Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy a known proxy malware called SystemBC. According to new research published by Check Point, the command-and-control (C2 or C&C) server linked to SystemBC has led…
Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox
The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition. This article has been indexed from Security Latest Read the original article: Mozilla Used…
[un]prompted 2026 – 200 Bugs/Week/Engineer: How We Rebuilt Trail Of Bits Around Al
Author, Creator & Presenter: Dan Guido, CEO, Trail Of Bits Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink The post [un]prompted 2026 – 200…
CVE-2025-29635: Mirai Campaign Targets D-Link Devices
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: CVE-2025-29635: Mirai Campaign Targets D-Link Devices
Mozilla Used Anthropic’s Mythos to Find and Fix 151 Bugs in Firefox
The Firefox team doesn’t think emerging AI capabilities will upend cybersecurity long term, but they warn that software developers are likely in for a rocky transition. This article has been indexed from Security Latest Read the original article: Mozilla Used…
North Korea’s Lazarus APT stole $290M from Kelp DAO
North Korea-linked Lazarus Group stole $290M from Kelp DAO by abusing LayerZero. A second $95M attempt was stopped. Hackers tied to the North-Korea linked group Lazarus APT carried out a $290M crypto theft targeting Kelp DAO. Kelp DAO is a…
Iran Alleges US Networking Gear Was Deliberately Disabled
Reports from Iranian state media claim that U.S.-manufactured networking gear ceased functioning at critical moments during military strikes. The allegations, which cannot be independently verified, claim there were simultaneous failures across routers and switches produced by Cisco, Fortinet, Juniper Networks,…
IT Security News Hourly Summary 2026-04-21 21h : 6 posts
6 posts were published in the last hour 18:36 : 130K Users Compromised by StealTok Campaign That Uses Fake TikTok Downloaders 18:36 : VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes 18:7 : Microsoft Vulnerabilities Drop,…
130K Users Compromised by StealTok Campaign That Uses Fake TikTok Downloaders
Malicious TikTok downloader extensions have compromised over 130,000 users by exploiting trust and harvesting sensitive data. The post 130K Users Compromised by StealTok Campaign That Uses Fake TikTok Downloaders appeared first on eSecurity Planet. This article has been indexed from…
VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes
Oracle shipped VirtualBox 7.2.8 on April 21, 2026, as a maintenance release covering crashes, networking problems, clipboard issues, and extended Linux kernel compatibility. The update touches the VMM layer, NAT networking, graphics, UEFI, and both Linux and Windows guest support.…
Microsoft Vulnerabilities Drop, But Critical Flaws Double, Report Warns
Microsoft vulnerabilities fall, but critical flaws double, BeyondTrust report highlights rising risk in Microsoft Office, Azure, and cloud systems. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article: Microsoft Vulnerabilities…
The DevOps Security Paradox: Why Faster Delivery Often Creates More Risk
A few years ago, I was part of a large enterprise transformation program where the leadership team proudly announced that they had successfully implemented DevOps across hundreds of applications. Deployments were faster. Release cycles dropped from months to days. Developers…
The Attack Runs Itself: What Agentic AI Fraud Actually Looks Like
This is part 1 of a two-part series on agentic AI fraud defense. Since joining Arkose Labs, one of the first things I did was go deep on the threat data — what the attack patterns actually look like, how…
Critical SGLang Vulnerability Allows Remote Code Execution via Malicious AI Model Files
A newly disclosed high-severity flaw in SGLang could enable attackers to remotely execute code on affected servers through specially crafted AI model files. The issue, tracked as CVE-2026-5760, has received a CVSS score of 9.8 out of 10, placing…
Microsoft Vulnerabilities Hit Record High, Critical Flaws Decline, Report Find
Microsoft vulnerabilities hit a record high while critical flaws decline, BeyondTrust report reveals rising risks across Windows, Office, and Azure systems. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, AI and More Read the original article:…
More Cisco SD-WAN bugs battered in attacks
CISA gives federal agencies 4 days to patch America’s lead cyber-defense agency has warned that three Cisco Catalyst SD-WAN Manager bugs are under attack, and given federal agencies just four days to patch the security holes.… This article has been…
Siemens Analytics Toolkit
View CSAF Summary Multiple Siemens applications are affected by improper certificate validation in Siemens Analytics Toolkit. This could allow an unauthenticated remote attacker to perform man in the middle attacks. Siemens has released new versions for the affected products and…
SenseLive X3050
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device. The following versions of SenseLive X3050 are affected: X3050 V1.523 (CVE-2026-40630, CVE-2026-25720, CVE-2026-35503, CVE-2026-39462, CVE-2026-27843, CVE-2026-40431, CVE-2026-40623, CVE-2026-27841, CVE-2026-40620, CVE-2026-35064, CVE-2026-25775)…
Siemens TPM 2.0
View CSAF Summary The products listed below contain a vulnerability that could allow an attacker to perform an out-of-bound read, potentially leading to information disclosure or denial of service of the TPM. Siemens has released new versions for several affected…
Siemens RUGGEDCOM CROSSBOW Secure Access Manager Primary
View CSAF Summary RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) contains a vulnerability that could allow an attacker to escalate their own privileges. Siemens has released a new version for RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) and recommends to…
Silex Technology SD-330AC and AMC Manager
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, cause a denial-of-service, or configuration information may be altered without authentication. The following versions of Silex Technology SD-330AC and AMC Manager are affected: SD-330AC…
22 BRIDGE:BREAK Flaws Expose Thousands of Lantronix and Silex Serial-to-IP Converters
Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix and Silex that could be exploited to hijack susceptible devices and tamper with data exchanged by them. The vulnerabilities have been collectively codenamed BRIDGE:BREAK by…
Seceon Recognized in the 2026 Gartner® “Voice of the Customer” Report for Security Information and Event Management
Seceon earns a 4.6 out of 5.0 overall rating from 82 verified customer reviews, with 90% of reviewers willing to recommend the platform, reflecting strong real-world satisfaction across the global services and financial sectors WESTFORD, Mass., April 21, 2026 /PRNewswire/ — Seceon Inc.,…
ShinyHunters: SaaS Breaches & Identity Risks (2026)
Who are ShinyHunters? Learn how this group exploits SaaS, credentials, and identity-based access—and how to prevent modern data breaches. The post ShinyHunters: SaaS Breaches & Identity Risks (2026) appeared first on Security Boulevard. This article has been indexed from Security…