UK, US and Canadian authorities have identified over 20,000 victims of approval phishing scams that trick users into handing over full crypto wallet access This article has been indexed from www.infosecurity-magazine.com Read the original article: Operation Atlantic Seizes $12m in…
Critical WordPress Plugin Flaw Lets Attackers Bypass Authentication and Gain Admin Access
A critical security flaw found in a widely used WordPress plugin is putting thousands of websites at serious risk worldwide. Tracked as CVE-2026-1492, this vulnerability affects the User Registration & Membership plugin for WordPress and lets attackers completely bypass the…
Microsoft Confirms Recent Windows 11 Updates Break Push Button Reset
Microsoft has officially acknowledged that recent security updates for Windows 11 are causing the “Reset this PC” (Push-button reset) recovery feature to fail. The issue was confirmed in the release notes for the March 2026 hotpatch updates, affecting systems running…
Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users
The feature allows enterprise users to compose and read end-to-end encrypted messages natively on their mobile devices. The post Gmail Brings End-to-End Encryption to Android and iOS for Enterprise Users appeared first on SecurityWeek. This article has been indexed from…
APT37 Uses Facebook, Telegram, and Trojanzied Installer in New Targeted Cyberattack
APT37 is running a new targeted intrusion campaign that abuses Facebook, Telegram, and a tampered Wondershare PDFelement installer to gain stealthy access and exfiltrate sensitive data, likely from defense‑related targets. The operation shows a continued evolution of APT37’s social engineering…
CPUID watering hole attack spreads STX RAT malware
Threat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor with malicious files for several hours. Users who downloaded them got…
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised. “Out of an abundance of caution, we are taking steps to…
Apache Tomcat Flaws Enable EncryptInterceptor Bypass
The Apache Software Foundation has released critical security updates for Apache Tomcat to address three newly disclosed vulnerabilities. Because Apache Tomcat is a widely deployed open-source web server, these flaws pose a significant risk to many enterprise environments. The newly…
Adobe patches zero-day, Marimo flaw exploited, Venice flood threat
Adobe patches months-old Reader zero-day Critical Marimo flaw now under active exploitation Hackers claim control over Venice anti-flood pumps Get the show notes here: https://cisoseries.com/cybersecurity-news-adobe-patches-zero-day-marimo-flaw-exploited-venice-flood-threat/ Huge thanks to our sponsor, Conveyor Still manually filling out security questionnaires even though you…
Are scammers trying to profit from the 2028 Summer Olympics ticket sales?
Yes, they are. The 2028 Summer Olympics in Los Angeles tickets are now officially available for lucky users who registered for the draw and received… The post Are scammers trying to profit from the 2028 Summer Olympics ticket sales? appeared…
Uber Delivery Robots Defaced In Sheffield
Autonomous robots making food deliveries for Uber Eats in Sheffield suburb defaced only days after initial rollout This article has been indexed from Silicon UK Read the original article: Uber Delivery Robots Defaced In Sheffield
A week in security (April 6 – April 12)
A list of topics we covered in the week of April 6 to April 12 of 2026 This article has been indexed from Malwarebytes Read the original article: A week in security (April 6 – April 12)
Can AI Help “Solve” The Child Porn Problem? Magic 8 Ball Says, “Answer Hazy – Ask Again Later”
The technological trajectory is clear: Hash-based systems anchored in the National Center for Missing and Exploited Children (“NCMEC”) database remain highly effective for identifying known CSAM, but they are structurally incapable of addressing synthetic, modified, or previously unseen material. Machine…
Ransomware Lives On, Blending Hacktivism and Crime, Fueled by AI
Ransomware will never die, will it? In fact, it’s more powerful than ever thanks to GenAI and creative operators that evolve techniques to generate profit. The post Ransomware Lives On, Blending Hacktivism and Crime, Fueled by AI appeared first on Security Boulevard. This…
IT Security News Hourly Summary 2026-04-13 09h : 6 posts
6 posts were published in the last hour 6:36 : WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass 6:36 : Intoxalock Vehicle Breathalyzers Downed by Cyberattack, Leave Drivers Stranded 6:7 : EDR Killers Broaden Ransomware Tactics, ESET Warns 6:7 :…
WordPress Plugin Vulnerability Enables Admin Takeover via Auth Bypass
A newly disclosed vulnerability, tracked as CVE-2026-1492, has been identified in the User Registration & Membership plugin for WordPress, exposing websites to critical authentication bypass and privilege escalation risks. Affecting versions up to 5.1.2, the vulnerability allows remote attackers to gain full administrative…
Intoxalock Vehicle Breathalyzers Downed by Cyberattack, Leave Drivers Stranded
Parking lots were filled with cars that couldn’t be moved and drivers had to awkwardly explain to employers why they couldn’t make it to work after a cyberattack took down the Intoxalock vehicle breathalyzer system. The post Intoxalock Vehicle Breathalyzers Downed by Cyberattack, Leave Drivers…
EDR Killers Broaden Ransomware Tactics, ESET Warns
Ransomware gangs are rapidly expanding their use of EDR killers, moving beyond vulnerable drivers to a broader mix of scripts, anti‑rootkits, and driverless techniques. The company’s latest telemetry-backed study tracks almost 90 distinct EDR killers actively used in the wild. It…
ZeroID: Open-source identity platform for autonomous AI agents
ZeroID is an open-source identity platform that implements an identity and credentialing layer specifically for autonomous agents and multi-agent systems. The attribution problem The core issue ZeroID targets is attribution in agentic workflows. When an orchestrator agent spawns sub-agents to…
Fixing vulnerability data quality requires fixing the architecture first
In this Help Net Security interview, Art Manion, Deputy Director at Tharros, examines why vulnerability data across repositories stays inconsistent and hard to trust. The problem starts with systems not designed to collect or manage that data well. They introduce…
CPUID Website Hacked to Serve Malware Through CPU-Z and HWMonitor Download Links
Hackers accessed a secondary API on the CPUID website between April 9 at 15:00 UTC and April 10 at around 10:00 UTC. Thank you for being a Ghacks reader. The post CPUID Website Hacked to Serve Malware Through CPU-Z and…
Public Quizlet Flashcards Raise Concerns Over Possible CBP Security Exposure
A set of publicly available flashcards discovered through simple online searches has sparked concern after appearing to reveal sensitive details related to facility security at U.S. Customs and Border Protection locations in Kingsville, Texas. The flashcards were hosted on…
New GPU Rowhammer Attacks on Nvidia Cards Enable Full System Takeover
High-performance GPUs, often priced at $8,000 or more, are commonly shared among multiple users in cloud environments—making them attractive targets for attackers. Researchers have now uncovered three new attack techniques that allow a malicious user to gain full root…
Adobe Fixes Actively Exploited Zero-Day in Acrobat Reader
Adobe has released an emergency security update to address a critical zero-day vulnerability in Acrobat and Reader for Windows and macOS. According to Adobe’s APSB26-43 bulletin, the flaw is currently being exploited in the wild, prompting a Priority 1 rating…