Security researchers have published technical details regarding a highly critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-Prem). Tracked as CVE-2026-20160, this flaw carries a near-maximum CVSS score of 9.8. It allows remote, unauthenticated attackers to execute commands…
ClickFix Campaign Abuses macOS Script Editor to Deploy Atomic Stealer
A refreshed ClickFix campaign that swaps macOS Terminal for Script Editor to deliver an Atomic Stealer payload to unsuspecting Mac users quietly. By abusing the applescript:// URL scheme, attackers sidestep Apple’s new paste-protection in Terminal on macOS Tahoe 26.4 while preserving the same underlying…
Zephyr Energy loses £700K in cyber hit that rerouted contractor payment
Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash UK-listed oil and gas outfit Zephyr Energy plc has admitted a cyber incident siphoned off roughly £700,000 after a single payment to a contractor…
NSFW app leak exposes 70,000 prompts linked to individual users
MyLovely.AI leaked personal data, explicit prompts, and images of over 100,000 users, exposing many to sextortion and doxxing. This article has been indexed from Malwarebytes Read the original article: NSFW app leak exposes 70,000 prompts linked to individual users
Intruder expands cloud security with agentless container image scanning
Intruder has announced the release of Container Image Scanning, a new upgrade to its cloud security capabilities that automatically scans container images for vulnerabilities, granting customers actionable insight into container risk without deploying and maintaining scanning agents across their estates.…
Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group
A spear-phishing campaign which spread across the Middle East between 2023 and 2024 has now been linked to Bitter APT group This article has been indexed from www.infosecurity-magazine.com Read the original article: Middle East Hack-for-Hire Operation Traced to South Asian…
Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead This article has been indexed from www.infosecurity-magazine.com Read the original article: Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
On Microsoft’s Lousy Cloud Security
ProPublica has a scoop: In late 2024, the federal government’s cybersecurity evaluators rendered a troubling verdict on one of Microsoft’s biggest cloud computing offerings. The tech giant’s “lack of proper detailed security documentation” left reviewers with a “lack of confidence…
The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. The post The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security appeared first on SecurityWeek. This…
CMMC Non-Compliance: Violations of FCA
Key Takeaways For many defense contractors, CMMC treated as a security project. It is discussed in terms of controls, readiness work, outside assessors, documentation, and the cost of getting prepared. Of course, all of that is important. But beyond that,…
They’re Here! Is Your Mainframe Ready for Cyberthreats From Outer Space?
With over 15,000 satellites in orbit, hackers are using unencrypted signals to bypass terrestrial defenses. Learn why space-based cybersecurity is no longer science fiction. The post They’re Here! Is Your Mainframe Ready for Cyberthreats From Outer Space? appeared first on Security Boulevard. This article has been indexed from…
Politicians Are Spending More Money on Security as They Increasingly Become Targets
Political candidates are purchasing more home alarms, bulletproof vests, and other protections amid rising fears of political violence. This article has been indexed from Security Latest Read the original article: Politicians Are Spending More Money on Security as They Increasingly…
30,000 private Facebook images allegedly downloaded by Meta employee
The accused didn’t just browse around; he built a custom script designed to circumvent Meta’s internal detection systems. This article has been indexed from Malwarebytes Read the original article: 30,000 private Facebook images allegedly downloaded by Meta employee
Human Risk in Geopolitical Conflict: Iran War Lessons
Nisos Human Risk in Geopolitical Conflict: Iran War Lessons The war in the Middle East that began on February 28th has dominated headlines, disrupted markets, and forced boardrooms into emergency conversations about exposure… The post Human Risk in Geopolitical Conflict:…
Advenica’s File Scanner Kiosk scans USB media for malware
Advenica announced the File Scanner Kiosk, a system that scans USB media for malware and helps businesses reduce infection risk. With the reliance on external media for file transfers, organisations face increased vulnerability to malware. The File Scanner Kiosk addresses…
Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
SANS Institute reveals that AI agents are behind a 76% surge in non-human identities This article has been indexed from www.infosecurity-magazine.com Read the original article: Governance Gaps Emerge as AI Agents Drive 76% Increase in NHIs
From the field to the report and back again: How incident responders can use the Year in Review
The Year in Review distills Talos IR’s observations into structured intelligence, but defenders should also be feeding this report back into their own preparation cycles. Here’s how. This article has been indexed from Cisco Talos Blog Read the original article:…
Microsoft Details How Defender Protects High-Value Assets in Real-World Attacks
Microsoft has significantly upgraded its Defender platform to automatically detect and block sophisticated cyberattacks targeting High-Value Assets (HVAs) like domain controllers and web servers. By leveraging the new Microsoft Security Exposure Management tool, the system now uses context-aware intelligence to…
The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
A hacker allegedly stole 10+ PB of sensitive military and aerospace data from China’s National Supercomputing Center, risking national security. A massive alleged breach has hit China’s National Supercomputing Center (NSCC) in Tianjin. A hacker claims to have exfiltrated over…
Certes launches v7 platform with quantum-safe encryption across hybrid cloud and edge environments
Certes has released v7 of its Data Protection and Risk Mitigation (DPRM) platform, extending post-quantum cryptography (PQC) protection to the edge and positioning the update as a direct response to the growing “harvest now, decrypt later” threat facing enterprise security…
Hackers Claim to Have Stolen 10 Petabytes of Data from China’s Tianjin Supercomputer Center
Hackers are claiming that one of China’s most strategically important computing facilities suffered a massive cyber intrusion, with more than 10 petabytes of sensitive information allegedly taken from a state-run supercomputing environment that experts suspect is the National Supercomputing Center…
This fake Windows support website delivers password-stealing malware
A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access. This article has been indexed from Malwarebytes Read the original article: This fake Windows support website delivers password-stealing malware
Google Warns of New Campaign Targeting BPOs to Steal Corporate Data
Tracked as UNC6783, the threat actor is likely linked to Mr. Raccoon, the hacker behind the alleged theft of Adobe data from a BPO. The post Google Warns of New Campaign Targeting BPOs to Steal Corporate Data appeared first on…
IT Security News Hourly Summary 2026-04-09 12h : 11 posts
11 posts were published in the last hour 9:34 : Fake Security Tool Spreads LucidRook in Taiwan Cyberattacks 9:34 : The long road to your crypto: ClipBanker and its marathon infection chain 9:34 : Keeper Security Expands PAM Browser Isolation…