IT Security News Daily Summary 2026-04-22

195 posts were published in the last hour

• 21:32 : Microsoft Patch Still Leaves 1,300 SharePoint Servers Exposed
• 21:31 : Trump’s CISA director pick withdraws after tumultuous nomination
• 21:11 : CISA Adds One Known Exploited Vulnerability to Catalog
• 21:11 : Malicious Google Ads Target Crypto Users With Wallet Drainers and Seed Phrase Theft
• 20:36 : Google’s Workspace Intelligence promises privacy while running on your data
• 20:11 : France confirms data breach at government agency that manages citizens’ IDs
• 20:11 : Microsoft Warns Jasper Sleet Uses Fake IT Worker Identities to Infiltrate Cloud Environments
• 20:11 : Hackers Use Lotus Wiper to Destroy Drives and Delete Files in Energy Sector Attack
• 20:11 : Cybercriminals Exploit French Fintech Accounts to Move Stolen Money Before Detection
• 20:11 : The Invisible Threat: Business Logic Flaws in Modern Applications and Why Scanners Miss Them
• 20:11 : Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure
• 20:11 : [un]prompted 2026 – macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents
• 19:34 : Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
• 19:34 : Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like
• 19:34 : Apple fixes bug that cops used to extract deleted chat messages from iPhones
• 19:34 : Cyberattack on French government agency triggers phishing alert
• 19:34 : A Poisoned Xinference Package Targets AI Inference Servers
• 19:34 : You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
• 19:9 : DDoS wave continues as Mastodon hit after Bluesky incident
• 19:9 : Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
• 19:5 : IT Security News Hourly Summary 2026-04-22 21h : 4 posts
• 18:32 : Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach
• 18:32 : Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus
• 18:32 : Fake Google Antigravity Installer Can Steal Accounts in Minutes
• 18:31 : Anthropic Probes Alleged Unauthorized Access to AI Security Tool Mythos
• 18:4 : Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers
• 18:4 : Randall Munroe’s XKCD ‘Planets and Bright Stars’
• 18:4 : AI-powered defense for an AI-accelerated threat landscape
• 18:4 : Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
• 17:32 : Hackers Impersonate IT Help Desk on Microsoft Teams to Gain Access, Steal Data
• 17:32 : New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert
• 17:32 : The Phishing Defense Layer Top CISOs Never Miss
• 17:32 : New Auraboros RAT Exposes Live Audio Streaming, Keylogging, and Cookie Hijacking in Open C2 Panel
• 17:31 : Claude Mythos AI Model Uncovers 271 Zero-Day Vulnerabilities in Firefox
• 17:4 : A technical walkthrough of multicloud full-stack security using AWS Security Hub Extended
• 16:39 : K2view vs Broadcom For Test Data Management
• 16:39 : Malicious TikTok Downloader Extensions Quietly Compromised 130K Users
• 16:38 : Over 1,300 SharePoint Servers Still Exposed to Actively Exploited Spoofing Flaw
• 16:38 : 5 Best Free VPNs You Can Trust in 2026 (And the Premium Trials Worth Trying)
• 16:38 : AI Tools Are Helping Mediocre North Korean Hackers Steal Millions
• 16:38 : Is Your Network Ready for AI? A Practical Evaluation Framework
• 16:38 : MacOS Native Tools Enable Stealthy Enterprise Attacks
• 16:38 : Microsoft SharePoint vulnerability widely exposed across multiple countries
• 16:10 : CVE-2026-40372: Microsoft Patches ASP.NET Core Privilege Escalation Vulnerability
• 16:10 : Cosmetics giant Rituals confirms data breach of customer membership records
• 16:10 : Scaling AI Agents with Confidence
• 16:10 : Palo Alto Networks and Google Cloud
• 16:10 : Claude Mythos finds 271 Firefox flaws, Mozilla believes it shifts security toward defenders
• 16:10 : CyberStrong Product Update: What’s New in Release 4.14
• 16:10 : Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
• 16:5 : IT Security News Hourly Summary 2026-04-22 18h : 12 posts
• 15:35 : How Avast One Silver adapts to your unique online world
• 15:35 : Acronis GenAI Protection gives MSPs control over AI usage and data risks
• 15:35 : New Mirai variants target routers and DVRs in parallel campaigns
• 15:35 : Prove Identity Platform connects verification, authentication, and fraud prevention
• 15:35 : Claude Mythos finds 271 Firefox flaws, Mozilla believes zero-days are numbered
• 15:35 : North Korea Stole 100,000 Identities to Infiltrate Global Companies
• 15:35 : News alert: BreachLock’s integrated attack validation platform debuts in Gartner AEV category
• 15:35 : How to Attend Tech Conferences and Events for Free: The Complete Guide for Cybersecurity and AI Professionals
• 15:35 : Phishing — sometimes with AI’s help — topped initial-access methods in Q1, Cisco says
• 15:5 : Bissa Scanner Exposed: AI-Assisted Mass Exploitation and Credential Harvesting
• 15:5 : Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw
• 15:5 : Anthropic AI Cyberattack Capabilities Raise Alarm Over Vulnerability Exploitation Risks
• 15:4 : CISO Burnout Is Costing Businesses More Than Money
• 15:4 : UK Commits £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
• 15:4 : NCSC Unveils SilentGlass, a Plug-In Device to Protect Monitors from Cyber-Attacks
• 14:37 : UK government says 100 countries have spyware that can hack people’s phones
• 14:36 : Enterprise-Grade Application Security, Cloud-Native Speed: Introducing Imperva for Google Cloud
• 14:36 : New DinDoor Backdoor Abuses Deno Runtime and MSI Installers to Evade Detection
• 14:36 : After Bluesky, Mastodon Targeted in DDoS Attack
• 14:36 : SnowFROC 2026: Secure Defaults, Real Trust, and a Better Layer on Top
• 14:36 : UK Pledges £90m for Cybersecurity and Pushes for ‘Resilience Pledge’
• 14:36 : Cyber Briefing: 2026.04.22
• 14:11 : Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor
• 14:11 : Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters
• 13:37 : Elastic MCP Apps bring security and observability workflows into AI tools
• 13:36 : The Time Is Now to Prepare for CRA Enforcement
• 13:36 : Chrome Advances User Protection with new Infostealer Mitigation Features
• 13:36 : Microsoft warns of fake IT worker identities
• 13:36 : Massive SIM Farm Network Exposed
• 13:36 : Ransomware Negotiator Pleads Guilty
• 13:36 : Roblox Settles with Alabama and West Virginia
• 13:36 : 1Nebula achieves ISO 27001 certification
• 13:12 : Researchers Uncover SIM Farm-as-a-Service Operation Spanning 87 Panels in 17 Nations
• 13:12 : Malicious Google Ads Hit Crypto Users With Wallet Drainers
• 13:12 : Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities
• 13:12 : Experience AI-Powered Check Point Firewall at Google Cloud Next
• 13:11 : From Access Control to Outcome Control: Securing AI Agents with Check Point and Google Cloud
• 13:11 : Palo Alto Networks Joins DNS-OARC as a Platinum Member
• 13:11 : Malicious trading website drops malware that hands your browser to attackers
• 13:11 : Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says
• 13:11 : Surge in Silent Subject Phishing Attacks Targets VIP Users
• 13:11 : Harvester Expands Toolset with GoGra Backdoor
• 13:11 : Namastex npm Packages Deliver CanisterWorm Malware
• 13:11 : Volo Protocol Hacked for $3.5M
• 13:11 : Ransomware Attack on Hospital Caribbean Medical Center
• 13:11 : Anker’s New AI Chip Announcement
• 13:5 : IT Security News Hourly Summary 2026-04-22 15h : 17 posts
• 12:35 : Bluesky Back Online After DDoS Attack, as Iran-Linked 313 Team Takes Credit
• 12:35 : 109 Fake GitHub Repos Spread SmartLoader, StealC Malware
• 12:35 : Algorithmic Circuit Breakers: Engineering Hard Stop Safety Into Autonomous Agent Workflows
• 12:35 : How AI is being used in dentistry
• 12:35 : AI and Chatbots Transforming the Future of Consumer Lending
• 12:34 : Router Security Hardening Steps for 2026: From Default Credential Audits to Automated Firmware Risk Monitoring
• 12:34 : Researcher claims Claude Desktop installs “spyware” on macOS
• 12:34 : New Wiper Malware Targeted Venezuelan Energy Sector Prior to US Intervention
• 12:34 : Unauthorized Users Reportedly Gain Access to Anthropic’s Mythos AI Model
• 12:5 : French Fintech Accounts Used to Launder Stolen Funds Before Detection
• 12:5 : Google unleashes even more AI security agents to fight the baddies
• 12:5 : Tencent’s QClaw AI agent app arrives on Windows and macOS
• 12:5 : Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)
• 12:5 : Massive SIM Farm-as-a-Service Network Exposes 87 Control Panels Across 17 Countries
• 12:5 : Compromised Namastex npm Packages Deliver TeamPCP-Style CanisterWorm Malware
• 12:5 : Are SBOMs Failing? Supply Chain Attacks Rise as Security Teams Struggle With SBOM Data
• 12:5 : Mirai Botnet Targets Flaw in Discontinued D-Link Routers
• 11:34 : France’s ‘Secure’ ID agency probes breach as crooks claim 19M records
• 11:34 : ICE Uses Graphite Spyware
• 11:34 : Scotland Yard can keep using live facial recognition on Londoners, say judges
• 11:34 : Claude Mythos Finds 271 Firefox Vulnerabilities
• 11:34 : Toxic Combinations: When Cross-App Permissions Stack into Risk
• 11:34 : Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack
• 11:5 : Lotus Wiper Hits Energy Sector in Destructive Cyberattack
• 11:5 : Evaluating Python libraries reputation and safety
• 11:5 : North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks
• 11:5 : Microsoft Error Codes Explained: Types, Fixes, and Troubleshooting Guide
• 11:5 : How Energy Medicine Yoga Reached 57% Open Rates and Simplified BIMI Implementation with EasyDMARC
• 11:5 : Sendmarc Review: Features, User Experiences, Pros & Cons (2026)
• 11:5 : Former Ransomware Negotiator Pleads Guilty to Working For BlackCat Cyber Gang
• 10:34 : Critical Bamboo Data Centre and Server Flaw Enables Command Injection Attacks
• 10:34 : Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks
• 10:34 : CyberSmart Partners with Renaissance to Deliver Complete Cyber Confidence for SMEs
• 10:34 : OneDrive updates focus on AI, access control, and compliance
• 10:34 : Phishing reclaims the top initial access spot, attackers experiment with AI tools
• 10:34 : Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
• 10:11 : IR Trends Q1 2026: Phishing reemerges as top initial access vector, as attacks targeting public administration persist
• 10:11 : When Wi-Fi Encryption Fails: Protecting Your Enterprise from AirSnitch Attacks
• 10:11 : UK Tribunal Approves Microsoft Mass Cloud Lawsuit
• 10:11 : Microsoft warns of fake IT worker identities infiltrating cloud environments
• 10:11 : 1,370+ Microsoft SharePoint Servers Vulnerable to Spoofing Attacks Exposed Online
• 10:11 : Critical Atlassian Bamboo Data Center and Server Flaw Enables Command Injection Attacks
• 10:11 : Google Antigravity in Crosshairs of Security Researchers, Cybercriminals
• 10:11 : Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
• 10:5 : IT Security News Hourly Summary 2026-04-22 12h : 5 posts
• 9:36 : Wall Street Law Firm Apologises For AI Errors
• 9:7 : China Delivery Giants Fined £390m After Violent Clashes
• 9:7 : Auraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via Open C2 Panel
• 9:7 : CrowdStrike LogScale Vulnerability Allows Remote Attackers to Read Arbitrary Files from Server
• 9:6 : Oracle Patches 450 Vulnerabilities With April 2026 CPU
• 8:41 : Chips With Everything: Securing the Silicon Future
• 8:41 : Florida Opens Criminal Probe Into OpenAI
• 8:41 : Oil crisis? What oil crisis? IT spending de-coupled from wider war shock
• 8:40 : Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
• 8:40 : Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
• 8:40 : UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns
• 8:11 : Blue Origin’s New Glenn Grounded After Satellite Failure
• 8:11 : DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
• 8:11 : Venezuela energy sector targeted by highly destructive Lotus wiper
• 7:33 : Humanoid Robot Chases Boar In Warsaw
• 7:33 : Namastex npm Packages Spread TeamPCP-Style CanisterWorm Malware
• 7:33 : Vercel confirms April 2026 security incident linked to third-party AI tool
• 7:32 : Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook
• 7:32 : Apple Intelligence flaw kept stolen tokens reusable on another device
• 7:32 : PentAGI: Open-source autonomous AI penetration testing system
• 7:32 : Microsoft-Signed Binary Used to Sneak LOTUSLITE Into India-Focused Espionage Campaign
• 7:32 : SAML vs OIDC vs OAuth: The 60-Second B2B Playbook
• 7:32 : SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know
• 7:32 : CISA lacks Mythos, Lovable’s leak by design, YouTube’s deepfake detection
• 7:9 : Was Booking.com hacked?
• 7:9 : Met Police Defeat Challenge To Live Facial Recognition
• 7:9 : Amazon, Anthropic Expand Alliance With 5GW Compute Push to Power Claude
• 7:9 : 1,370+ Microsoft SharePoint Servers at Risk of Spoofing Attacks Found Exposed Online
• 7:5 : IT Security News Hourly Summary 2026-04-22 09h : 3 posts
• 6:11 : Hackers Tie Iranian Espionage to CastleRAT and ChainShell
• 6:11 : French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations
• 6:11 : Microsoft Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
• 5:38 : Microsoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
• 5:38 : Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign
• 5:14 : Exclusive Anthropic Cyber Tool Mythos Accessed by Unapproved Actors
• 5:14 : What the ransom note won’t say
• 5:14 : New NGate variant hides in a trojanized NFC payment app
• 5:14 : Mythos found 271 Firefox flaws – but none a human couldn’t spot
• 5:14 : Vercel Breach Started With AI Tool
• 4:11 : Unauthorized Group Gains Access to Anthropic’s Exclusive Cyber Tool Mythos
• 2:32 : A Cybersecurity Lifeline for Lean IT Teams: Introducing C.R.E.W.
• 2:11 : ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902, (Wed, Apr 22nd)
• 2:11 : Lattice-based Signature Schemes for MCP Host Authentication
• 1:5 : IT Security News Hourly Summary 2026-04-22 03h : 2 posts
• 0:34 : Winter 2025 SOC 1 report is now available with 184 services in scope
• 0:8 : [Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd)
• 23:9 : Oracle April 2026 Critical Patch Update Addresses 241 CVEs
• 23:9 : How Security Teams Can Transform Data into Action
• 22:34 : $293M KelpDAO Crypto Heist Exposes Cross-Chain Weaknesses in DeFi
• 22:12 : Nation-states want to cause harm, not just steal cash – stop handing your cyber defenses to the cheapest contractor
• 22:5 : IT Security News Hourly Summary 2026-04-22 00h : 3 posts
• 21:55 : IT Security News Daily Summary 2026-04-21