Fake emails already doing the rounds as ransomware crew boasts about what it allegedly stole UK enterprise software consultancy The Adaptavist Group is investigating a security breach after an intruder logged in with stolen credentials, while a ransomware crew claims…
NGate NFC malware targets Android users through trojanized payment app
NFC-based payment fraud is expanding geographically and operationally. A campaign active since November 2025 is targeting Android users in Brazil using a new variant of the NGate malware family, this time embedded in a trojanized version of HandyPay, a legitimate…
UK Man Pleads Guilty To Crypto Theft
Tyler Buchanan, 24, of Dundee, pleads guilty to US charges of stealing at least $8m in cryptocurrency from people in US, UK, elsewhere This article has been indexed from Silicon UK Read the original article: UK Man Pleads Guilty To…
North Korean Blamed for $290m KelpDAO Crypto Heist
North Korea’s Lazarus Group is pegged for a $290m crypto theft at KelpDAO This article has been indexed from www.infosecurity-magazine.com Read the original article: North Korean Blamed for $290m KelpDAO Crypto Heist
Claude Desktop Silently Installs Browser Extension Files for Browsers Not Installed
Claude Desktop for macOS installs a Native Messaging manifest file that pre-authorizes Anthropic’s browser extensions across Chromium-based browsers without inf Thank you for being a Ghacks reader. The post Claude Desktop Silently Installs Browser Extension Files for Browsers Not Installed…
Broadband Restored In Orkney Islands After Fibre Repairs
Specialist ship fixes damaged subsea cable linking Orkney islands following damage attributed to rocky seabed in Pentland Firth This article has been indexed from Silicon UK Read the original article: Broadband Restored In Orkney Islands After Fibre Repairs
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
Bluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption. Bluesky experienced a sophisticated DDoS attack that disrupted its services for about 24 hours, starting on April 15. Bluesky is a decentralized,…
Panasonic creates device-locked QR codes to speed facial biometric capture
Admins are tired of taking photos, so this enables secure on-site unattended enrolment Japanese industrial giant Panasonic has created a new form of QR code it says will only work on designated devices and environments.… This article has been indexed…
What Makes Credential Stuffing Difficult to Detect?
Credential stuffing is a cyberattack where attackers use stolen usernames and passwords, often obtained from data breaches or bought on the dark web, to gain unauthorized access to accounts on other platforms. These attacks are highly prevalent and a major…
Vercel breach, ZionSiphon targets water infrastructure, Bluesky DDoS
Vercel confirms breach, stolen data for sale ZionSiphon targets water infrastructure Bluesky blames outage on DDoS Get the show notes here: https://cisoseries.com/cybersecurity-news-vercel-breach-zionsiphon-targets-water-infrastructure-bluesky-ddos/ Huge thanks to our sponsor, ThreatLocker ThreatLocker is extending Zero Trust beyond endpoint control. With their recent releaseof…
A .WAV With A Payload, (Tue, Apr 21st)
There have been reports of threat actors using a .wav file as a vector for malware. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: A .WAV With A Payload, (Tue, Apr 21st)
How to Develop a Risk Management Framework
Today’s cybersecurity landscape is at its most innovative yet complicated point. Risk leaders often face… How to Develop a Risk Management Framework on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This article has been…
Shropshire MPs Complain Over Fibre Delays
Two Shropshire MPs say county is being sent to ‘back of queue’ after connectivity contract handed to BT Openreach This article has been indexed from Silicon UK Read the original article: Shropshire MPs Complain Over Fibre Delays
CISA Alerts Defenders to Exploited Cisco Catalyst SD-WAN Manager Security Flaws
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to network defenders regarding the active exploitation of Cisco Catalyst SD-WAN Manager. On April 20, 2026, CISA officially added three distinct security flaws affecting the platform to its…
GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers
Hackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are now prime targets because compromising their accounts gives…
Government To Ban Phones In English Schools
Government to introduce amendment to Children’s Wellbeing and Schools Bill banning students’ phones in England, in policy U-turn This article has been indexed from Silicon UK Read the original article: Government To Ban Phones In English Schools
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker
Gentlemen is a fast‑growing ransomware‑as‑a‑service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi‑platform design and strong defense‑evasion features make it a high‑impact threat to corporate…
IT Security News Hourly Summary 2026-04-21 09h : 6 posts
6 posts were published in the last hour 7:4 : CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines 6:34 : The 7 Top AI SOC Platforms to Watch in 2026 6:34 : Iran claims US used…
6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197
Over 6,000 internet-facing Apache ActiveMQ servers are currently affected by a critical security flaw, leaving enterprise networks wide open to attack. The Shadowserver Foundation, a prominent nonprofit security research organization, reported finding exactly 6,364 vulnerable IP addresses during its daily…
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as…
The 7 Top AI SOC Platforms to Watch in 2026
AI SOC platforms have been gaining rapid traction in the industry over the past few years. and will continue to grow in popularity as their usability and time-saving capabilities are demonstrated. These AI-driven, often agentic SOC platforms sit at the intersection of autonomy…
Iran claims US used backdoors to knock out networking equipment during war
And China is loving it Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations.… This article has been indexed from…
Manhattan DA Bragg Pushes Meta to Put a Stop to Immigration Scams
Scammers dressed up like Catholic Charities and legitimate pro bone legal services on social media platforms are targeting immigrants and bilking them for money. Manhattan DA Alvin Bragg is pressing Meta to follow its own terms and shut them down. The…
12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K Users
LayerX security researchers have uncovered a massive, highly coordinated campaign involving at least 12 malicious browser extensions on the Google Chrome and Microsoft Edge marketplaces. Disguised as legitimate TikTok video downloaders, these extensions secretly track user activity and harvest sensitive…