Hackers are shifting away from email phishing and are directly targeting Okta and other identity providers using voice‑based social engineering, or “Okta vishing.” This trend turns what used to be a single account compromise into an immediate, organization‑wide cloud data…
IT Security News Hourly Summary 2026-04-14 09h : 7 posts
7 posts were published in the last hour 6:9 : CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited 6:9 : APT41 Targets Linux Cloud Servers With New Winnti Backdoor 6:9 : Synology SSL VPN Client Vulnerability Enabled Remote…
CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical security flaw in Fortinet software. On April 13, 2026, CISA added CVE-2026-21643 to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that threat actors…
APT41 Targets Linux Cloud Servers With New Winnti Backdoor
A previously undocumented Linux backdoor attributed to China-linked threat group APT41 (Winnti) has been uncovered, targeting cloud workloads across AWS, GCP, Azure, and Alibaba Cloud. The ELF-based implant, currently showing zero detections on VirusTotal, transforms Linux servers into stealthy credential theft nodes using a…
Synology SSL VPN Client Vulnerability Enabled Remote Access to Sensitive Files
Synology has recently released a crucial security update to fix two notable vulnerabilities in its SSL VPN Client utility. Tracked under the security advisory Synology-SA-26:05, these flaws could allow remote attackers to access sensitive system files and intercept secure network…
Hackers Use Fake Proxifier Installer on GitHub to Spread ClipBanker Crypto-Stealing Malware
A dangerous malware campaign has been silently targeting cryptocurrency users by hiding inside a fake version of Proxifier, a popular proxy software tool. Threat actors set up a GitHub repository designed to look like a legitimate Proxifier download, but the…
Agentic AI memory attacks spread across sessions and users, and most organizations aren’t ready
In this Help Net Security interview, Idan Habler, AI Security Researcher at Cisco, breaks down a threat most security teams haven’t named yet: agentic memory as an attack surface. Habler walks through MemoryTrap, a disclosed and remediated method to compromise…
CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added half a dozen security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows – CVE-2026-21643 (CVSS score: 9.1) – An SQL…
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0. It relates to a…
Enterprise Security for Your Brand’s YouTube Channel
Learn how to secure your brand’s YouTube channel with enterprise-level security, protecting content, access, and your digital presence. The post Enterprise Security for Your Brand’s YouTube Channel appeared first on Security Boulevard. This article has been indexed from Security Boulevard…
29 million leaked secrets in 2025: Why AI agents credentials are out of control
AI agents need credentials to work. They authenticate with LLM platforms, connect to databases, call SaaS APIs, access cloud resources, and orchestrate across dozens of external services. Every integration point requires an identity. Most organizations are handling this badly, and…
Review: The Psychology of Information Security
Security controls fail when they are designed without regard for the people who must use them. That is the central argument of Leron Zinatullin’s second edition, and it is an argument he builds methodically across 17 chapters that draw from…
Fake Proxifier GitHub Installer Spreads ClipBanker Crypto Malware
Hackers are abusing a fake Proxifier installer hosted on GitHub to deliver a multi‑stage ClipBanker malware that silently hijacks cryptocurrency transactions from infected systems. The campaign combines search‑engine poisoning, trojanized installers, and fileless techniques to stay under the radar while…
Rockstar’s GTA Game Hacked, 78.6 Million Records Published Online
Rockstar Games has suffered a significant data breach after the infamous threat group ShinyHunters leaked over 78.6 million internal records on April 14, 2026. The incident did not involve a direct attack on Rockstar’s primary network infrastructure. Instead, the hackers…
FBI Warns Smartphone Users About Risks Linked to Foreign Apps, Especially Chinese Platforms
The Federal Bureau of Investigation has issued a fresh alert cautioning users about potential security and privacy threats posed by mobile applications developed outside the United States, particularly those linked to China. The advisory emphasizes that while the concern…
NSFOCUS Threat Intelligence Interviewed in The Top Trends Shaping Threat Intelligence in Asia Pacific Report by International Authority
Forrester, an international authoritative consulting firm, released “The Top Trends Shaping Threat Intelligence in Asia Pacific”. With its deep technical accumulation, product system and mature solutions in the field of threat intelligence, NSFOCUS was interviewed for the report. As enterprises…
Cybersecurity jobs available right now: April 14, 2026
Cyber Security Engineer/Application Security Specialist Tecnots | India | On-site – View job details As a Cyber Security Engineer/Application Security Specialist, you will integrate security into the SDLC, perform application security reviews, and support secure APIs, authentication, and data protection.…
Zero trust at year two: What nobody planned for
In this Help Net Security video, Jim Alkove, CEO of Oleria, walks through where zero trust programs typically stand one to two years in. Most organizations have made gains in endpoint security and network segmentation, but identity remains the stubborn…
Top 10 Best Single Sign-On (SSO) Vendors For Enterprises in 2026
In the fast-evolving digital landscape of 2026, enterprises grapple with an ever-growing number of applications and services. Employees, partners, and customers interact with a multitude of platforms daily, often leading to “password fatigue” a phenomenon where users juggle countless credentials,…
IT Security News Hourly Summary 2026-04-14 06h : 1 posts
1 posts were published in the last hour 3:34 : Rockstar’s GTA Game Hacked – Attackers published 78.6 Million Records Online
Rockstar’s GTA Game Hacked – Attackers published 78.6 Million Records Online
Rockstar Games has confirmed a data breach after the notorious hacking group ShinyHunters exploited a third-party integration to access the company’s internal Snowflake data warehouse, ultimately leaking over 78.6 million records on April 14, 2026. The breach did not stem…
ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890, (Tue, Apr 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, April 14th, 2026…
Post-Quantum Decentralized Policy Enforcement for Large Language Models
Learn how to implement post-quantum decentralized policy enforcement for Large Language Models and secure MCP infrastructure against future threats. The post Post-Quantum Decentralized Policy Enforcement for Large Language Models appeared first on Security Boulevard. This article has been indexed from…
Zombie Microsoft bugs rise from the dead, pave way for crims and ransomware scum
One was patched almost 14 years ago Crooks are exploiting four Microsoft vulnerabilities – one patched 14 years ago and another tied to ransomware activity – according to America’s lead cyber-defense agency, which on Monday gave federal agencies two weeks…