MuddyWater is now weaponizing a Russian malware-as-a-service (MaaS) platform to run a new operation dubbed “ChainShell”, blending Iranian state targeting with commercially developed cybercrime tooling. The assessment is based on a misconfigured command‑and‑control (C2) web server, 15 malware samples, and…
AWS Patches Critical RCE and Escalate Privileges in Research and Engineering Studio
Amazon Web Services (AWS) has released an important security bulletin addressing three severe vulnerabilities in its Research and Engineering Studio (RES). These flaws could allow authenticated attackers to execute arbitrary commands as root and escalate privileges within a targeted cloud…
IT Security News Hourly Summary 2026-04-10 09h : 6 posts
6 posts were published in the last hour 6:32 : ChatGPT, Claude, and Gemini Among 11 AI Models Vulnerable to One-Line Jailbreak 6:31 : Gmail Adds End-to-End Encryption for Android and iPhone Users in Google Workspace 6:14 : GlassWorm Trojan…
ChatGPT, Claude, and Gemini Among 11 AI Models Vulnerable to One-Line Jailbreak
A newly discovered jailbreak technique named “sockpuppeting” successfully forces 11 leading artificial intelligence models, including ChatGPT, Claude, and Gemini, to bypass their safety guardrails. By exploiting a standard application programming interface (API) feature with a single line of code, attackers…
Gmail Adds End-to-End Encryption for Android and iPhone Users in Google Workspace
Google has expanded end-to-end encryption for Gmail to Android and iPhone devices through the official Gmail app. Thank you for being a Ghacks reader. The post Gmail Adds End-to-End Encryption for Android and iPhone Users in Google Workspace appeared first…
GlassWorm Trojan Hits VS Code, Cursor, Windsurf via OpenVSX Extension
A newly discovered supply chain attack is spreading the GlassWorm malware across multiple developer environments by abusing the OpenVSX extension marketplace. GlassWorm is not new. Researchers have tracked the campaign since March 2025, when attackers hid malicious payloads inside npm…
I Gave 4 AI Agents a Corporate Bank Account. Here’s How I Stopped Them From Draining It.
A technical build log of the Multi-Agent Control Room, where AI agents pay invoices, escalate denials, and every action is identity-governed through OPA policies, RFC 8693 delegation tokens, and the Maverics AI Identity Gateway. Four AI agents share a corporate…
What vibe hunting gets right about AI threat hunting, and where it breaks down
In this Help Net Security interview, Aqsa Taylor, Chief Security Evangelist, Exaforce, explains vibe hunting, an AI-driven approach to threat detection that inverts traditional hypothesis-driven methods. Instead of analysts defining attack vectors upfront, the AI scans datasets for anomalous patterns…
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. “This flaw allows apps on the same device to bypass Android security…
AWS Fixes Severe RCE, Privilege Escalation Flaws in Research and Engineering Studio
AWS recently issued a critical security bulletin addressing severe vulnerabilities in its Research and Engineering Studio (RES). RES is an open-source web portal that allows administrators to create and manage secure cloud-based research environments. Security researchers identified three major flaws…
DesckVB RAT Uses Fileless .NET Loader to Evade Detection
DesckVB RAT is emerging as a highly active and stealthy malware threat in 2026, leveraging layered obfuscation and fileless execution techniques to bypass traditional security defenses. The attack chain begins with a malicious JavaScript file that hides its true intent…
News alert: Mallory launches AI-native platform to cut through alert noise and surface real risk
AUSTIN, Texas, Apr. 9, 2026, CyberNewswire—Mallory is launching a AI-native threat intelligence platform, purpose-built to answer the questions CISOs and their teams are asking every day: •What are the real threat vectors for our organization? •What’s actually exploitable … (more…)…
Health insurance lead sites sell personal data within seconds of form submission
Lead generation websites that offer health insurance quotes collect sensitive personal data and sell it to multiple buyers within seconds of a user clicking submit. A study by researchers at UC Davis, Stanford University, and Maastricht University mapped this process…
WhatsApp Adds Username Feature to Boost Privacy and Reduce Number Sharing
For years, WhatsApp required users to share their personal phone numbers to communicate. This is finally changing. To improve user privacy and mitigate risks like doxing or targeted spam, WhatsApp is rolling out a highly anticipated username feature. This update…
Product showcase: Session, a messenger without phone numbers or metadata
Instant messaging has been around for decades, but it became widely adopted with the emergence of smartphones. Earlier, communication was limited to basic text messages. Messaging expanded to include photos, videos, and video calls without relying on telecom networks, as…
WhatsApp Introduces Username Feature for Connecting Without Sharing Phone Numbers
WhatsApp is preparing to roll out a long-anticipated username feature that will allow users to communicate without ever revealing their phone numbers, a significant privacy upgrade for one of the world’s most widely used messaging platforms. First spotted by WABetaInfo…
New infosec products of the week: April 10, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Advenica, Intruder, Mallory, and Secureframe. Mallory brings contextual threat intelligence to security operations Mallory is launching an AI-native threat intelligence platform that monitors thousands of…
The Sad Decline of Trenchant Exec Who Had Everything, Before Deciding to Steal and Sell Zero Days to Russian Buyer
Peter Joseph Williams, a former L3 Trenchant executive recently convicted of secretly selling zero-day exploits to a Russian broker, says he was suffering anxiety, burnout, years of depression, and financial difficulties when he decided to steal exploits from his US…
IT Security News Hourly Summary 2026-04-10 06h : 1 posts
1 posts were published in the last hour 3:7 : What’s New in GravityZone April 2026 (v 6.72)
What’s New in GravityZone April 2026 (v 6.72)
Bitdefender rolled out new functionality in Bitdefender GravityZone, a unified cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of…
Malicious password-protected files – Blog | Menlo Security
Discover the rising threat of malicious password-protected files, evading defenses via encryption and alternative channels. The post Malicious password-protected files – Blog | Menlo Security appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the…
Zero-Trust Telemetry for Quantum-Era AI Resource Orchestration
Explore how to secure Model Context Protocol (MCP) deployments with zero-trust telemetry and post-quantum cryptography for AI resource orchestration. The post Zero-Trust Telemetry for Quantum-Era AI Resource Orchestration appeared first on Security Boulevard. This article has been indexed from Security…
IT Security News Hourly Summary 2026-04-10 03h : 1 posts
1 posts were published in the last hour 0:9 : Kasada Partners with the Retail and Hospitality ISAC as Title Sponsor of 2026 Cybersecurity Summit
Kasada Partners with the Retail and Hospitality ISAC as Title Sponsor of 2026 Cybersecurity Summit
Kasada will headline the 2026 RH-ISAC Cybersecurity Summit, addressing bot-driven fraud, AI-powered cybersecurity threats, and agentic commerce across retail and hospitality sectors. The post Kasada Partners with the Retail and Hospitality ISAC as Title Sponsor of 2026 Cybersecurity Summit appeared…