The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding two actively exploited vulnerabilities in SimpleHelp remote support software. Remote access tools are highly valued targets for cybercriminals because they provide direct pathways into corporate networks. When…
New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions
PhantomRPC, a newly identified architectural vulnerability in Windows Remote Procedure Call (RPC) that enables local privilege escalation to SYSTEM-level access, potentially affecting every version of Windows. The research was presented by Kaspersky application security specialist Haidar Kabibo at Black Hat…
IT Security News Hourly Summary 2026-04-25 21h : 1 posts
1 posts were published in the last hour 18:15 : Bengaluru Businessman Duped of Rs 15.45 Crore in Fake CBI ‘Digital Arrest’ Scam
Bengaluru Businessman Duped of Rs 15.45 Crore in Fake CBI ‘Digital Arrest’ Scam
A Bengaluru businessman, Ajit Gopalakrishna Saraf from Belagavi, fell victim to a sophisticated cyber fraud orchestrated by imposters posing as Central Bureau of Investigation (CBI) officials, resulting in a staggering loss of Rs 15.45 crore. The scam unfolded through…
New “optical tornado” technology could transform quantum communication
Scientists have created tiny “optical tornadoes” — swirling beams of light that twist like miniature whirlwinds — using a surprisingly simple setup based on liquid crystals. Instead of relying on complex nanotechnology, the team used self-organizing structures called torons to…
Claude AI Agents Close 186 Deals in Anthropic’s Marketplace Experiment
Anthropic’s “Project Deal” has demonstrated that AI agents can autonomously negotiate and close real-world transactions, but the experiment also surfaced a quiet, troubling asymmetry: not all AI representations are created equal. In December 2025, Anthropic transformed its San Francisco office…
[un]prompted 2026 – Securing Workspace GenAl At Google Speed
Author, Creator & Presenter: Nicolas Lidzborski, Principal Engineer At Google Workspace Security Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink The post [un]prompted 2026…
IT Security News Hourly Summary 2026-04-25 18h : 2 posts
2 posts were published in the last hour 16:2 : Supplier assurance for UK SMEs: a practical guide to checking third parties without overcomplicating it 15:11 : Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)
Supplier assurance for UK SMEs: a practical guide to checking third parties without overcomplicating it
Supplier assurance for UK SMEs: a practical guide to checking third parties without overcomplicating it Most UK SMEs rely on suppliers in some way. That might be payroll software, a managed IT provider, a marketing agency, a logistics partner, or…
Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)
Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2026-3844 (CVSS score of 9.8), in the Breeze Cache WordPress plugin, allowing them…
Physical AI Talent War Drives Salaries Surge Across Robotics And Autonomous Vehicle Industry
Salaries climb fast as demand surges for experts who blend AI know-how with hands-on hardware skills. Firms in robotics, military tech, and self-operating machines now pay between three hundred thousand and five hundred thousand dollars just to attract top…
IT Security News Hourly Summary 2026-04-25 15h : 2 posts
2 posts were published in the last hour 12:9 : GPT‑5.5 Bio Bug Bounty to Strengthen Advanced AI Capabilities 12:9 : Best of the Worst: Five Attacks That Looked Broken (and Worked)
GPT‑5.5 Bio Bug Bounty to Strengthen Advanced AI Capabilities
OpenAI has announced a new Bio Bug Bounty program for GPT-5.5 as part of its efforts to improve safety controls for advanced AI systems and to address misuse in biology. The initiative invites qualified researchers to test whether GPT-5.5 can…
Best of the Worst: Five Attacks That Looked Broken (and Worked)
I skipped last week’s roundup. Holiday weekend, family stuff, the usual. So this is a two-week-ish view of what we’ve published in the Threat Intelligence series since Edition 03 dropped on April 13. The post Best of the Worst: Five…
Fake CAPTCHA Scam Abuses Verification Clicks to Send Costly International Texts
Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
IRDAI 2026 Cybersecurity Guidelines for Insurance Companies
The Insurance Regulatory and Development Authority of India (IRDAI) has introduced significant amendments to its cybersecurity guidelines in 2026, marking a shift from static compliance to continuous cyber resilience. For insurers, IRDAI compliance is no longer just about implementing baseline…
China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks
Dubbed GopherWhisper, the group relies on multiple Go-based backdoors alongside custom loaders and injectors. The post China-Linked APT GopherWhisper Abuses Legitimate Services in Government Attacks appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos
Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more. This article has been indexed from Security Latest Read the…
IT Security News Hourly Summary 2026-04-25 12h : 3 posts
3 posts were published in the last hour 9:32 : Crime crew impersonates help desk, abuses Microsoft Teams to steal your data 9:32 : Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software 9:9 : Uffizi Cyber Incident Serves as a…
Crime crew impersonates help desk, abuses Microsoft Teams to steal your data
Coming in cold with custom Snow malware A previously unknown threat group using tried-and-tested social engineering tactics – Microsoft Teams chat invitations and helpdesk staff impersonation – is also using custom malware in its data-stealing attacks, according to Google’s Threat…
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges. According to a new report published by SentinelOne, the previously undocumented cyber sabotage…
Uffizi Cyber Incident Serves as a Warning for Europe’s Cultural Sector
The cyber intrusion at the Uffizi Galleries in early 2026 has quickly evolved from an isolated security lapse into a case study of systemic digital exposure within Europe’s cultural infrastructure. One of the continent’s most prestigious custodians of artistic…
Hackers Can Abuse Entra Agent ID Administrator Role to Hijack Service Principals
A critical scope overreach vulnerability was recently identified in the Microsoft Entra Agent Identity Platform. The newly introduced Agent ID Administrator role allowed accounts to hijack arbitrary service principals and escalate privileges across the entire tenant. Microsoft has fully patched…
10 Warning Signs Your Current Authentication Stack Is a Breach Waiting to Happen
Run a quick self-audit against 10 warning signs that your authentication stack has critical vulnerabilities. Each sign includes a diagnostic check, an explanation of why it’s dangerous, and a concrete fix. Covers SMS OTP risk, bot detection gaps, session management…