenClaw gives users yet another reason to be freaked out about security
FOE Apr 03 CSO Online
Security lapse lets researchers view React2Shell hackers’ dashboard
FOE Apr 03 CSO Online
A core infrastructure engineer pleads guilty to federal charges in insider attack
FOE Apr 03 Bleeping Computer
Hims & Hers warns of data breach after Zendesk support ticket breach
FOE Apr 03 EFF Deeplinks
Tech Nonprofits to Feds: Don’t Weaponize Procurement to Undermine AI Trust and Safety
FOE Apr 03 The Hacker News
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
FOE Apr 03 CSO Online
Google patches fourth Chrome zero-day so far this year
FOE Apr 03 CSO Online
Internet Bug Bounty program hits pause on payouts
FRIEND Apr 03 Dark Reading
Apple Breaks Precedent, Patches DarkSword for iOS 18
FOE Apr 03 CSO Online
Claude Code is still vulnerable to an attack Anthropic has already fixed
FOE Apr 03 Bleeping Computer
Die Linke German political party confirms data stolen by Qilin ransomware
FOE Apr 03 CSO Online
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
FOE Apr 03 The Register (Security)
Hybrid work, expanded risk: what needs to change
FRIEND Apr 03 EFF Deeplinks
Double Shot of Privacy's Defender in D.C.
FOE Apr 03 The Hacker News
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
FOE Apr 03 EPIC
New EPIC Resource Calls on Congress to Close the Data Broker Loophole
FOE Apr 03 Dark Reading
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
FOE Apr 03 Bleeping Computer
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
FRIEND Apr 03 Sophos News
Sophos Gartner Peer Insights MDR
FRIEND Apr 03 Dark Reading
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
FOE Apr 03 SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000&#x2b; SaaS Environments, (Fri, Apr 3rd)
FOE Apr 03 Dark Reading
Source Code Leaks Highlight Lack of Supply Chain Oversight
FRIEND Apr 03 Dark Reading
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
FOE Apr 03 SecurityWeek
TrueConf Zero-Day Exploited in Asian Government Attacks
FOE Apr 03 SecurityWeek
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
FOE Apr 03 SecurityWeek
Critical ShareFile Flaws Lead to Unauthenticated RCE
FRIEND Apr 03 Dark Reading
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
FOE Apr 03 Bleeping Computer
Microsoft still working to fix Exchange Online mailbox access issues
FOE Apr 03 Schneier on Security
Company that Secretly Records and Publishes Zoom Meetings
FOE Apr 03 The Hacker News
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
FOE Apr 03 The Hacker News
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
FOE Apr 03 SecurityWeek
Mobile Attack Surface Expands as Enterprises Lose Control
FOE Apr 03 SecurityWeek
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
FOE Apr 03 SecurityWeek
T-Mobile Sets the Record Straight on Latest Data Breach Filing
FOE Apr 03 SecurityWeek
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
FOE Apr 03 The Hacker News
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
FOE Apr 03 Bleeping Computer
Man admits to locking thousands of Windows devices in extortion plot
FRIEND Apr 03 CSO Online
12 cyber industry trends revealed at RSAC 2026
FOE Apr 03 The Hacker News
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
FRIEND Apr 03 Bleeping Computer
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
FOE Apr 03 Bleeping Computer
CERT-EU: European Commission hack exposes data of 30 EU entities
FRIEND Apr 03 CSO Online
Die besten XDR-Tools
FRIEND Apr 03 CSO Online
Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative
FOE Apr 03 Risky Business News
Risky Bulletin: Russia will revoke licenses for unruly ISPs
FRIEND Apr 03 Recorded Future Blog
Day in the Life: Product Manager at Recorded Future
FRIEND Apr 03 Sophos News
Sophos named a 2026 Gartner® Peer Insights™ Customers' Choice for Managed Detection and Response
FRIEND Apr 02 EFF Deeplinks
Weakening Speech Protections Will Punish All of Us—Not Just Meta
FOE Apr 02 CSO Online
Cisco fixes critical IMC auth bypass present in many products
FRIEND Apr 02 EFF Deeplinks
A Baseless Copyright Claim Against a Web Host—and Why It Failed
FOE Apr 02 Bleeping Computer
Claude Code leak used to push infostealer malware on GitHub
FOE Apr 02 Dark Reading
Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate
FOE Apr 02 The Hacker News
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
FRIEND Apr 02 Dark Reading
Security Bosses Are All-In on AI. Here's Why
FOE Apr 02 Bleeping Computer
Drift loses $280 million North Korean hackers seize Security Council powers
FOE Apr 02 Bleeping Computer
Drift loses $280 million as hackers seize Security Council powers
FOE Apr 02 SecurityWeek
Critical Vulnerability in Claude Code Emerges Days After Source Leak
FOE Apr 02 EFF Deeplinks
Print Blocking Won't Work - Permission to Print Part 2
FOE Apr 02 EFF Deeplinks
Print Blocking is Anti-Consumer - Permission to Print Part 1
FOE Apr 02 The Register (Security)
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
FRIEND Apr 02 Schneier on Security
US Bans All Foreign-Made Consumer Routers
FOE Apr 02 Ars Technica (Security)
New Rowhammer attacks give complete control of machines running Nvidia GPUs
FRIEND Apr 02 SecurityWeek
Apple Rolls Out DarkSword Exploit Protection to More Devices
FOE Apr 02 Dark Reading
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026
FOE Apr 02 Dark Reading
RSAC 2026: AI Dominates, But Community Remains Key to Security
FOE Apr 02 Bleeping Computer
Residential proxies evaded IP reputation checks in 78% of 4B sessions
FOE Apr 02 The Hacker News
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
FOE Apr 02 EFF Deeplinks
Google and Amazon: Acknowledged Risks, And Ignored Responsibilities
FOE Apr 02 SANS Internet Storm Center
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
FRIEND Apr 02 SecurityWeek
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
FOE Apr 02 EPIC
EPIC Joins Coalition Call to Halt Meta’s Plans for Facial Recognition ‘Smart’ Glasses
FOE Apr 02 Bleeping Computer
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
FOE Apr 02 Bleeping Computer
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
FOE Apr 02 Bleeping Computer
Medtech giant Stryker fully operational after data-wiping attack
FOE Apr 02 Dark Reading
Bank Trojan 'Casbaneiro' Worms Through Latin America
FOE Apr 02 The Hacker News
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
FOE Apr 02 CSO Online
EvilTokens abuses Microsoft device code flow for account takeovers
FOE Apr 02 SecurityWeek
Cisco Patches Critical and High-Severity Vulnerabilities
FOE Apr 02 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE Apr 02 CISA Alerts
Yokogawa CENTUM VP
FOE Apr 02 CISA Alerts
Hitachi Energy Ellipse
FOE Apr 02 CISA Alerts
Siemens SICAM 8 Products
FOE Apr 02 SecurityWeek
250,000 Affected by Data Breach at Nacogdoches Memorial Hospital
FOE Apr 02 The Hacker News
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
FOE Apr 02 The Hacker News
The State of Trusted Open Source Report
FOE Apr 02 EFF Deeplinks
EFF’s Submission to the UN OHCHR on Protection of Human Rights Defenders in the Digital Age
FOE Apr 02 Bleeping Computer
Critical Cisco IMC auth bypass gives attackers Admin access
FOE Apr 02 SecurityWeek
Mercor Hit by LiteLLM Supply Chain Attack
FOE Apr 02 Schneier on Security
Possible US Government iPhone Hacking Tool Leaked
FOE Apr 02 SecurityWeek
Sophisticated CrystalX RAT Emerges
FOE Apr 02 The Hacker News
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
FOE Apr 02 Bleeping Computer
Microsoft links Classic Outlook issue to email delivery problems
FRIEND Apr 02 CSO Online
Cybersecurity in the age of instant software
FOE Apr 02 Bleeping Computer
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
FRIEND Apr 02 SecurityWeek
Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents
FOE Apr 02 The Register (Security)
The company's biggest security hole lived in the breakroom
FRIEND Apr 02 The Hacker News
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
FRIEND Apr 02 SecurityWeek
Linx Security Raises $50 Million for Identity Security and Governance
FOE Apr 02 CSO Online
Tools, um MCP-Server abzusichern
FOE Apr 02 Risky Business News
Srsly Risky Biz: America's Next Top (Cyber) Model
FOE Apr 02 The Register (Security)
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
FOE Apr 02 Recorded Future Blog
Cybercrime Outlook in Latin America and the Caribbean [ES]
FOE Apr 02 Recorded Future Blog
Panorama del cibercrimen en América Latina y el Caribe
FOE Apr 02 Recorded Future Blog
Panorama del cibercrimen en América Latina y el Caribe
FRIEND Apr 02 Sophos News
Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence
FOE Apr 02 Recorded Future Blog
Latin America and the Caribbean Cybercrime Landscape
FOE Apr 01 Bleeping Computer
New CrystalRAT malware adds RAT, stealer and prankware features
FOE Apr 01 Dark Reading
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
FRIEND Apr 01 Bleeping Computer
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
FOE Apr 01 Bleeping Computer
Hackers exploit TrueConf zero-day to push malicious software updates
FRIEND Apr 01 The Register (Security)
Amazon security boss: AI makes pentesting 40% more efficient
FOE Apr 01 Bleeping Computer
New EvilTokens service fuels Microsoft device code phishing attacks
FRIEND Apr 01 CSO Online
7 ways to improve your business resilience with backup and recovery
FRIEND Apr 01 CSO Online
5 Steps to break free from alert fatigue and build resilient security operations
FRIEND Apr 01 CSO Online
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)
FRIEND Apr 01 CSO Online
6 critical mistakes that undermine cyber resilience (and how to fix them)
FRIEND Apr 01 CSO Online
6 metrics IT leaders can’t afford to ignore for business resilience
FRIEND Apr 01 CSO Online
5 critical steps to achieve business resilience in cybersecurity
FRIEND Apr 01 Dark Reading
LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut
FOE Apr 01 Bleeping Computer
'NoVoice' Android malware on Google Play infected 2.3 million devices
FOE Apr 01 CSO Online
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
FOE Apr 01 Schneier on Security
Is “Hackback” Official US Cybersecurity Strategy?
FOE Apr 01 Dark Reading
Cyberattacks Intensify Pressure on Latin American Governments
FRIEND Apr 01 SecurityWeek
Depthfirst Raises $80 Million in Series B Funding
FOE Apr 01 The Hacker News
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
FOE Apr 01 SecurityWeek
Toy Giant Hasbro Hit by Cyberattack
FOE Apr 01 SecurityWeek
New DeepLoad Malware Dropped in ClickFix Attacks
FOE Apr 01 Dark Reading
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks
FOE Apr 01 SecurityWeek
Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome
FOE Apr 01 The Register (Security)
'People's Panel' to check if UK wants controversial Digital ID will cost £630K
FOE Apr 01 Bleeping Computer
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
FRIEND Apr 01 Black Hills Information Security
Cloud Security: Tips and Resources for Securing the Cloud
FOE Apr 01 SecurityWeek
FBI Warns of Data Security Risks From China-Made Mobile Apps
FOE Apr 01 SecurityWeek
US Charges Uranium Crypto Exchange Hacker
FOE Apr 01 SecurityWeek
Webinar Today: Agentic AI vs. Identity’s Last Mile Problem
FOE Apr 01 SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
FRIEND Apr 01 The Hacker News
Block the Prompt, Not the Work: The End of "Doctor No"
FOE Apr 01 The Hacker News
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
FOE Apr 01 CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE Apr 01 The Hacker News
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
FOE Apr 01 The Hacker News
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
FOE Apr 01 Bleeping Computer
FBI warns against using Chinese mobile apps due to privacy risks
FOE Apr 01 CSO Online
WhatsApp malware campaign uses malicious VBS files to gain persistent access
FOE Apr 01 The Hacker News
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
FOE Apr 01 CSO Online
Hacker zielen auf Exilportal Iranwire
FOE Apr 01 SANS Internet Storm Center
Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
FOE Apr 01 Dark Reading
Are We Training AI Too Late?
FOE Apr 01 Bleeping Computer
Google fixes fourth Chrome zero-day exploited in attacks in 2026
FOE Apr 01 Schneier on Security
A Taxonomy of Cognitive Security
FOE Apr 01 CSO Online
9 ways CISOs can combat AI hallucinations
FOE Apr 01 CSO Online
Security awareness is not a control: Rethinking human risk in enterprise security
FOE Apr 01 SecurityWeek
Axios NPM Package Breached in North Korean Supply Chain Attack
FOE Apr 01 The Register (Security)
UK manufacturers under cyber fire with 80% reporting attacks
FOE Apr 01 The Hacker News
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
FOE Apr 01 SecurityWeek
Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents
FRIEND Apr 01 CSO Online
Im Fokus: IT-Leadership
FRIEND Apr 01 Bleeping Computer
Google Drive ransomware detection now on by default for paying users
FOE Apr 01 The Hacker News
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
FOE Apr 01 Risky Business News
Risky Bulletin: Iranian password sprays came first, then came the missiles
FRIEND Apr 01 Bleeping Computer
New Windows 11 emergency update fixes preview update install issues
FRIEND Apr 01 CSO Online
Attack Surface Management – ein Kaufratgeber
FOE Apr 01 CSO Online
Anthropic employee error exposes Claude Code source
FOE Apr 01 Bleeping Computer
Claude Code source code accidentally leaked in NPM package
FRIEND Apr 01 Recorded Future Blog
Industrialization of the Fraud Ecosystem Blog
About Methodology Fair Use Privacy Contact RSS

Scanning the threat landscape.