Hackers are abusing fake CAPTCHA pages to run a silent but lucrative international SMS fraud scheme, turning routine “prove you’re human” checks into a revenue engine built on international revenue share fraud (IRSF). Attackers set up lookalike and scam domains…
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers
A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks…
Hiding Bluetooth Trackers in Mail
It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker inside. Because of…
French Police Arrest HexDex Hacker Over Mass Data Theft and Leaks
French police arrest HexDex hacker, a 20-year-old suspect accused of mass data theft and leaks targeting government, sports groups, and firms. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
Hackers Exploit Pastebin PowerShell Script to Hijack Telegram Sessions
Hackers are experimenting with a new Telegram‑focused session stealer that hides in a Pastebin‑hosted PowerShell script posing as a Windows telemetry update, giving defenders a rare view into how such tools are built and tested. The script does not attempt…
How AI and Power BI Are Transforming Commercial & Residential Property Insurance
Property insurance is not a data problem. It is a decision problem. Insurers already sit on massive volumes of data: claims histories, property records, geospatial…Read More The post How AI and Power BI Are Transforming Commercial & Residential Property Insurance…
Checkmarx supply chain attack impacts Bitwarden npm distribution path
Bitwarden CLI was hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action. Bitwarden CLI has been compromised as part of the ongoing Checkmarx supply chain campaign, researchers warn. The affected…
Vulnerabilities Patched in CrowdStrike, Tenable Products
CrowdStrike has fixed a critical LogScale vulnerability, while Tenable addressed a high-severity Nessus flaw. The post Vulnerabilities Patched in CrowdStrike, Tenable Products appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article: Vulnerabilities Patched in…
What the Mythos-Ready Briefing Says About Credentials
The Mythos-ready briefing names secrets rotation, NHI governance, and honeytokens as critical controls. Zero-days don’t replace credential attacks; they accelerate them. Credential security deserves to move up every CISO’s priority list. The post What the Mythos-Ready Briefing Says About Credentials…
New Cisco firewall malware can only be killed by pulling the plug
Suspected state-sponsored attackers are using a custom backdoor to persistently compromise Cisco security devices (firewalls), the US CISA and the UK National Cyber Security Centre warned on Thusday. “The [Firestarter] malware (…) is relevant for both Cisco Firepower and Secure…
Compromised everyday devices power Chinese cyber espionage operations
China-linked threat actors have shifted from individually procured infrastructure to large-scale covert networks, botnets built from compromised routers and other edge devices, the National Cyber Security Centre (NCSC) warns. To help organizations address this threat, the NCSC, together with the…
Tropic Trooper Uses Trojanized SumatraPDF and GitHub to Deploy AdaptixC2
Chinese-speaking individuals are the target of a new campaign that uses a trojanized version of SumatraPDF reader to deploy the AdaptixC2 Beacon post-exploitation agent and ultimately facilitate the abuse of Microsoft Visual Studio Code (VS Code) tunnels for remote access.…
IT Security News Hourly Summary 2026-04-24 12h : 9 posts
9 posts were published in the last hour 9:34 : Void Dokkaebi Hackers Spread Malware Through Fake Job Interviews 9:34 : Xiongmai IP Camera Flaw Lets Attackers Bypass Authentication 9:34 : Ransomware Hackers Develop Custom Exfiltration Tool to Steal Sensitive…
Void Dokkaebi Hackers Spread Malware Through Fake Job Interviews
Void Dokkaebi, also known as Famous Chollima, is expanding its cyber operations by turning fake job interviews into a large-scale malware distribution campaign targeting developers. The campaign begins with attackers posing as recruiters from cryptocurrency or AI companies. Developers are…
Xiongmai IP Camera Flaw Lets Attackers Bypass Authentication
A critical security vulnerability has been identified in Hangzhou Xiongmai Technology’s XM530 IP Cameras, putting countless commercial facilities at risk. This severe flaw allows remote attackers to bypass authentication protocols and access sensitive device information easily. The Cybersecurity and Infrastructure…
Ransomware Hackers Develop Custom Exfiltration Tool to Steal Sensitive Data
Ransomware attackers are no longer relying only on widely known tools to steal data. Affiliates linked to the Trigona ransomware group have taken a more calculated approach by building their own custom data exfiltration tool, one that gives them greater…
Hackers Use Telegram Bots to Track 900+ Successful React2Shell Exploits
A newly exposed server has revealed how a threat actor used automated tools, AI assistance, and Telegram bots to silently hack into more than 900 companies around the world. The operation, built around a tool called “Bissa scanner,” targeted internet-facing…
Greece relaxes Euro biometric border entry rules amid airport chaos
Missed flights and more means something has got to give at the border Greece is taking a flexible approach to introducing the European Union’s biometric Entry/Exit System (EES), after some British passport holders missed flights home following the system’s implementation…
Secure-by-Design Principles for UK SMEs: A Practical Guide
Secure-by-Design Principles for UK SMEs: A Practical Guide For many UK SMEs, security still gets treated as something to add once a system is already chosen, configured, or live. That approach can work for a while, but it often creates…
Meta is overhauling how you sign in, manage settings, and protect your accounts
Meta Account gives users of Meta apps and devices a simpler way to access and manage their accounts. Accounts Center will automatically be updated to a Meta Account as part of a gradual rollout over the next year. Users will…
1-15 April 2026 Cyber Attacks Timeline
The first timeline of April 2026 brings an evolution in terms of methodology: from now on I will map the initial access techniques with the MITRE ATT&CK model. I also decided to merge the categories of Finance and Fintech in…
The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative
Your legal team just handed you a 400-page document and said “figure out compliance.” The EU AI Act is live, your organization falls under its scope, which is broader than many expect. Even non‑EU companies must comply if their AI systems…
UK gov pays public £550 to discuss Digital ID – then bans journalists from the room
Nothing says ‘We want honest opinions’ like a 36,000-letter mailshot with no awkward questions allowed Members of the UK government’s People’s Panel on Digital ID will spend two weekends in Birmingham and three evenings on Zoom discussing how Britain should…
Bitwarden NPM Package Hit in Supply Chain Attack
Tied to a fresh Checkmarx supply chain attack claimed by TeamPCP, the incident references the Shai-Hulud worm. The post Bitwarden NPM Package Hit in Supply Chain Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…