The French government agency that issues and manages national IDs, passports, and other documents announced that hackers stole the personal information of an unspecified number of citizens. This article has been indexed from Security News | TechCrunch Read the original…
Microsoft Warns Jasper Sleet Uses Fake IT Worker Identities to Infiltrate Cloud Environments
A North Korea-linked threat group is quietly getting hired by real companies. Jasper Sleet, a threat actor tied to North Korea, has been building fake professional identities and using them to land legitimate remote IT jobs, giving them direct access…
Hackers Use Lotus Wiper to Destroy Drives and Delete Files in Energy Sector Attack
A newly discovered malware called Lotus Wiper has been used in a targeted destructive attack against the energy and utilities sector in Venezuela. Unlike ransomware, this threat does not ask for money or lock files for a ransom payment. Instead,…
Cybercriminals Exploit French Fintech Accounts to Move Stolen Money Before Detection
Organized fraud networks are now using a new method to move stolen money in France. They create fake business accounts on freelancer fintech platforms and use those accounts as mule accounts to launder funds quickly, often before anyone can trace…
The Invisible Threat: Business Logic Flaws in Modern Applications and Why Scanners Miss Them
In today’s security landscape, some of the most dangerous vulnerabilities aren’t flagged by automated scanners at all. These are the business logic flaws: subtle mistakes in an application’s design or workflow that malicious actors can exploit by doing the unexpected.…
Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure
In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security. Attackers compromised the Aqua Security repository, force-pushed malicious binaries, and poisoned…
[un]prompted 2026 – macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents
Author, Creator & Presenter: Olivia Gallucci, Security Engineer, Datadog Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink The post [un]prompted 2026 – macOS Vulnerability…
Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI
Mozilla says Firefox 150 patches 271 vulnerabilities found with Anthropic’s restricted Mythos AI, highlighting how quickly AI-driven bug hunting is accelerating. The post Mozilla Fixes 271 Firefox Bugs Using Anthropic’s Mythos AI appeared first on TechRepublic. This article has been…
Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like
Vonage’s partnership with Girls Who Code is more than feel-good philanthropy; it’s a blueprint for building diverse AI talent pipelines. The post Vonage, Girls Who Code Show What ‘Responsible AI’ Looks Like appeared first on TechRepublic. This article has been…
Apple fixes bug that cops used to extract deleted chat messages from iPhones
The iPhone and iPad bug allowed law enforcement using forensic tools to read messages that had long been deleted by the Signal app. This article has been indexed from Security News | TechCrunch Read the original article: Apple fixes bug…
Cyberattack on French government agency triggers phishing alert
France Titres, a French government agency, has disclosed a data breach that may have exposed user data from its online portal. France Titres, also known as the Agence nationale des titres sécurisés (ANTS), operates under the French Ministry of the…
A Poisoned Xinference Package Targets AI Inference Servers
Three poisoned xinference releases on PyPI target AI infrastructure credentials. The post A Poisoned Xinference Package Targets AI Inference Servers appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: A Poisoned Xinference…
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Last week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The…
DDoS wave continues as Mastodon hit after Bluesky incident
Mastodon suffered a major DDoS attack shortly after a similar incident hit Bluesky. The outage was significant but resolved within a few hours. Mastodon was hit by a major DDoS attack just days after a similar disruption affected Bluesky. Mastodon…
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and…
IT Security News Hourly Summary 2026-04-22 21h : 4 posts
4 posts were published in the last hour 18:32 : Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach 18:32 : Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus 18:32 : Fake Google Antigravity Installer Can Steal Accounts…
Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach
Anthropic is investigating a vendor breach after a Discord-linked group accessed its Claude Mythos AI model, with no evidence of impact on core systems. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus
Microsoft says Windows 11’s built-in security is strong enough for most users, though power users and enterprises may still want third-party protection. The post Microsoft: Most Windows 11 Users Don’t Need Third-Party Antivirus appeared first on TechRepublic. This article has…
Fake Google Antigravity Installer Can Steal Accounts in Minutes
Fake Antigravity downloads are enabling fast account takeovers using hidden malware and stolen session cookies. The post Fake Google Antigravity Installer Can Steal Accounts in Minutes appeared first on TechRepublic. This article has been indexed from Security Archives – TechRepublic…
Anthropic Probes Alleged Unauthorized Access to AI Security Tool Mythos
Unauthorized users reportedly accessed Anthropic’s Mythos AI tool via a third-party environment. The post Anthropic Probes Alleged Unauthorized Access to AI Security Tool Mythos appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers
Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting a command injection vulnerability, tracked as CVE-2025-29635, in discontinued D-Link routers, Akamai…
Randall Munroe’s XKCD ‘Planets and Bright Stars’
via the comic artistry and dry wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Planets and Bright Stars’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article:…
AI-powered defense for an AI-accelerated threat landscape
Read how Microsoft is partnering with Anthropic and broader industry to use leading models, paired with our platforms and expertise, to turn AI-driven discovery into protection at scale. The post AI-powered defense for an AI-accelerated threat landscape appeared first on…
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity,…