‘It’s the Vibe’: Court Brawl Hinges on Alleged Industrial-Scale Data Hack
Australia's property data duopoly—CoreLogic (rebranded as Cotality) and Hubexo—has entered a Federal Court showdown over alleged large‑scale data theft. Hubexo claims Corelogic used bots and third‑party affiliates to scrape over 150,000 construction project records from Hubexo’s LeadManager service between 2016 and 2020. Corelogic denies wrongdoing, arguing the data was largely public and that Hubexo cannot prove actual financial loss. The case could reshape copyright protection for databases and set a precedent for automated data extraction in a market worth roughly $400 billion USD.
New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files
Cyderes uncovered a sophisticated multi‑stage campaign that distributes new malware families—Direct‑Sys Loader and CGrabber Stealer—through ZIP files hosted on GitHub. The loader leverages DLL sideloading and direct syscalls to bypass antivirus and sandbox checks, while the stealer harvests passwords, crypto‑wallet...
Adumo Payment Tech Exposed, Hackers Offer Data for $7 000
Lesaka-owned Adumo, South Africa’s largest independent payments processor, suffered a cyber intrusion that exposed a 14‑GB technical database and source code, listed for $7,000 on a dark‑web marketplace. The breach involved 15,546 files but, according to the company, no consumer...
That Data Breach Alert Might Be a Trap
Data‑breach notifications have exploded, with over 280 million alerts sent in the U.S. last year and daily European incidents rising 22 % in 2025. Cybercriminals are exploiting this flood by sending fake breach alerts that mimic real notices, often using AI‑generated content...
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Attackers are weaponizing CVE‑2026‑39987, a pre‑auth remote code execution flaw in the Marimo Python notebook platform, to drop a blockchain‑backed NKAbuse variant. By exploiting the vulnerability within ten hours of disclosure, they gain shell access, harvest environment variables, and pivot...
Microsoft: Some Windows Servers Enter Reboot Loops After April Patches
Microsoft confirmed that certain Windows domain controllers using Privileged Access Management enter reboot loops after installing the April 2026 security update KB5082063. The LSASS crashes cause repeated restarts, disabling authentication and potentially taking the entire domain offline. Affected operating systems include...
DNB Update on Reporting of Major ICT-Related Incidents Under DORA
The Dutch Central Bank (DNB) announced changes to DORA reporting for major ICT‑related incidents, adding a validation step that checks submissions against technical requirements. Effective mid‑April 2026, institutions will receive feedback highlighting unmet criteria. Warnings can be corrected in the...
Cursor AI Vulnerability Exposed Developer Devices
Security firm Straiker uncovered a critical vulnerability, dubbed NomShub, in the Cursor AI coding assistant. The flaw combines indirect prompt injection with a sandbox‑escape that lets attackers write files and hijack the editor’s Azure‑based remote tunnel, granting persistent shell access...
Man Gets 30 Months for Selling Thousands of Hacked DraftKings Accounts
Kamerin Stokes, a 23‑year‑old from Memphis, was sentenced to 30 months in federal prison for operating a fraud shop that sold access to tens of thousands of hacked DraftKings accounts. The accounts were compromised in a November 2022 credential‑stuffing attack...
Protecting Information at Work: Actionable Strategies for All Teams
Data protection has moved beyond the IT department to become a shared responsibility across every team and workflow. Simple, low‑cost habits—such as locking screens, using strong passwords, and shredding physical documents—can dramatically lower breach risk. Clear, jargon‑free policies and a...
$15M Grinex Hack Forces Trading Halt After Major Crypto Wallet Breach
Kyrgyzstan‑based crypto exchange Grinex halted all trading after hackers breached its hot‑wallet infrastructure and stole roughly $15 million in USDT, equivalent to about 1 billion rubles. The attackers rapidly moved the stolen tokens across Ethereum and Tron, consolidating the proceeds into a...
Recently Leaked Windows Zero-Days Now Exploited in Attacks
Threat actors are actively exploiting three newly disclosed Windows vulnerabilities after researcher “Chaotic Eclipse” published proof‑of‑concept code. The flaws—BlueHammer, RedSun and UnDefend—target Microsoft Defender, enabling attackers to gain SYSTEM or elevated admin rights. Huntress Labs confirmed real‑world use of all...
Russian GRU Cyber Campaign Targets Western Logistics Firms Supporting Ukraine
A joint cybersecurity advisory has identified a sustained Russian GRU operation, attributed to Unit 26165 (APT28/Fancy Bear), that has been targeting Western logistics firms and technology providers supporting Ukraine since early 2022. The campaign leverages credential‑guessing, spear‑phishing, and weaponized CVEs such as...
Apple AirTag Tracking Can Be Misled by Replayed Bluetooth Signals
Apple’s Find My network uses Bluetooth Low Energy signals from AirTags to report locations via nearby Apple devices. Security researchers demonstrated a relay attack that captures an AirTag’s BLE advertisements, replays them from a different location, and injects false location data...
Claude Mythos Preview Demonstrates Advanced Cybersecurity Capabilities
Anthropic’s Claude Mythos Preview, released on April 7, was evaluated by the Government’s AI Security Institute (AISI). In capture‑the‑flag challenges it solved expert‑level tasks 73% of the time, the first AI to achieve that benchmark. It also completed three of ten...
SBOM for OT: Can We Actually Do It?
The piece examines how Software Bill of Materials (SBOM) can be applied to operational technology (OT) environments, where opaque firmware, strict change‑control processes, and legacy systems make transparency challenging. It argues that SBOM should be treated as an operational‑risk workflow...
Voyager and IBM Demonstrate Post-Quantum Security on the International Space Station
Voyager Space and IBM have demonstrated a post‑quantum secured link between Earth and the International Space Station using Voyager’s Space Edge™ micro‑datacenter and IBM’s Quantum Safe Remediator. The system upgrades legacy encryption through a software proxy that translates to NIST‑standardized...
Best Free Antivirus 2026: Keep Your Devices Safe With These Free Tools
Most modern PCs and Macs already include solid real‑time protection through Microsoft Defender and XProtect, but many users still seek extra layers of security. Independent testing shows AVG Free Antivirus delivering the best overall free suite, with real‑time scanning, scheduled...
How Zscaler and OpenAI Turn Zero-Trust Security Into an AI Accelerator
Zscaler has partnered with OpenAI through the Trusted Access for Cyber (TAC) program, gaining early access to the security‑tuned GPT‑5.4‑Cyber model. The firm is embedding these models into its Zero Trust Exchange, AI Red Teaming, and managed detection and response...
White House Pushes ‘Action-Oriented’ Cyber Strategy to Deter Threats
The White House unveiled an action‑oriented National Cyber Strategy aimed at deterring cyber adversaries and protecting American victims. Senior ONCD official Seth McKinnis highlighted six strategic pillars, with deterrence as the first, and emphasized the need for swift, aggressive responses. President...
Learn How to Protect Your Phone From Viruses and Other Threats
Smartphones now serve as personal, professional, and financial hubs, making them prime targets for cyber threats. A recent CNET survey found that 54% of laptop owners encountered malware in the past year, underscoring the broader risk landscape. The article outlines...
Bluesky Blames DDoS Attack for Server Outages
Bluesky reported intermittent service disruptions on April 16 after a Distributed Denial‑of‑Service (DDoS) attack began at 1:42 AM ET. The attack intensified throughout the day, affecting feeds, notifications, threads and search, and caused rolling blackouts on the platform and its status...
MCP Security: Containerization and Red Hat OpenShift Integration
Red Hat OpenShift’s container platform now serves as the recommended foundation for securing Model Context Protocol (MCP) deployments. By running MCP servers in non‑root containers with read‑only filesystems, minimal UBI base images, and dropped Linux capabilities, organizations can harden the runtime...
Friday Five — April 17, 2026
Red Hat’s latest Friday Five highlights a strategic push toward AI sovereignty, emphasizing the need for comprehensive inventories of data, infrastructure, and architecture to meet security and compliance demands. A Red Hat blog warns that advanced models like Claude Mythos can both uncover...
The AI-Driven Shift in Vulnerability Discovery: What Maintainers and Bug Finders Need to Know
AI‑powered code models are now able to locate real software vulnerabilities with minimal prompts, dramatically increasing the volume of reports to open‑source projects. The surge includes a flood of low‑impact, often invalid findings that consume hours of analyst time, while...
AI as the Defender: Reinventing Proactive Cybersecurity Through Intelligent Automation
Artificial intelligence is reshaping cybersecurity by acting as a force multiplier rather than replacing human analysts. Tenable and peers define "AI for security" as the use of machine learning to automate analysis, amplify detection and improve decision‑making, while "security for...
ZionSiphon Malware Designed to Sabotage Water Treatment Systems
Darktrace discovered ZionSiphon, a new operational‑technology malware aimed at water treatment and desalination plants, primarily in Israel. The code attempts to raise chlorine levels and hydraulic pressure, but a broken XOR‑based IP check triggers a self‑destruct routine, rendering the current...
NIST Cuts Down CVE Analysis Amid Vulnerability Overload
The National Institute of Standards and Technology announced it will scale back enrichment of its National Vulnerability Database, concentrating only on the most critical CVEs—those in CISA’s Known Exploited Vulnerabilities catalog and software used by the federal government. The change...
Dispatches From the Front Lines of Russia-Linked Cyberattacks on Europe
Sweden’s civil defence ministry has formally attributed a 2025 cyberattack on a western heating plant to a pro‑Russian group linked to Russian intelligence, marking the first public attribution of such activity to state‑aligned actors. The incident mirrors a December 2025...
DuckDuckGo VPN Audit Shows It Doesn't Track Your Activity
DuckDuckGo’s VPN has passed a third‑party no‑log audit conducted by cybersecurity firm Securitum. The audit, spanning October 2025 to January 2026, included source‑code review, deep‑dive technical inspection and live system analysis, confirming the service does not collect or retain user‑identifiable data. The...
AI Agent Delegation via MCP Has Gaps a Murderbot Could Walk Through
Anthropic’s Model Context Protocol (MCP) expands data‑sharing among AI agents, but securing those interactions remains a challenge. At the 2026 MCP Dev Summit, Gluu CEO Michael Schwartz warned that relying on a single gateway for zero‑trust is insufficient and advocated...
Despite Cease-Fire, Iran’s Hackers Haven’t Logged Off
Despite a week‑long cease‑fire announced on April 8, Iranian state‑linked hackers have kept their cyber campaign alive. They have continued targeting U.S. and Israeli entities, including a disruptive attack that temporarily shut down medical‑equipment manufacturer Stryker and the public release of...
DC3 Making Better Sense of Its Cyber Data
The Defense Department Cyber Crime Center (DC3) is widening its Defense Industrial Base Cybersecurity program, adding more prime contractors and subcontractors and boosting daily data inflows. To tame the surge, DC3 is deploying a data‑mesh fabric with metadata tagging, zero‑trust...
Inside Anjuna’s Confidential Computing Approach to Data Protection
Enterprises have long relied on encrypt‑at‑rest and in‑transit safeguards, but data in use remains vulnerable. Anjuna Security tackles this gap with confidential computing, using hardware‑based enclaves that keep data encrypted even while applications process it. Its Seaglass platform lets existing...
North Korea Uses ClickFix to Target macOS Users' Data
Microsoft Threat Intelligence uncovered a new macOS‑focused ClickFix campaign linked to the North Korean group Sapphire Sleet. The attackers pose as recruiters, schedule fake technical interviews, and convince victims to run a malicious AppleScript named “Zoom SDK Update.scpt.” The script...
McGraw-Hill Confirms Data Exposure, Hackers Claim 45M Salesforce Records Leaked
McGraw‑Hill confirmed a data exposure caused by a Salesforce misconfiguration, after extortion group ShinyHunters claimed it had accessed up to 45 million records. The company’s investigation found only a limited set of non‑sensitive data exposed on a publicly reachable webpage, not...
'Harmless' Global Adware Transforms Into an AV Killer
A threat actor operating as Dragon Boss Solutions LLC pushed a malicious update on March 22, 2025 that transformed its ad‑ware into a potent antivirus‑disabling payload. The update affected roughly 23,500 computers in 124 countries, with half of the victims...
The only Way to Fight Deepfakes Is by Making Deepfakes
Deep‑fake detection firms such as Reality Defender, Pindrop and GetReal are racing to combat AI‑generated audio, video and image fraud, a market now valued at roughly $5.5 billion. These companies train detection models by creating their own deepfakes, using a student‑teacher...
Threat Exposure Management Establishes a Risk-Driven Approach for Federal Agencies
Federal agencies are adopting Continuous Threat Exposure Management (CTEM) to shift from traditional vulnerability counting to a risk‑driven security posture. CDW’s leaders describe CTEM as a five‑stage framework—scoping, discovery, prioritization, validation, and mobilization—that ties technical findings to business impact. By...
North Korea Targets macOS Users in Latest Heist
North Korean Lazarus Group offshoot Sapphire Sleet is targeting macOS users with a fake Zoom SDK update delivered via a malicious AppleScript. The campaign begins with LinkedIn recruiter scams aimed at finance professionals, then tricks victims into running the script, which...
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic
Researchers at Cisco Talos have uncovered a new botnet, PowMix, actively targeting Czech workers since at least December 2025. The malware is delivered through phishing emails that contain a malicious ZIP file, which drops a Windows shortcut that launches a...
If You Want Into Anthropic's Claude Club, You May Have to Show ID
Anthropic is rolling out identity verification for select Claude features, using Persona Identities as its vendor. The verification prompts may appear at any time to enforce platform integrity, prevent abuse, and meet legal obligations. Anthropic assures users that identity data...
Officials Seize 53 DDoS-for-Hire Domains in Ongoing Crackdown
Authorities from 21 nations coordinated Operation PowerOFF to dismantle 53 DDoS‑for‑hire domains and seize related servers and databases. The crackdown yielded data on more than 3 million alleged criminal accounts and led to four arrests. Over 75,000 warning emails and letters...
CEO Interview: Underdark
Underdark operates in the cyber threat intelligence and dark‑web monitoring market, competing with larger firms such as Recorded Future, Digital Shadows, Flashpoint and Cyberint. While most rivals rely on AI‑assisted crawlers to collect data, Underdark’s core service is human intelligence—direct...
Delivering Reliable Connectivity And Cybersecurity On The High Seas: Inside MSP Marlink’s Approach
Marlink, a maritime‑focused managed services provider, delivers satellite connectivity and cybersecurity to oceangoing vessels despite tight budgets that often hover around $100‑$200 per month. The company leverages an "exchange platform" that aggregates Inmarsat, OneWeb, Starlink, SES and Iridium links, providing...
Google Cloud Storage Weaponized for Clandestine Remcos RAT Delivery
Threat actors are weaponizing Google Cloud Storage to host phishing pages that silently deliver the Remcos remote‑access trojan. Emails direct victims to fake Google Drive login screens on the legitimate storage.googleapis.com domain, harvesting credentials and deploying a JavaScript loader. The...
Extensive MuddyWater-Like Attack Campaign Against Middle Eastern Critical Infrastructure Detailed
A threat group mirroring Iran‑backed MuddyWater launched a large‑scale campaign against Middle Eastern critical‑infrastructure entities beginning in February. Exploiting five vulnerabilities—including SmarterMail (CVE‑2025‑52691) and Langflow (CVE‑2025‑34291)—the actors breached more than 12,000 internet‑exposed systems and used brute‑force attacks on Outlook Web...
AISLE’s Open Analyzer — Finding and Fixing Vulnerabilities without Gated Frontier Models
AISLE unveiled Open Analyzer, an open‑source vulnerability scanner that leverages small, free LLMs instead of gated frontier models. The tool aims to provide a reliable source of truth by cutting false positives and negatives that plague traditional scanners. AISLE claims...
Cinia Taps Nokia for DDoS Protection of Critical Infrastructure
Cinia announced a new managed security service that leverages Nokia’s Deepfield Defender to provide 24/7 DDoS protection for its critical infrastructure networks. The AI‑based solution embeds detection and mitigation directly into the transport layer, giving Finnish customers real‑time threat awareness....
APK Malformation Found in Thousands of Android Malware Samples
Researchers at Cleafy have identified a surge in Android Package (APK) malformation, an evasion technique now present in more than 3,000 malware samples across families such as Teabot, TrickMo, Godfather and SpyNote. By deliberately corrupting APK structures—creating mismatched headers, unsupported...