Hackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are now prime targets because compromising their accounts gives…
Government To Ban Phones In English Schools
Government to introduce amendment to Children’s Wellbeing and Schools Bill banning students’ phones in England, in policy U-turn This article has been indexed from Silicon UK Read the original article: Government To Ban Phones In English Schools
Gentlemen RaaS Hits Windows, Linux, and ESXi With New C-Based Locker
Gentlemen is a fast‑growing ransomware‑as‑a‑service (RaaS) operation now targeting Windows, Linux, NAS, BSD, and VMware ESXi with a new locker written in C for hypervisor environments. Its multi‑platform design and strong defense‑evasion features make it a high‑impact threat to corporate…
IT Security News Hourly Summary 2026-04-21 09h : 6 posts
6 posts were published in the last hour 7:4 : CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines 6:34 : The 7 Top AI SOC Platforms to Watch in 2026 6:34 : Iran claims US used…
6,000+ Publicly Exposed Apache ActiveMQ Instances Found Vulnerable to CVE-2026-34197
Over 6,000 internet-facing Apache ActiveMQ servers are currently affected by a critical security flaw, leaving enterprise networks wide open to attack. The Shadowserver Foundation, a prominent nonprofit security research organization, reported finding exactly 6,364 vulnerable IP addresses during its daily…
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including three flaws impacting Cisco Catalyst SD-WAN Manager, citing evidence of active exploitation. The list of vulnerabilities is as…
The 7 Top AI SOC Platforms to Watch in 2026
AI SOC platforms have been gaining rapid traction in the industry over the past few years. and will continue to grow in popularity as their usability and time-saving capabilities are demonstrated. These AI-driven, often agentic SOC platforms sit at the intersection of autonomy…
Iran claims US used backdoors to knock out networking equipment during war
And China is loving it Iranian media is claiming that the US used backdoors and/or botnets to disable networking equipment during the current war, and Chinese state media is dining out on the allegations.… This article has been indexed from…
Manhattan DA Bragg Pushes Meta to Put a Stop to Immigration Scams
Scammers dressed up like Catholic Charities and legitimate pro bone legal services on social media platforms are targeting immigrants and bilking them for money. Manhattan DA Alvin Bragg is pressing Meta to follow its own terms and shut them down. The…
12 Fraudulent Browser Extensions Disguised as TikTok Downloaders Compromise 130K Users
LayerX security researchers have uncovered a massive, highly coordinated campaign involving at least 12 malicious browser extensions on the Google Chrome and Microsoft Edge marketplaces. Disguised as legitimate TikTok video downloaders, these extensions secretly track user activity and harvest sensitive…
What the ransom note won’t say
An attack is what you see, but a business operation is what you’re up against This article has been indexed from WeLiveSecurity Read the original article: What the ransom note won’t say
Malicious GGUF Models Could Trigger Remote Code Execution on SGLang Servers
Security researchers have uncovered a critical vulnerability in SGLang, a widely used framework for running large language models, that allows threat actors to compromise inference servers. Tracked as CVE-2026-5760, this flaw enables Remote Code Execution (RCE) when a server loads…
AI-Driven Exploitation Could Shrink Defenders’ Patch Window
AI-powered cyberattacks are entering a new phase, with frontier AI models now capable of autonomously discovering and exploiting software vulnerabilities at unprecedented speed. Unit 42’s hands-on testing reveals that modern AI models are no longer مجرد coding assistants. Instead, they…
Cybersecurity jobs available right now: April 21, 2026
Application Security Engineer (DevSecOps / Azure DevOps) BEWAHARVEST | Philippines | Hybrid – View job details As an Application Security Engineer (DevSecOps / Azure DevOps), you will embed security across the SDLC by working with engineering and DevOps teams to…
Researchers build an encrypted routing layer for private AI inference
Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models. A cryptographic technique called Secure Multi-Party Computation (MPC) makes this possible. It splits data into…
Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects
The popular AI application builder, Lovable, is currently facing a massive data breach due to an unpatched API vulnerability. Security researchers have revealed that a critical flaw exposes sensitive project data, source code, and user credentials for any project created…
SideWinder Spoofs Chrome PDF Viewer, Zimbra to Steal Government Webmail Logins
SideWinder is running an active credential‑harvesting campaign that uses a fake Chrome PDF viewer and a pixel‑perfect Zimbra clone on Cloudflare Workers to steal government webmail credentials from South Asian targets, including the Bangladesh Navy and Pakistan’s Ministry of Foreign…
CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a severe software supply chain compromise affecting the widely used Axios node package manager (npm). Axios is a highly popular JavaScript library that developers rely on to…
Critical Gardyn Smart Gardens Vulnerabilities Let Attackers Control Devices Remotely
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about severe vulnerabilities in Gardyn Home Kit smart garden systems. Carrying a maximum severity score of 9.3 out of 10, these flaws could allow unauthenticated attackers to hijack…
British National Admits Hacking Companies and Stealing Millions in Virtual Currency
A British man has pleaded guilty in the United States to his role in a large cybercrime scheme that used SMS phishing, company network intrusions, and SIM swapping to steal at least $1 million in virtual currency from victims across…
iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code Execution
Cybersecurity researchers, working in partnership with OpenAI, have uncovered a fascinating and severe vulnerability in iTerm2, a widely used macOS terminal emulator. According to Califio, the flaw abuses the application’s SSH integration feature, allowing attackers to turn seemingly harmless text…
PoC Exploit Released for Windows Snipping Tool NTLM Hash Leak Vulnerability
A proof-of-concept (PoC) exploit has been publicly released for a newly disclosed vulnerability in Microsoft’s Snipping Tool that allows attackers to silently steal users’ Net-NTLM credential hashes by luring them to a malicious webpage. Tracked as CVE-2026-33829, the flaw resides…
IT Security News Hourly Summary 2026-04-21 06h : 1 posts
1 posts were published in the last hour 3:7 : Critical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks
Critical Anthropic’s MCP Vulnerability Enables Remote Code Execution Attacks
A critical flaw in Anthropic’s Model Context Protocol (MCP) exposes over 150 million downloads to potential compromise. The vulnerability could enable full system takeover across up to 200,000 servers. The OX Security Research team identified the flaw as a fundamental design…