North Korea-linked threat actor UNC1069 is running a highly targeted campaign that abuses fake Zoom, Google Meet, and Microsoft Teams meetings to compromise cryptocurrency and Web3 professionals across Windows, macOS, and Linux systems. The goal is long-term access and large-scale…
Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution
A critical, systemic vulnerability discovered in Anthropic’s Model Context Protocol (MCP) has exposed over 150 million downloads and up to 200,000 servers to complete takeover, according to research published April 15, 2026, by the OX Security Research team. The flaw…
Hackers Abuse QEMU for Defense Evasion
The machine emulator has been abused in at least two different campaigns distributing ransomware and remote access tools. The post Hackers Abuse QEMU for Defense Evasion appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
Is “Satoshi Nakamoto” Really Adam Back?
The New York Times has a long article where the author lays out an impressive array of circumstantial evidence that the inventor of Bitcoin is the cypherpunk Adam Back. I don’t know. The article is convincing, but it’s written to…
Hackers Use FUD Crypt to Generate Microsoft-Signed Malware With Built-In Persistence and C2
A newly uncovered malware-as-a-service platform called FUD Crypt is giving cybercriminals an easy way to build sophisticated Windows malware without writing a single line of code. The platform, operating from fudcrypt.net, accepts any Windows executable uploaded by a subscriber and…
New RDP Alert After April 2026 Security Update Warns of Unknown Connections
Microsoft has rolled out a significant behavioral change to the Windows Remote Desktop Connection application (MSTSC) as part of its April 2026 Patch Tuesday security update, introducing new warning dialogs designed to protect users from phishing attacks that exploit Remote…
Bluesky Disrupted by Sophisticated DDoS Attack
A pro-Iran hacker group has taken credit for the attack on Bluesky, which appears to have lasted 24 hours. The post Bluesky Disrupted by Sophisticated DDoS Attack appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the…
AI platform ATHR makes voice phishing a one-person job
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, and Coinbase, buries a phone number in each message, and…
52M-Download protobuf.js Library Hit by RCE in Schema Handling
Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
Iran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker Personas
A single Iranian state-directed operation is hiding behind several so‑called “hacktivist” brands, using different online identities to run one coordinated global cyber campaign. New analysis links three prominent personas Homeland Justice, Karma/KarmaBelow80, and Handala to Iran’s Ministry of Intelligence and Security (MOIS), rather…
Third-party AI hack triggers Vercel breach, internal environments accessed
Vercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems and non-sensitive data. Vercel reported a security breach caused by the compromise of a third-party AI tool, Context.ai, used by one…
Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House
The Senate approved a short-term renewal until April 30 of a controversial surveillance program used by U.S. spy agencies. The post Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House appeared first on SecurityWeek. This article has…
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Cybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain. “This flaw enables…
Fracturing Software Security With Frontier AI Models
Unit 42 finds frontier AI models enhance vulnerability discovery, acting as full-spectrum security researchers. They enable autonomous zero-day discovery and faster N-day patching. The post Fracturing Software Security With Frontier AI Models appeared first on Unit 42. This article has…
TBK DVR Vulnerability CVE-2024-3721 Exploited to Spread Nexcorium DDoS Malware
Hackers are actively exploiting a critical vulnerability in TBK digital video recorder (DVR) devices to deploy a new Mirai-based botnet called Nexcorium. The campaign leverages CVE-2024-3721, an OS command injection vulnerability, highlighting how poorly secured IoT devices continue to fuel…
The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad
Years before the figure skater became an Olympic superstar, a Chinese operative tried to stalk her father and monitored other US residents deemed dissidents against China. And that’s just the beginning. This article has been indexed from Security Latest Read…
The AI Visibility Gap Is Real – And It Lives on Your Website
Not a single CISO has full visibility into how AI is operating across their organization. Not one. That’s the headline finding from Pentera’s AI Security […] The post The AI Visibility Gap Is Real – And It Lives on Your…
From AI Pilots to Autonomous Finance: What CFOs Must Fix Before Agentic AI Scales
The CFO Is Now the Architect of AI-Driven Finance CFOs have always had the most complete view of the business. Revenue, cost, cash flow, risk,…Read More The post From AI Pilots to Autonomous Finance: What CFOs Must Fix Before Agentic…
Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too
Vercel’s Context.ai breach exposed environment variables that weren’t marked sensitive. Learn how to pull and scan your secrets with GitGuardian. The post Vercel April 2026 Incident: Non-Sensitive Environment Variables Need Investigation Too appeared first on Security Boulevard. This article has…
iTerm2 Flaw Turns SSH Escape Sequences Into Arbitrary Code Execution
In the cybersecurity community, we often assume that simply reading a text file using a command like cat is a perfectly safe operation. However, security researchers have recently demonstrated that doing so inside the popular iTerm2 macOS terminal emulator can cross the…
Public Notion Pages Leaks Profile Photos and Email address of Editors
Notion, a popular productivity and collaboration platform, is under significant scrutiny from the cybersecurity community. Security researchers have revealed that public Notion pages silently expose the personally identifiable information (PII) of anyone who has ever edited them. This data leak…
Half of the 6 Million Internet-Facing FTP Servers Lack Encryption
The continued use of the half-century-old protocol exposes enterprises and end users to various types of attacks. The post Half of the 6 Million Internet-Facing FTP Servers Lack Encryption appeared first on SecurityWeek. This article has been indexed from SecurityWeek…
IT Security News Hourly Summary 2026-04-20 12h : 8 posts
8 posts were published in the last hour 9:37 : Silicon In Focus Podcast: Shaping Technology for Transformation 9:37 : Microsoft-Signed Malware Built With FUD Crypt Packs Persistence and C2 9:36 : NCSC Outlines Coordinated Plan to Boost NHS Cyber…
Silicon In Focus Podcast: Shaping Technology for Transformation
At a time when organisations are accelerating AI adoption while struggling with legacy systems, cyber risk, and growing operational fragility, the real challenge is no longer technology—it’s leadership. In this episode of Silicon In Focus, David Howell speaks with Dai…