A new technical review of Google Chrome’s privacy posture shows that modern tracking no longer depends only on cookies, because websites can combine browser fingerprinting, storage tricks, and HTTP header leaks to identify users with surprising accuracy. Chrome has reduced…
When PUPs bite: Huntress uncovers “weaponised” adware exposing 25,000+ systems
Cybersecurity provider Huntress has identified a major security threat. What appeared to be an unassuming potentially unwanted program (PUP) has transformed into a threat that can disable antivirus systems and put thousands of endpoints at risk. As mentioned in a recent blog, the cyberattack involves the…
UAC-0247 Targets Ukrainian Clinics and Government in Data-Theft Malware Campaign
The Computer Emergencies Response Team of Ukraine (CERT-UA) has disclosed details of a new campaign that has targeted governments and municipal healthcare institutions, mainly clinics and emergency hospitals, to deliver malware capable of stealing sensitive data from Chromium-based web browsers and WhatsApp. The activity, which…
IT Security News Hourly Summary 2026-04-16 09h : 6 posts
6 posts were published in the last hour 6:36 : Command integrity breaks in the LLM routing layer 6:7 : Nginx-UI Flaw Actively Exploited to Enable Full Server Takeover 6:7 : Russian Hosting Tied to 1,250+ C2 Servers Across 165…
Command integrity breaks in the LLM routing layer
Systems that rely on LLM agents often send requests through intermediary routing services before reaching a model. These routers connect to different providers through a single endpoint and manage how requests are handled. This layer can influence what gets executed…
Nginx-UI Flaw Actively Exploited to Enable Full Server Takeover
A severe vulnerability in nginx-ui, a widely used open-source web interface for managing Nginx servers, is currently being actively exploited in the wild. Tracked as CVE-2026-33032 with a maximum CVSS base score of 9.8, this critical flaw allows remote attackers…
Russian Hosting Tied to 1,250+ C2 Servers Across 165 Providers
More than 1,250 C2 servers were identified across 165 Russian infrastructure providers within the past 3 months. Infrastructure analytics and ISP mapping are exposing the hidden backbone of cyber threats operating inside Russian networks. By looking beyond single IPs or…
Hackers Abuse Google Discover With AI-Generated Content to Push Malicious Notifications
A newly identified threat operation is exploiting one of the most widely used content discovery tools on Android and Chrome devices — Google’s Discovery feed — to deliver malicious push notifications to unsuspecting users across multiple countries. The operation, named Pushpaganda by…
Web Supply Chain Risk in ANZ: Why the Browser is the New Front Line
Right now, code is executing in your users’ browsers that your WAF has never inspected, your DAST never tested, and your pen testers never touched. […] The post Web Supply Chain Risk in ANZ: Why the Browser is the New…
What the EU AI Act requires for AI agent logging
The EU AI Act is 144 pages long. The logging requirements that matter for AI agent developers sit across four articles that keep referencing each other. Here’s what they say, when the deadlines hit, and where the gaps are. Your…
Why Using a Burner Email Can Strengthen Your Online Privacy
Email accounts are among the most frequently exposed pieces of personal data in security breaches, which is a major reason why people often find their information circulating online. While using stronger passwords and enabling multi-factor authentication can significantly improve…
Product showcase: Ente Auth encrypts, backs up, and syncs 2FA
Two-factor authentication (2FA) is an essential layer of protection for online accounts, and Ente Auth makes it easier to manage securely across devices. Ente Auth is a free, open-source authenticator app designed to generate and store one-time passcodes for 2FA.…
Critical Chrome Flaws Allow Arbitrary Code Execution – Patch Immediately
Google has released an urgent security update for its Chrome web browser to address 31 vulnerabilities, including five rated as critical. The stable channel has been updated to version 147.0.7727.101/102 for Windows and Mac, and 147.0.7727.101 for Linux. This update…
AI Content Hijacks Google Discover to Deliver Malicious Alerts
A new large-scale cyber operation is exploiting Google’s Discovery feed to spread malicious notifications and scams through AI-generated content. Pushpaganda begins with threat actors creating around 113 fake domains filled with AI-written articles and clickbait headlines. These posts are crafted…
Splunk Enterprise and Cloud Platform Exposed to Dangerous RCE Vulnerability
Splunk has disclosed a high-severity vulnerability affecting both its Enterprise and Cloud Platform environments. Tracked as CVE-2026-20204, this flaw allows attackers to execute arbitrary code remotely. With a CVSS score of 7.1, the vulnerability requires immediate attention from system administrators…
Wi-Fi roaming security practices for access network providers and identity providers
Public Wi-Fi roaming networks carry authentication credentials across multiple administrative boundaries, and the protocols governing that process vary widely in their security properties. The Wireless Broadband Alliance published a set of guidelines that specifies which authentication, encryption, and credential-handling practices…
IT Security News Hourly Summary 2026-04-16 06h : 1 posts
1 posts were published in the last hour 4:2 : European AI spending set to hit $290 billion by 2029
European AI spending set to hit $290 billion by 2029
European enterprises are committing serious money to AI, and the numbers are accelerating. According to IDC’s Worldwide AI and Generative AI Spending Guide, AI spending across Europe will reach $290 billion by 2029, growing at a compound annual growth rate…
ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894, (Thu, Apr 16th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, April 16th, 2026…
McGraw Hill – 13,500,136 breached accounts
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed “a limited set of data from a webpage hosted by Salesforce on its platform”.…
Lattice-based Cryptographic Integration for MCP Host-Client Communication
Learn how to secure Model Context Protocol (MCP) host-client communication using lattice-based PQC standards like ML-KEM and ML-DSA against quantum threats. The post Lattice-based Cryptographic Integration for MCP Host-Client Communication appeared first on Security Boulevard. This article has been indexed…
IT Security News Hourly Summary 2026-04-16 03h : 2 posts
2 posts were published in the last hour 0:31 : Google Chrome lacks protection against one of the most basic and common ways to track users online 0:5 : [Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu,…
Google Chrome lacks protection against one of the most basic and common ways to track users online
Browser fingerprinting is everywhere Google markets its Chrome browser by citing its superior safety features, but according to privacy consultant Alexander Hanff, Chrome does not protect against browser fingerprinting – a method of tracking people online by capturing technical details…
[Guest Diary] Compromised DVRs and Finding Them in the Wild, (Thu, Apr 16th)
[This is a Guest Diary by Alec Jaffe, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1]. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article:…