FOE
CSO Online
Bank regulator sounds warning over cybersecurity threat posed by AI models
FOE
EFF Deeplinks
Utah’s New Law Targeting VPNs Goes Into Effect Next Week
FOE
The Register (Security)
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
FOE
The Register (Security)
The never-ending supply chain attacks worm into SAP npm packages, other dev tools
FOE
Dark Reading
TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
FOE
Dark Reading
Another AI-Assisted Software Scan Yields 9-Year-Old Linux Bug
FOE
The Register (Security)
Bot her emails: most modern phishing campaigns are AI-enabled
FOE
The Register (Security)
Bot her emails: most modern phishing campaigns are AI-enabled
FOE
Ars Technica (Security)
The most severe Linux threat to surface in years catches the world flat-footed
FOE
The Intercept (Privacy)
Ron Wyden Is Pissing Off the NSA’s Biggest Backers. Tom Cotton Warns There Will Be “Consequences.”
FOE
The Register (Security)
FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'
FOE
The Register (Security)
FBI cyber boss: China's hacker-for-hire ecosystem 'out of control'
FOE
Dark Reading
Anthropic's Mythos Has Landed: Here's What Comes Next for Cyber
FOE
Bleeping Computer
New Bluekit phishing service includes an AI assistant, 40 templates
FOE
SecurityWeek
Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge
FOE
SecurityWeek
AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours
FRIEND
BrightTALK InfoSec
Mastering Resilience in Modern Security
FOE
Bleeping Computer
Romanian leader of online swatting ring gets 4 years in prison
FRIEND
EPIC
To protect kids online, don’t ban them from social media. Regulate design.
FOE
The Register (Security)
Google's fix for critical Gemini CLI bug might break your CI/CD pipelines
FOE
The Register (Security)
Google's fix for critical Gemini CLI bug might break your CI/CD pipelines
FOE
EFF Deeplinks
Open Records Laws Reveal ALPRs’ Sprawling Surveillance. Now States Want to Block What the Public Sees.
FOE
The Register (Security)
French prosecutors link 15-year-old to mega-breach at state’s secure document agency
FOE
The Register (Security)
French prosecutors link 15-year-old to mega-breach at state’s secure document agency
FOE
Bleeping Computer
FBI links cybercriminals to sharp surge in cargo theft attacks
FOE
The Hacker News
PyTorch Lightning Compromised in PyPI Supply Chain Attack to Steal Credentials
FOE
BrightTALK InfoSec
Synthetic Risk, Authentic Trust: Enterprise Security in the Age of AI
FOE
Bleeping Computer
April KB5083769 Windows 11 update causes backup software failures
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: They’ll never know
FOE
SecurityWeek
SonicWall Urges Immediate Patching of Firewall Vulnerabilities
FOE
SecurityWeek
SAP NPM Packages Targeted in Supply Chain Attack
FOE
Krebs on Security
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
FOE
Bleeping Computer
What Happens in the First 24 Hours After a New Asset Goes Live
FOE
The Hacker News
ThreatsDay Bulletin: SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks and 25 More Stories
FOE
Bleeping Computer
New Linux ‘Copy Fail’ flaw gives hackers root on major distros
FRIEND
Dark Reading
Oracle Red Bull Racing Team Revs Up Automation to Boost Security
FOE
The Hacker News
New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
FOE
SecurityWeek
Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks
FOE
CSO Online
Dismantle implicit trust in OT networks, CISA tells critical infrastructure operators
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: That’s what I thought you said
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
ABB Ability OPTIMAX
FOE
CISA Alerts
ABB PCM600
FOE
CISA Alerts
ABB Edgenius Management Portal
FOE
CISA Alerts
ABB AWIN Gateways
FOE
CISA Alerts
ABB System 800xA, Symphony Plus IEC 61850
FOE
CISA Alerts
ABB Ability Symphony Plus Engineering
FOE
SecurityWeek
EnOcean SmartServer Flaws Expose Buildings to Remote Hacking
FOE
Bleeping Computer
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
FOE
The Register (Security)
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005
FOE
The Register (Security)
Nearly half of UK businesses pwned last year as phishing keeps doing the job like it's 2005
FOE
CSO Online
Max-severity RCE flaw found in Google Gemini CLI
FOE
The Hacker News
EtherRAT Distribution Spoofing Administrative Tools via GitHub Facades
FOE
Bleeping Computer
Police dismantles 9 crypto scam centers, arrests 276 suspects
FOE
SecurityWeek
Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months
FOE
The Register (Security)
What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
FOE
The Register (Security)
What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia
FOE
Schneier on Security
Fast16 Malware
FOE
The Register (Security)
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
FOE
The Register (Security)
Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
FOE
SecurityWeek
‘Copy Fail’ Logic Flaw in Linux Kernel Enables System Takeover
FOE
CSO Online
SAP npm package attack highlights risks in developer tools and CI/CD pipelines
FOE
The Hacker News
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
FOE
CSO Online
Stopping the quiet drift toward excessive agency with re-permissioning
FOE
CSO Online
ODNI to CISOs on threat assessments: You’re on your own
FOE
SecurityWeek
Sandhills Medical Says Ransomware Breach Affects 170,000
FOE
The Register (Security)
Finance company stores DB credentials in helpfully labeled spreadsheet
FOE
The Register (Security)
Finance company stores DB credentials in helpfully labeled spreadsheet
FRIEND
EFF Deeplinks
Digital Hopes, Real Power: From Connection to Collective Action
FOE
The Hacker News
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
FRIEND
CSO Online
10 wichtige Security-Eigenschaften: So setzen Sie die Kraft Ihres IT-Sicherheitstechnik-Teams frei
FOE
Risky Business News
Srsly Risky Biz: US Vows to Fight Distillation Attacks
FOE
CSO Online
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
FOE
EPIC
Texas Observer: As License Plate Readers Expand in Texas, Privacy Advocates are Fighting Back
FOE
SANS Internet Storm Center
Danger of Libredtail [Guest Diary], (Wed, Apr 29th)
FOE
The Register (Security)
Linux cryptographic code flaw offers fast route to root
FOE
The Register (Security)
Linux cryptographic code flaw offers fast route to root
FOE
CISA KEV
CVE-2026-41940: WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability
FOE
Dark Reading
Claude Mythos Fears Startle Japan's Financial Services Sector
FRIEND
Professor Messer
Professor Messer’s SY0-701 Security+ Study Group – April 2026
FOE
Bleeping Computer
Official SAP npm packages compromised to steal credentials
FOE
Bleeping Computer
Popular WordPress redirect plugin hid dormant backdoor for years
FOE
The Intercept (Privacy)
Mike Johnson Used Crypto Catnip to Get Freedom Caucus Support for Domestic Spy Law
FOE
EFF Deeplinks
EFF Submission to UN Report on the Role of Media in the Context of Israel’s Policies Toward Palestinians
FOE
Bleeping Computer
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
FRIEND
The Register (Security)
Researchers move in the right direction, develop powerful GPS interference alarm
FRIEND
The Register (Security)
Researchers move in the right direction, develop powerful GPS interference alarm
FOE
Dark Reading
Reverse Engineering With AI Unearths High-Severity GitHub Bug
FOE
Dark Reading
AI Finds 38 Security Flaws in Electronic Health Record Platform
FOE
EFF Deeplinks
Former EFF Activism Director's New Book, Transaction Denied, Explores What Happens When Financial Companies Act like Censors
FOE
The Register (Security)
Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
FOE
The Register (Security)
Microsoft's patch for a 0-day exploited by Russian spies fell short. Another Windows flaw is under attack
FRIEND
The Register (Security)
Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
FRIEND
The Register (Security)
Legacy TLS tour continues with Exchange Online blocking old versions from July 2026
FOE
Bleeping Computer
Hackers arrested for hijacking and selling 610,000 Roblox accounts
FOE
The Register (Security)
Yet another experiment proves it's too damn simple to poison large language models
FOE
The Hacker News
SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack
FOE
Bleeping Computer
cPanel, WHM emergency update fixes critical auth bypass bug
FOE
The Register (Security)
CISA flags data-theft bug in NSA-built OT networking tool
FOE
The Register (Security)
CISA flags data-theft bug in NSA-built OT networking tool
FOE
Dark Reading
Vect 2.0 Ransomware Acts as Wiper, Thanks to Design Error
FOE
The Hacker News
New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs
FOE
Bleeping Computer
European police dismantles €50 million crypto investment fraud ring
FOE
Privacy International
Dual-use tech: the BAE Systems example
FRIEND
Black Hills Information Security
A Practical Guide to BloodHound Data Collection
FOE
Privacy International
Dual-use tech: the Lockheed Martin example
FOE
SANS Internet Storm Center
Today's Odd Web Requests, (Wed, Apr 29th)
FOE
Bleeping Computer
Learning from the Vercel breach: Shadow AI & OAuth sprawl
FOE
SecurityWeek
Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure
FRIEND
The Register (Security)
GitHub: Zounds, a genuinely helpful AI-assisted bug report that isn't total slop! Here, Wiz, take this wad of cash
FOE
The Register (Security)
GitHub: Woah, a genuinely helpful AI-assisted bug report that isn't total slop. Here, Wiz, take this wad of cash
FOE
Dark Reading
Lotus Wiper Attack Targets Venezuelan Energy Firms, Utilities
FOE
Bleeping Computer
GitHub fixes RCE flaw that gave access to millions of private repos
FOE
SecurityWeek
Hundreds of Internet-Facing VNC Servers Expose ICS/OT
FRIEND
The Register (Security)
EU waves through open source age-check tool to keep kids safe online
FOE
The Hacker News
Webinar: How to Automate Exposure Validation to Match the Speed of AI Attacks
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Ten questions, ten different answers
FRIEND
CISA Alerts
Adapting Zero Trust Principles to Operational Technology
FOE
CSO Online
Critical GitHub RCE bug exposed millions of repositories
FRIEND
The Hacker News
What to Look for in an Exposure Management Platform (And What Most of Them Get Wrong)
FOE
SecurityWeek
Checkmarx Confirms Data Stolen in Supply Chain Attack
FOE
Ars Technica (Security)
Why a recent supply-chain attack singled out security firms Checkmarx and Bitwarden
FOE
SecurityWeek
Iranian Cyber Group Handala Targets US Troops in Bahrain
FOE
Bleeping Computer
CISA orders feds to patch Windows flaw exploited as zero-day
FRIEND
Schneier on Security
Claude Mythos Has Found 271 Zero-Days in Firefox
FOE
The Register (Security)
GoDaddy customer claims registrar transferred 27-year-old domain without any security checks
FOE
SecurityWeek
38 Vulnerabilities Found in OpenEMR Medical Software
FOE
The Hacker News
Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately
FRIEND
SecurityWeek
Chrome 147, Firefox 150 Security Updates Rolling Out
FRIEND
CSO Online
AWS leans on prior ingenuity to face future AI and quantum threats
FOE
The Hacker News
CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV
FOE
Bleeping Computer
Microsoft says backend change broke Teams Free chat and calls
FOE
The Register (Security)
30 ClawHub skills secretly turn AI agents into a crypto swarm
FOE
The Register (Security)
30 ClawHub skills secretly turn AI agents into a crypto swarm
FOE
SecurityWeek
Critical GitHub Vulnerability Exposed Millions of Repositories
FOE
The Hacker News
LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure
FRIEND
CSO Online
Third Party Risk Management: So vermeiden Sie Compliance-Unheil
FOE
Risky Business News
Risky Bulletin: UK NCSC blasts SOC metrics
FOE
CSO Online
More fake extensions linked to GlassWorm found in Open VSX code marketplace
FOE
EPIC
Federal News Network: GAO report on DOGE payments access ‘just the tip of the iceberg’
FOE
Sophos News
'Mini Shai-Hulud' supply chain attack targets SAP npm packages
FOE
EPIC
CNET: Supreme Court Weighs Arguments Over How Police Request Location Data to Solve Crimes
FOE
Dark Reading
BlueNoroff Uses Fake Zoom Calls to Turn Victims Into Attack Lures
FOE
Bleeping Computer
Broken VECT 2.0 ransomware acts as a data wiper for large files
FOE
Bleeping Computer
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
FRIEND
EFF Deeplinks
The Open Social Web Needs Section 230 to Survive
FOE
Dark Reading
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
FRIEND
EPIC
EPIC Testifies in Support of Bill to Expand Privacy Protections for Vermonters
FRIEND
Dark Reading
Feuding Ransomware Groups Leak Each Other's Data
FOE
Dark Reading
Vidar Rises to Top of Chaotic Infostealer Market
FOE
Bleeping Computer
Video service Vimeo confirms Anodot breach exposed user data
FOE
The Register (Security)
Don't pay Vect a ransom - your data's likely already wiped out
FOE
The Register (Security)
Don't pay Vect a ransom - your data's likely already wiped out
FRIEND
SecurityWeek
Cyber Insurance Data Gives CISOs New Ammo for Budget Talks
FOE
The Hacker News
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
FOE
The Hacker News
Brazilian LofyGang Resurfaces After Three Years With Minecraft LofyStealer Campaign
FOE
SecurityWeek
Vimeo Confirms User and Customer Data Breach
FRIEND
BrightTALK InfoSec
Fire, Brimstone and Bad Security Decisions
FOE
BrightTALK InfoSec
Closing the Browser Gap: Defending Against AiTM and Shadow AI
FOE
EPIC
EPIC and Coalition Renew Calls on Congress to Oppose Bad Financial Privacy Bill
FOE
SecurityWeek
The Mythos Moment: Enterprises Must Fight Agents with Agents
FOE
Bleeping Computer
US reportedly charges Scattered Spider hacker arrested in Finland
FRIEND
SecurityWeek
Webinar Today: A Step-by-Step Approach to AI Governance
FRIEND
Professor Messer
Today’s N10-009 CompTIA Network+ Pop Quiz: There’s an empty seat over there
FOE
Dark Reading
Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain
FOE
Bleeping Computer
Checkmarx confirms LAPSUS$ hackers leaked its stolen GitHub data
FOE
SecurityWeek
Robinhood Vulnerability Exploited for Phishing Attacks
FOE
The Register (Security)
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
FOE
The Register (Security)
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
FOE
EPIC
League of Women Voters, EPIC Renew Call for Court to Protect Privacy and Voting Rights in Case Challenging Illegal SAVE Overhaul
FOE
The Hacker News
VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXi
FOE
BrightTALK InfoSec
Mitigating AI Risks: Understanding and Addressing the Risks of AI Systems
FOE
SecurityWeek
Alleged Chinese State Hacker Extradited to US
FOE
SANS Internet Storm Center
HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)
FRIEND
Bleeping Computer
Microsoft to deprecate legacy TLS in Exchange Online starting July
FOE
CSO Online
Critical Cursor bug could turn routine Git into RCE
FOE
Bleeping Computer
Inside an OPSEC Playbook: How Threat Actors Evade Detection
FOE
SecurityWeek
Dozens of Open VSX Extension Clones Linked to GlassWorm Malware
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: The problem is reading it
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
NSA GRASSMARLIN
FRIEND
SecurityWeek
Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable
FRIEND
NIST Cybersecurity Insights
From DMV to Wallet: Understanding Verifiable Digital Credential Issuance
FOE
The Hacker News
Why Secure Data Movement Is the Zero Trust Bottleneck Nobody Talks About
FOE
SecurityWeek
Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety
FOE
SecurityWeek
No Patch for New PhantomRPC Privilege Escalation Technique in Windows
FOE
The Hacker News
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
FOE
Schneier on Security
What Anthropic’s Mythos Means for the Future of Cybersecurity
FOE
SecurityWeek
Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials
FOE
The Hacker News
After Mythos: New Playbooks For a Zero-Window Era
FOE
The Register (Security)
SUSE's sovereignty pitch meets an inconvenient $6 billion question
FOE
CSO Online
Securing RAG pipelines in enterprise SaaS
FOE
Bleeping Computer
Microsoft: New Remote Desktop warnings may display incorrectly
FOE
CSO Online
What CISOs need to get right as identity enters the agentic era
FOE
CSO Online
Stopping AiTM attacks: The defenses that actually work after authentication succeeds
FRIEND
Bleeping Computer
Microsoft asks iPhone users to reauthenticate after Outlook outage
FRIEND
SecurityWeek
Spectrum Security Emerges From Stealth Mode With $19 Million
FOE
The Hacker News
Chinese Silk Typhoon Hacker Extradited to U.S. Over COVID Research Cyberattacks
FOE
The Hacker News
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
FOE
SecurityWeek
Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak
FOE
The Hacker News
Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202
FRIEND
CSO Online
EDR-Software – ein Kaufratgeber
FOE
CSO Online
Infected Cisco firewalls need cold start to clear persistent Firestarter backdoor
FRIEND
Recorded Future Blog
The Money Mule Problem Solution: What Every Scam Has in Common
FOE
CISA KEV
CVE-2026-32202: Microsoft Windows Protection Mechanism Failure Vulnerability
FOE
CISA KEV
CVE-2024-1708: ConnectWise ScreenConnect Path Traversal Vulnerability
FOE
Recorded Future Blog
Lazarus Doesn't Need AGI
FOE
The Register (Security)
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
FOE
The Register (Security)
Ongoing supply-chain attack 'explicitly targeting' security, dev tools
FOE
EPIC
The Guardian: US Supreme Court Hears Whether Smartphone Location Data Warrants Infringe Users’ Privacy
FOE
EPIC
CyberScoop: Supreme Court justices skeptically question both sides in geofence surveillance case
FOE
EPIC
PPC Land: Your work apps collect more data than you think, study finds
FOE
EFF Deeplinks
The GUARD Act Isn’t Targeting Dangerous AI—It’s Blocking Everyday Internet Use
FOE
Bleeping Computer
Robinhood account creation flaw abused to send phishing emails
FOE
EFF Deeplinks
Congress Must Reject New Insufficient 702 Reauthorization Bill
FOE
Bleeping Computer
GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions
FOE
The Register (Security)
Cursor-Opus agent snuffs out startup’s production database
FOE
Ars Technica (Security)
Open source package with 1 million monthly downloads stole user credentials
FOE
Dark Reading
UNC6692 Combines Social Engineering, Malware, Cloud Abuse
FOE
Bleeping Computer
Canada arrests three for operating “SMS blaster” device in Toronto
FOE
Bleeping Computer
Alleged Silk Typhoon hacker extradited to US for cyberespionage
FOE
The Register (Security)
Medical and utility tech companies admit digital breakins
FOE
The Register (Security)
Medical and utility tech companies hacked by digital intruders
FRIEND
EFF Deeplinks
The Internet Still Works: SmugMug Powers Online Photography
FOE
Bleeping Computer
FTC: Americans lost over $2.1 billion to social media scams in 2025
FOE
Dark Reading
Unpatched 'PhantomRPC' Flaw in Windows Enables Privilege Escalation
FOE
Bleeping Computer
PyPI package with 1.1M monthly downloads hacked to push infostealer
FOE
Bleeping Computer
Home security giant ADT data breach affects 5.5 million people
FRIEND
Bleeping Computer
Webinar: Spotting cyberattacks before they begin
FOE
The Hacker News
Checkmarx Confirms GitHub Repository Data Posted on Dark Web After March 23 Attack
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)
FOE
Bleeping Computer
Medtronic confirms breach after hackers claim 9 million records theft
FOE
The Hacker News
⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & More
FOE
Dark Reading
20-Year-Old Malware Rewrites History of Cyber Sabotage
FOE
SecurityWeek
Incomplete Windows Patch Opens Door to Zero-Click Attacks
FOE
Bleeping Computer
Money launderer linked to $230M crypto heist gets 70 months in prison
FOE
Bleeping Computer
Deepfake Voice Attacks are Outpacing Defenses: What Security Leaders Should Know
FOE
Dark Reading
Parsing Agentic Offensive Security's Existential Threat
FOE
CSO Online
Microsoft patched an ‘agent-only’ role that was not
FOE
SecurityWeek
OpenSSH Flaw Allowing Full Root Shell Access Lurked for 15 Years
FOE
The Register (Security)
Cybersec is a thankless job: expanding workload and shrinking pay packet
FOE
The Register (Security)
Cybersec is a thankless job: expanding workload and shrinking pay packet
FOE
SecurityWeek
Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: Google
FOE
Bleeping Computer
Microsoft says Outlook.com outage is causing sign‑in failures
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: Lots of dinging noises
FOE
The Hacker News
Mythos Changed the Math on Vulnerability Discovery. Most Teams Aren't Ready for the Remediation Side
FOE
The Hacker News
PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks
FOE
The Register (Security)
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
FOE
The Register (Security)
Burglar alarm biz burgled: ADT confirms cyber intrusion after ShinyHunters extortion attempt
FOE
The Hacker News
Researchers Uncover 73 Fake VS Code Extensions Delivering GlassWorm v2 Malware
FRIEND
The Register (Security)
Microsoft updates the Windows Update Experience: You can hit pause now
FOE
SecurityWeek
Energy and Water Management Firm Itron Hacked
FRIEND
Schneier on Security
Medieval Encrypted Letter Decoded
FOE
SecurityWeek
UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware
FOE
SecurityWeek
Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access
FRIEND
SecurityWeek
US Launches Sweeping Crackdown on Southeast Asia Cyberscams and Sanctions Cambodian Senator
FRIEND
The Register (Security)
ICO chief John Edwards steps back as workplace probe quietly unfolds
FOE
The Intercept (Privacy)
Meet the Four Democrats Who’ll Decide If Trump Gets His Domestic Spying Law
FRIEND
CSO Online
AI is reshaping DevSecOps to bring security closer to the code
FRIEND
CSO Online
The ‘manager of agents’: How AI evolves the SOC analyst role
FOE
SecurityWeek
Firefox Vulnerability Allows Tor User Fingerprinting
FOE
The Register (Security)
Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now
FOE
The Register (Security)
Anthropic's magic code-sniffer: More Swiss cheese than cheddar, for now
FRIEND
OWASP Blog
The OWASP Foundation appoints Missie Lindsey as Director of Corporate Relations
FOE
The Hacker News
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
FRIEND
CSO Online
4 Wege aus der Security-Akronymhölle
FOE
Risky Business News
Risky Bulletin: New fingerprinting technique can track Tor users
FOE
The Register (Security)
Google Cloud Next proves what we suspected: Everything is AI now
FOE
Bleeping Computer
American utility firm Itron discloses breach of internal IT network
FOE
The Register (Security)
AI's not going to kill open source code security
FOE
The Register (Security)
Hot take: AI's not going to kill open source code security
FOE
Bleeping Computer
Threat actor uses Microsoft Teams to deploy new “Snow” malware
FOE
SecurityWeek
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
FOE
The Register (Security)
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
FOE
The Register (Security)
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
FOE
The Hacker News
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
FOE
The Hacker News
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline
FOE
EFF Deeplinks
Act Now to Stop California’s Paternalistic and Privacy-Destroying Social Media Ban
FRIEND
EFF Deeplinks
EFF Challenges Secrecy In Eastern District of Texas Patent Case
FOE
Bleeping Computer
ADT confirms data breach after ShinyHunters leak threat
FOE
Dark Reading
Helping Romance Scam Victims Require a Proactive, Empathic Approach
FOE
Bleeping Computer
Firestarter malware survives Cisco firewall updates, security patches
FOE
CSO Online
New US House privacy bills raise hard questions about enterprise data collection
FRIEND
Bleeping Computer
Windows Update gets new controls to reduce forced restarts
FOE
EFF Deeplinks
California Coastal Community Must Reject CBP's AI-Powered Surveillance Tower
FOE
Ars Technica (Security)
Why are top university websites serving porn? It comes down to shoddy housekeeping.
FOE
CSO Online
Scattered Spider co-conspirator pleads guilty
FOE
Bleeping Computer
New BlackFile extortion group linked to surge of vishing attacks
FOE
CSO Online
CISA last in line for access to Anthropic Mythos
FRIEND
Bleeping Computer
Microsoft to roll out Entra passkeys on Windows in late April
FOE
Bleeping Computer
New ‘Pack2TheRoot’ flaw gives hackers root Linux access
FOE
The Hacker News
FIRESTARTER Backdoor Hit Federal Cisco Firepower Device, Survives Security Patches
FOE
Sophos News
Supply chain attacks hit Checkmarx and Bitwarden developer tools
FOE
Dark Reading
US Busts Myanmar Ring Targeting US Citizens in Financial Fraud
FOE
The Register (Security)
US clarifies mobile hotspots part of foreign router ban despite rarity of American made consumer kit
FOE
The Register (Security)
ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface
FOE
The Register (Security)
ShinyHunters claim they have cruise giant Carnival's booty as 7.5M emails surface
FOE
Dark Reading
Glasswing Secured the Code. The Rest of Your Stack Is Still on You
FOE
The Intercept (Privacy)
Palantir Is Helping Trump’s IRS Conduct “Massive-Scale” Data Mining
FOE
SecurityWeek
Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions
FOE
The Register (Security)
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
FOE
The Register (Security)
Governments on high alert after CISA snuffs out Firestarter backdoor on fed network
FOE
SecurityWeek
In Other News: Unauthorized Mythos Access, Plankey CISA Nomination Ends, New Display Security Device
FRIEND
The Register (Security)
More ancient Linux device support faces the chop
FOE
The Hacker News
NASA Employees Duped in Chinese Phishing Scheme Targeting U.S. Defense Software
FRIEND
Bleeping Computer
DORA and operational resilience: Credential management as a financial risk control
FOE
Bleeping Computer
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
FOE
Dark Reading
AI Phishing Is No. 1 With a Bullet for Cyberattackers
FOE
Dark Reading
North Korea's Lazarus Targets macOS Users via ClickFix
FRIEND
The Register (Security)
Intel bets the farm on AI inference to drag CPU back to the top table
FOE
The Register (Security)
Intel bets the farm on AI inference to drag CPU back to the top table
FOE
SecurityWeek
Why Cybersecurity Must Rethink Defense in the Age of Autonomous Agents
FRIEND
SecurityWeek
Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise
FRIEND
Professor Messer
Today’s 220-1201 CompTIA A+ Pop Quiz: It’s not recording
FOE
CISA Alerts
CISA Adds Four Known Exploited Vulnerabilities to Catalog
FOE
The Hacker News
Bridging the AI Agent Authority Gap: Continuous Observability as the Decision Engine
FOE
The Hacker News
26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases
FOE
The Register (Security)
Microsoft beefs up Remote Desktop security with ... hard-to-read messages
FRIEND
The Register (Security)
It's a myth that you need Mythos to find bugs: Open source models can do it just as well
FRIEND
The Register (Security)
It's a myth that you need Mythos to find bugs: Open source models can do it just as well
FRIEND
Bleeping Computer
Microsoft now lets admins uninstall Copilot on enterprise devices
FOE
SecurityWeek
US Federal Agency’s Cisco Firewall Infected With ‘Firestarter’ Backdoor
FOE
SecurityWeek
Trump Administration Vows Crackdown on Chinese Companies ‘Exploiting’ AI Models Made in US
FOE
Schneier on Security
Hiding Bluetooth Trackers in Mail
FOE
SecurityWeek
Vulnerabilities Patched in CrowdStrike, Tenable Products
FOE
The Hacker News
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
FOE
The Register (Security)
UK gov pays public £550 to discuss Digital ID – then bans journalists from the room
FOE
SecurityWeek
Bitwarden NPM Package Hit in Supply Chain Attack
FRIEND
SecurityWeek
Copperhelm Raises $7 Million for Agentic Cloud Security Platform
FOE
The Hacker News
LMDeploy CVE-2026-33626 Flaw Exploited Within 13 Hours of Disclosure
FOE
The Register (Security)
Researchers find cyber-sabotage malware that may predate Stuxnet by five years
FOE
The Register (Security)
Researchers find cyber-sabotage malware that may predate Stuxnet by five years
FOE
Risky Business News
Risky Bulletin: There are now SIM-Farm-as-a-Service providers
FOE
The Register (Security)
Weak security means attackers could disable all of a city's public EV chargers
FOE
The Register (Security)
Weak security means attackers could disable all of a city's public EV chargers
FRIEND
CSO Online
Security-KPIs und -KRIs: So messen Sie Cybersicherheit
FOE
Dark Reading
Tropic Trooper APT Takes Aim at Home Routers, Japanese Targets
FOE
Sophos News
Supply chain attacks hit Checkmarx and Bitwarden developer tools
FRIEND
Recorded Future Blog
From Overwhelmed to Autonomous: Rethinking Threat Intelligence in 2026
FOE
CISA KEV
CVE-2024-7399: Samsung MagicINFO 9 Server Path Traversal Vulnerability
FOE
CISA KEV
CVE-2024-57728: SimpleHelp Path Traversal Vulnerability
FOE
CISA KEV
CVE-2025-29635: D-Link DIR-823X Command Injection Vulnerability
FOE
CSO Online
Bitwarden CLI password manager trojanized in supply chain attack
FRIEND
EFF Deeplinks
EFF to 9th Circuit (Again): App Stores Shouldn’t Be Liable for Processing Payments for User Content
FOE
The Register (Security)
Dev targeted by sophisticated job scam: 'I let my guard down, and ran the freaking code'
FOE
Bleeping Computer
Hackers exploit file upload bug in Breeze Cache WordPress plugin
FOE
Dark Reading
China-Backed Hackers Are Industrializing Botnets
FOE
Ars Technica (Security)
In a first, a ransomware family is confirmed to be quantum-safe
FRIEND
CSO Online
3 practical ways AI threat detection improves enterprise cyber resilience
FOE
CSO Online
The curious case of Sean Plankey’s derailed CISA nomination
FRIEND
EFF Deeplinks
Speaking Freely: Lizzie O'Shea
FOE
The Register (Security)
Chinese attackers are pwning your infrastructure to use in attacks, 10 countries warn
FOE
Bleeping Computer
Bitwarden CLI npm package compromised to steal developer credentials
FOE
Bleeping Computer
Trigona ransomware attacks use custom exfiltration tool to steal data
FOE
The Hacker News
UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware
FOE
The Register (Security)
Age checks could turn internet into an ID checkpoint, complains Proton CEO
FOE
Bleeping Computer
New Checkmarx supply-chain breach affects KICS analysis tool
FOE
Dark Reading
Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
FRIEND
SecurityWeek
Cloudsmith Raises $72 Million in Series C Funding
FRIEND
Professor Messer
Today’s SY0-701 CompTIA Security+ Pop Quiz: Let’s get a soda
FOE
Dark Reading
Bad Memories Still Haunt AI Agents
FOE
Bleeping Computer
Cosmetics giant Rituals discloses data breach affecting customers
FOE
Bleeping Computer
Regular Password Resets Aren’t as Safe as You Think
FOE
The Hacker News
Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain Campaign
FRIEND
The Register (Security)
American farms have a new steward for their safety net, disaster programs... Palantir
FOE
Bleeping Computer
Microsoft: Some Teams users can’t join meetings after Edge update
FOE
The Hacker News
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
FRIEND
CSO Online
Offer customers passkeys by default, UK’s NCSC tells enterprises
FOE
SecurityWeek
Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos
FOE
The Register (Security)
Medical data of 500k Biobank volunteers listed for sale on Alibaba, UK minister reveals
FOE
Bleeping Computer
UK warns of Chinese hackers using proxy networks to evade detection
FOE
The Register (Security)
Hybrid clouds have two attack surfaces and you’re not paying enough attention to either
FRIEND
CSO Online
Google drafts AI agents secure systems against AI hackers
FRIEND
CSO Online
Google gets agent-ready for the Mythos age
FOE
Bleeping Computer
New GopherWhisper APT group abuses Outlook, Slack, Discord for comms
FOE
The Hacker News
[Webinar] Mythos Reality Check: Beating Automated Exploitation at AI Speed
FRIEND
Professor Messer
Today’s 220-1202 CompTIA A+ Pop Quiz: It’s all chalk drawings
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Yadea T5 Electric Bicycle
FOE
CISA Alerts
Carlson Software VASCO-B GNSS Receiver
FOE
CISA Alerts
Intrado 911 Emergency Gateway (EGW)
FOE
CISA Alerts
Hangzhou Xiongmai Technology Co., Ltd XM530 IP Camera
FOE
CISA Alerts
SpiceJet Online Booking System
FOE
CISA Alerts
Milesight Cameras
FOE
CISA Alerts
FIRESTARTER Backdoor
FOE
CISA Alerts
Defending Against China-Nexus Covert Networks of Compromised Devices
FRIEND
SecurityWeek
Rilian Raises $17.5 Million for AI-Native Security Orchestration
FRIEND
The Hacker News
Project Glasswing Proved AI Can Find the Bugs. Who's Going to Fix Them?
FOE
SecurityWeek
The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface
FOE
Bleeping Computer
CISA orders feds to patch BlueHammer flaw exploited as zero-day
FOE
Schneier on Security
FBI Extracts Deleted Signal Messages from iPhone Notification Database
FOE
SecurityWeek
Luxury Cosmetics Giant Rituals Discloses Data Breach
FRIEND
The Register (Security)
If malware via monitor cables is a matter of national security, this might be the gadget for you
FOE
SANS Internet Storm Center
Apple Patches Exploited Notification Flaw, (Thu, Apr 23rd)
FOE
SecurityWeek
AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers
FOE
The Intercept (Privacy)
ChatGPT Confessed to a Crime It Couldn’t Possibly Have Committed
FOE
Dark Reading
'Zealot' Shows What AI's Capable of in Staged Cloud Attack
FOE
The Register (Security)
Sharing isn’t caring if it’s an admin password
FOE
CSO Online
Microsoft taps Anthropic’s Mythos to strengthen secure software development
FOE
The Hacker News
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
FOE
SecurityWeek
Apple Patches iOS Flaw Allowing Recovery of Deleted Chats
FOE
The Hacker News
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
FOE
The Hacker News
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
FOE
SecurityWeek
Recent Microsoft Defender Vulnerability Exploited as Zero-Day
FRIEND
The Register (Security)
Pass the key, passwords have passed their sell-by date
FOE
Dark Reading
Africa Relinquishes Cyberattack Lead to Latin America — For Now
FRIEND
CSO Online
CNAPP – ein Kaufratgeber
FOE
Risky Business News
Srsly Risky Biz: Musk Snubs French Authorities
FOE
CSO Online
Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure
FRIEND
CSO Online
Claude Mythos signals a new era in AI-driven security, finding 271 flaws in Firefox
FOE
CSO Online
Malicious pgserve, automagik developer tools found in npm registry
FOE
CISA KEV
CVE-2026-39987: Marimo Remote Code Execution Vulnerability
FOE
Recorded Future Blog
Critical minerals and cyber operations
FOE
The Register (Security)
Another npm supply chain worm is tearing through dev environments
FOE
Ars Technica (Security)
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage
FRIEND
The Register (Security)
Anthropic's super-scary bug hunting model Mythos is shaping up to be a nothingburger
FOE
Bleeping Computer
Apple fixes iOS bug that retained deleted notification data
FOE
Dark Reading
'The Gentlemen' Rapidly Rises to Ransomware Prominence
FRIEND
TCM Security Blog
11 Types of Ethical Hacking: The Definitive Guide for 2026
FOE
Bleeping Computer
New Mirai campaign exploits RCE flaw in EoL D-Link routers
FRIEND
Sophos News
Strengthening authentication with passkeys: A CISO playbook
FOE
EPIC
EPIC’s statement on the House GOP SECURE Data Act and GUARD Financial Data Act
FOE
Ars Technica (Security)
Microsoft issues emergency update for macOS and Linux ASP.NET threat
FOE
Bleeping Computer
Kyber ransomware gang toys with post-quantum encryption on Windows
FOE
CSO Online
Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core
FOE
EFF Deeplinks
📁 How ICE Got My Data | EFFector 38.8
FOE
The Hacker News
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
FOE
EPIC
PRESS RELEASE: EPIC and civil rights groups sue Alaska Division of Elections for sharing unredacted voter registration list
FRIEND
EPIC
EPIC Joins Coalition Comment to FTC Supporting Swift Restoration of Click-to-Cancel Protections
FOE
The Hacker News
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
FRIEND
EPIC
EPIC Urges Sixth Circuit to Protect Voter Privacy and Refuse to Enforce DOJ’s Voter Roll Demand
FOE
EFF Deeplinks
EFF Sues DHS and ICE For Records on Subpoenas Seeking to Unmask Online Critics
FRIEND
Black Hills Information Security
Network Engineering Basics
FOE
The Hacker News
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
FRIEND
Bleeping Computer
Spain dismantles major $4.7M manga piracy platform, arrests four
FOE
Dark Reading
DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
FOE
SecurityWeek
After Bluesky, Mastodon Targeted in DDoS Attack
FOE
Dark Reading
Electricity Is a Growing Area of Cyber Risk
FOE
Bleeping Computer
Inside Caller-as-a-Service Fraud: The Scam Economy Has a Hiring Process
FOE
Bleeping Computer
New npm supply-chain attack self-spreads to steal auth tokens
FOE
SecurityWeek
Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says
FOE
SecurityWeek
New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention
FRIEND
The Register (Security)
Google unleashes even more AI security agents to fight the baddies
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
SecurityWeek
Mirai Botnet Targets Flaw in Discontinued D-Link Routers
FOE
CSO Online
NFC tap-to-pay gets tapped by hackers
FOE
The Register (Security)
France's 'Secure' ID agency probes breach as crooks claim 19M records
FOE
SecurityWeek
Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
FOE
SecurityWeek
Claude Mythos Finds 271 Firefox Vulnerabilities
FOE
The Register (Security)
Scotland Yard can keep using live facial recognition on Londoners, say judges
FOE
Schneier on Security
ICE Uses Graphite Spyware
FOE
The Hacker News
Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
FOE
SecurityWeek
North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks
FOE
The Hacker News
Toxic Combinations: When Cross-App Permissions Stack into Risk
FOE
Bleeping Computer
Microsoft traces Universal Print issues to Graph API code change
FOE
Bleeping Computer
New GoGra malware for Linux uses Microsoft Graph API for comms
FOE
SecurityWeek
Google Antigravity in Crosshairs of Security Researchers, Cybercriminals
FOE
The Hacker News
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
FOE
CSO Online
Anthropic bets on EPSS for the coming bug surge
FOE
SecurityWeek
Oracle Patches 450 Vulnerabilities With April 2026 CPU
FRIEND
The Register (Security)
Oil crisis? What oil crisis? IT spending de-coupled from wider war shock
FOE
Bleeping Computer
Microsoft releases emergency patches for critical ASP.NET flaw
FOE
The Hacker News
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
FOE
The Hacker News
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
FOE
Bleeping Computer
Over 1,300 Microsoft SharePoint servers vulnerable to spoofing attacks
FOE
Risky Business News
Risky Bulletin: Former FBI official calls for terrorism designations for ransomware groups that target hospitals and critical infrastructure
FRIEND
The Register (Security)
Mythos found 271 Firefox flaws – but none a human couldn’t spot
FRIEND
CSO Online
SBOM erklärt: Was ist eine Software Bill of Materials?
FOE
SANS Internet Storm Center
[Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
FOE
Recorded Future Blog
Evolution of Chinese-Language Guarantee Telegram Marketplaces
FRIEND
Sophos News
Strengthening authentication with passkeys: A CISO playbook
FOE
CISA KEV
CVE-2026-33825: Microsoft Defender Insufficient Granularity of Access Control Vulnerability
FRIEND
Recorded Future Blog
AI Hype vs. Reality: Is AI Really Rewriting the Vulnerability Equation?
FOE
Bleeping Computer
French govt agency confirms breach as hacker offers to sell data
FOE
Ars Technica (Security)
Mozilla: Anthropic's Mythos found 271 zero-day vulnerabilities in Firefox 150
FOE
The Register (Security)
Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor
FOE
Dark Reading
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
FOE
CSO Online
Thousands of Apache ActiveMQ instances still unpatched, weeks after an actively exploited hole discovered
FOE
The Register (Security)
Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide
FOE
Dark Reading
Exploits Turn Windows Defender into Attacker Tool
FOE
Bleeping Computer
New Lotus data wiper used against Venezuelan energy, utility firms
FRIEND
EFF Deeplinks
Copyright and DMCA Best Practices for Fediverse Operators
FOE
The Hacker News
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
FOE
The Register (Security)
More Cisco SD-WAN bugs battered in attacks
FOE
The Register (Security)
macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
FOE
The Hacker News
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters
FOE
Dark Reading
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
FOE
Dark Reading
Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
FOE
Krebs on Security
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
FOE
SecurityWeek
Third US Security Expert Admits Helping Ransomware Gang
FOE
The Hacker News
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
FOE
The Register (Security)
Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
FOE
SecurityWeek
Dozens of Malicious Crypto Apps Land in Apple App Store
FRIEND
Bleeping Computer
Stopping Fraud at Each Stage of the Customer Journey Without Adding Friction
FOE
Bleeping Computer
UK probes Telegram, teen chat sites over CSAM sharing concerns
FRIEND
The Hacker News
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
FOE
SecurityWeek
Unsecured Perforce Servers Expose Sensitive Data From Major Orgs
FOE
CSO Online
Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations
FRIEND
Ars Technica (Security)
Contrary to popular superstition, AES 128 is just fine in a post-quantum world
FOE
Bleeping Computer
CISA flags new SD-WAN flaw as actively exploited in attacks
FOE
The Register (Security)
AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account
FOE
CSO Online
Prompt injection turned Google’s Antigravity file search into RCE
FOE
SecurityWeek
Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster
FOE
CISA Alerts
Siemens SINEC NMS
FOE
CISA Alerts
Zero Motorcycles Firmware
FOE
CISA Alerts
Siemens SINEC NMS
FOE
CISA Alerts
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
FOE
CISA Alerts
Siemens RUGGEDCOM CROSSBOW Station Access Controller (SAC)
FOE
CISA Alerts
Siemens Industrial Edge Management
FOE
CISA Alerts
Hardy Barth Salia EV Charge Controller
FOE
CISA Alerts
Siemens Analytics Toolkit
FOE
CISA Alerts
Siemens TPM 2.0
FOE
CISA Alerts
SenseLive X3050
FOE
CISA Alerts
Silex Technology SD-330AC and AMC Manager
FOE
CISA Alerts
Siemens SCALANCE
FOE
Dark Reading
Chinese APT Targets Indian Banks, Korean Policy Circles
FOE
The Register (Security)
Crook claims to leak 'video surveillance footage' of companies
FOE
The Hacker News
No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
FOE
SecurityWeek
Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
FOE
Bleeping Computer
Actively exploited Apache ActiveMQ flaw impacts 6,400 servers
FOE
Schneier on Security
Mexican Surveillance Company
FOE
SecurityWeek
Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
FOE
The Register (Security)
Met police trials snoop tech platform in push to cuff more London shoplifters
FOE
The Hacker News
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
FOE
The Hacker News
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
FOE
Bleeping Computer
Former ransomware negotiator pleads guilty to BlackCat attacks
FOE
SecurityWeek
$290 Million Kelp DAO Crypto Heist Blamed on North Korea
FRIEND
CSO Online
Why identity is the driving force behind digital transformation
FOE
CSO Online
Top techniques attackers use to infiltrate your systems today
FOE
Bleeping Computer
NGate Android malware uses HandyPay NFC app to steal card data
FOE
CSO Online
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops
FOE
The Register (Security)
Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
FRIEND
The Register (Security)
Panasonic creates device-locked QR codes to speed facial biometric capture
FOE
SANS Internet Storm Center
A .WAV With A Payload, (Tue, Apr 21st)
FOE
The Hacker News
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
FOE
The Register (Security)
Iran claims US used backdoors to knock out networking equipment during war
FOE
EFF Deeplinks
Palantir Has a Human Rights Policy. Its ICE Work Tells a Different Story
FOE
Recorded Future Blog
Emerging Enterprise Security Risks of AI
FOE
The Register (Security)
Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
FOE
EPIC
FTC’s New Strategic Plan Falls Short for Consumers
FOE
Bleeping Computer
KelpDAO suffers $290 million heist tied to Lazarus hackers
FOE
Bleeping Computer
China's Apple App Store infiltrated by crypto-stealing wallet apps
FRIEND
EFF Deeplinks
The Internet Still Works: Reddit Empowers Community Moderation
FOE
Dark Reading
Vercel Employee's AI Tool Access Led to Data Breach
FOE
Bleeping Computer
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
FOE
Dark Reading
Serial-to-IP Devices Hide Thousands of Old and New Bugs
FOE
The Register (Security)
Claude Desktop changes app access settings for browsers you don't even have installed yet
FOE
Bleeping Computer
Seiko USA website defaced as hacker claims customer data theft
FOE
The Register (Security)
Scot becomes second Scattered Spider-linked crook to plead guilty in US
FOE
The Hacker News
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
FRIEND
Sophos News
Sophos Firewall v22 MR1 is now available
FOE
SecurityWeek
Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
FOE
Bleeping Computer
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
FOE
Dark Reading
WhatsApp Leaks User Metadata to Attackers
FOE
EPIC
EPIC Files Amicus Brief Arguing City’s Use of Flock ALPRs Violated Fourth Amendment
FRIEND
Bleeping Computer
The backup myth that is putting businesses at risk
FOE
The Hacker News
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More
FOE
Bleeping Computer
British Scattered Spider hacker pleads guilty to crypto theft charges
FOE
The Register (Security)
Microsoft releases Windows Server update fix to fix its April update fixes
FOE
The Intercept (Privacy)
LAPD Deployed Drones to Spy on No Kings Protest
FOE
CSO Online
Attackers abuse Microsoft Teams to impersonate the IT helpdesk in a new enterprise intrusion playbook
FOE
SecurityWeek
British Scattered Spider Hacker Pleads Guilty in the US
FOE
CSO Online
Hackers exploit Vercel’s trust in AI integration
FOE
CISA Alerts
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
FOE
CISA Alerts
Supply Chain Compromise Impacts Axios Node Package Manager
FOE
SecurityWeek
Hackers Abuse QEMU for Defense Evasion
FOE
The Hacker News
Why Most AI Deployments Stall After the Demo
FOE
Schneier on Security
Is “Satoshi Nakamoto” Really Adam Back?
FOE
SecurityWeek
Bluesky Disrupted by Sophisticated DDoS Attack
FOE
The Hacker News
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
FOE
SecurityWeek
Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House
FRIEND
CSO Online
CISOs reshape their roles as business risk strategists
FOE
SecurityWeek
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
FRIEND
Bleeping Computer
Microsoft pulls service update causing Teams launch failures
FOE
CSO Online
Copilot & Agentforce offen für Prompt-Injection-Tricks
FOE
CSO Online
Claude Mythos – ist der Hype gerechtfertigt?
FOE
Bleeping Computer
Microsoft releases emergency updates to fix Windows Server issues
FOE
SecurityWeek
Next.js Creator Vercel Hacked
FRIEND
SecurityWeek
Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers
FOE
The Hacker News
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems
FOE
The Register (Security)
Next.js developer Vercel warns of customer credential compromise
FRIEND
SANS Internet Storm Center
Handling the CVE Flood With EPSS, (Mon, Apr 20th)
FRIEND
Risky Business News
Risky Bulletin: New malware tries to sabotage Israel's water system but fails because it's buggy
FRIEND
CSO Online
Für Cyberattacken gewappnet – Krisenkommunikation nach Plan
FOE
The Hacker News
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials
FOE
CISA KEV
CVE-2024-27199: JetBrains TeamCity Relative Path Traversal Vulnerability
FOE
CISA KEV
CVE-2025-2749: Kentico Xperience Path Traversal Vulnerability
FOE
CISA KEV
CVE-2023-27351: PaperCut NG/MF Improper Authentication Vulnerability
FOE
CISA KEV
CVE-2025-32975: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
FOE
CISA KEV
CVE-2025-48700: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability
FOE
CISA KEV
CVE-2026-20133: Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
FOE
CISA KEV
CVE-2026-20128: Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
FOE
CISA KEV
CVE-2026-20122: Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs Vulnerability
FRIEND
Sophos News
Sophos Firewall v22 MR1 is now available
FOE
The Register (Security)
Just like phishing for gullible humans, prompt injecting AIs is here to stay
FOE
Bleeping Computer
Vercel confirms breach as hackers claim to be selling stolen data
FOE
Bleeping Computer
Apple account change alerts abused to send phishing emails
FOE
Bleeping Computer
NIST to stop rating non-priority flaws due to volume increase
FOE
The Register (Security)
I meant to do that! AI vendors shrug off responsibility for vulns
FOE
Bleeping Computer
Critical flaw in Protobuf library enables JavaScript code execution
FRIEND
Bleeping Computer
NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support
FOE
SecurityWeek
Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks
FOE
The Hacker News
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims
FOE
The Hacker News
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet
FOE
CSO Online
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
FOE
Ars Technica (Security)
US-sanctioned currency exchange says $15 million heist done by "unfriendly states"
FRIEND
Schneier on Security
Friday Squid Blogging: New Giant Squid Video
FOE
CSO Online
Flawed Cisco update threatens to stop APs from getting further patches
FOE
Dark Reading
How NIST's Cutback of CVE Handling Impacts Cyber Teams
FRIEND
EFF Deeplinks
Keep Pushing: We Get 10 More Days to Reform Section 702
FOE
Bleeping Computer
Payouts King ransomware uses QEMU VMs to bypass endpoint security
FOE
Dark Reading
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
FRIEND
SecurityWeek
White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology
FOE
The Register (Security)
CISA tells feds to patch 13-year-old Apache ActiveMQ bug under active attack
FOE
The Register (Security)
Opsec oopsie: Dutch navy frigate location outed by mailing it a Bluetooth tracker
FOE
Bleeping Computer
Grinex exchange blames "Western intelligence" for $13.7M crypto hack
FRIEND
SecurityWeek
CoChat Launches AI Collaboration Platform to Combat Shadow AI
FOE
Dark Reading
Every Old Vulnerability Is Now an AI Vulnerability
FOE
Bleeping Computer
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
FOE
The Hacker News
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched
FRIEND
Dark Reading
Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs
FOE
CSO Online
White House moves to give federal agencies access to Anthropic’s Claude Mythos
FOE
Bleeping Computer
Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery
FOE
SecurityWeek
In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested
FOE
CSO Online
Caught, Quarantined, Re-installed: RedSun turns Microsoft Defender on itself
FOE
Schneier on Security
Mythos and Cybersecurity
FRIEND
Ars Technica (Security)
Recent advances push Big Tech closer to the Q-Day danger zone
FRIEND
The Hacker News
Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul
FOE
SecurityWeek
Another DraftKings Hacker Sentenced to Prison
FOE
SecurityWeek
Lawmakers Gathered Quietly to Talk About AI. Angst and Fears of ‘Destruction’ Followed
FRIEND
CSO Online
Palo Alto’s Helmut Reisinger sees a cyber sea change ahead as AI advances
FOE
The Register (Security)
Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug
FOE
SecurityWeek
Recent Apache ActiveMQ Vulnerability Exploited in the Wild
FOE
Bleeping Computer
CISA flags Apache ActiveMQ flaw as actively exploited in attacks
FOE
Privacy International
Voter Disenfranchisement: A Privacy Issue
FOE
SecurityWeek
Two North Korean IT Worker Scheme Facilitators Jailed in the US
FOE
SecurityWeek
ZionSiphon Malware Targets ICS in Water Facilities
FOE
Bleeping Computer
Microsoft: Some Windows servers enter reboot loops after April patches
FOE
SecurityWeek
Cursor AI Vulnerability Exposed Developer Devices
FOE
The Hacker News
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions
FOE
Bleeping Computer
Man gets 30 months for selling thousands of hacked DraftKings accounts
FOE
The Register (Security)
Claude Opus wrote a Chrome exploit for $2,283
FRIEND
SecurityWeek
53 DDoS Domains Taken Down by Law Enforcement
FOE
Bleeping Computer
Recently leaked Windows zero-days now exploited in attacks
FRIEND
The Hacker News
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts
FRIEND
CSO Online
Positiv denken für Sicherheitsentscheider: 6 Mindsets, die Sie sofort ablegen sollten
FOE
Risky Business News
Risky Bulletin: NIST gives up enriching most CVEs
FOE
The Hacker News
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation
FOE
SANS Internet Storm Center
Lumma Stealer infection with Sectop RAT (ArechClient2), (Fri, Apr 17th)
FOE
Sophos News
Microsoft addresses 163 CVEs, 88 advisories for April Patch Tuesday
FOE
The Register (Security)
Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researcher says
FOE
CSO Online
Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE
FRIEND
Bleeping Computer
Operation PowerOFF identifies 75k DDoS users, takes down 53 domains
FOE
CSO Online
RCE by design: MCP architectural choice haunts AI agent ecosystem
FOE
Bleeping Computer
ZionSiphon malware designed to sabotage water treatment systems
FOE
CSO Online
NIST cuts down CVE analysis amid vulnerability overload
FRIEND
Dark Reading
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
FOE
EFF Deeplinks
Stop New York's Attack on 3D Printing
FOE
Bleeping Computer
New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges
FOE
Dark Reading
North Korea Uses ClickFix to Target macOS Users' Data
FOE
Dark Reading
'Harmless' Global Adware Transforms Into an AV Killer
FOE
The Register (Security)
North Korea targets macOS users in latest heist
FRIEND
EPIC
EPIC, U.S. Civil Society Groups, Call on EU Leaders to Stand Up for Digital Rights
FOE
The Hacker News
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
FRIEND
SecurityWeek
Government Can’t Win the Cyber War Without the Private Sector
FOE
Bleeping Computer
Hackers exploit Marimo flaw to deploy NKAbuse malware from Hugging Face
FOE
EFF Deeplinks
How Push Notifications Can Betray Your Privacy (and What to Do About It)
FRIEND
TCM Security Blog
TCM Academy Course Release: Securing AI Applications
FRIEND
Dark Reading
Two-Factor Authentication Breaks Free from the Desktop
FRIEND
Bleeping Computer
Google expands Gemini AI use to fight malicious ads on its platform
FOE
Dark Reading
Microsoft's Original Windows Secure Boot Certificate Is Expiring
FOE
The Register (Security)
Americans who masterminded Nork IT worker fraud sentenced to 200 months behind bars
FRIEND
SecurityWeek
OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal
FOE
Bleeping Computer
New ATHR vishing platform uses AI voice agents for automated attacks
FOE
Bleeping Computer
Most "AI SOCs" Are Just Faster Triage. That's Not Enough.
FOE
Privacy International
What is digital fingerprinting: Is my device ever truly anonymous?
FOE
The Hacker News
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
FOE
The Register (Security)
Git identity spoof fools Claude into giving bad code the nod
FOE
SecurityWeek
Data Breach at Tennessee Hospital Affects 337,000
FRIEND
SecurityWeek
Artemis Emerges From Stealth With $70 Million in Funding
FOE
CSO Online
Microsoft’s Windows Recall still allows silent data extraction
FOE
Bleeping Computer
Cisco says critical Webex Services flaw requires customer action
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Horner Automation Cscape and XL4, XL7 PLC
FOE
CISA Alerts
Delta Electronics ASDA-Soft
FOE
CISA Alerts
AVEVA Pipeline Simulation
FOE
CISA Alerts
Anviz Multiple Products
FOE
The Hacker News
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment
FOE
CSO Online
Behind the Mythos hype, Glasswing has just one confirmed CVE
FOE
SecurityWeek
Splunk Enterprise Update Patches Code Execution Vulnerability
FOE
The Register (Security)
Textbook titan McGraw Hill on ransomware crew's reading list after 13.5M records exposed
FOE
The Hacker News
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution
FRIEND
SecurityWeek
Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest
FOE
The Hacker News
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks
FRIEND
SecurityWeek
NIST Prioritizes NVD Enrichment for CVEs in CISA KEV, Critical Software
FOE
Bleeping Computer
Data breach at edtech giant McGraw Hill affects 13.5 million accounts
FOE
The Hacker News
Hidden Passenger? How Taboola Routes Logged-In Banking Sessions to Temu
FOE
SecurityWeek
Cisco Patches Critical Vulnerabilities in Webex, ISE
FOE
The Register (Security)
Microsoft announces product it doesn't want you to buy: Extended security updates for old Exchange, and Skype for Biz
FOE
CSO Online
Insurance carriers quietly back away from covering AI outputs
FOE
Schneier on Security
Human Trust of AI Agents
FOE
SecurityWeek
Ransomware Hits Automotive Data Expert Autovista
FRIEND
CSO Online
The endless CISO reporting line debate — and what it says about cybersecurity leadership
FOE
SecurityWeek
Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments
FOE
Bleeping Computer
US nationals behind DPRK IT worker 'laptop farm' sent to prison
FOE
The Register (Security)
Server-room lock was nothing but a crock
FOE
Bleeping Computer
Microsoft: April Windows Server 2025 update may fail to install
FOE
The Hacker News
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
FOE
Dark Reading
6-Year Ransomware Campaign Targets Turkish Homes & SMBs
FOE
Risky Business News
Srsly Risky Biz: It Is Time to Ban Sale of Precise Geolocation
FOE
CSO Online
Was bei der Cloud-Konfiguration schiefläuft – und wie es besser geht
FOE
The Register (Security)
Google Chrome lacks protection against one of the most basic and common ways to track users online
FOE
Recorded Future Blog
From Bazooka to Fake Nikes
FOE
CISA KEV
CVE-2026-34197: Apache ActiveMQ Improper Input Validation Vulnerability
FOE
Sophos News
QEMU abused to evade detection and enable ransomware delivery
FOE
SANS Internet Storm Center
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
FOE
Sophos News
QEMU abused to evade detection and enable ransomware delivery
FOE
Bleeping Computer
Critical Nginx UI auth bypass flaw now actively exploited in the wild
FOE
Bleeping Computer
New AgingFly malware used in attacks on Ukraine govt, hospitals
FOE
Dark Reading
Critical MCP Integration Flaw Puts NGINX at Risk
FOE
The Register (Security)
Anthropic's Project Glasswing CVE tally is still anyone's guess
FOE
CSO Online
Critical nginx UI tool vulnerability opens web servers to full compromise
FOE
Ars Technica (Security)
"TotalRecall Reloaded" tool finds a side entrance to Windows 11's Recall database
FOE
Bleeping Computer
WordPress plugin suite hacked to push malware to thousands of sites
FOE
EPIC
Maine Legislature Fails to Enact Maine Online Data Privacy Act
FOE
EPIC
EPIC Supports South Carolina Bills to Rein in Chatbot Harms
FOE
Dark Reading
Navigating the Unique Security Risks of Asia's Digital Supply Chain
FOE
Bleeping Computer
Signed software abused to deploy antivirus-killing scripts
FOE
The Register (Security)
Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
FOE
The Hacker News
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
FOE
SecurityWeek
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
FRIEND
Bleeping Computer
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
FOE
The Register (Security)
Automotive data biz Autovista blames ransomware for service disruption
FOE
Dark Reading
Prepping for 'Q-Day': Why Quantum Risk Management Should Start Now
FOE
EFF Deeplinks
EFF Calls on Kuwait to Release Journalist Ahmed Shihab-Eldin
FOE
Bleeping Computer
CISA flags Windows Task Host vulnerability as exploited in attacks
FOE
SecurityWeek
Exploited Vulnerability Exposes Nginx Servers to Hacking
FOE
Dark Reading
Audit: Big Tech Often Ignores CA Privacy Law Opt-Out Requests
FOE
Bleeping Computer
Rolling Networks: Securing the Transportation Sector
FOE
Black Hills Information Security
Signed, Trusted, and Abused: Proxy Execution via WebView2
FRIEND
SecurityWeek
Capsule Security Emerges From Stealth With $7 Million in Funding
FOE
SecurityWeek
‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
FOE
The Register (Security)
French cops free mother and son after 20-hour crypto kidnap ordeal
FOE
SecurityWeek
100 Chrome Extensions Steal User Data, Create Backdoor
FOE
SecurityWeek
CISO Conversations: Ross McKerchar, CISO at Sophos
FOE
The Hacker News
Actively Exploited nginx-ui Flaw (CVE-2026-33032) Enables Full Nginx Server Takeover
FRIEND
The Hacker News
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
FOE
SecurityWeek
Mirax RAT Targeting Android Users in Europe
FOE
CSO Online
Copilot and Agentforce fall to form-based prompt injection tricks
FOE
Dark Reading
Microsoft, Salesforce Patch AI Agent Data Leak Flaws
FOE
The Register (Security)
Ancient Excel bug comes out of retirement for active attacks
FOE
Bleeping Computer
Microsoft: April updates trigger BitLocker key prompts on some servers
FOE
EFF Deeplinks
Digital Hopes, Real Power: The Rise of Network Shutdowns
FOE
SecurityWeek
Two Vulnerabilities Patched in Ivanti Neurons for ITSM
FRIEND
The Register (Security)
Raspberry Pi OS ends open-door policy for sudo
FOE
The Hacker News
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
FOE
SecurityWeek
$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks
FRIEND
Schneier on Security
Defense in Depth, Medieval Style
FOE
SecurityWeek
Trump Urges Extending Foreign Surveillance Program as Some Lawmakers Push for US Privacy Protections
FRIEND
Bleeping Computer
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
FOE
The Register (Security)
UK told its Big Tech habit is now a national security risk
FOE
CSO Online
The deepfake dilemma: From financial fraud to reputational crisis
FOE
SecurityWeek
Fortinet Patches Critical FortiSandbox Vulnerabilities
FOE
CSO Online
7 biggest healthcare security threats
FOE
CSO Online
The need for a board-level definition of cyber resilience
FOE
The Hacker News
Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities
FOE
The Register (Security)
Agents hooked into GitHub can steal creds – but Anthropic, Google, and Microsoft haven't warned users
FOE
SecurityWeek
ICS Patch Tuesday: 8 Industrial Giants Publish New Security Advisories
FRIEND
OWASP Blog
Bridging the Gap in Product Lifecycle Management: How OpenEoX and CLE Work Together
FRIEND
CSO Online
Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action
FOE
Risky Business News
Risky Bulletin: Malicious LLM proxy routers found in the wild
FRIEND
The Hacker News
OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams
FOE
CSO Online
Curity looks to reinvent IAM with runtime authorization for AI agents
FOE
CSO Online
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs
FOE
SANS Internet Storm Center
Scanning for AI Models, (Tue, Apr 14th)
FRIEND
Dark Reading
Microsoft Bets $10 Billion to Boost Japan's AI, Cybersecurity
FRIEND
Recorded Future Blog
4 Essential Integration Workflows for Operationalizing Threat Intelligence Recorded Future
FRIEND
Sophos News
Secure by Design: Building cybersecurity into the foundation
FOE
Recorded Future Blog
Your Supply Chain Breach Is Someone Else's Payday
FRIEND
Bleeping Computer
Microsoft adds Windows protections for malicious Remote Desktop files
FOE
Bleeping Computer
Crypto-exchange Kraken extorted by hackers after insider breach
FOE
Krebs on Security
Patch Tuesday, April 2026 Edition
FOE
Dark Reading
Privilege Elevation Dominates Massive Microsoft Patch Update
FRIEND
The Register (Security)
Commvault has a Ctrl+Z for rogue AI agents
FOE
The Register (Security)
Microsoft's massive Patch Tuesday: It's raining bugs
FOE
Bleeping Computer
Over 100 Chrome extensions in Web Store target users accounts and data
FRIEND
CSO Online
4 questions to ask before outsourcing MDR
FOE
Dark Reading
EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses
FOE
CSO Online
5 trends defining the future of AI-powered cybersecurity
FOE
The Intercept (Privacy)
Dem Leaders Aren’t Even Bothering to Rally Caucus Against Trump Domestic Spying Powers
FRIEND
Ars Technica (Security)
UK gov's Mythos AI tests help separate cybersecurity threat from hype
FOE
SecurityWeek
Microsoft Patches Exploited SharePoint Zero-Day and 160 Other Vulnerabilities
FRIEND
Bleeping Computer
Microsoft releases Windows 10 KB5082200 extended security update
FOE
Bleeping Computer
McGraw-Hill confirms data breach following extortion threat
FRIEND
Bleeping Computer
Windows 11 cumulative updates KB5083769 & KB5082052 released
FRIEND
SANS Internet Storm Center
Microsoft Patch Tuesday April 2026., (Tue, Apr 14th)
FOE
Bleeping Computer
Microsoft April 2026 Patch Tuesday fixes 167 flaws, 2 zero-days
FOE
SecurityWeek
Adobe Patches 55 Vulnerabilities Across 11 Products
FOE
Bleeping Computer
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
FOE
CSO Online
EU regulators largely denied access to Anthropic Mythos
FOE
Dark Reading
Wargame Exercise Demonstrates How Social Media Manipulation Works
FOE
EFF Deeplinks
Google Broke Its Promise to Me. Now ICE Has My Data.
FRIEND
Schneier on Security
Upcoming Speaking Engagements
FOE
EFF Deeplinks
EFF to State AGs: Investigate Google's Broken Promise to Users Targeted by the Government
FOE
BrightTALK InfoSec
Learning from Mistakes: Hard Lessons in Building Cyber Defenses
FOE
BrightTALK InfoSec
AI Agents Unleashed: Governing the Invisible Workforce
FOE
The Hacker News
New PHP Composer Flaws Enable Arbitrary Command Execution — Patches Released
FRIEND
Bleeping Computer
Microsoft rolls out fast-track to reinstate Windows hardware dev accounts
FRIEND
The Hacker News
Google Adds Rust-Based DNS Parser into Pixel 10 Modem to Enhance Security
FRIEND
EPIC
Virginia Governor Signs Bill Banning Sale of Precise Location Data
FOE
The Hacker News
AI-Driven Pushpaganda Scam Exploits Google Discover to Spread Scareware and Ad Fraud
FOE
EPIC
Government AI Is Coming for Your Data
FRIEND
Bleeping Computer
5 Ways Zero Trust Maximizes Identity Security
FOE
BrightTALK InfoSec
The Pitfalls of Cybersecurity, Privacy and AI Law in 2026
FOE
The Register (Security)
No honor among thieves as 0APT threatens rival ransomware gang Krybit
FOE
SecurityWeek
‘Mythos-Ready’ Security: CSA Urges CISOs to Prepare for Accelerated AI Threats
FOE
SecurityWeek
Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members
FOE
CSO Online
China-linked cloud credential heist runs on typos and SMTP
FOE
CISA Alerts
CISA Adds Two Known Exploited Vulnerabilities to Catalog
FOE
SecurityWeek
SAP Patches Critical ABAP Vulnerability
FOE
SecurityWeek
Triad Nexus Evades Sanctions to Fuel Cybercrime
FOE
Schneier on Security
How Hackers Are Thinking About AI
FRIEND
SecurityWeek
Google Adds Rust DNS Parser to Pixel Phones for Better Security
FOE
The Hacker News
Mirax Android RAT Turns Devices into SOCKS5 Proxies, Reaching 220,000 via Meta Ads
FOE
The Hacker News
Analysis of 216M Security Findings Shows a 4x Increase In Critical Risk (2026 Report)
FOE
SecurityWeek
Nightclub Giant RCI Hospitality Reports Data Breach
FRIEND
CSO Online
How AI is transforming threat detection
FOE
CSO Online
The AI inflection point: What security leaders must do now
FOE
SecurityWeek
Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities
FOE
The Hacker News
108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users
FOE
CSO Online
Cyber-Inspekteur: Hybride Attacken nehmen weiter zu
FOE
The Hacker News
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
FOE
The Hacker News
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
FRIEND
Recorded Future Blog
A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape
FRIEND
Recorded Future Blog
A New Way to Buy Recorded Future: Solutions and Packages Built for the 2026 Threat Landscape
FOE
CSO Online
Anthropic’s Mythos signals a structural cybersecurity shift
FOE
EFF Deeplinks
The Dangers of California’s Legislation to Censor 3D Printing
FOE
Bleeping Computer
European Gym giant Basic-Fit data breach affects 1 million members
FOE
Dark Reading
Why Orgs Need to Test Networks to Withstand DDoS Attacks During Peak Loads
FOE
The Register (Security)
Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
FOE
Dark Reading
CSA: CISOs Should Prepare for Post-Mythos Exploit Storm
FOE
Dark Reading
Adobe Patches Actively Exploited Zero-Day That Lingered for Months
FOE
Bleeping Computer
Stolen Rockstar Games analytics data leaked by extortion gang
FOE
EPIC
EPIC joins ACLU’s ‘Eyewear, Not Spyware!’ campaign to fight Meta’s surveillance glasses
FOE
Bleeping Computer
Critical flaw in wolfSSL library enables forged certificate use
FRIEND
EPIC
EPIC Files Amicus Brief Countering Big Tech Claim that Surveillance-Based Feeds Are Protected by the First Amendment
FRIEND
EFF Deeplinks
EFF 🤝 HOPE: Join Us This August!
FOE
Dark Reading
Empty Attestations: OT Lacks the Tools for Cryptographic Readiness
FOE
Bleeping Computer
FBI takedown of W3LL phishing service leads to developer arrest
FOE
The Register (Security)
Fake Linux leader using Slack to con devs into giving up their secrets
FOE
Bleeping Computer
OpenAI rotates macOS certs after Axios attack hit code-signing workflow
FOE
EFF Deeplinks
Hot Off the Press: EFF's Updated Guide to Tech at the US-Mexico Border
FOE
Bleeping Computer
New Booking.com data breach forces reservation PIN resets
FOE
The Hacker News
JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 2025
FRIEND
Schneier on Security
On Anthropic’s Mythos Preview and Project Glasswing
FRIEND
EFF Deeplinks
Speaking Freely: Dr. Jean Linis-Dinco
FOE
Bleeping Computer
Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw
FOE
EFF Deeplinks
War as a Pretext: Gulf States Are Tightening the Screws on Speech—Again
FOE
Dark Reading
APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials
FOE
The Hacker News
FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts
FOE
The Register (Security)
Booking.com warns reservation data may have checked out with intruders
FOE
SecurityWeek
Booking.com Says Hackers Accessed User Information
FOE
Bleeping Computer
The silent “Storm”: New infostealer hijacks sessions, decrypts server-side
FOE
SecurityWeek
BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings
FOE
Privacy International
Moving Goalposts: Football, Facial Recognition and the Expansion of Surveillance
FOE
SANS Internet Storm Center
Scans for EncystPHP Webshell, (Mon, Apr 13th)
FOE
The Hacker News
⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More
FOE
CSO Online
Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure
FOE
SecurityWeek
OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack
FOE
CISA Alerts
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
FOE
CSO Online
Seven IBM WebSphere Liberty flaws can be chained into full takeover
FOE
The Hacker News
Your MTTD Looks Great. Your Post-Alert Gap Doesn't
FRIEND
SecurityWeek
International Operation Targets Multimillion-Dollar Crypto Theft Schemes
FOE
The Register (Security)
Gym giant Basic-Fit confirms data on a million members stolen in cyberattack
FOE
SecurityWeek
CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads
FOE
The Register (Security)
Rockstar Games gets a taste of grand theft data amid ShinyHunters threat of 'Pay or leak'
FOE
Schneier on Security
AI Chatbots and Trust
FOE
SecurityWeek
Fake Claude Website Distributes PlugX RAT
FRIEND
The Register (Security)
NHS pays £46K to prep next Microsoft licensing round
FOE
The Hacker News
North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware
FOE
CSO Online
CISOs tackle the AI visibility gap
FRIEND
SecurityWeek
Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users
FOE
The Hacker News
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
FRIEND
CSO Online
Was ist Federated Identity Management?
FRIEND
Risky Business News
Risky Bulletin: France takes first steps to ditch Windows for Linux
FOE
The Register (Security)
China wants AI to prepare school lessons and mark homework
FOE
Recorded Future Blog
March 2026 CVE Landscape: 31 High-Impact Vulnerabilities Identified, Interlock Ransomware Group Exploits Cisco FMC Zero-Day
FOE
The Register (Security)
Anthropic's mysterious Mythos AI threatens to upend the infosec world
FOE
Bleeping Computer
Critical Marimo pre-auth RCE flaw now under active exploitation
FOE
SecurityWeek
Adobe Patches Reader Zero-Day Exploited for Months
FOE
The Hacker News
CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads
FOE
The Hacker News
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621
FOE
Bleeping Computer
Over 20,000 crypto fraud victims identified in international crackdown
FOE
The Register (Security)
Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise
FOE
The Register (Security)
Hungarian government creds left in the safe hands of 'FrankLampard'
FOE
The Hacker News
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
FOE
Bleeping Computer
ChatGPT rolls out new $100 Pro subscription to challenge Claude
FRIEND
CSO Online
Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises
FOE
EPIC
Oklahoma, Alabama enact weak privacy laws
FOE
Dark Reading
Hims Breach Exposes the Most Sensitive Kinds of PHI
FOE
Dark Reading
Your Next Breach Will Look Like Business as Usual
FOE
CSO Online
Old Docker authorization bypass pops up despite previous patch
FOE
EPIC
Massachusetts Supreme Judicial Court Recognizes Section 230 Is No Bar to Social Media Design Claims
FOE
Bleeping Computer
Nearly 4,000 US industrial devices exposed to Iranian cyberattacks
FRIEND
Dark Reading
FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats
FRIEND
Dark Reading
Orange Business Reimagines Enterprise Voice Communications With Trust and AI
FOE
SecurityWeek
In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack
FOE
CSO Online
Hacker Unknown now known, named on Europol’s most-wanted list
FOE
Bleeping Computer
Analysis of one billion CISA KEV remediation records exposes limits of human-scale security
FOE
EFF Deeplinks
We Need You: Our Privacy Cannot Afford a Clean Extension of Section 702
FOE
SecurityWeek
Juniper Networks Patches Dozens of Junos OS Vulnerabilities
FOE
Dark Reading
Industrial Controllers Still Vulnerable As Conflicts Move to Cyber
FOE
The Hacker News
GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs
FOE
CSO Online
Hungarian government email passwords exposed ahead of election
FOE
Bleeping Computer
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
FOE
Dark Reading
Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?
FOE
The Register (Security)
CPUID site hijacked to serve malware instead of HWMonitor downloads
FOE
SecurityWeek
Industry Reactions to Iran Hacking ICS in Critical Infrastructure: Feedback Friday
FOE
Bleeping Computer
Microsoft: Canadian employees targeted in payroll pirate attacks
FOE
SecurityWeek
Orthanc DICOM Vulnerabilities Lead to Crashes, RCE
FOE
CSO Online
Claude uncovers a 13‑year‑old ActiveMQ RCE bug within minutes
FRIEND
The Register (Security)
Project Glasswing and open source software: The good, the bad, and the ugly
FRIEND
The Register (Security)
Britain seeks views before it drops the hammer on signal jammers
FOE
The Hacker News
Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
FOE
SecurityWeek
Chrome 147 Patches 60 Vulnerabilities, Including Two Critical Flaws Worth $86,000
FRIEND
Bleeping Computer
Google rolls out Gmail end-to-end encryption on mobile devices
FRIEND
Schneier on Security
Sen. Sanders Talks to Claude About AI and Privacy
FOE
Privacy International
Dangerous data
FOE
CSO Online
Why most zero-trust architectures fail at the traffic layer
FRIEND
SecurityWeek
MITRE Releases Fight Fraud Framework
FOE
SecurityWeek
Critical Marimo Flaw Exploited Hours After Public Disclosure
FOE
CSO Online
The cyber winners and losers in Trump’s 2027 budget
FOE
CSO Online
CMMC compliance in the age of AI
FOE
The Register (Security)
Unpacking AI security in 2026 from experimentation to the agentic era
FOE
The Intercept (Privacy)
A Redditor Criticized ICE. Trump Is Trying to Unmask Them by Dragging the Company to a Secret Grand Jury.
FRIEND
The Hacker News
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
FRIEND
SecurityWeek
Google Rolls Out Cookie Theft Protections in Chrome
FOE
The Hacker News
Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
FOE
SecurityWeek
Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users
FOE
SANS Internet Storm Center
Obfuscated JavaScript or Nothing, (Thu, Apr 9th)
FOE
The Hacker News
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
FOE
Risky Business News
Risky Bulletin: FBI extracted Signal chats from iPhone notifications logs
FOE
CSO Online
Was CISOs von Moschusochsen lernen können
FOE
Recorded Future Blog
VIP Credential Monitoring Blog
FOE
CSO Online
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
FOE
Bleeping Computer
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
FOE
Bleeping Computer
New VENOM phishing attacks steal senior executives' Microsoft logins
FOE
EFF Deeplinks
Yikes, Encryption’s Y2K Moment is Coming Years Early
FOE
Dark Reading
Russia's 'Fancy Bear' APT Continues Its Global Onslaught
FOE
Dark Reading
'BlueHammer' Windows Zero-Day Exploit Signals Microsoft Bug Disclosure Issues
FOE
Bleeping Computer
Healthcare IT solutions provider ChipSoft hit by ransomware attack
FRIEND
EPIC
EPIC Testifies in Support of Rhode Island Age-Appropriate Design Code Approach
FOE
CSO Online
Cloudflare ‘actively adjusting’ quantum priorities in wake of Google warning
FRIEND
Bleeping Computer
Google Chrome adds infostealer protection against session cookie theft
FOE
The Register (Security)
Crypto? Huh. Good gawd y'all, what is it good for? $45M in this case
FRIEND
EPIC
EPIC Endorses Youth AI Privacy Act to Protect Minors from Chatbot Harms
FOE
Dark Reading
Do Ceasefires Slow Cyberattacks? History Suggests Not
FOE
The Hacker News
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets
FOE
EFF Deeplinks
Comparison Shopping Is Not a (Computer) Crime
FOE
The Register (Security)
'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree
FOE
EFF Deeplinks
EFF is Leaving X
FOE
The Hacker News
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
FOE
Bleeping Computer
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
FOE
The Register (Security)
Chevin pulls the handbrake on FleetWave software after security scare
FOE
The Register (Security)
Months-old Adobe Reader zero-day uses PDFs to size up targets
FOE
Bleeping Computer
When attackers already have the keys, MFA is just another door to open
FOE
The Register (Security)
Microsoft locks out VeraCrypt and WireGuard devs, blames verification process
FOE
SecurityWeek
Apple Intelligence AI Guardrails Bypassed in New Attack
FOE
SecurityWeek
Can we Trust AI? No – But Eventually We Must
FOE
The Register (Security)
Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse
FOE
The Hacker News
ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
FOE
Sophos News
We let OpenClaw loose on an internal network. Here’s what it found
FOE
Sophos News
The vulnerability flood is here. Here’s what it means – and how to prepare
FOE
CSO Online
Weak at the seams
FOE
SecurityWeek
Google API Keys in Android Apps Expose Gemini Endpoints to Unauthorized Access
FRIEND
Bleeping Computer
Webinar: From noise to signal - What threat actors are targeting next
FOE
CISA Alerts
Contemporary Controls BASC 20T
FOE
CISA Alerts
GPL Odorizers GPL750
FOE
SecurityWeek
Palo Alto Networks, SonicWall Patch High-Severity Vulnerabilities
FOE
CSO Online
New ClickFix variant bypasses Apple safeguards with one‑click script execution
FOE
The Register (Security)
Zephyr Energy loses £700K in cyber hit that rerouted contractor payment
FOE
The Hacker News
The Hidden Security Risks of Shadow AI in Enterprises
FOE
The Hacker News
Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025
FRIEND
SecurityWeek
The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
FOE
Schneier on Security
On Microsoft’s Lousy Cloud Security
FOE
The Hacker News
Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region
FOE
Bleeping Computer
Eurail says December data breach impacts 300,000 individuals
FOE
SecurityWeek
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
FOE
Bleeping Computer
Hackers exploiting Acrobat Reader zero-day flaw since December
FOE
CSO Online
Patch windows collapse as time-to-exploit accelerates
FOE
CSO Online
Weak at the seams
FOE
SecurityWeek
Adobe Reader Zero-Day Exploited for Months: Researcher
FOE
SecurityWeek
300,000 People Impacted by Eurail Data Breach
FOE
The Register (Security)
Sticky-note security turned gym into hall of '80s horrors
FOE
Bleeping Computer
Hackers steal $3.6 million from crypto ATM giant Bitcoin Depot
FOE
The Register (Security)
Cryptographers place $5,000 bet whether quantum will matter
FOE
Bleeping Computer
Microsoft suspends dev accounts for high-profile open source projects
FOE
SecurityWeek
$3.6 Million Stolen in Bitcoin Depot Hack
FRIEND
CSO Online
So geht Post-Incident Review
FRIEND
Risky Business News
Srsly Risky Biz: American Diplomats to Fight Propaganda… on X
FOE
SecurityWeek
Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long
FOE
CSO Online
Questions raised about how LinkedIn uses the petabytes of data it collects
FOE
Dark Reading
Russia's Forest Blizzard Nabs Rafts of Logins Via SOHO Routers
FOE
SANS Internet Storm Center
Number Usage in Passwords: Take Two, (Thu, Apr 9th)
FOE
Sophos News
Adobe Reader zero-day vulnerability in active exploitation
FOE
Sophos News
We let OpenClaw loose on an internal network. Here’s what it found
FRIEND
Recorded Future Blog
Third-Party Risk Is an Intelligence Operation. It's Time We Treated It Like One.
FOE
Sophos News
The vulnerability flood is here. Here’s what it means – and how to prepare
FOE
Sophos News
We let OpenClaw loose on an internal network. Here’s what it found
FOE
Bleeping Computer
Hackers use pixel-large SVG trick to hide credit card stealer
FOE
Bleeping Computer
Google: New UNC6783 hackers steal corporate Zendesk support tickets
FOE
The Register (Security)
Criminal wannabes even more dangerous than the pros, says ex-FBI cyber chief
FOE
Ars Technica (Security)
Iran-linked hackers disrupt operations at US critical infrastructure sites
FOE
Dark Reading
Threat Actors Get Crafty With Emojis to Escape Detection
FOE
Dark Reading
AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties
FOE
EFF Deeplinks
Banning New Foreign Routers Mistargets Products to Fix Real Problem
FOE
Bleeping Computer
New macOS stealer campaign uses Script Editor in ClickFix attack
FOE
Bleeping Computer
CISA orders feds to patch exploited Ivanti EPMM flaw by Sunday
FRIEND
CSO Online
Arelion employs NETSCOUT Arbor DDoS protection products
FRIEND
CSO Online
6 Winter 2026 G2 Leader Badges prove this DDoS protection stands out
FOE
The Hacker News
New Chaos Variant Targets Misconfigured Cloud Deployments, Adds SOCKS Proxy
FOE
CSO Online
How botnet-driven DDoS attacks evolved in 2H 2025
FOE
Bleeping Computer
13-year-old bug in ActiveMQ lets hackers remotely execute commands
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)
FOE
The Hacker News
Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices
FOE
EFF Deeplinks
👁 Selling Mass Surveillance | EFFector 38.7
FOE
Dark Reading
Fraud Rockets Higher in Mobile-First Latin America
FRIEND
CSO Online
Yael Nardi joins Minimus as Chief Business Officer to drive hyper-growth
FRIEND
SecurityWeek
Data Leakage Vulnerability Patched in OpenSSL
FRIEND
Dark Reading
Full Sail University to Open IBM Cyber Defense Range Powered by AWS and Cloud Range on Campus
FOE
SecurityWeek
RCE Bug Lurked in Apache ActiveMQ Classic for 13 Years
FOE
SANS Internet Storm Center
More Honeypot Fingerprinting Scans, (Wed, Apr 8th)
FRIEND
Dark Reading
Niobium Introduces The Fog
FRIEND
Dark Reading
Pluralsight Launches SecureReady to Help Organizations Build Job-Ready Cybersecurity Teams
FOE
Bleeping Computer
Is a $30,000 GPU Good at Password Cracking?
FRIEND
Black Hills Information Security
Getting Started In Pentesting – Advice From The BHIS Pentest Lead
FOE
The Hacker News
APT28 Deploys PRISMEX Malware in Campaign Targeting Ukraine and NATO Allies
FOE
Dark Reading
Iranian Threat Actors Disrupt US Critical Infrastructure Via Exposed PLCs
FOE
Sophos News
Is compliance complexity outpacing IT capacity?
FOE
SecurityWeek
FBI: Cybercrime Losses Neared $21 Billion in 2025
FOE
SecurityWeek
Massachusetts Hospital Diverts Ambulances as Cyberattack Causes Disruption
FOE
CSO Online
Hackers exploit a critical Flowise flaw affecting thousands of AI workflows
FOE
CSO Online
Iran‑linked PLC attacks cause real‑world disruption at critical US infra sites
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
SecurityWeek
Evasive Masjesu DDoS Botnet Targets IoT Devices
FOE
The Register (Security)
Dutch healthcare software vendor goes dark after ransomware attack
FRIEND
The Hacker News
Shrinking the IAM Attack Surface through Identity Visibility and Intelligence Platforms (IVIP)
FOE
SecurityWeek
Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover
FOE
Ars Technica (Security)
Thousands of consumer routers hacked by Russia's military
FOE
CSO Online
LLM-generated passwords are indefensible. Your codebase may already prove it
FOE
SecurityWeek
US Disrupts Russian Espionage Operation Involving Hacked Routers and DNS Hijacking
FOE
CSO Online
Forest Blizzard leverages router compromises to launch AiTM attacks, target Outlook sessions
FOE
Schneier on Security
Python Supply-Chain Compromise
FOE
The Register (Security)
NHS Scotland-linked domains caught serving pr0n and dodgy sports streams
FOE
CSO Online
The zero-day timeline just collapsed. Here’s what security leaders do next
FRIEND
CSO Online
Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents
FRIEND
The Hacker News
Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems
FRIEND
CSO Online
The tabletop exercise grows up
FOE
EFF Deeplinks
Digital Hopes, Real Power: How the Arab Spring Fueled a Global Surveillance Boom
FOE
The Hacker News
N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
FRIEND
Bleeping Computer
Microsoft rolls out fix for broken Windows Start Menu search
FOE
The Register (Security)
Microsoft hints at bit bunkers for war zones
FOE
Risky Business News
Risky Bulletin: Cybercrime losses passed $20 billion last year
FOE
The Hacker News
Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs
FOE
CSO Online
Tipps für CISOs, die die Branche wechseln wollen
FOE
SecurityWeek
Iran-Linked Hackers Disrupt US Critical Infrastructure via PLC Attacks
FOE
Sophos News
Is compliance complexity outpacing IT capacity?
FOE
Sophos News
Is compliance complexity outpacing IT capacity?
FOE
The Register (Security)
Anthropic: All your zero-days are belong to Mythos
FOE
The Register (Security)
Iran cyber actors disrupting US water, energy facilities, FBI warns
FRIEND
CSO Online
What Anthropic Glasswing reveals about the future of vulnerability discovery
FOE
Bleeping Computer
Hackers exploit critical flaw in Ninja Forms WordPress plugin
FOE
Bleeping Computer
FBI: Americans lost a record $21 billion to cybercrime last year
FOE
CSO Online
Fortinet releases emergency hotfix for FortiClient EMS zero-day flaw
FOE
The Register (Security)
Hundreds of orgs compromised daily in Microsoft device code phishing attacks
FOE
Dark Reading
Storm-1175 Deploys Medusa Ransomware at 'High Velocity'
FOE
Dark Reading
Grafana Patches AI Bug That Could Have Leaked User Data
FOE
Bleeping Computer
Snowflake customers hit in data theft attacks after SaaS integrator breach
FRIEND
EFF Deeplinks
EU Parliament Blocks Mass-Scanning of Our Chats—What's Next?
FRIEND
CSO Online
5 practical steps to strengthen attack resilience with attack surface management
FOE
CSO Online
5 steps to strengthen supply chain security and improve cyber resilience
FRIEND
CSO Online
5 ways to strengthen identity security and improve attack resilience
FOE
SecurityWeek
Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
FOE
SANS Internet Storm Center
A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)
FOE
Bleeping Computer
US warns of Iranian hackers targeting critical infrastructure
FOE
The Register (Security)
US cybercrime losses pass $20B for first time as AI boosts online fraud
FRIEND
Schneier on Security
Cybersecurity in the Age of Instant Software
FOE
Krebs on Security
Russia Hacked Routers to Steal Microsoft Office Tokens
FOE
Bleeping Computer
Max severity Flowise RCE vulnerability now exploited in attacks
FOE
The Register (Security)
Russia's Fancy Bear still attacking routers to boost fake sites, NCSC warns
FOE
The Hacker News
Russian State-Linked APT28 Exploits SOHO Routers in Global DNS Hijacking Campaign
FOE
SecurityWeek
The New Rules of Engagement: Matching Agentic Attack Speed
FRIEND
SecurityWeek
Trent AI Emerges From Stealth With $13 Million in Funding
FRIEND
Bleeping Computer
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
FOE
SecurityWeek
Critical Flowise Vulnerability in Attacker Crosshairs
FOE
The Hacker News
Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access
FOE
Dark Reading
RSAC 2026: How AI Is Reshaping Cybersecurity Faster Than Ever
FOE
Dark Reading
Human vs AI: Debates Shape RSAC 2026 Cybersecurity Trends
FOE
Dark Reading
Lies, Damned Lies, and Cybersecurity Metrics
FRIEND
SecurityWeek
Severe StrongBox Vulnerability Patched in Android
FOE
Bleeping Computer
Why Your Automated Pentesting Tool Just Hit a Wall
FOE
SecurityWeek
GrafanaGhost: Attackers Can Abuse Grafana to Leak Enterprise Data
FRIEND
SecurityWeek
Webinar Today: Why Automated Pentesting Alone Is Not Enough
FRIEND
Dark Reading
Focusing on the People in Cybersecurity at RSAC 2026 Conference
FOE
CSO Online
Zero‑click Grafana AI attack can enable enterprise data exfiltration
FOE
The Hacker News
Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign
FOE
The Hacker News
[Webinar] How to Close Identity Gaps in 2026 Before AI Exploits Enterprise Risk
FOE
CISA Alerts
Mitsubishi Electric GENESIS64 and ICONICS Suite products
FOE
CISA Alerts
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
FOE
SecurityWeek
GPUBreach: Root Shell Access Achieved via GPU Rowhammer Attack
FOE
The Hacker News
The Hidden Cost of Recurring Credential Incidents
FOE
SecurityWeek
Medusa Ransomware Fast to Exploit Vulnerabilities, Breached Systems
FOE
CSO Online
Microsoft says Medusa-linked Storm-1175 is speeding ransomware attacks
FOE
CSO Online
Supply chain security is now a board-level issue: Here’s what CSOs need to know
FOE
Schneier on Security
Hong Kong Police Can Force You to Reveal Your Encryption Keys
FRIEND
SecurityWeek
German Police Unmask REvil Ransomware Leader
FOE
CSO Online
The rise of proactive cyber: Why defense is no longer enough
FOE
CSO Online
The noisy tenants: Engineering fairness in multi-tenant SIEM solutions
FOE
The Hacker News
New GPUBreach Attack Enables Full CPU Privilege Escalation via GDDR6 Bit-Flips
FOE
SecurityWeek
White House Seeks to Slash CISA Funding by $707 Million
FOE
The Hacker News
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
FOE
SecurityWeek
Wynn Resorts Says 21,000 Employees Affected by ShinyHunters Hack
FOE
The Hacker News
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
FRIEND
The Register (Security)
Yahoo<i>!</i> Japan’s owner consolidating 164 OpenStack clusters into one
FOE
Bleeping Computer
German authorities identify REvil and GangCrab ransomware bosses
FOE
The Register (Security)
AI agents found vulns in this popular Linux and Unix print server
FOE
Bleeping Computer
New GPUBreach attack enables system takeover via GPU rowhammer
FOE
Dark Reading
AI-Assisted Supply Chain Attack Targets GitHub
FOE
Dark Reading
Axios Attack Shows Social Complex Engineering Is Industrialized
FOE
Dark Reading
Fortinet Issues Emergency Patch for FortiClient Zero-Day
FOE
Bleeping Computer
Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit
FRIEND
Bleeping Computer
Microsoft fixes Classic Outlook bug causing email delivery issues
FOE
Schneier on Security
New Mexico’s Meta Ruling and Encryption
FOE
The Hacker News
Iran-Linked Password-Spraying Campaign Targets 300+ Israeli Microsoft 365 Organizations
FRIEND
TCM Security Blog
What is Ethical Hacking
FOE
The Register (Security)
Attackers exploited this critical FortiClient EMS bug as a 0-day
FOE
Bleeping Computer
Microsoft removes Support and Recovery Assistant from Windows
FOE
Bleeping Computer
Microsoft links Medusa ransomware affiliate to zero-day attacks
FOE
Bleeping Computer
Drift $280M crypto theft linked to 6-month in-person operation
FOE
The Hacker News
DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea
FOE
Bleeping Computer
CISA orders feds to patch exploited Fortinet EMS flaw by Friday
FOE
SecurityWeek
Google DeepMind Researchers Map Web Attacks Against AI Agents
FOE
Dark Reading
Automated Credential Harvesting Campaign Exploits React2Shell Flaw
FOE
Dark Reading
Shadow AI in Healthcare Is Here to Stay
FOE
Bleeping Computer
Why Simple Breach Monitoring is No Longer Enough
FRIEND
Dark Reading
OWASP GenAI Security Project Gets Update, New Tools Matrix
FOE
The Hacker News
Multi-OS Cyberattacks: How SOCs Close a Critical Risk in 3 Steps
FOE
The Hacker News
⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More
FOE
CSO Online
North Korean hackers abuse LNKs and GitHub repos in ongoing campaign
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Hacker News
How LiteLLM Turned Developer Machines Into Credential Vaults for Attackers
FOE
SecurityWeek
Guardarian Users Targeted With Malicious Strapi NPM Packages
FOE
SecurityWeek
North Korean Hackers Target High-Profile Node.js Maintainers
FRIEND
Schneier on Security
Google Wants to Transition to Post-Quantum Cryptography by 2029
FOE
The Hacker News
Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools
FOE
CSO Online
Authentication is broken: Here’s how security leaders can actually fix it
FOE
SecurityWeek
Fortinet Rushes Emergency Fixes for Exploited Zero-Day
FOE
CSO Online
6 ways attackers abuse AI services to hack your business
FOE
CSO Online
Escaping the COTS trap
FOE
SANS Internet Storm Center
How often are redirects used in phishing in 2026?, (Mon, Apr 6th)
FOE
The Hacker News
BKA Identifies REvil Leaders Behind 130 German Ransomware Attacks
FOE
Risky Business News
Risky Bulletin: New Cambodian law will put scam compound operators in prison for life
FOE
Krebs on Security
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
FOE
The Register (Security)
Anthropic sure has a mess on its hands thanks to that Claude Code source leak
FOE
Bleeping Computer
Traffic violation scams switch to QR codes in new phishing texts
FOE
Bleeping Computer
New FortiClient EMS flaw exploited in attacks, emergency patch released
FOE
The Hacker News
$285 Million Drift Hack Traced to Six-Month DPRK Social Engineering Operation
FOE
Bleeping Computer
Hackers exploit React2Shell in automated credential theft campaign
FOE
The Register (Security)
Researchers didn’t want to glamorize cybercrims. So they roasted them
FOE
Ars Technica (Security)
CBP facility codes sure seem to have leaked via online flashcards
FOE
The Hacker News
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
FOE
The Hacker News
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
FOE
Bleeping Computer
Axios npm hack used fake Teams error fix to hijack maintainer account
FOE
Bleeping Computer
Device code phishing attacks surge 37x as new kits spread online
FOE
SecurityWeek
European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack
FRIEND
EFF Deeplinks
Triple Header for Privacy’s Defender in New York
FOE
The Register (Security)
Trump wants to take a battle axe to CISA again and slash $707M from budget
FOE
EFF Deeplinks
The FAA’s “Temporary” Flight Restriction for Drones is a Blatant Attempt to Criminalize Filming ICE
FRIEND
Schneier on Security
Friday Squid Blogging: Jurassic Fish Chokes on Squid
FOE
Dark Reading
Inconsistent Privacy Labels Don't Tell Users What They Are Getting
FOE
Bleeping Computer
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
FOE
Bleeping Computer
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
FOE
Ars Technica (Security)
OpenClaw gives users yet another reason to be freaked out about security
FOE
CSO Online
Security lapse lets researchers view React2Shell hackers’ dashboard
FOE
CSO Online
A core infrastructure engineer pleads guilty to federal charges in insider attack
FOE
Bleeping Computer
Hims & Hers warns of data breach after Zendesk support ticket breach
FOE
EFF Deeplinks
Tech Nonprofits to Feds: Don’t Weaponize Procurement to Undermine AI Trust and Safety
FOE
The Hacker News
China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing
FOE
CSO Online
Google patches fourth Chrome zero-day so far this year
FOE
CSO Online
Internet Bug Bounty program hits pause on payouts
FRIEND
Dark Reading
Apple Breaks Precedent, Patches DarkSword for iOS 18
FOE
CSO Online
Claude Code is still vulnerable to an attack Anthropic has already fixed
FOE
Bleeping Computer
Die Linke German political party confirms data stolen by Qilin ransomware
FOE
CSO Online
CERT-EU blames Trivy supply chain attack for Europa.eu data breach
FOE
The Register (Security)
Hybrid work, expanded risk: what needs to change
FRIEND
EFF Deeplinks
Double Shot of Privacy's Defender in D.C.
FOE
The Hacker News
Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers
FOE
EPIC
New EPIC Resource Calls on Congress to Close the Data Broker Loophole
FOE
Dark Reading
Blast Radius of TeamPCP Attacks Expands Amid Hacker Infighting
FOE
Bleeping Computer
Evolution of Ransomware: Multi-Extortion Ransomware Attacks
FRIEND
Sophos News
Sophos Gartner Peer Insights MDR
FRIEND
Dark Reading
Picking Up 'Skull Vibrations'? Could Be XR Headset Authentication
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 006 - CERT-EU Confirms European Commission Cloud Breach, Sportradar Details Emerge, and Mandiant Quantifies Campaign at 1,000+ SaaS Environments, (Fri, Apr 3rd)
FOE
Dark Reading
Source Code Leaks Highlight Lack of Supply Chain Oversight
FRIEND
Dark Reading
Chainguard Unveils Factory 2.0 to Automate Hardening the Software Supply Chain
FOE
SecurityWeek
TrueConf Zero-Day Exploited in Asian Government Attacks
FOE
SecurityWeek
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
FOE
SecurityWeek
Critical ShareFile Flaws Lead to Unauthenticated RCE
FRIEND
Dark Reading
CrowdStrike Next-Gen SIEM Can Now Ingest Microsoft Defender Telemetry
FOE
Bleeping Computer
Microsoft still working to fix Exchange Online mailbox access issues
FOE
Schneier on Security
Company that Secretly Records and Publishes Zoom Meetings
FOE
The Hacker News
UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack
FOE
The Hacker News
Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture
FOE
SecurityWeek
Mobile Attack Surface Expands as Enterprises Lose Control
FOE
SecurityWeek
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
FOE
SecurityWeek
T-Mobile Sets the Record Straight on Latest Data Breach Filing
FOE
SecurityWeek
North Korean Hackers Drain $285 Million From Drift in 10 Seconds
FOE
The Hacker News
New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images
FOE
Bleeping Computer
Man admits to locking thousands of Windows devices in extortion plot
FRIEND
CSO Online
12 cyber industry trends revealed at RSAC 2026
FOE
The Hacker News
Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
FRIEND
Bleeping Computer
Microsoft now force upgrades unmanaged Windows 11 24H2 PCs
FOE
Bleeping Computer
CERT-EU: European Commission hack exposes data of 30 EU entities
FRIEND
CSO Online
Die besten XDR-Tools
FRIEND
CSO Online
Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative
FOE
Risky Business News
Risky Bulletin: Russia will revoke licenses for unruly ISPs
FRIEND
Recorded Future Blog
Day in the Life: Product Manager at Recorded Future
FRIEND
Sophos News
Sophos named a 2026 Gartner® Peer Insights™ Customers' Choice for Managed Detection and Response
FRIEND
EFF Deeplinks
Weakening Speech Protections Will Punish All of Us—Not Just Meta
FOE
CSO Online
Cisco fixes critical IMC auth bypass present in many products
FRIEND
EFF Deeplinks
A Baseless Copyright Claim Against a Web Host—and Why It Failed
FOE
Bleeping Computer
Claude Code leak used to push infostealer malware on GitHub
FOE
Dark Reading
Not Toying Around: Hasbro Attack May Take 'Weeks' to Remediate
FOE
The Hacker News
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
FRIEND
Dark Reading
Security Bosses Are All-In on AI. Here's Why
FOE
Bleeping Computer
Drift loses $280 million North Korean hackers seize Security Council powers
FOE
Bleeping Computer
Drift loses $280 million as hackers seize Security Council powers
FOE
SecurityWeek
Critical Vulnerability in Claude Code Emerges Days After Source Leak
FOE
EFF Deeplinks
Print Blocking Won't Work - Permission to Print Part 2
FOE
EFF Deeplinks
Print Blocking is Anti-Consumer - Permission to Print Part 1
FOE
The Register (Security)
They thought they were downloading Claude Code source. They got a nasty dose of malware instead
FRIEND
Schneier on Security
US Bans All Foreign-Made Consumer Routers
FOE
Ars Technica (Security)
New Rowhammer attacks give complete control of machines running Nvidia GPUs
FRIEND
SecurityWeek
Apple Rolls Out DarkSword Exploit Protection to More Devices
FOE
Dark Reading
Geopolitics, AI, and Cybersecurity: Insights From RSAC 2026
FOE
Dark Reading
RSAC 2026: AI Dominates, But Community Remains Key to Security
FOE
Bleeping Computer
Residential proxies evaded IP reputation checks in 78% of 4B sessions
FOE
The Hacker News
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
FOE
EFF Deeplinks
Google and Amazon: Acknowledged Risks, And Ignored Responsibilities
FOE
SANS Internet Storm Center
Attempts to Exploit Exposed "Vite" Installs (CVE-2025-30208), (Thu, Apr 2nd)
FRIEND
SecurityWeek
Cybersecurity M&A Roundup: 38 Deals Announced in March 2026
FOE
EPIC
EPIC Joins Coalition Call to Halt Meta’s Plans for Facial Recognition ‘Smart’ Glasses
FOE
Bleeping Computer
Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime
FOE
Bleeping Computer
New Progress ShareFile flaws can be chained in pre-auth RCE attacks
FOE
Bleeping Computer
Medtech giant Stryker fully operational after data-wiping attack
FOE
Dark Reading
Bank Trojan 'Casbaneiro' Worms Through Latin America
FOE
The Hacker News
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
FOE
CSO Online
EvilTokens abuses Microsoft device code flow for account takeovers
FOE
SecurityWeek
Cisco Patches Critical and High-Severity Vulnerabilities
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
CISA Alerts
Yokogawa CENTUM VP
FOE
CISA Alerts
Hitachi Energy Ellipse
FOE
CISA Alerts
Siemens SICAM 8 Products
FOE
SecurityWeek
250,000 Affected by Data Breach at Nacogdoches Memorial Hospital
FOE
The Hacker News
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
FOE
The Hacker News
The State of Trusted Open Source Report
FOE
EFF Deeplinks
EFF’s Submission to the UN OHCHR on Protection of Human Rights Defenders in the Digital Age
FOE
Bleeping Computer
Critical Cisco IMC auth bypass gives attackers Admin access
FOE
SecurityWeek
Mercor Hit by LiteLLM Supply Chain Attack
FOE
Schneier on Security
Possible US Government iPhone Hacking Tool Leaked
FOE
SecurityWeek
Sophisticated CrystalX RAT Emerges
FOE
The Hacker News
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
FOE
Bleeping Computer
Microsoft links Classic Outlook issue to email delivery problems
FRIEND
CSO Online
Cybersecurity in the age of instant software
FOE
Bleeping Computer
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
FRIEND
SecurityWeek
Variance Raises $21.5M for Compliance Investigation Platform Powered by AI Agents
FOE
The Register (Security)
The company's biggest security hole lived in the breakroom
FRIEND
The Hacker News
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
FRIEND
SecurityWeek
Linx Security Raises $50 Million for Identity Security and Governance
FOE
CSO Online
Tools, um MCP-Server abzusichern
FOE
Risky Business News
Srsly Risky Biz: America's Next Top (Cyber) Model
FOE
The Register (Security)
AI recruiting biz Mercor says it was 'one of thousands' hit in LiteLLM supply-chain attack
FOE
Recorded Future Blog
Cybercrime Outlook in Latin America and the Caribbean [ES]
FOE
Recorded Future Blog
Panorama del cibercrimen en América Latina y el Caribe
FOE
Recorded Future Blog
Panorama del cibercrimen en América Latina y el Caribe
FRIEND
Sophos News
Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence
FOE
Recorded Future Blog
Latin America and the Caribbean Cybercrime Landscape
FOE
Bleeping Computer
New CrystalRAT malware adds RAT, stealer and prankware features
FOE
Dark Reading
Ransomware Will Hit Hospitals. Rehearsals Are Key to Defense
FRIEND
Bleeping Computer
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
FOE
Bleeping Computer
Hackers exploit TrueConf zero-day to push malicious software updates
FRIEND
The Register (Security)
Amazon security boss: AI makes pentesting 40% more efficient
FOE
Bleeping Computer
New EvilTokens service fuels Microsoft device code phishing attacks
FRIEND
CSO Online
7 ways to improve your business resilience with backup and recovery
FRIEND
CSO Online
5 Steps to break free from alert fatigue and build resilient security operations
FRIEND
CSO Online
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)
FRIEND
CSO Online
6 critical mistakes that undermine cyber resilience (and how to fix them)
FRIEND
CSO Online
6 metrics IT leaders can’t afford to ignore for business resilience
FRIEND
CSO Online
5 critical steps to achieve business resilience in cybersecurity
FRIEND
Dark Reading
LatAm's Self-Taught Cyber Talent Overlooked Amid Cyberattack Glut
FOE
Bleeping Computer
'NoVoice' Android malware on Google Play infected 2.3 million devices
FOE
CSO Online
Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both
FOE
Schneier on Security
Is “Hackback” Official US Cybersecurity Strategy?
FOE
Dark Reading
Cyberattacks Intensify Pressure on Latin American Governments
FRIEND
SecurityWeek
Depthfirst Raises $80 Million in Series B Funding
FOE
The Hacker News
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
FOE
SecurityWeek
Toy Giant Hasbro Hit by Cyberattack
FOE
SecurityWeek
New DeepLoad Malware Dropped in ClickFix Attacks
FOE
Dark Reading
Venom Stealer MaaS Platform Commoditizes ClickFix Attacks
FOE
SecurityWeek
Exploited Zero-Day Among 21 Vulnerabilities Patched in Chrome
FOE
The Register (Security)
'People's Panel' to check if UK wants controversial Digital ID will cost £630K
FOE
Bleeping Computer
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
FRIEND
Black Hills Information Security
Cloud Security: Tips and Resources for Securing the Cloud
FOE
SecurityWeek
FBI Warns of Data Security Risks From China-Made Mobile Apps
FOE
SecurityWeek
US Charges Uranium Crypto Exchange Hacker
FOE
SecurityWeek
Webinar Today: Agentic AI vs. Identity’s Last Mile Problem
FOE
SANS Internet Storm Center
TeamPCP Supply Chain Campaign: Update 005 - First Confirmed Victim Disclosure, Post-Compromise Cloud Enumeration Documented, and Axios Attribution Narrows, (Wed, Apr 1st)
FRIEND
The Hacker News
Block the Prompt, Not the Work: The End of "Doctor No"
FOE
The Hacker News
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
FOE
CISA Alerts
CISA Adds One Known Exploited Vulnerability to Catalog
FOE
The Hacker News
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
FOE
The Hacker News
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
FOE
Bleeping Computer
FBI warns against using Chinese mobile apps due to privacy risks
FOE
CSO Online
WhatsApp malware campaign uses malicious VBS files to gain persistent access
FOE
The Hacker News
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
FOE
CSO Online
Hacker zielen auf Exilportal Iranwire
FOE
SANS Internet Storm Center
Malicious Script That Gets Rid of ADS, (Wed, Apr 1st)
FOE
Dark Reading
Are We Training AI Too Late?
FOE
Bleeping Computer
Google fixes fourth Chrome zero-day exploited in attacks in 2026
FOE
Schneier on Security
A Taxonomy of Cognitive Security
FOE
CSO Online
9 ways CISOs can combat AI hallucinations
FOE
CSO Online
Security awareness is not a control: Rethinking human risk in enterprise security
FOE
SecurityWeek
Axios NPM Package Breached in North Korean Supply Chain Attack
FOE
The Register (Security)
UK manufacturers under cyber fire with 80% reporting attacks
FOE
The Hacker News
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
FOE
SecurityWeek
Google Addresses Vertex Security Issues After Researchers Weaponize AI Agents
FRIEND
CSO Online
Im Fokus: IT-Leadership
FRIEND
Bleeping Computer
Google Drive ransomware detection now on by default for paying users
FOE
The Hacker News
Claude Code Source Leaked via npm Packaging Error, Anthropic Confirms
FOE
Risky Business News
Risky Bulletin: Iranian password sprays came first, then came the missiles
FRIEND
Bleeping Computer
New Windows 11 emergency update fixes preview update install issues
FRIEND
CSO Online
Attack Surface Management – ein Kaufratgeber
FOE
CSO Online
Anthropic employee error exposes Claude Code source
FOE
Bleeping Computer
Claude Code source code accidentally leaked in NPM package
FRIEND
Recorded Future Blog
Industrialization of the Fraud Ecosystem Blog