- Booking.com Hit By Data Breach13 April 2026, 6:00 pm
Booking.com says hackers accessed customer reservation data in a breach that may have exposed booking details, names, email addresses, phone numbers, addresses, and messages shared with accommodations. PCMag reports: On Sunday, users reported receiving emails from Booking.com, warning them that "unauthorized third parties may have been able to access certain booking information associated with your reservation." The email suggests the hackers have already exploited customer information.
"We re... 
- Botched IT Upgrade Ended Liquor Sales for the Entire State of Mississippi12 April 2026, 5:34 pm
Mississippi has one warehouse — run by a contractor — that sells all the liquor for the entire state of 2.9 million people. "If a restaurant or store anywhere in Mississippi wanted a bottle of Jim Beam, they had to order it from the wholesale warehouse," reports the Washington Post.
But then Mississippi's warehouse-managing contractor implemented a new computer system that wasn't compatible with the state's delivery system (like they'd promised it would be back in 2023). And then things go...
- CPUID Site Hijacked To Serve Malware Instead of HWMonitor Downloads11 April 2026, 7:00 am
Attackers briefly hijacked part of CPUID's backend and swapped legitimate download links on its site with malware-laced ones. "The issue hit tools like HWMonitor and CPU-Z, with users on Reddit and elsewhere starting to notice something wasn't right when installers tripped antivirus alerts or showed up under odd names," reports The Register. From the report: CPUID has since confirmed the breach, pinning it on a compromised backend component rather than tampering with its software builds. "Invest...
- Google Rolls Out Gmail End-To-End Encryption On Mobile Devices10 April 2026, 5:00 pm
Gmail's end-to-end encryption is now available on all Android and iOS devices, letting enterprise users send and read encrypted emails directly in the app without any extra tools. "This launch combines the highest level of privacy and data encryption with a user-friendly experience for all users, enabling simple encrypted email for all customers from small businesses to enterprises and public sector," Google announced in a blog post. BleepingComputer reports: Starting this week, encrypted messag...
- OpenAI To Limit New Model Release On Cybersecurity Fears9 April 2026, 8:00 pm
OpenAI is reportedly preparing a new cybersecurity product for a small group of partners, out of concern that a broader rollout could wreak havoc if it were released more widely. If that move sounds familiar, it's because Anthropic took a similar limited-release approach with its Mythos model and Project Glasswing initiative. Axios reports: OpenAI introduced its "Trusted Access for Cyber" pilot program in February after rolling out GPT-5.3-Codex, the company's most cyber-capable reasoning model....
- Hacker Steals 10 Petabytes of Data From China's Tianjin Supercomputer Center9 April 2026, 7:00 pm
An anonymous reader quotes a report from CNN: A hacker has allegedly stolen a massive trove of sensitive data -- including highly classified defense documents and missile schematics -- from a state-run Chinese supercomputer in what could potentially constitute the largest known heist of data from China. The dataset, which allegedly contains more than 10 petabytes of sensitive information, is believed by experts to have been obtained from the National Supercomputing Center (NSCC) in Tianjin -- a ...
- Iran-Linked Hackers Disrupted US Oil, Gas, Water Sites8 April 2026, 10:00 pm
The FBI says (PDF) Iran-linked hackers disrupted internet-connected systems used by U.S. oil, gas, and water companies. Even with the recent two-week ceasefire between Iran and the United States and Israel, hackers backing Tehran say they won't end their retaliatory cyberattacks. The Hill reports: The report warned that similar companies across the country should be aware of an increased push by hackers to take over programmable logic controller (PLC) systems, which can be used to digitally cont...
- Microsoft Abruptly Terminates VeraCrypt Account, Halting Windows Updates8 April 2026, 5:00 pm
Microsoft has apparently terminated the account VeraCrypt uses to sign its Windows drivers and bootloader, leaving the encryption project unable to publish Windows updates and throwing future releases into doubt. VeraCrypt's developer says Microsoft gave no clear explanation or warning for the move. "I didn't receive any emails from Microsoft nor any prior warnings," Mounir Idrassi, VeraCrypt's developer, told 404 Media. From the report: VeraCrypt is an open-source tool for encrypting data at re...
- Russian Government Hackers Broke Into Thousands of Home Routers To Steal Passwords8 April 2026, 3:30 am
An anonymous reader quotes a report from TechCrunch: A group of Russian government hackers have hijacked thousands of home and small business routers around the world as part of an ongoing campaign aimed at redirecting victim's internet traffic to steal their passwords and access tokens, security researchers and government authorities warned on Tuesday. [...] The hacking group targeted unpatched routers made by MikroTik and TP-Link using previously disclosed vulnerabilities according to the U.K....
- Anthropic Unveils 'Claude Mythos', Powerful AI With Major Cyber Implications7 April 2026, 10:00 pm
"Anthropic has unveiled Claude Mythos, a new AI model capable of discovering critical vulnerabilities at scale," writes Slashdot reader wiredmikey. "It's already powering Project Glasswing, a joint effort with major tech firms to secure critical software. But the same capabilities could also accelerate offensive cyber operations." SecurityWeek reports: Mythos is not an incremental improvement but a step change in performance over Anthropic's current range of frontier models: Haiku (smallest), So...
- CPUID Website Hacked to Serve Malware Through CPU-Z and HWMonitor Download Links13 April 2026, 5:51 am
Hackers accessed a secondary API on the CPUID website between April 9 at 15:00 UTC and April 10 at around 10:00 UTC.
Thank you for being a Ghacks reader. The post CPUID Website Hacked to Serve Malware Through CPU-Z and HWMonitor Download Links appeared first on gHacks....
- Linux 7.0 Released With Official Rust Support and New Code for SPARC and Alpha CPUs13 April 2026, 5:43 am
Linus Torvalds has announced the release of Linux kernel 7.
Thank you for being a Ghacks reader. The post Linux 7.0 Released With Official Rust Support and New Code for SPARC and Alpha CPUs appeared first on gHacks....
- Microsoft Simplifies Windows Insider Program to Two Channels and Ends Gradual Feature Rollouts in Beta13 April 2026, 5:38 am
Microsoft has announced updates to the Windows Insider program, streamlining its channels into two main options and giving Insiders more direct control over the
Thank you for being a Ghacks reader. The post Microsoft Simplifies Windows Insider Program to Two Channels and Ends Gradual Feature Rollouts in Beta appeared first on gHacks....
- Gemini Adds Interactive 3D Models and Simulations Directly Inside the Chat Window13 April 2026, 5:32 am
Google has introduced the ability to create interactive 3D models and functional simulations within the Gemini app.
Thank you for being a Ghacks reader. The post Gemini Adds Interactive 3D Models and Simulations Directly Inside the Chat Window appeared first on gHacks....
- Google Meet Speech Translation Rolls Out to Android and iOS Apps12 April 2026, 6:25 am
Google has started rolling out near-real-time speech translation in Google Meet for Android and iOS apps, following an earlier launch for the web version.
Thank you for being a Ghacks reader. The post Google Meet Speech Translation Rolls Out to Android and iOS Apps appeared first on gHacks....
- France Picks Linux to Replace Windows Across Government Ministries12 April 2026, 6:10 am
France's interministerial digital directorate, DINUM, has ordered government ministries to assess their reliance on outside EU technology and create exit strate
Thank you for being a Ghacks reader. The post France Picks Linux to Replace Windows Across Government Ministries appeared first on gHacks....
- Microsoft Suspends VeraCrypt, WireGuard and Windscribe Accounts, Blocking Windows Driver Updates12 April 2026, 6:01 am
Microsoft has suspended developer accounts linked to VeraCrypt, WireGuard, and Windscribe, which has cut off their access to driver signing and other Windows Ha
Thank you for being a Ghacks reader. The post Microsoft Suspends VeraCrypt, WireGuard and Windscribe Accounts, Blocking Windows Driver Updates appeared first on gHacks....
- YouTube Premium Prices Rise in the US Starting Next Month Across All Plans11 April 2026, 7:10 am
Google has started informing YouTube Premium subscribers in the United States about upcoming price increases that will take effect next month.
Thank you for being a Ghacks reader. The post YouTube Premium Prices Rise in the US Starting Next Month Across All Plans appeared first on gHacks....
- Instagram Adds Comment Editing With a 15-Minute Window After Posting11 April 2026, 7:05 am
Instagram has introduced a new feature that allows users to edit comments, a capability they have been requesting for years.
Thank you for being a Ghacks reader. The post Instagram Adds Comment Editing With a 15-Minute Window After Posting appeared first on gHacks....
- OpenAI Launches $100 Pro Subscription Tier Between Plus and the $200 Plan11 April 2026, 6:58 am
OpenAI has launched a new $100 per month Pro subscription for ChatGPT, creating a middle option between the existing $20 Plus and $200 plans.
Thank you for being a Ghacks reader. The post OpenAI Launches $100 Pro Subscription Tier Between Plus and the $200 Plan appeared first on gHacks....
- CISA Adds Seven Known Exploited Vulnerabilities to Catalog13 April 2026, 12:00 pm
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2012-1854 Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
CVE-2020-9715 Adobe Acrobat Use-After-Free Vulnerability
CVE-2023-21529 Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
CVE-2023-36424 Microsoft Windows Out-of-Bounds Read Vulnerability
CVE-2025-60710 Microsoft Windows Link Following Vulnerabi...
- GPL Odorizers GPL7509 April 2026, 12:00 pm
View CSAF
Summary
Successful exploitation of this vulnerability could allow a low privileged remote attacker to manipulate register values, which would result in too much or too little odorant being injected into a gas line.
The following versions of GPL Odorizers GPL750 are affected:
GPL750 (XL4) >=v1.0|
GPL750 (XL4 Prime) >=v4.0|
GPL750 (XL7) >=v13.0|
GPL750 (XL7 Prime) >=v18.4|
CVSS
Vendor
Equipment
Vulnerabilities
v3 8.6
GPL Odorizers
GPL Odorizers GPL750
Missing Authen...
- Contemporary Controls BASC 20T9 April 2026, 12:00 pm
View CSAF
Summary
Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the PLC, reconfigure, rename, delete, perform file transfers, and make remote procedure calls.
The following versions of Contemporary Controls BASC 20T are affected:
BASControl20 3.1 (CVE-2025-13926)
CVSS
Vendor
Equipment
Vulnerabilities
v3 9.8
Contemporary Controls Sedona Alliance
Contemporary Controls BASC 20T
Reliance on Untrusted I...
- CISA Adds One Known Exploited Vulnerability to Catalog8 April 2026, 12:00 pm
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-1340 Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living...
- Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure7 April 2026, 12:00 pm
Advisory at a Glance
Title
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
Original Publication
April 7, 2026
Executive Summary
Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity targeting internet-facing operational technology (OT) devices, including programmable logic controllers (PLCs) manufactured by Rockwell Automation/Allen-Bradley. This activity has led to PLC disruptions across seve...
- Mitsubishi Electric GENESIS64 and ICONICS Suite products7 April 2026, 12:00 pm
View CSAF
Summary
Successful exploitation of these vulnerabilities could allow a local attacker to disclose SQL Server credentials used by the affected products and use them to disclose, tamper with, or destroy data, or to cause a denial-of-service (DoS) condition on the system.
The following versions of Mitsubishi Electric GENESIS64 and ICONICS Suite products are affected:
GENESIS64 <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
ICONICS Suite <=10.97.3 (CVE-2025-14815, CVE-2025-14816)
Mobile...
- CISA Adds One Known Exploited Vulnerability to Catalog6 April 2026, 12:00 pm
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-35616 - Fortinet FortiClient EMS Improper Access Control Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living ...
- Siemens SICAM 8 Products2 April 2026, 12:00 pm
View CSAF
Summary
Multiple SICAM 8 products are affected by multiple vulnerabilities that could lead to denial of service, namely: - SICAM A8000 Device firmware - CPCI85 for CP-8031/CP-8050 - SICORE for CP-8010/CP-8012 - RTUM85 for CP-8010/CP-8012 - SICAM EGS Device firmware - CPCI85 - SICAM S8000 - SICORE - RTUM85 Siemens has released new versions for the affected products and recommends to update to the latest versions.
The following versions of Siemens SICAM 8 Products are affected:
CPCI85 C...
- CISA Adds One Known Exploited Vulnerability to Catalog2 April 2026, 12:00 pm
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
CVE-2026-3502 TrueConf Client Download of Code Without Integrity Check Vulnerability
This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV ...
- Hitachi Energy Ellipse2 April 2026, 12:00 pm
View CSAF
Summary
Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution (RCE) attack on the product. Please refer to the Recommended Immediate Actions for information about the mitigation/remediation.
The following versions of Hitachi Energy Ellipse are affected:
Ellipse vers:Ellipse/<=9.0.50 (CVE-2025-10492)
CVSS
Vendor
Equipment
Vulnerab...
- CVE-2023-364097 November 2023, 12:15 am
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability...
- CVE-2023-367696 November 2023, 11:15 pm
Microsoft OneNote Spoofing Vulnerability...
- CVE-2023-470046 November 2023, 10:15 pm
Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication....
- CVE-2023-455566 November 2023, 10:15 pm
Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component....
- CVE-2023-56056 November 2023, 9:15 pm
The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)...
- CVE-2023-56016 November 2023, 9:15 pm
The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE....
- CVE-2023-55306 November 2023, 9:15 pm
The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue...
- CVE-2023-57716 November 2023, 9:15 pm
Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.  This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions....
- CVE-2023-49306 November 2023, 9:15 pm
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled....
- CVE-2023-52286 November 2023, 9:15 pm
The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)....
- JanelaRAT Malware Targets Latin American Banks with 14,739 Attacks in Brazil in 202513 April 2026, 5:15 pm
Banks and financial institutions in Latin American countries like Brazil and Mexico have continued to be the target of a malware family called JanelaRAT.
A modified version of BX RAT, JanelaRAT is known to steal financial and cryptocurrency data associated with specific financial entities, as well as track mouse inputs, log keystrokes, take screenshots, and collect system metadata.
"One of the...
- FBI and Indonesian Police Dismantle W3LL Phishing Network Behind $20M Fraud Attempts13 April 2026, 2:46 pm
The U.S. Federal Bureau of Investigation (FBI), in partnership with the Indonesian National Police, has dismantled the infrastructure associated with a global phishing operation that leveraged an off-the-shelf toolkit called W3LL to steal thousands of victims' account credentials and attempt more than $20 million in fraud.
In tandem, authorities detained the alleged developer, who has&...
- ⚡ Weekly Recap: Fiber Optic Spying, Windows Rootkit, AI Vulnerability Hunting and More13 April 2026, 1:01 pm
Monday is back, and the weekend’s backlog of chaos is officially hitting the fan. We are tracking a critical zero-day that has been quietly living in your PDFs for months, plus some aggressive state-sponsored meddling in infrastructure that is finally coming to light. It is one of those mornings where the gap between a quiet shift and a full-blown incident response is basically...
- Your MTTD Looks Great. Your Post-Alert Gap Doesn't13 April 2026, 11:41 am
Anthropic restricted its Mythos Preview model last week after it autonomously found and exploited zero-day vulnerabilities in every major operating system and browser. Palo Alto Networks' Wendi Whitmore warned that similar capabilities are weeks or months from proliferation. CrowdStrike's 2026 Global Threat Report puts average eCrime breakout time at 29 minutes. Mandiant's M-Trends...
- North Korea's APT37 Uses Facebook Social Engineering to Deliver RokRAT Malware13 April 2026, 9:15 am
The North Korean hacking group tracked as APT37 (aka ScarCruft) has been attributed to a fresh multi-stage, social engineering campaign in which threat actors approached targets on Facebook and added them as friends on the social media platform, turning the trust-building exercise into a delivery channel for a remote access trojan called RokRAT.
"The threat actor used two Facebook...
- OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident13 April 2026, 6:50 am
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps led to the download of the malicious Axios library on March 31, but noted that no user data or internal system was compromised.
"Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found no...
- CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads12 April 2026, 5:54 am
Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT.
The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with...
- Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-3462112 April 2026, 4:25 am
Adobe has released emergency updates to fix a critical security flaw in Acrobat Reader that has come under active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2026-34621, carries a CVSS score of 8.6 out of 10.0. Successful exploitation of the flaw could allow an attacker to run malicious code on affected installations.
It has been described as...
- Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data11 April 2026, 6:02 am
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc.
The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023...
- GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs10 April 2026, 1:23 pm
Cybersecurity researchers have flagged yet another evolution of the ongoing GlassWorm campaign, which employs a new Zig dropper that's designed to stealthily infect all integrated development environments (IDEs) on a developer's machine.
The technique has been discovered in an Open VSX extension named "specstudio.code-wakatime-activity-tracker," which masquerades as WakaTime, a...
- Russia Hacked Routers to Steal Microsoft Office Tokens7 April 2026, 5:02 pm
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens from users on more than 18,000 networks without deploying any malicious software or code....
- Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab6 April 2026, 2:07 am
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and helped carry out at least 130 acts of computer sabotage and extortion against victims across the country between 2019 and 2021....
- ‘CanisterWorm’ Springs Wiper Attack Targeting Iran23 March 2026, 3:43 pm
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have Farsi set as the default language....
- Feds Disrupt IoT Botnets Behind Huge DDoS Attacks20 March 2026, 12:49 am
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three million hacked Internet of Things (IoT) devices, such as routers and web cameras. The feds say the four botnets -- named Aisuru, Kimwolf, JackSkid and Mossad -- are responsible for a series of recent record-smashing distributed denial-of-service (DDoS) attacks capable of knocking nearly any target offline....
- Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker11 March 2026, 4:20 pm
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency....
- Microsoft Patch Tuesday, March 2026 Edition11 March 2026, 12:32 am
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday....
- How AI Assistants are Moving the Security Goalposts8 March 2026, 11:35 pm
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and n...
- Who is the Kimwolf Botmaster “Dort”?28 February 2026, 12:01 pm
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher's home. This post examines wh...
- ‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA20 February 2026, 8:00 pm
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentic...
- Kimwolf Botnet Swamps Anonymity Network I2P11 February 2026, 4:08 pm
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers....
- On Anthropic’s Mythos Preview and Project Glasswing13 April 2026, 4:52 pm
The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whole slew of public domain and proprietary software, with the aim of finding and patching all the vulnerabilities before hackers get their hands on the model and exploit them.
There’s a lot here, and I ...
- AI Chatbots and Trust13 April 2026, 10:10 am
All the leading AI chatbots are sycophantic, and that’s a problem:
Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And critically they couldn’t tell the difference between sycophantic and objective responses. Both felt equally “neutral” to them.
One example from the study: when a user asked about pretending to be unemployed to a girlfriend for two years, a mode...
- Friday Squid Blogging: Squid Overfishing in the South Pacific10 April 2026, 9:03 pm
Regulation is hard:
The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a region double the size of Africa, where distant-water fleets pursue species ranging from jack mackerel to jumbo flying squid. The latter dominated this year’s talks.
Fishing for jumbo flying squid (Dosidicus gigas) has expanded rapidly over the past two decades...
- Sen. Sanders Talks to Claude About AI and Privacy10 April 2026, 10:41 am
Claude is actually pretty good on the issues....
- On Microsoft’s Lousy Cloud Security9 April 2026, 10:51 am
ProPublica has a scoop:
In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings.
The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence in assessing the system’s overall security posture,” according to an internal government report reviewed by ProPublica.
Or, as one member of the team put it: “The package is a pile of shit.”
For yea...
- Python Supply-Chain Compromise8 April 2026, 10:25 am
This is news:
A malicious supply chain compromise has been identified in the Python Package Index package litellm version 1.82.8. The published wheel contains a malicious .pth file (litellm_init.pth, 34,628 bytes) which is automatically executed by the Python interpreter on every startup, without requiring any explicit import of the litellm module.
There are a lot of really boring things we need to do to help secure all of these critical libraries: SBOMs, SLSA, SigStore. But we have to do them....
- Cybersecurity in the Age of Instant Software7 April 2026, 5:07 pm
AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet, for example—and delete it when you’re done using it than to buy one commercially. Future systems could include a mix: both traditional long-term software and ephemeral instant software that is constantly be...
- Hong Kong Police Can Force You to Reveal Your Encryption Keys7 April 2026, 9:45 am
According to a new law, the Hong Kong police can demand that you reveal the encryption keys protecting your computer, phone, hard drives, etc.—even if you are just transiting the airport.
In a security alert dated March 26, the U.S. Consulate General said that, on March 23, 2026, Hong Kong authorities changed the rules governing enforcement of the National Security Law. Under the revised framework, police can require individuals to provide passwords or other assistance to access personal elect...
- New Mexico’s Meta Ruling and Encryption6 April 2026, 7:09 pm
Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general:
If the “design choices create liability” framework seems worrying in the abstract, the New Mexico case provides a concrete example of where it leads in practice.
One of the key pieces of evidence the New Mexico attorney general used against Meta was the company’s 2023 decision to add end-to-end encryption to Facebook Messenger. The argu...
- Google Wants to Transition to Post-Quantum Cryptography by 20296 April 2026, 10:52 am
Google says that it will fully transition to post-quantum cryptography by 2029. I think this is a good move, not because I think we will have a useful quantum computer anywhere near that year, but because crypto-agility is always a good thing.
Slashdot thread....
- CSA: CISOs Should Prepare for Post-Mythos Exploit Storm13 April 2026, 9:29 pm
Security experts warn of an "AI vulnerability storm" triggered by the introduction of Anthropic's Claude Mythos in a new paper from the Cloud Security Alliance (CSA)....
- Adobe Patches Actively Exploited Zero-Day That Lingered for Months13 April 2026, 8:52 pm
An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four months....
- Empty Attestations: OT Lacks the Tools for Cryptographic Readiness13 April 2026, 7:10 pm
OT asset owners are being asked by regulators to attest to their post-quantum cryptographic readiness without the appropriate tooling, resulting in paperwork dressed up to look like genuine security....
- APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials13 April 2026, 3:08 pm
The prolific China-backed threat group is targeting AWS, Google, Azure, and Alibaba cloud environments and using typosquatting to obscure C2 communication....
- Hims Breach Exposes the Most Sensitive Kinds of PHI10 April 2026, 8:02 pm
Threat actors breached the telehealth brand, and now they may know patients' personal health details. What could they do with that information?...
- Your Next Breach Will Look Like Business as Usual10 April 2026, 7:21 pm
These are the fundamental detection model shifts cybersecurity teams need to make to keep up with the rising number of credential-based attacks....
- FINRA Launches Financial Intelligence Fusion Center to Combat Cybersecurity and Fraud Threats10 April 2026, 3:52 pm
...
- Orange Business Reimagines Enterprise Voice Communications With Trust and AI10 April 2026, 3:05 pm
...
- Industrial Controllers Still Vulnerable As Conflicts Move to Cyber10 April 2026, 1:30 pm
The US government warns programmable logic controllers are being targeted, and research turns up 179 vulnerable operational technology (OT) devices....
- Can Anthropic Keep Its Exploit-Writing AI Out of the Wrong Hands?10 April 2026, 1:00 pm
Its Mythos Preview model, which can allegedly find and exploit critical zero-days, also comes with certain controls, the vendor said....
- European Gym giant Basic-Fit data breach affects 1 million members13 April 2026, 9:50 pm
Dutch fitness giant Basic-Fit announced that hackers breached its systems and gained access to information belonging to a million of its customers. [...]...
- Stolen Rockstar Games analytics data leaked by extortion gang13 April 2026, 8:08 pm
Rockstar Games has suffered a data breach linked to a recent security incident at Anodot, with the ShinyHunters extortion gang now leaking the stolen data on its data leak site. [...]...
- Critical flaw in wolfSSL library enables forged certificate use13 April 2026, 7:56 pm
A critical vulnerability in the wolfSSL SSL/TLS library can weaken security via improper verification of the hash algorithm or its size when checking Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. [...]...
- FBI takedown of W3LL phishing service leads to developer arrest13 April 2026, 6:55 pm
The FBI Atlanta Field Office and Indonesian authorities have dismantled the "W3LL" global phishing platform, seizing infrastructure and arresting the alleged developer in what is described as the first coordinated enforcement action between the United States and Indonesia targeting a phishing kit developer. [...]...
- OpenAI rotates macOS certs after Axios attack hit code-signing workflow13 April 2026, 5:39 pm
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]...
- New Booking.com data breach forces reservation PIN resets13 April 2026, 5:30 pm
Booking.com has confirmed via a statement to BleepingComputer that it has detected unauthorized access to its systems that has exposed sensitive reservation and user data. [...]...
- Adobe rolls out emergency fix for Acrobat, Reader zero-day flaw13 April 2026, 3:37 pm
Adobe has released an emergency security update for Acrobat Reader to fix a vulnerability, tracked as CVE-2026-34621, that has been exploited in zero-day attacks since at least December. [...]...
- The silent “Storm”: New infostealer hijacks sessions, decrypts server-side13 April 2026, 2:05 pm
New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA. [...]...
- Critical Marimo pre-auth RCE flaw now under active exploitation12 April 2026, 2:20 pm
A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. [...]...
- Over 20,000 crypto fraud victims identified in international crackdown11 April 2026, 2:20 pm
An international law enforcement action led by the U.K.'s National Crime Agency (NCA) has identified over 20,000 victims of cryptocurrency fraud across Canada, the United Kingdom, and the United States. [...]...
- Student Loan Breach Exposes 2.5M Records31 August 2022, 12:57 pm
2.5 million people were affected, in a breach that could spell more trouble down the line....
- Watering Hole Attacks Push ScanBox Keylogger30 August 2022, 4:00 pm
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool....
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms29 August 2022, 2:56 pm
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system....
- Ransomware Attacks are on the Rise26 August 2022, 4:44 pm
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group....
- Cybercriminals Are Selling Access to Chinese Surveillance Cameras25 August 2022, 6:47 pm
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed....
- Twitter Whistleblower Complaint: The TL;DR Version24 August 2022, 2:17 pm
Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk....
- Firewall Bug Under Active Attack Triggers CISA Warning23 August 2022, 1:19 pm
CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP....
- Fake Reservation Links Prey on Weary Travelers22 August 2022, 1:59 pm
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels....
- iPhone Users Urged to Update to Patch 2 Zero-Days19 August 2022, 3:25 pm
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack....
- Google Patches Chrome’s Fifth Zero-Day of the Year18 August 2022, 2:31 pm
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack....
- Booking.com Says Hackers Accessed User Information13 April 2026, 2:25 pm
The online travel platform has not said how many customers’ booking information was exposed, but said the issue has been contained.
The post Booking.com Says Hackers Accessed User Information appeared first on SecurityWeek....
- BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings13 April 2026, 2:00 pm
Claims that “Microsoft is running one of the largest corporate espionage operations in modern history” face scrutiny as researchers analyze LinkedIn’s browser extension probing
The post BrowserGate: Claims of LinkedIn ‘Spying’ Clash With Security Research Findings appeared first on SecurityWeek....
- OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack13 April 2026, 12:34 pm
The AI giant is taking action after determining that a macOS code signing certificate may have been compromised.
The post OpenAI Impacted by North Korea-Linked Axios Supply Chain Hack appeared first on SecurityWeek....
- International Operation Targets Multimillion-Dollar Crypto Theft Schemes13 April 2026, 11:34 am
Law enforcement in the US, UK and Canada identified more than $45 million in cryptocurrency and froze $12 million.
The post International Operation Targets Multimillion-Dollar Crypto Theft Schemes appeared first on SecurityWeek....
- CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads13 April 2026, 10:52 am
Download links were replaced by a Russian-speaking threat actor to distribute a recently emerged malware named STX RAT.
The post CPUID Hacked to Serve Trojanized CPU-Z and HWMonitor Downloads appeared first on SecurityWeek....
- Fake Claude Website Distributes PlugX RAT13 April 2026, 9:52 am
The malware mimics the legitimate Anthropic installation, relies on DLL sideloading, and cleans up after itself.
The post Fake Claude Website Distributes PlugX RAT appeared first on SecurityWeek....
- Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users13 April 2026, 8:31 am
The feature allows enterprise users to compose and read end-to-end encrypted messages natively on their mobile devices.
The post Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users appeared first on SecurityWeek....
- Adobe Patches Reader Zero-Day Exploited for Months12 April 2026, 7:45 am
The vulnerability is tracked as CVE-2026-34621 and Adobe has confirmed that it can be exploited for arbitrary code execution.
The post Adobe Patches Reader Zero-Day Exploited for Months appeared first on SecurityWeek....
- In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack10 April 2026, 2:44 pm
Other noteworthy stories that might have slipped under the radar: Jones Day hacked, Internet Bug Bounty program paused due to AI, new Mac stealer malware.
The post In Other News: Cyberattack Stings Stryker, Windows Zero-Day, China Supercomputer Hack appeared first on SecurityWeek....
- Juniper Networks Patches Dozens of Junos OS Vulnerabilities10 April 2026, 1:44 pm
A critical-severity flaw could be exploited remotely, without authentication, to take over a vulnerable device.
The post Juniper Networks Patches Dozens of Junos OS Vulnerabilities appeared first on SecurityWeek....
- Scans for EncystPHP Webshell, (Mon, Apr 13th)13 April 2026, 1:02 pm
Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more difficult-to-guess credentials. Today, I noticed some scans for what appears to be the "EncystPHP" web shell. Fortinet wrote about this webshell back in January. It appears to be a favorite among attackers compromising vulnerable FreePBX systems.
...
- ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888, (Mon, Apr 13th)13 April 2026, 2:00 am
...
- Obfuscated JavaScript or Nothing, (Thu, Apr 9th)10 April 2026, 6:40 am
I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called âcbmjlzan.JSâ (SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as malicious by 15 AV's on VirusTotal[1].
...
- ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886, (Thu, Apr 9th)9 April 2026, 2:00 am
...
- Number Usage in Passwords: Take Two, (Thu, Apr 9th)9 April 2026, 12:58 am
In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It is often seen that years and seasons are used in passwords, especially when password change requirements include frequenty password changes. Some examples we might see today:
...
- TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory, (Wed, Apr 8th)8 April 2026, 5:15 pm
This is the seventh update to the TeamPCP supply chain campaign threat intelligence report,&#;x26;#;xc2;&#;x26;#;xa0;"When the Security Scanner Became the Weapon"&#;x26;#;xc2;&#;x26;#;xa0;(v3.0, March 25, 2026).&#;x26;#;xc2;&#;x26;#;xa0;Update 006&#;x26;#;xc2;&#;x26;#;xa0;covered developments through April 3, including the CERT-EU European Commission breach disclosure, ShinyHunters&#;x26;#;39; confirmation of credential sharing, Sportradar breach details, and ...
- More Honeypot Fingerprinting Scans, (Wed, Apr 8th)8 April 2026, 2:23 pm
One question that often comes up when I talk about honeypots: Are attackers able to figure out if they are connected to a honeypot? The answer is pretty simple: Yes!
...
- ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884, (Wed, Apr 8th)8 April 2026, 2:00 am
...
- A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)7 April 2026, 6:28 pm
Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many "arbitrary file write" and "remote code execution" vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these files keep changing and are often chosen to "fit in" with other files. Webshells themselves are also often used by parasitic attacks to compromise a server. Sadly (?), attackers are not always selecting good passwords either...
- ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882, (Tue, Apr 7th)7 April 2026, 2:00 am
...
- We let OpenClaw loose on an internal network. Here’s what it found9 April 2026, 12:50 pm
...
- The vulnerability flood is here. Here’s what it means – and how to prepare9 April 2026, 12:48 pm
...
- The vulnerability flood is here. Here’s what it means – and how to prepare9 April 2026, 12:00 am
We can't control the pace of AI-driven vulnerability discovery, but we can control how fast we respond.Categories: Sophos InsightsTags: LLM, AI, Exploit, vulnerability, Active Adversary, Pacific Rim...
- We let OpenClaw loose on an internal network. Here’s what it found9 April 2026, 12:00 am
Following our article on the challenges posed by agentic AI, we gave OpenClaw access to one of our legacy networksCategories: Threat ResearchTags: OpenClaw, LLM, AI, penetration testing, Red Team, CISO, Sophos X-Ops...
- Adobe Reader zero-day vulnerability in active exploitation9 April 2026, 12:00 am
Categories: Threat ResearchTags: advisory, vulnerability, Adobe Reader...
- Sophos Gartner Peer Insights MDR8 April 2026, 4:01 pm
...
- Is compliance complexity outpacing IT capacity?8 April 2026, 1:36 pm
...
- Is compliance complexity outpacing IT capacity?8 April 2026, 12:00 am
No matter the country, industry, or company size, IT and cybersecurity teams report a heavy regulatory load and worry about staying aligned with requirementsCategories: Products & ServicesTags: CISO, Compliance...
- Sophos named a 2026 Gartner® Peer Insights™ Customers' Choice for Managed Detection and Response3 April 2026, 12:00 am
Third consecutive time being named a Customers’ Choice for MDRCategories: Products & ServicesTags: Gartner, Gartner Peer Insights, MDR, Sophos MDR, Third-Party Reviews...
- Amazon GuardDuty enhances detection efficacy with Sophos threat intelligence2 April 2026, 12:00 am
Amazon has integrated Sophos threat intelligence into Amazon GuardDuty, expanding the breadth and accuracy of malicious threat detection for customers running workloads on Amazon Web Services (AWS).Categories: Products & ServicesTags: AWS, Sophos Intelix, amazon, Amazon GuardDuty, Sophos OEM...
- Unauthorized Plugin Installation/Activation in Hunk Companion10 December 2024, 9:03 pm
This report highlights a vulnerability in the Hunk Companion plugin < 1.9.0 that allows unauthenticated POST requests to install and activate plugins directly from the WordPress.org repository. This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution […]...
- Identifying Traffic from Shell Finder Bots1 November 2024, 11:04 pm
A shell finder is a type of reconnaissance tool that is used by threat actors to identify websites that have already been compromised and contain backdoor shells. A backdoor shell is a form of malware that is added by a threat actor after gaining unauthorized access to a website. The purpose of a backdoor shell is […]...
- Unpatched Vulnerability in TI WooCommerce Wishlist Plugin9 September 2024, 5:45 pm
A Few weeks ago an Sql Injection was discovered in the TI WooCommerce Wishlist plugin. After checking closer we found another entry point, affecting over 100,000 active installs. Despite the severity of this issue, the vendor have not yet provided a patch, leading to public disclosure. The vulnerability can be exploited by unauthenticated users, allowing […]...
- Unauthenticated Privilege Escalation in Profile-Builder plugin15 July 2024, 4:29 pm
During a routine audit of various WordPress plugins, we identified some issues in Profile Builder and Profile Builder Pro (50k+ active installs). We discovered an Unauthenticated Privilege Escalation Vulnerability which could allow attackers to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions. This vulnerability was fixed on […]...
- Object Injection vulnerability fixed in SEOPress 7.924 June 2024, 2:00 pm
During a routine audit of various WordPress plugins, we identified a few issues in SEOPress (300k+ active installs). More specifically, we discovered an authentication bug which could allow attackers to access certain protected REST API routes without having any kind of account on the targeted site. Digging deeper into what an attacker could do with this […]...
- 10 of the Best Website Security Tools to Stay Ahead of Hackers5 June 2024, 1:00 pm
Which website security tools are really necessary for your site? What to consider before investing in new software. 10 must-have tools you can’t skip....
- The 10 Best Vulnerability Scanners for Effective Web Security16 May 2024, 1:00 pm
7 factors for choosing the best vulnerability scanner. Top options compared on features, pros, cons, & pricing. 5 things that make a great scanner...
- A persistent twist in the current Malware Campaign13 May 2024, 7:12 pm
Recently while covering malware campaigns exploiting the LiteCache and WP‑Automatic WordPress plugins, we found that attackers were installing php‑everywhere, a plugin that allows users to run arbitrary PHP code in their site’s posts. This plugin was closed on April 25th per its author’s request. The reasoning behind this installation was to have persistent malware on the […]...
- Surge of JavaScript Malware in sites with vulnerable versions of LiteSpeed Cache Plugin3 May 2024, 3:01 pm
If you’ve recently encountered the admin user wpsupp‑user on your website, it means it’s being affected by this wave of infections. Identifying Contamination Signs: The malware typically injects code into critical WordPress files, often manifesting as : Or in the database, when the vulnerable version of LiteSpeed Cache is exploited : decoded version: Cleanup Procedures Identifying Malicious URLs and IPs […]...
- New Malware Campaign Targets WP-Automatic Plugin24 April 2024, 7:27 pm
A few weeks ago a critical vulnerability was discovered in the plugin WP‑Automatic. This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as attackers can exploit it to gain unauthorized access to websites, create admin‑level user accounts, upload malicious files, and potentially take full control of affected sites. The Vulnerability The vulnerability lies in […]...
- Why Your "Shadow IT" Developer Tools Are the Biggest Risk to Your Linux Systems13 April 2026, 2:42 pm
Every company has a "Shadow IT" layer''a collection of developer-built dashboards, AI workflow runners, and data-science notebooks that weren't built by the central IT team. They are the convenient tools that let your teams push features faster, train models quicker, and visualize data on the fly....
- 2027 Budget Proposal: Why CISA Funding Cuts Matter to Linux Security Teams9 April 2026, 8:51 am
When federal security budgets are cut, the data that stops hackers from breaking into your Linux servers begins to dry up....
- Microsoft Blocks Open Source Dev Accounts, Disrupting Security Pipelines9 April 2026, 8:43 am
When developer accounts are blocked, the impact is felt far beyond a single login screen. For many projects, these accounts are the access points for the entire delivery pipeline. If a maintainer is locked out, the flow of security updates stops. In a world where hackers move fast, a stalled pipeline is a massive vulnerability....
- The npm Supply Chain Problem: Why Installing Packages Executes Untrusted Code3 April 2026, 1:37 pm
Running npm install is a reflex at this point. You see a progress bar, a few hundred dependencies fly by, and the lockfile updates. You move on to the next task.But that command isn't just a file transfer. It is execution. And it runs with the same user permissions you use to check your email or push to production. The most dangerous code on a Linux system may execute before your application even starts.The recent npm supply chain attack on the Axios library showed how easily a postinstall scrip...
Like this:
Like Loading...