Keeping it simple for the developers can lead to very complex headaches later PWNED Welcome back to PWNED, the column where we celebrate the people who’ve taught us how not to secure a server. If you’ve ever tied your own…
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding…
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors
Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. “The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and…
Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents
Forcepoint has found 10 new indirect prompt injection attacks targeting AI agents This article has been indexed from www.infosecurity-magazine.com Read the original article: Researchers Uncover 10 In-the-Wild Prompt Injection Payloads Targeting AI Agents
China’s DeepSeek Holds First Funding Round
DeepSeek reportedly looks for first outside funds to establish valuation benchmark and help retain talent, amid aggressive poaching This article has been indexed from Silicon UK Read the original article: China’s DeepSeek Holds First Funding Round
North Korean Fake IT Workers Infiltrate Firms to Dodge Sanctions
North Korean threat actors are once again leveraging deceptive remote work schemes to infiltrate global organizations, using fake IT worker personas to generate revenue and bypass international sanctions. A recent investigation, triggered by cryptocurrency security researcher ZachXBT, sheds light on…
Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory
A critical Server-Side Request Forgery (SSRF) vulnerability in LMDeploy’s vision-language module was exploited in active attacks just 12 hours and 31 minutes after its public disclosure, with no proof-of-concept code required. On April 21, 2026, GitHub published security advisory GHSA-6w67-hwm5-92mq, later…
Critical Pack2TheRoot Vulnerability Let Attackers Gain Root Access or Compromise the System
A high-severity privilege escalation vulnerability, dubbed Pack2TheRoot (CVE-2026-41651, CVSS 3.1: 8.8), has been publicly disclosed by Deutsche Telekom’s Red Team, affecting multiple major Linux distributions in their default installations. The flaw allows any local unprivileged user to silently install or…
Apple Patches iOS Flaw Allowing Recovery of Deleted Chats
Apple rolled out the security patches for dozens of iPhone and iPad models and generations. The post Apple Patches iOS Flaw Allowing Recovery of Deleted Chats appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original…
OpenAI tackles a bad habit people have when interacting with AI
Since people tend to paste personal data into AI tools such as ChatGPT, OpenAI has released Privacy Filter, an open-weight model designed to detect and redact personally identifiable information (PII) in text. The model is available under the Apache 2.0…
GopherWhisper APT group hides command and control traffic in Slack and Discord
Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group pushes that trend further, running its operations through Slack workspaces, Discord servers, Outlook drafts, and the…
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging…
NCSC Backs Passkeys, Hailing a New Era of Sign-in
The UK’s NCSC has fully backed passkeys as consumers’ first choice for login, citing progress with FIDO and successful use across the NHS This article has been indexed from www.infosecurity-magazine.com Read the original article: NCSC Backs Passkeys, Hailing a New…
Nio Hit By Patent Claim Over Battery-Swap Stations
Chinese EV maker Nio accused of infringing patents from defunct Israeli start-up to build network of battery-swapping stations This article has been indexed from Silicon UK Read the original article: Nio Hit By Patent Claim Over Battery-Swap Stations
FCA Raids London Properties In Crypto Crackdown
Authorities search eight properties in capital associated with unregistered peer-to-peer crypto trading, amid money laundering risk This article has been indexed from Silicon UK Read the original article: FCA Raids London Properties In Crypto Crackdown
Micron Pushes US Lawmakers To Restrict China Sales
Micron is reportedly driving force behind bill that aims to bring in increased restrictions on chipmaking equipment sales to China This article has been indexed from Silicon UK Read the original article: Micron Pushes US Lawmakers To Restrict China Sales
Lazarus Lures Developers With Backdoored Coding Tests
North Korea-linked hackers are using AI-assisted malware and backdoored coding challenges to quietly loot millions in cryptocurrency from Web3 developers. Expel assesses with high confidence that HexagonalRodent is a DPRK state-sponsored subgroup that likely evolved from fraudulent IT worker operations…
Fake Wallpaper App, YouTube Channel Used to Spread notnullOSX Malware
Hackers are abusing a fake macOS wallpaper app and a hijacked YouTube channel to quietly deliver notnullOSX, a new crypto-focused stealer that targets Macs via ClickFix commands and weaponized DMG installers. The campaign is highly selective, going after victims with crypto…
Xinference PyPI Breach Exposes Developers to Cloud Credential Theft
A severe supply chain attack has compromised the popular Python package Xinference, exposing developers to massive data theft. Threat actors uploaded malicious versions of the tool to the Python Package Index (PyPI), embedding a heavily obfuscated infostealer into the code.…
Pass the key, passwords have passed their sell-by date
NCSC passes judgment: passkeys pass muster, passwords fail The UK’s National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first time the agency has told consumers to move away from passwords entirely.… This…
Microsoft Graph API misused by new GoGra Linux malware for hidden communication
A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Graph API and an Outlook inbox to…
Roblox clamps down on chats and age checks as legal pressure builds
Roblox is paying millions to settle child safety claims while rolling out strict age checks and chat limits that could reshape how kids use the platform. This article has been indexed from Malwarebytes Read the original article: Roblox clamps down…
Recent Microsoft Defender Vulnerability Exploited as Zero-Day
The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read the original article:…
Fake Document, Real Access: Foxit Impersonation Enables Stealth VNC Control
Attackers who impersonate trusted vendors do not only damage the reputation of the original vendor, but also cause heaps of trouble down the line. This article has been indexed from Security Blog G Data Software AG Read the original article:…