A new open-source toolkit called pentest-ai-agents is redefining how security professionals leverage AI in penetration testing workflows, transforming Anthropic’s Claude Code into a fully specialized offensive security research assistant powered by 28 domain-specific subagents. Released by security researcher 0xSteph on…
Suspicious Microsoft Store App Vibing.exe Allegedly Harvests Screens and Audio
A recently discovered application called Vibing.exe has raised major privacy and security alarms after researchers caught it stealthily recording user screens and audio. Originally available on the Microsoft Store as an AI productivity interface, the app was pulled in late…
Fast16 Malware Targets High-Value Systems With Sabotage Capabilities
A previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consists…
Metabase Enterprise RCE Flaw Now Has Public Proof-of-Concept Exploit
Security researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary files on targeted systems. The…
New York’s 3D Printing Crackdown: Security or Surveillance?
New York’s latest budget proposal could fundamentally change how 3D printers work—requiring built-in software that scans and blocks certain designs. Supporters say it’s about stopping ghost guns. Critics say it opens the door to surveillance and limits innovation. In this…
Attackers Chain CODESYS Vulnerabilities to Backdoor Applications
Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a backdoored version. Ultimately,…
25 open-source cybersecurity tools that don’t care about your budget
Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respond to…
The AI criminal mastermind is already hiring on gig platforms
Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs directly.…
Product showcase: LuLu reveals unauthorized outbound connections from Mac apps
LuLu is a free, open-source firewall for macOS that lets you control which apps are allowed to send data from your computer. macOS includes a built-in firewall, but it mainly handles incoming connections. LuLu also monitors outgoing traffic. Installing and…
Cyber Weapon in Toronto, Grid Attack, Stuxnet Lie Exposed
A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today’s…
Quantum-Resistant Identity and Access Management for MCP Resources
Secure your MCP hosts with quantum-resistant IAM. Learn about lattice-based signatures, PQuAKE, and 4D context-aware access for AI agents. The post Quantum-Resistant Identity and Access Management for MCP Resources appeared first on Security Boulevard. This article has been indexed from…
Udemy – 1,401,259 breached accounts
In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The…
IT Security News Hourly Summary 2026-04-27 03h : 1 posts
1 posts were published in the last hour 0:36 : Why PoP Count Isn’t the Real Measure of Application Security Performance
Why PoP Count Isn’t the Real Measure of Application Security Performance
When evaluating cloud security platforms, one question comes up again and again: “How many Points of Presence do you have?” At first glance, the logic seems sound. More locations should mean lower latency, faster response times, and better protection. The…
Google Cloud Next proves what we suspected: Everything is AI now
Join us for this week’s Kettle as we dive into GCN and the latest not-so-alarming revelations about Mythos KETTLE If you needed further evidence that AI comes first in pretty much everything nowadays, look no further than this year’s Google…
IT Security News Hourly Summary 2026-04-27 00h : 4 posts
4 posts were published in the last hour 21:58 : IT Security News Weekly Summary 17 21:55 : IT Security News Daily Summary 2026-04-26 21:32 : California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner 21:31 : Confidential…
IT Security News Weekly Summary 17
210 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-04-26 21:32 : California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner 21:31 : Confidential clusters for Red Hat OpenShift: Developer Preview now…
IT Security News Daily Summary 2026-04-26
30 posts were published in the last hour 21:32 : California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner 21:31 : Confidential clusters for Red Hat OpenShift: Developer Preview now available on Microsoft Azure with AMD SEV-SNP 20:34…
California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner
A 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials. This article has been indexed from Security Latest Read the original…
Confidential clusters for Red Hat OpenShift: Developer Preview now available on Microsoft Azure with AMD SEV-SNP
Extending confidential computing from individual workloads to the entire cluster is a new frontier in cloud-native security.Today, Red Hat is announcing the Developer Preview of confidential clusters for Red Hat OpenShift, a new feature of OpenShift that extends confidential computing…
AI’s not going to kill open source code security
Cal.com considers AGPL a license to drill, but not everyone feels that way Opinion Cal.com has closed its commercial codebase, abandoning years of AGPL-3.0 licensing in a move that has alarmed the developer community that helped build it and sent…
Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation
Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Microsoft…
Critical bug in CrowdStrike LogScale let attackers access files
CrowdStrike fixed CVE-2026-40050 in LogScale self-hosted, a critical flaw allowing unauthenticated file access via path traversal. CrowdStrike recently disclosed a critical vulnerability, tracked as CVE-2026-40050, affecting its LogScale self-hosted product. The flaw enables unauthenticated path traversal, which could allow a…
IT Security News Hourly Summary 2026-04-26 18h : 5 posts
5 posts were published in the last hour 15:32 : [un]prompted 2026 – Operation Pale Fire 15:32 : ChipSoft Ransomware Incident Disrupts Dutch Healthcare Systems And Hospital Operations 15:31 : AI-Driven Hack Breach Hits Government Agencies 15:31 : New Malware…