Iran-nexus threat groups refine attacks against critical infrastructure
State-sponsored and hacktivist groups have shown greater determination to damage or disable energy, water and other key sectors. Source link
Month: April 2026
Vercel attack fallout expands to more customers and third-party systems
Vercel said the fallout from an attack on its internal systems hit more customers than previously known, as ongoing analysis uncovered additional evidence of compromise. …
Frontier AI and the Future of Defense: Your Top Questions Answered
Over the last several weeks, Palo Alto Networks and Unit 42 have been talking with CISOs and security leaders globally to discuss the emergence of…
Bitwarden CLI password manager trojanized in supply chain attack
Attackers target cloud and development credentials The trojanized Bitwarden CLI version 2026.4.0 contained a custom loader called bw_setup.js that checks if the bun package manager…
In a first, a ransomware family is confirmed to be quantum-safe
There is no practical benefit for Kyber developers to have chosen a PQC key-exchange algorithm. The Kyber ransom note gives victims one week to respond.…
UAT-4356’s Targeting of Cisco Firepower Devices
Cisco Talos is aware of UAT-4356’s continued active targeting of Cisco Firepower devices’ Firepower eXtensible Operating System (FXOS). UAT-4356 exploited n-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362)…
Full Transparency: Controlling Apple’s TCC
Apple’s commitment to user privacy is well known. One of the key components of their privacy controls is the Transparency Consent and Control (TCC) framework.…
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. The…
North Korean Hackers Use Fake IT Worker Scheme to Infiltrate Companies and Evade Sanctions
North Korea has been running one of the most quietly effective cyber fraud operations in recent years. State-sponsored operatives working for the Pyongyang regime have…
Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet
Instead, Kamluk saw that it was a self-spreading piece of code with very different intentions. Using what was referred to within the code as “wormlet”…
Outlook Mailboxes Abused to Conceal Linux GoGra Backdoor Traffic
The Harvester APT group has quietly expanded its espionage arsenal with a new Linux variant of its GoGra backdoor, one that cleverly hides its command-and-control…
Anthropic’s Mythos Preview Just Changed The Threat Landscape In Ways The Security Industry Isn’t Fully Prepared For
23 Apr Anthropic’s Mythos Preview Just Changed The Threat Landscape In Ways The Security Industry Isn’t Fully Prepared For Posted at 15:26h in Blogs by…