Hackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vulnerable servers. Qinglong is a self-hosted task management platform…
Finance company stores DB credentials in helpfully labeled spreadsheet
Great idea, guys. Let’s keep all of the data in an Excel file with weak password protection PWNED Welcome, once again, to PWNED, the weekly column where we recount the adventures of IT explorers who found their own pile of…
Large-scale Roblox hacking operation shut down by Ukrainian authorities
Ukrainian police arrested three hackers who hijacked 610,000 Roblox accounts and sold them for $225,000 in profit. Police in Ukraine arrested three suspects accused of hacking over 610,000 Roblox accounts and selling them for about $225,000. Officers carried out multiple…
Identity Continuity for Epic EHR
TL;DR Strata Maverics sits between Epic and your identity providers, so Epic never has to change when they do. Microsoft Entra ID runs as primary. Keycloak runs as a warm secondary. Failover takes seconds. Clinical sessions and backend JWT integrations…
Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals
Bad Bots in the Agentic Age: What the 2026 Thales Bad Bot Report Reveals josh.pearson@t… Thu, 04/30/2026 – 07:31 The modern internet is becoming less human by the day. Bot traffic is increasing, and human traffic is shrinking. Malicious automated…
Chinese Regulators Suspend Robotaxi Licences After Incident
Regulators in China reportedly halt new robotaxi licences, after incident in which more than 100 cars halted in busy Wuhan city streets This article has been indexed from Silicon UK Read the original article: Chinese Regulators Suspend Robotaxi Licences After…
9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access
Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algif_aead to stay secure. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
cPanel 0-Day Authentication Bypass Vulnerability Actively Exploited in the Wild — PoC Released
A critical authentication bypass vulnerability in cPanel & WHM has been confirmed to be actively exploited in the wild, sending shockwaves through the global web hosting industry. The flaw, tracked as CVE-2026-41940, allows unauthenticated attackers to bypass login mechanisms entirely,…
Europol Busts €50 Million Online Fraud Network Running Corporate-Style Scam Call Centres
A major international law enforcement operation has brought down a large-scale online fraud network that stole more than EUR 50 million from victims across Europe and beyond. Austrian and Albanian authorities, backed by Europol and Eurojust, carried out a coordinated…
SonicWall SonicOS Vulnerabilities Allow Attackers to Bypass Access Controls and Crash Firewall
SonicWall has released a security advisory addressing three vulnerabilities in its SonicOS software. Discovered by the Advanced Research Team at CrowdStrike, these flaws could allow attackers to bypass access controls, reach restricted services, or cause a denial-of-service condition by crashing…
New EtherRAT Variant Uses Trojanized Tftpd64 Installer to Bridge Web2 Malware and Web3 Theft
A new and more dangerous type of malware is quietly targeting Windows users by hiding inside a trusted software installer. Cybercriminals have combined traditional malware tactics with cryptocurrency theft, creating a threat that is harder to detect and far more…
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems. “The vulnerability allowed an unprivileged…
Roblox hackers arrested, Microsoft 0-day falls short, Dubai scam takedown
Hackers arrested for selling Roblox accounts Microsoft’s patch for a 0-day falls short US & China partner on Dubai scam takedown Get the show notes here: https://cisoseries.com/cybersecurity-news-roblox-hackers-arrested-microsoft-0-day-falls-short-dubai-scam-takedown/ Thanks to our episode sponsor, Guardsqaure AI is speeding up development, but at…
IT Security News Hourly Summary 2026-04-30 09h : 5 posts
5 posts were published in the last hour 7:4 : O2 Looks To Boost Sunderland 5G Service 7:4 : Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India 7:4 : A photon was teleported across…
O2 Looks To Boost Sunderland 5G Service
O2, Cornerstone apply to add more 5G antennas to rooftop base station at Sunderland Telephone Exchange to boost capacity This article has been indexed from Silicon UK Read the original article: O2 Looks To Boost Sunderland 5G Service
Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India
The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor. This article has been indexed from Securelist Read the original article: Silver Fox uses the new ABCDoor…
A photon was teleported across 270 meters in stunning quantum breakthrough
Scientists have pulled off a first: teleporting a photon’s state between two separate quantum dots. This was done over a 270-meter open-air link, proving quantum information can travel between independent devices. The achievement marks a key step toward building quantum…
Identity Access Management Strategy for Non-Human Identities
Build an identity and access management strategy for non-human identities. Secure service accounts, workloads, and machine identities in the cloud. The post Identity Access Management Strategy for Non-Human Identities appeared first on Security Boulevard. This article has been indexed from…
Ukrainian Police Arrest Three Hackers Who Compromised 610,000 Roblox Accounts and Sold Them for $225,000
Ukrainian police in Lviv have arrested three people aged 19, 21, and 22 for hacking more than 610,000 Roblox accounts between October 2025 and January 2026. Thank you for being a Ghacks reader. The post Ukrainian Police Arrest Three Hackers…
Compromised SAP npm Packages Found Harvesting Developer and CI/CD Secrets
Security researchers have identified a severe supply chain attack targeting the SAP developer ecosystem. A threat group identified as TeamPCP has compromised multiple legitimate SAP npm packages in a new campaign named Mini Shai Hulud. The operation relies on injecting…
SOC 2 Type 2 mapping to Secure SDLC Requirements
We started to talk about the SOC2 Type 2 certification and I feel that we neglected it a bit. I wrote a bit about SDLC, Secure SDLC in particular, but now it is time to bring them together. SOC 2…
Cursor AI Extension Access Developer Tokens Leads to Full Credential Compromise
A high-severity access-control vulnerability (CVSS 8.2) in Cursor, a widely used AI-powered coding environment. The flaw uncovered by LayerX has allowed any installed extension to access a developer’s API keys and session tokens secretly. This results in total credential compromise…
Security Researchers Uncover QEMU-Powered Evasion in Payouts King Ransomware
Several recent incidents of ransomware activity attributed to the Payouts King operation have highlighted a systematic shift toward virtualization-assisted intrusions, with attackers embedding QEMU as an execution layer within compromised systems. QEMU instances can be configured as reverse SSH…
ProFTPD SQL Injection Flaw Opens Door To Remote Code Execution Attacks
A newly disclosed flaw in ProFTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-42167, the issue…