Intigriti Bug Bytes #235 – April 2026
Welcome to the latest edition of Bug Bytes! In this month’s issue, we’ll be featuring: Compromising an NPM package with 40M weekly downloads Bypassing Cloudflare WAF for…
Author: Cybernoz
The Governance Gap: How the EU AI Act Makes API Security a Compliance Imperative — API Security
Your legal team just handed you a 400-page document and said “figure out compliance.” The EU AI Act is live, your organization falls under its…
Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities
Campaigns employing commercial surveillance vendors tracked targets by exploiting mobile phone network vulnerabilities in what researchers said Thursday was the first-ever linking of “real-world attack…
GopherWhisper: A burrow full of malware
ESET Research has discovered a new China-aligned APT group that we’ve named GopherWhisper, which targets Mongolian governmental institutions 23 Apr 2026 • , 6 min.…
CommBank deploys AI agent to detect emerging fraud patterns and generate rules
Commonwealth Bank says it has deployed an “agentic AI” system intended to detect emerging fraud and scam patterns in transaction and payments data and propose…
3 practical ways AI threat detection improves enterprise cyber resilience
Why “more alerts” isn’t the same as better security If you run security in an enterprise environment, you already know the problem. Generic detection tools…
Empowering the Hunt: All Your Security in One Place
In a world of many noisy tools, Huntress has always been mindful of how real people are fighting against cyberattacks every day. Our goal is…
Trigona ransomware attacks use custom exfiltration tool to steal data
Recently observed Trigona ransomware attacks are using a custom, command-line tool to steal data from compromised environments faster and more efficiently. The utility was emplayed…
Hackers Use Telegram Bots to Track 900+ Successful React2Shell Exploits
A newly exposed server has revealed how a threat actor used automated tools, AI assistance, and Telegram bots to silently hack into more than 900…
Python Vulnerability Enables Out-of-Bounds Write on Windows
A high-severity security vulnerability has been discovered in Python’s asyncio module on Windows, potentially allowing attackers to write data beyond the boundaries of an allocated memory buffer.…
OpenAI’s GPT-5.5 is out with expanded cybersecurity safeguards
Competition to release stronger AI models is accelerating, and just weeks after the release of GPT-5.4, OpenAI has introduced GPT-5.5, pointing to expanded safeguards in…
Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?
Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities that they took the extraordinary step of postponing its public…