$3.6 million stolen from Bitcoin Depot. The post $3.6 Million Crypto Heist Targets Bitcoin Depot appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: $3.6 Million Crypto Heist Targets Bitcoin Depot
IT Security News Hourly Summary 2026-04-09 21h : 7 posts
7 posts were published in the last hour 18:36 : Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026) 18:36 : Protecting Cookies with Device Bound Session Credentials 18:36 : Crypto? Huh. Good gawd y’all, what…
Wordfence Intelligence Weekly WordPress Vulnerability Report (March 30, 2026 to April 5, 2026)
Last week, there were disclosed in that have been added to the Wordfence Intelligence Vulnerability Database, and there were that contributed to WordPress Security last week. Review those vulnerabilities in this report now to ensure your site is not affected.…
Protecting Cookies with Device Bound Session Credentials
Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team Following our April 2024 announcement, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding…
Crypto? Huh. Good gawd y’all, what is it good for? $45M in this case
Cops bust latest scam, return $12m to bilked victims US, UK, and Canadian law enforcement Thursday said that they disrupted a $45 million global cryptocurrency scam, freezing $12 million in stolen funds and identifying more than 20,000 cryptocurrency wallet addresses…
The threat hunter’s gambit
Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors. This article has been indexed from Cisco Talos Blog Read the original article: The threat hunter’s gambit
Hacker stole £700,000 from UK energy company by redirecting payment
The U.K. energy company said a redirected payment meant for a contractor instead landed in a hacker’s bank account. This article has been indexed from Security News | TechCrunch Read the original article: Hacker stole £700,000 from UK energy company…
CyberASAP Secures £10m Boost as UK’s Next Wave of Cyber Innovators Take Centre Stage
After a successful Year 9 Demo Day, Cyber Security Academic Startup Accelerator Programme (CyberASAP) is gaining momentum towards its 10th anniversary kick off, which is due to start later this month. This comes as the Department for Science, Innovation and Technology (DSIT)…
Black Duck Names Dom Glavach as CISO to Bolster Supply Chain and AI Security Push
Application security firm Black Duck has appointed Dom Glavach as its new Chief Information Security Officer, bringing in a seasoned executive with more than two decades of experience spanning enterprise security, national defence, and SaaS environments. The hire comes at…
Critical Fortinet FortiClient EMS Flaw Now Actively Exploited in Cyberattacks
A critical vulnerability in Fortinet’s FortiClient EMS platform is now being actively exploited in real‑world attacks, according to threat‑intelligence firm Defused. Tracked as CVE‑2026‑21643, this SQL injection bug affects FortiClient EMS version 7.4.4 and allows unauthenticated attackers to run…
Infiniti Stealer Targets Mac Users with ClickFix Social Engineering Attack
Not stopping at typical malware tricks, Infiniti Stealer targets Macs using clever social manipulation instead of system flaws. Security firm Malwarebytes uncovered the operation, highlighting how it dodges standard protection tools. Once inside, the software slips under the radar…
How Duck.ai Offer Better Privacy Compared to Commercial Chatbots
Better privacy with DuckDuckGo’s AI bot Privacy issues have always bothered users and business organizations. With the rapid adoption of AI, the threats are also rising. DuckDuckGo’s Duck.ai chatbot benefits from this. The latest report from Similarweb revealed that traffic…
Apple Reinforces Digital Privacy for Users Without Restricting Law Enforcement Oversight
The company has long positioned its privacy architecture as a defining aspect of its ecosystem, marketing it as more than a feature, but a fundamental right built into its products as well. However, the latest disclosures emerging from US…
Adobe Reader Zero-Day Exploited to Steal Data via Malicious PDFs
An Adobe Reader zero-day vulnerability is being actively exploited via malicious PDFs, allowing hackers to steal data without user interaction, with no patch available. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read…
‘Several dozen’ high-value corporations hit by new extortion crew in helpdesk phishing spree
Possible link to Mr. Raccoon’s claimed Adobe break-in A new extortion crew has targeted “several dozen high-value” corporations through phishing and helpdesk social-engineering, according to Google.… This article has been indexed from The Register – Security Read the original article:…
UAT-10362 Targets Taiwanese NGOs with LucidRook Malware in Spear-Phishing Campaigns
A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. “LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled…
New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts
Apple warns of a new scam targeting millions of iPhone users. Learn the red flags, how it works, and how to protect your account and finances. The post New Apple Scam Hits Millions of iPhone Users Worldwide, Draining Bank Accounts…
Aembit IAM for Agentic AI Is Now Generally Available
5 min readAembit IAM for Agentic AI is now GA. Enforce AI agent access to MCP servers with Blended Identity, secretless credential exchange, and policy-based enforcement. Free tier is available. The post Aembit IAM for Agentic AI Is Now Generally…
The Web Is Full of Traps — and AI Agents Walk Right into Them
The enterprise is deploying AI agents at a pace that has outrun every security framework written to govern them. These agents don’t just answer questions — they browse websites, retrieve documents, call APIs, execute code, manage email, initiate financial transactions,…
OpenAI Readies Rollout of New Cyber Model as Industry Shifts to Defense
OpenAI is finalizing a cybersecurity product slated for a restricted release to select partners. The new model, as reported by Axios, could signal growing anxiety among developers that their latest creations may be too dangerous for the public. The shift…
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
Microsoft Incident Response – Detection and Response Team (DART) researchers observed an emerging, financially motivated threat actor, tracked as Storm-2755, compromising Canadian employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. The post…
GPL Odorizers GPL750
View CSAF Summary Successful exploitation of this vulnerability could allow a low privileged remote attacker to manipulate register values, which would result in too much or too little odorant being injected into a gas line. The following versions of GPL…
Contemporary Controls BASC 20T
View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to enumerate the functionality of each component associated with the PLC, reconfigure, rename, delete, perform file transfers, and make remote procedure calls. The following versions of Contemporary Controls…
React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff
Executive Summary In this article, we disclose a new high severity unauthenticated remote denial‑of‑service vulnerability we identified and reported in React Server Components that we’ve dubbed “React2DoS”. In this blog, we’ll analyze its impact and place it in the broader…