IT Security News Daily Summary 2026-04-21

171 posts were published in the last hour

• 21:31 : Two MDO field reports every IT security lead should read
• 21:7 : Ransomware negotiator caught secretly assisting BlackCat extortion scheme
• 20:32 : Thunderbird 150 arrives with encrypted message search and OpenPGP improvements
• 20:31 : Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide
• 20:13 : SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation
• 19:35 : Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox
• 19:35 : [un]prompted 2026 – 200 Bugs/Week/Engineer: How We Rebuilt Trail Of Bits Around Al
• 19:9 : CVE-2025-29635: Mirai Campaign Targets D-Link Devices
• 19:9 : Mozilla Used Anthropic’s Mythos to Find and Fix 151 Bugs in Firefox
• 19:9 : North Korea’s Lazarus APT stole $290M from Kelp DAO
• 19:9 : Iran Alleges US Networking Gear Was Deliberately Disabled
• 19:5 : IT Security News Hourly Summary 2026-04-21 21h : 6 posts
• 18:36 : 130K Users Compromised by StealTok Campaign That Uses Fake TikTok Downloaders
• 18:36 : VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes
• 18:7 : Microsoft Vulnerabilities Drop, But Critical Flaws Double, Report Warns
• 18:7 : The DevOps Security Paradox: Why Faster Delivery Often Creates More Risk
• 18:7 : The Attack Runs Itself: What Agentic AI Fraud Actually Looks Like
• 18:7 : Critical SGLang Vulnerability Allows Remote Code Execution via Malicious AI Model Files
• 17:38 : Microsoft Vulnerabilities Hit Record High, Critical Flaws Decline, Report Find
• 17:38 : More Cisco SD-WAN bugs battered in attacks
• 17:38 : Siemens Analytics Toolkit
• 17:38 : SenseLive X3050
• 17:38 : Siemens TPM 2.0
• 17:38 : Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
• 17:38 : Silex Technology SD-330AC and AMC Manager
• 17:38 : 22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
• 17:14 : Seceon Recognized in the 2026 Gartner® “Voice of the Customer” Report for Security Information and Event Management
• 17:13 : ShinyHunters: SaaS Breaches & Identity Risks (2026)
• 16:34 : Meta Is Sued Over Scam Ads on Facebook and Instagram
• 16:34 : New PureRAT Campaign Hides PE Payloads in PNG Files and Executes Them Filelessly
• 16:34 : New NGate Malware Developed Using AI Hides in NFC Payment Apps
• 16:34 : Where Most SOCs Stall: Building SOC Maturity with Threat Intelligence Feeds
• 16:34 : Detection strategies across cloud and identities against infiltrating IT workers
• 16:7 : Ransomware negotiator pleads guilty to helping ransomware gang
• 16:7 : Forescout Uncovers New Security Risks in Widely Used Industrial Networking Devices
• 16:7 : Bridewell Among First to Achieve Level 2 Defence Cyber Certification
• 16:7 : macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets
• 16:7 : 22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters
• 16:7 : Trojanized Android App Fuels New Wave of NFC Fraud
• 16:7 : Big banks seek to ease security worries as AI push accelerates
• 16:7 : CISA urges security teams to view environments following axios compromise
• 16:5 : IT Security News Hourly Summary 2026-04-21 18h : 13 posts
• 15:34 : Scaling Your Media Workloads: Introducing Akamai’s New 8-Card VPU Plan
• 15:34 : [un]prompted 2026 – Gadi Evron On Behalf Of Zenity – PleaseFix
• 15:34 : Ransomware negotiator admits role in attacks he was hired to resolve
• 15:34 : Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023
• 15:34 : CISA confirms exploitation of 3 more Cisco networking device vulnerabilities
• 15:12 : Delta Sharing vs Traditional Data Exchange: Secure Collaboration at Scale
• 15:12 : ‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
• 15:12 : 6000+ Apache ActiveMQ Instances Vulnerable to CVE-2026-34197 Exposed Online
• 15:12 : CISA Warns of Cisco Catalyst SD-WAN Manager Vulnerabilities Exploited in Attacks
• 15:12 : Hackers Abuse GitHub Issue Notifications to Phish Developers Through Malicious OAuth Apps
• 15:12 : Third US Security Expert Admits Helping Ransomware Gang
• 15:12 : Sonatype Innovate: Real Peer Connections, Real Product Influence, Real Recognition
• 15:12 : ChipSoft Ransomware Attack Disrupts Dutch Healthcare Systems and HiX EHR Services
• 14:34 : Why you see targeted ads online after an IRL conversation
• 14:34 : Fake Google Antigravity downloads are stealing accounts in minutes
• 14:34 : Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords
• 14:34 : Dozens of Malicious Crypto Apps Land in Apple App Store
• 14:34 : BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation
• 14:34 : From Demo to Deployment Why AI Projects Struggle to Scale
• 14:34 : Apple Scam Targets Millions of iPhone Users
• 14:34 : Cyber Briefing: 2026.04.21
• 14:5 : The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities
• 14:5 : Database Change Governance: Reduce Audit Prep Time From Weeks to Hours | Liquibase Secure
• 14:5 : 5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time
• 14:5 : The Gentlemen Ransomware Expands With Rapid Affiliate Growth
• 13:34 : AI Finds Every Gap: How Many Can Your Network Survive?
• 13:34 : Real Apple notifications are being used to drive tech support scams
• 13:34 : Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency
• 13:5 : IT Security News Hourly Summary 2026-04-21 15h : 30 posts
• 13:4 : Automating Threat Detection Using Python, Kafka, and Real-Time Log Processing
• 13:4 : Beyond awareness: Human risk management metrics for CISOs
• 13:4 : Unsecured Perforce Servers Expose Sensitive Data From Major Orgs
• 13:3 : DLP That Doesn’t Make You Choose: Introducing Menlo AI Adaptive DLP – Blog | Menlo Security
• 13:3 : Silobreaker Mimir adds agentic AI to intelligence workflows with governance and transparency
• 13:3 : Ivanti Neurons AI automates IT operations, reducing manual work and security risk
• 13:3 : Unchecked AI Agents Cause Cybersecurity Incidents at Two Thirds of Firms
• 12:35 : [Podcast] It’s not you, it’s your printer: State-sponsored and phishing threats in 2025
• 12:35 : Hackers Could Weaponize GGUF Models to Achieve RCE on SGLang Inference Servers
• 12:35 : 12 Browser Extensions Mimic as TikTok Video Downloaders Compromised 130k Users
• 12:35 : AI-Powered Exploitation May Collapse the Patch Window for Defenders
• 12:35 : Gentlemen RaaS Attacking Windows, Linux With additional locker written in C for ESXi
• 12:35 : Hackers Use Nightmare-Eclipse Tools After Compromising FortiGate SSL VPN Access
• 12:34 : AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account
• 12:34 : Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMaster
• 12:34 : OpenAI’s Chronicle feature lets Codex read your screen, raising privacy concerns
• 12:34 : ServiceNow acquires Armis for $7.75bn
• 12:34 : PlayStation age-gating in UK
• 12:34 : Poste Italiane Fined €12.5M for Data Violations
• 12:34 : AdvaMed Cybersecurity Summit
• 12:34 : Free Summer Cyber and AI Experience Camps
• 12:12 : Phishing and MFA exploitation: Targeting the keys to the kingdom
• 12:11 : Threat Intel Scraping Without Burning Your Cover or Your Stack
• 12:11 : AI-Powered NGate Malware Evades Detection Inside NFC Payment Apps
• 12:11 : Heimdal Expands AI Strategy with AI Wingman and Third-Party AI Containment
• 12:11 : Crook claims to leak ‘video surveillance footage’ of companies
• 12:11 : AI Policy in 2026: The Missing Link Between AI Ambition and Execution
• 12:11 : Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution
• 12:11 : NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs
• 12:11 : No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks
• 11:32 : Claude Code, Gemini CLI, and GitHub Copilot Exposed to Prompt Injection via GitHub Comments
• 11:32 : Mexican Surveillance Company
• 11:32 : Data Breaches at Healthcare Organizations in Illinois and Texas Affect 600,000
• 11:32 : Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities
• 11:31 : CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133)
• 11:13 : The US NSA is using Anthropic’s Claude Mythos despite supply chain risk
• 11:13 : Android 17 ends all-or-nothing access to your contacts
• 11:13 : Met police trials snoop tech platform in push to cuff more London shoplifters
• 10:32 : Microsoft spots Sapphire Sleet macOS attack using AppleScript and social engineering
• 10:32 : Apache Syncope RCE Vulnerability Detailed After Public Exploit Code Release
• 10:32 : $290 Million Kelp DAO Crypto Heist Blamed on North Korea
• 10:12 : Bad Apples: Weaponizing native macOS primitives for movement and execution
• 10:11 : Amazon To Invest $5bn In Anthropic In Infrastructure Deal
• 10:11 : They Built a Legendary Privacy Tool. Now They’re Sworn Enemies
• 10:11 : U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog
• 10:11 : SideWinder Uses Fake Chrome PDF Viewer and Zimbra Clone to Steal Government Webmail Credentials
• 10:11 : Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via GitHub Comments
• 10:5 : IT Security News Hourly Summary 2026-04-21 12h : 9 posts
• 9:34 : Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
• 9:34 : Tim Cook To Step Down As Apple Chief
• 9:34 : Grinex crypto exchange shuts down, blames Western agencies for $13.7M breach
• 9:34 : PureRAT Hides PE Payloads in PNGs for Fileless Execution
• 9:34 : A single platform powers SIM farm proxy networks across 17 countries
• 9:34 : Vercel Confirms Cyber Incident After Sophisticated Attacker Exploits Third‑Party Tool
• 9:7 : NI School IT System Restored After Hack
• 9:7 : Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
• 9:7 : NGate NFC malware targets Android users through trojanized payment app
• 8:32 : UK Man Pleads Guilty To Crypto Theft
• 8:32 : North Korean Blamed for $290m KelpDAO Crypto Heist
• 8:32 : Claude Desktop Silently Installs Browser Extension Files for Browsers Not Installed
• 8:14 : Broadband Restored In Orkney Islands After Fibre Repairs
• 8:14 : Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
• 8:14 : Panasonic creates device-locked QR codes to speed facial biometric capture
• 8:14 : What Makes Credential Stuffing Difficult to Detect?
• 8:14 : Vercel breach, ZionSiphon targets water infrastructure, Bluesky DDoS
• 7:32 : A .WAV With A Payload, (Tue, Apr 21st)
• 7:32 : How to Develop a Risk Management Framework
• 7:32 : Shropshire MPs Complain Over Fibre Delays
• 7:32 : CISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security Flaws
• 7:32 : GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers
• 7:5 : Government To Ban Phones In English Schools
• 7:5 : Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker
• 7:5 : IT Security News Hourly Summary 2026-04-21 09h : 6 posts
• 7:5 : 6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197
• 7:4 : CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
• 6:34 : The 7 Top AI SOC Platforms to Watch in 2026
• 6:34 : Iran claims US used backdoors to knock out networking equipment during war
• 6:34 : Manhattan DA Bragg Pushes Meta to Put a Stop to Immigration Scams
• 6:7 : 12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K Users
• 6:7 : What the ransom note won’t say
• 5:36 : Malicious GGUF Models Could Trigger Remote Code Execution on SGLang Servers
• 5:36 : AI-Driven Exploitation Could Shrink Defenders’ Patch Window
• 5:36 : Cybersecurity jobs available right now: April 21, 2026
• 5:36 : Researchers build an encrypted routing layer for private AI inference
• 5:9 : Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects
• 5:9 : SideWinder Spoofs Chrome PDF Viewer, Zimbra to Steal Government Webmail Logins
• 5:9 : CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack
• 4:36 : Critical Gardyn Smart Gardens Vulnerabilities Let Attackers Control Devices Remotely
• 4:36 : British National Admits Hacking Companies and Stealing Millions in Virtual Currency
• 4:36 : iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code Execution
• 4:36 : PoC Exploit Released for Windows Snipping Tool NTLM Hash Leak Vulnerability
• 4:5 : IT Security News Hourly Summary 2026-04-21 06h : 1 posts
• 3:7 : Critical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks
• 2:34 : ML-Based Anomaly Detection for Post-Quantum Metadata Exfiltration
• 2:9 : ISC Stormcast For Tuesday, April 21st, 2026 https://isc.sans.edu/podcastdetail/9900, (Tue, Apr 21st)
• 1:34 : Why We Actually Need End-to-End Encryption
• 1:34 : AI-Powered Risk Registers vs. Traditional Risk Management: What’s the Difference?
• 23:37 : Vibe coding upstart Lovable denies data leak, cites ‘intentional behavior,’ then throws HackerOne under the bus
• 22:5 : IT Security News Hourly Summary 2026-04-21 00h : 7 posts
• 21:55 : IT Security News Daily Summary 2026-04-20