Attacking MSSQL Servers | Huntress
Ever since the SQL Slammer worm of 2003, and even before then, MSSQL database servers exposed to the Internet with default configurations have been targeted,…
Author: Cybernoz
NGate Android malware uses HandyPay NFC app to steal card data
A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a…
Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via GitHub Comments
A critical cross-vendor vulnerability class dubbed “Comment and Control” is a new category of prompt injection attacks that weaponizes GitHub pull request titles, issue bodies, and issue…
GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers
Hackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling…
52M-Download protobuf.js Library Hit by RCE in Schema Handling
Cybersecurity team at Endor Labs has identified a critical remote code execution (RCE) vulnerability in protobuf.js, a JavaScript library downloaded nearly 52 million times per…
Researchers build an encrypted routing layer for private AI inference
Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models.…
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
Ravie LakshmananApr 21, 2026Network Security / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known…
Bluesky Cyberattack Triggers DDoS Outage, No Data Breach
A service disruption at Bluesky last week exposed the growing challenges faced by fast-expanding social media platforms, after the company confirmed that a “sophisticated” distributed…
ANTS Data Breach Impacts User Personal Details In France
The ANTS data breach has brought renewed attention to data security risks in France’s public sector after authorities confirmed a security incident affecting the ants.gouv.fr…
NSW Treasury staffer allegedly exfiltrated 5600 sensitive documents
An NSW Treasury staff member stands accused of exfiltrating a “substantial cache” of more than 5600 sensitive documents authored by multiple state departments. The NSW…
Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House
The Senate approved a short-term renewal until April 30 of a controversial surveillance program used by U.S. spy agencies, following a chaotic, post-midnight scramble in…
AI Model Claude Opus turns bugs into exploits for just $2,283
AI Model Claude Opus turns bugs into exploits for just $2,283 Pierluigi Paganini April 20, 2026 Claude Opus created a working Chrome exploit for $2,283,…