Researchers discovered a remote code execution vulnerability and cybercriminals are using its reputation to deliver malware. The post Google Antigravity in Crosshairs of Security Researchers, Cybercriminals appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
Infrawatch says ProxySmart platform enables SIM farm activity at “industrial scale” This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Uncover ProxySmart Software Powering 90+ SIM Farms
IT Security News Hourly Summary 2026-04-22 12h : 5 posts
5 posts were published in the last hour 9:36 : Wall Street Law Firm Apologises For AI Errors 9:7 : China Delivery Giants Fined £390m After Violent Clashes 9:7 : Auraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via…
Wall Street Law Firm Apologises For AI Errors
Elite New York law firm Sullivan & Cromwell apologises to federal judge after fabricated AI content found in legal filing This article has been indexed from Silicon UK Read the original article: Wall Street Law Firm Apologises For AI Errors
China Delivery Giants Fined £390m After Violent Clashes
Market regulator imposes record fines on seven major delivery platforms as intense competition leads to violent tactics This article has been indexed from Silicon UK Read the original article: China Delivery Giants Fined £390m After Violent Clashes
Auraboros RAT Adds Live Audio, Keylogging, and Cookie Theft via Open C2 Panel
A fully exposed command-and-control (C2) panel for a previously undocumented remote access trojan (RAT) framework dubbed Auraboros, supporting live audio streaming, intensive keylogging, browser credential theft, and multi-cookie hijacking all accessible over the internet with zero authentication. Further inspection revealed “Auraboros…
CrowdStrike LogScale Vulnerability Allows Remote Attackers to Read Arbitrary Files from Server
CrowdStrike has issued an urgent security advisory for a critical unauthenticated path-traversal vulnerability (CVE-2026-40050) affecting its LogScale platform, warning that a remote attacker could exploit the flaw to read arbitrary files directly from the server’s filesystem without authentication. The vulnerability…
Oracle Patches 450 Vulnerabilities With April 2026 CPU
The company released 481 new security patches across 28 product families, including over 300 fixes for remotely exploitable, unauthenticated flaws. The post Oracle Patches 450 Vulnerabilities With April 2026 CPU appeared first on SecurityWeek. This article has been indexed from…
Chips With Everything: Securing the Silicon Future
Semiconductor shortages demand long-term strategy. Explore resilience, AI forecasting, supply diversification, and emerging risks shaping global supply. This article has been indexed from Silicon UK Read the original article: Chips With Everything: Securing the Silicon Future
Florida Opens Criminal Probe Into OpenAI
Florida attorney general says criminal investigation justified by mass shooting suspect’s use of ChatGPT to explore tactics This article has been indexed from Silicon UK Read the original article: Florida Opens Criminal Probe Into OpenAI
Oil crisis? What oil crisis? IT spending de-coupled from wider war shock
Gartner sees accelerating growth in IT spending, powered by cloud and AI infrastructure investment A day after the International Energy Agency (IEA) said the US/Israel/Iran war was creating the worst energy crisis ever faced by the world, Gartner increased its…
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape
A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could result in arbitrary code execution. The vulnerability, tracked as CVE-2026-5752, is rated 9.3 on the CVSS scoring system. “Sandbox escape vulnerability in Terrarium allows arbitrary…
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles
Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed via a theme related to India’s banking sector. “The backdoor communicates with a dynamic DNS-based command-and-control server over HTTPS and supports remote shell access, file…
UK Faces a Cyber ‘Perfect Storm’ Driven by Tech Advances and Nation State Threats, NCSC Warns
The convergence of global tensions and rapid technological change is driving a new era of cyber risk, the NCSC warns This article has been indexed from www.infosecurity-magazine.com Read the original article: UK Faces a Cyber ‘Perfect Storm’ Driven by Tech…
Blue Origin’s New Glenn Grounded After Satellite Failure
New Glenn rocket launches suspended as company and FAA investigate failure that resulted in destruction of communications satellite This article has been indexed from Silicon UK Read the original article: Blue Origin’s New Glenn Grounded After Satellite Failure
DinDoor Backdoor Exploits Deno and MSI Installers to Slip Past Detection
DinDoor is a newly documented backdoor that abuses the Deno JavaScript runtime and MSI installer files to execute attacker‑controlled code while sidestepping traditional detection controls quietly. Hiding behind trusted runtimes and common Windows tooling gives threat actors a flexible way…
Venezuela energy sector targeted by highly destructive Lotus wiper
Lotus Wiper hit Venezuelan energy systems, used scripts to disable defenses, then erased all data beyond recovery. Kaspersky researchers found Lotus Wiper targeting Venezuela’s energy and utilities sector amid regional tensions in 2025–2026. Attackers first used batch scripts to weaken…
Humanoid Robot Chases Boar In Warsaw
Unitree humanoid robot attracts approval for chasing herd of wild boar through streets of Warsaw amid growing wildlife problem This article has been indexed from Silicon UK Read the original article: Humanoid Robot Chases Boar In Warsaw
Namastex npm Packages Spread TeamPCP-Style CanisterWorm Malware
Compromised Namastex npm packages are delivering a new TeamPCP-style CanisterWorm variant that targets developer secrets, browser and wallet data, and then attempts to spread across npm and PyPI ecosystems using canister-backed exfiltration infrastructure. The campaign closely mirrors the original CanisterWorm,…
Vercel confirms April 2026 security incident linked to third-party AI tool
Cloud development platform Vercel has confirmed a security incident involving unauthorized access to parts of its internal systems, following a breach disclosed in April 2026. In an official security bulletin, the company stated: “We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems.” Vercel added that…
Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook
Financially motivated attacks continued to drive the bulk of cyber incidents against banks, insurers, and payment processors in 2025. Approximately 90% of breaches affecting financial institutions carried a financial motive, with data breaches accounting for roughly 64% of incidents and…
Apple Intelligence flaw kept stolen tokens reusable on another device
Apple claims that Apple Intelligence, a GenAI service provided on its operating systems, is designed with an extra focus on user security and privacy through a two-stage authentication and authorization system using anonymous access tokens. However, researchers from The Ohio…
PentAGI: Open-source autonomous AI penetration testing system
Penetration testers have long relied on collections of specialized tools, manual coordination, and documented runbooks to work through a target assessment. PentAGI, an open-source project from VXControl, attempts to automate that entire workflow using a multi-agent AI system that plans,…
Microsoft-Signed Binary Used to Sneak LOTUSLITE Into India-Focused Espionage Campaign
A state-linked threat group has been caught running a quiet but carefully planned espionage operation against India’s banking sector, using a trusted Microsoft-signed file to slip malware past security defenses. The campaign delivers a new version of the LOTUSLITE backdoor…