Itron detected unauthorized access to part of its IT environment on April 13, 2026, and launched incident response and notified authorities. Itron disclosed a cyber incident involving unauthorized access to part of its internal IT systems, detected on April 13,…
Safe vulnerability disclosure for UK SMEs: a practical guide
Safe vulnerability disclosure for UK SMEs: a practical guide For many UK SMEs, the idea of someone reporting a security weakness can feel unsettling at first. It may sound technical, formal, or even a little confrontational. In practice, safe vulnerability…
IT Security News Hourly Summary 2026-04-27 09h : 1 posts
1 posts were published in the last hour 6:36 : Vidar Malware Conceals Payloads in JPEG, TXT Files to Evade Detection
Vidar Malware Conceals Payloads in JPEG, TXT Files to Evade Detection
Vidar has evolved from a basic Arkei-based credential stealer into a multi-stage, stealth-focused infostealer that now hides second‑stage payloads within JPEG and TXT files to evade modern defenses. First observed in 2018, Vidar now operates as a mature Malware‑as‑a‑Service (MaaS) with…
Nessus Agent Vulnerability on Windows Enables Arbitrary Code Execution with SYSTEM Privileges
A newly disclosed security vulnerability in Tenable’s Nessus Agent for Windows could allow attackers to execute malicious code with the highest level of system privileges, raising serious concerns for enterprise security teams relying on the widely-deployed vulnerability assessment platform. The…
pentest-ai-agents – 28 Claude Code Subagents for Penetration Testing
A new open-source toolkit called pentest-ai-agents is redefining how security professionals leverage AI in penetration testing workflows, transforming Anthropic’s Claude Code into a fully specialized offensive security research assistant powered by 28 domain-specific subagents. Released by security researcher 0xSteph on…
Suspicious Microsoft Store App Vibing.exe Allegedly Harvests Screens and Audio
A recently discovered application called Vibing.exe has raised major privacy and security alarms after researchers caught it stealthily recording user screens and audio. Originally available on the Microsoft Store as an AI productivity interface, the app was pulled in late…
Fast16 Malware Targets High-Value Systems With Sabotage Capabilities
A previously unknown cyber sabotage framework called fast16, whose core components date back to 2005. This makes it the earliest known sabotage malware of its kind, predating the infamous Stuxnet worm by at least five years. The fast16 framework consists…
Metabase Enterprise RCE Flaw Now Has Public Proof-of-Concept Exploit
Security researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary files on targeted systems. The…
New York’s 3D Printing Crackdown: Security or Surveillance?
New York’s latest budget proposal could fundamentally change how 3D printers work—requiring built-in software that scans and blocks certain designs. Supporters say it’s about stopping ghost guns. Critics say it opens the door to surveillance and limits innovation. In this…
Attackers Chain CODESYS Vulnerabilities to Backdoor Applications
Nozomi Networks Labs published critical research detailing three new vulnerabilities in the CODESYS Control runtime. When chained together, these security flaws allow an authenticated attacker with low-level privileges to replace a legitimate industrial control application with a backdoored version. Ultimately,…
25 open-source cybersecurity tools that don’t care about your budget
Regardless of the operating system you use, managing secrets, apps, cloud, compliance, and security operations can be overwhelming. The free, open-source tools presented in this article can help you detect threats, increase visibility, enforce controls, and investigate and respond to…
The AI criminal mastermind is already hiring on gig platforms
Labor-hire platforms let anyone with a credit card post a task and pay a stranger to complete it. The RentAHuman platform extends that model to AI agents through a Model Context Protocol server, allowing an agent to post gigs directly.…
Product showcase: LuLu reveals unauthorized outbound connections from Mac apps
LuLu is a free, open-source firewall for macOS that lets you control which apps are allowed to send data from your computer. macOS includes a built-in firewall, but it mainly handles incoming connections. LuLu also monitors outgoing traffic. Installing and…
Cyber Weapon in Toronto, Grid Attack, Stuxnet Lie Exposed
A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today’s…
Quantum-Resistant Identity and Access Management for MCP Resources
Secure your MCP hosts with quantum-resistant IAM. Learn about lattice-based signatures, PQuAKE, and 4D context-aware access for AI agents. The post Quantum-Resistant Identity and Access Management for MCP Resources appeared first on Security Boulevard. This article has been indexed from…
Udemy – 1,401,259 breached accounts
In April 2026, online training company Udemy was the victim of a “pay or leak” extortion attempt perpetrated by the ShinyHunters group. The data was subsequently leaked publicly and contained 1.4M unique email addresses belonging to customers and instructors. The…
IT Security News Hourly Summary 2026-04-27 03h : 1 posts
1 posts were published in the last hour 0:36 : Why PoP Count Isn’t the Real Measure of Application Security Performance
Why PoP Count Isn’t the Real Measure of Application Security Performance
When evaluating cloud security platforms, one question comes up again and again: “How many Points of Presence do you have?” At first glance, the logic seems sound. More locations should mean lower latency, faster response times, and better protection. The…
Google Cloud Next proves what we suspected: Everything is AI now
Join us for this week’s Kettle as we dive into GCN and the latest not-so-alarming revelations about Mythos KETTLE If you needed further evidence that AI comes first in pretty much everything nowadays, look no further than this year’s Google…
IT Security News Hourly Summary 2026-04-27 00h : 4 posts
4 posts were published in the last hour 21:58 : IT Security News Weekly Summary 17 21:55 : IT Security News Daily Summary 2026-04-26 21:32 : California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner 21:31 : Confidential…
IT Security News Weekly Summary 17
210 posts were published in the last hour 21:55 : IT Security News Daily Summary 2026-04-26 21:32 : California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner 21:31 : Confidential clusters for Red Hat OpenShift: Developer Preview now…
IT Security News Daily Summary 2026-04-26
30 posts were published in the last hour 21:32 : California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner 21:31 : Confidential clusters for Red Hat OpenShift: Developer Preview now available on Microsoft Azure with AMD SEV-SNP 20:34…
California Engineer Identified in Suspected Shooting at White House Correspondents’ Dinner
A 31-year-old engineer and self-described indie game developer is suspected of firing shots at the annual event attended by President Donald Trump, high-profile media figures, and US government officials. This article has been indexed from Security Latest Read the original…