A large-scale malware distribution campaign has been uncovered involving 109 fake GitHub repositories that were used to trick users into downloading two dangerous malware tools named SmartLoader and StealC. The campaign was carefully built around cloned versions of legitimate open-source…
EN, SentinelLabs - We are hunters, reversers, exploit developers, and tinkerers shedding light on the world of malware, exploits, APTs, and cybercrime across all platforms.
LABScon25 Replay | Are Your Chinese Cameras Spying For You Or On You?
Marc Rogers and Silas Cutler expose how cheap smart home devices conceal a shadow supply chain of shell companies, firmware flaws, and foreign data routing. This article has been indexed from SentinelLabs – We are hunters, reversers, exploit developers, and…
Anthropic’s super-scary bug hunting model Mythos is shaping up to be a nothingburger
And that unauthorized access? ‘A nothing burger,’ hacking startup CEO tells El Reg Anthropic’s Mythos model is purportedly so good at finding vulnerabilities that the Claude-maker is afraid to make it available to the general public for fear that criminals…
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener
IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document lures targeting Chinese-speaking individuals. Our analysis of this sample uncovered a campaign leveraging a multi-stage attack chain where a trojanized SumatraPDF reader deploys an AdaptixC2 Beacon…
IT Security News Hourly Summary 2026-04-23 00h : 5 posts
5 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-04-22 21:32 : Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed 21:31 : Trump’s CISA director pick withdraws after tumultuous nomination 21:11 : CISA Adds…
IT Security News Daily Summary 2026-04-22
195 posts were published in the last hour 21:32 : Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed 21:31 : Trump’s CISA director pick withdraws after tumultuous nomination 21:11 : CISA Adds One Known Exploited Vulnerability to Catalog 21:11 :…
Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed
More than 1,300 internet-exposed SharePoint servers remain unpatched against CVE-2026-32201, a spoofing flaw Microsoft says was exploited as a zero-day. The post Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed appeared first on TechRepublic. This article has been indexed from…
Trump’s CISA director pick withdraws after tumultuous nomination
CISA has been without a permanent director for more than a year, imperiling its efforts to establish a strategic direction. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: Trump’s CISA director pick…
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-33825 Microsoft Defender Insufficient Granularity of Access Control Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber…
Malicious Google Ads Target Crypto Users With Wallet Drainers and Seed Phrase Theft
Cybercriminals are now using Google’s own advertising platform to steal cryptocurrency from unsuspecting users. They place fake ads that look exactly like real links to popular crypto applications, and when users click on them, they land on websites designed to…
Google’s Workspace Intelligence promises privacy while running on your data
Security and data governance are among the key considerations in Google’s latest AI update, which introduces Workspace Intelligence within Google Workspace. Google describes the feature as “a secure, dynamic system that inherently understands complex semantic relationships within your Workspace apps…
France confirms data breach at government agency that manages citizens’ IDs
The French government agency that issues and manages national IDs, passports, and other documents announced that hackers stole the personal information of an unspecified number of citizens. This article has been indexed from Security News | TechCrunch Read the original…
Microsoft Warns Jasper Sleet Uses Fake IT Worker Identities to Infiltrate Cloud Environments
A North Korea-linked threat group is quietly getting hired by real companies. Jasper Sleet, a threat actor tied to North Korea, has been building fake professional identities and using them to land legitimate remote IT jobs, giving them direct access…
Hackers Use Lotus Wiper to Destroy Drives and Delete Files in Energy Sector Attack
A newly discovered malware called Lotus Wiper has been used in a targeted destructive attack against the energy and utilities sector in Venezuela. Unlike ransomware, this threat does not ask for money or lock files for a ransom payment. Instead,…
Cybercriminals Exploit French Fintech Accounts to Move Stolen Money Before Detection
Organized fraud networks are now using a new method to move stolen money in France. They create fake business accounts on freelancer fintech platforms and use those accounts as mule accounts to launder funds quickly, often before anyone can trace…
The Invisible Threat: Business Logic Flaws in Modern Applications and Why Scanners Miss Them
In today’s security landscape, some of the most dangerous vulnerabilities aren’t flagged by automated scanners at all. These are the business logic flaws: subtle mistakes in an application’s design or workflow that malicious actors can exploit by doing the unexpected.…
Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure
In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security. Attackers compromised the Aqua Security repository, force-pushed malicious binaries, and poisoned…
[un]prompted 2026 – macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents
Author, Creator & Presenter: Olivia Gallucci, Security Engineer, Datadog Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink The post [un]prompted 2026 – macOS Vulnerability…
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic. This article has been…
Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like
Vonage’s partnership with Girls Who Code is more than feel-good philanthropy; it’s a blueprint for building diverse AI talent pipelines. The post Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like appeared first on TechRepublic. This article has been…
Apple fixes bug that cops used to extract deleted chat messages from iPhones
The iPhone and iPad bug allowed law enforcement using forensic tools to read messages that had long been deleted by the Signal app. This article has been indexed from Security News | TechCrunch Read the original article: Apple fixes bug…
Cyberattack on French government agency triggers phishing alert
France Titres, a French government agency, has disclosed a data breach that may have exposed user data from its online portal. France Titres, also known as the Agence nationale des titres sécurisés (ANTS), operates under the French Ministry of the…
A Poisoned Xinference Package Targets AI Inference Servers
Three poisoned xinference releases on PyPI target AI infrastructure credentials. The post A Poisoned Xinference Package Targets AI Inference Servers appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: A Poisoned Xinference…
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Last week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The…