Lotus Wiper hit Venezuelan energy systems, used scripts to disable defenses, then erased all data beyond recovery. Kaspersky researchers found Lotus Wiper targeting Venezuela’s energy and utilities sector amid regional tensions in 2025–2026. Attackers first used batch scripts to weaken…
Humanoid Robot Chases Boar In Warsaw
Unitree humanoid robot attracts approval for chasing herd of wild boar through streets of Warsaw amid growing wildlife problem This article has been indexed from Silicon UK Read the original article: Humanoid Robot Chases Boar In Warsaw
Namastex npm Packages Spread TeamPCP-Style CanisterWorm Malware
Compromised Namastex npm packages are delivering a new TeamPCP-style CanisterWorm variant that targets developer secrets, browser and wallet data, and then attempts to spread across npm and PyPI ecosystems using canister-backed exfiltration infrastructure. The campaign closely mirrors the original CanisterWorm,…
Vercel confirms April 2026 security incident linked to third-party AI tool
Cloud development platform Vercel has confirmed a security incident involving unauthorized access to parts of its internal systems, following a breach disclosed in April 2026. In an official security bulletin, the company stated: “We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems.” Vercel added that…
Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook
Financially motivated attacks continued to drive the bulk of cyber incidents against banks, insurers, and payment processors in 2025. Approximately 90% of breaches affecting financial institutions carried a financial motive, with data breaches accounting for roughly 64% of incidents and…
Apple Intelligence flaw kept stolen tokens reusable on another device
Apple claims that Apple Intelligence, a GenAI service provided on its operating systems, is designed with an extra focus on user security and privacy through a two-stage authentication and authorization system using anonymous access tokens. However, researchers from The Ohio…
PentAGI: Open-source autonomous AI penetration testing system
Penetration testers have long relied on collections of specialized tools, manual coordination, and documented runbooks to work through a target assessment. PentAGI, an open-source project from VXControl, attempts to automate that entire workflow using a multi-agent AI system that plans,…
Microsoft-Signed Binary Used to Sneak LOTUSLITE Into India-Focused Espionage Campaign
A state-linked threat group has been caught running a quiet but carefully planned espionage operation against India’s banking sector, using a trusted Microsoft-signed file to slip malware past security defenses. The campaign delivers a new version of the LOTUSLITE backdoor…
SAML vs OIDC vs OAuth: The 60-Second B2B Playbook
Confused by auth protocols? We break down the core differences between SAML, OIDC, and OAuth so you can choose the right standard for your B2B app. Read now. The post SAML vs OIDC vs OAuth: The 60-Second B2B Playbook appeared…
SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know
Choosing between SAML, OIDC, and OAuth 2.0? Explore 12 critical differences to help your B2B engineering team select the right authentication protocol today. The post SAML vs OIDC vs OAuth 2.0: 12 Differences Every B2B Engineering Team Should Know appeared…
CISA lacks Mythos, Lovable’s leak by design, YouTube’s deepfake detection
CISA lacks Mythos access Lovable denies data leak YouTube opens up deepfake detection tool Get the show notes here: https://cisoseries.com/cybersecurity-news-cisa-lacks-mythos-lovables-leak-by-design-youtubes-deepfake-detection/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof Zero Trust…
Was Booking.com hacked?
Yes, the popular online lodging reservations service provider confirmed a data breach earlier this month. Starting on April 12th, 2026, many people received emails from… The post Was Booking.com hacked? appeared first on Panda Security Mediacenter. This article has been…
Met Police Defeat Challenge To Live Facial Recognition
High Court says Met’s use of live facial recognition vans in capital does not violate human rights law, paves way for massive expansion This article has been indexed from Silicon UK Read the original article: Met Police Defeat Challenge To…
Amazon, Anthropic Expand Alliance With 5GW Compute Push to Power Claude
Amazon and Anthropic have announced a massive expansion of their strategic partnership. The tech giants signed a new agreement to secure up to 5 gigawatts (GW) of compute capacity for training and deploying the Claude AI model. This aggressive push…
1,370+ Microsoft SharePoint Servers at Risk of Spoofing Attacks Found Exposed Online
More than 1,370 Microsoft SharePoint servers remain publicly exposed to an actively exploited spoofing vulnerability, putting countless corporate networks at severe risk. Identified by threat intelligence researchers at The Shadowserver Foundation, these unpatched systems are vulnerable to sophisticated attacks that…
IT Security News Hourly Summary 2026-04-22 09h : 3 posts
3 posts were published in the last hour 6:11 : Hackers Tie Iranian Espionage to CastleRAT and ChainShell 6:11 : French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations 6:11 : Microsoft Emergency .NET 10.0.7 Update to Patch Elevation…
Hackers Tie Iranian Espionage to CastleRAT and ChainShell
A direct operational link between Iran’s MuddyWater espionage group and the Russian TAG-150 CastleRAT malware-as-a-service (MaaS) platform, showing how state and criminal ecosystems are now tightly intertwined. Investigators recovered 15 malware samples, including at least two CastleRAT “builds” and a…
French Authorities Confirm Data Breach Amid Hackers’ Data Leak Allegations
The French National Agency for Secure Documents (ANTS) has officially confirmed a severe data breach affecting its central government portal. This critical infrastructure system manages the issuance of national identity cards, passports, vehicle registration certificates, and driver’s licenses nationwide. Recent…
Microsoft Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
Microsoft has issued an emergency out-of-band (OOB) security update for .NET 10, releasing version 10.0.7 on April 21, 2026, to address a critical elevation of privilege vulnerability discovered in the Microsoft.AspNetCore.DataProtection NuGet package. The out-of-band release was prompted after customers…
Microsoft Issues Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
Microsoft has issued an emergency out-of-band security update to address a severe vulnerability within the .NET framework. The critical release of .NET 10.0.7 patches an Elevation of Privilege flaw that inadvertently surfaced after a recent routine system update. Out-of-band patches…
Microsoft-Signed Binary Helps Deliver LOTUSLITE in India Spy Campaign
Microsoft-signed developer tooling is being abused to quietly deploy a new LOTUSLITE backdoor variant against India’s banking sector, in what researchers link to the China‑nexus Mustang Panda espionage cluster with moderate confidence. The backdoor retains its espionage profile, offering remote…
Exclusive Anthropic Cyber Tool Mythos Accessed by Unapproved Actors
A group of unauthorized users has successfully bypassed access controls to reach Claude Mythos Preview, Anthropic’s closely guarded cybersecurity AI. This breach highlights critical concerns about third-party vendor security and the severe risks posed by advanced offensive AI falling into…
What the ransom note won’t say
An attack is what you see, but a business operation is what you’re up against This article has been indexed from WeLiveSecurity Read the original article: What the ransom note won’t say
New NGate variant hides in a trojanized NFC payment app
ESET researchers discover another iteration of NGate malware, this time possibly developed with the assistance of AI This article has been indexed from WeLiveSecurity Read the original article: New NGate variant hides in a trojanized NFC payment app