DPRK Fake Job Scams Self-Propagate in 'Contagious Interview'
A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Electricity Is a Growing Area of Cyber-Risk
IT has long been concerned with ensuring systems receive the right amount of electricity. Cyberattackers are realizing they can manipulate voltage fluctuations for their purposes, …
ICE Uses Graphite Spyware
ICE has admitted that it uses spyware from the Israeli company Graphite.
Ransomware Negotiator Pleads Guilty to BlackCat Scheme
A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process.
Exploits Turn Windows Defender Into Attacker Tool
Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched.
PP106: Architecting for Wi-Fi 7, Zero Trust, PQC, and More
For decades, network and security professionals have adapted to technology change in a piecemeal fashion: a new rule here, an upgrade there, a new product deployment over yonder. O…
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains.
HS130: Wait, AI Doesn’t Secure Itself? Developing an AI Security Strategy
Your enterprise better have a cybersecurity strategy for AI. But where to start? Everywhere! Securing AI means securing all the AI layers and throughout the lifecycle: data, model,…
_NicoElNino_Alamy.png?width=1280&auto=webp&quality=80&disable=upscale)
Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool
The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
A 24-year-old British national and senior member of the cybercrime group "Scattered Spider" has pleaded guilty to wire fraud conspiracy and aggravated identity theft. Tyler Robert …
Chinese APT Targets Indian Banks, Korean Policy Circles
China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.
Mexican Surveillance Company
Grupo Seguritech is a Mexican surveillance company that is expanding into the US.
Vercel Employee's AI Tool Access Led to Data Breach
Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher notes.
Serial-to-IP Devices Hide Thousands of Old & New Bugs
The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.
NB571: Linux Loads 7.0 with Network Upgrades; NetGear Routes Around FCC Ban, But How?
Take a Network Break! Our Red Alert covers a trio of vulnerabilities in Cisco ISE. On the news front, Cloudflare announces a private network offering for AI agents and a partnershi…
WhatsApp Leaks User Metadata to Attackers
Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.
Up to 8M Bees Are Living in an Underground Network Beneath This Cemetery
Article URL: https://www.discovermagazine.com/up-to-8-million-bees-are-living-in-an-underground-network-beneath-this-cemetery-48977 Comments URL: https://news.ycombinator.com/item?…
How NIST's Cutback of CVE Handling Impacts Cyber Teams
Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.
Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing
In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.
HN823: Defining A Modern Network Service
On today’s episode Ethan is joined by Mark Prosser, a self-described Network Operator Advocate and Network Automation Dreamer, to embark on a thought exercise about network service…
Every Old Vulnerability Is Now an AI Vulnerability
AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.
Coast Guard's New Cybersecurity Rules Offer Lessons for CISOs
The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.
NIST Revamps CVE Framework to Focus on High-Impact Vulnerabilities
The National Institute of Standards and Technology is carving a new path for vulnerability remediation by changing the way it prioritizes software flaws.
North Korea Uses ClickFix to Target macOS Users' Data
Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs.
IPB198: IPv6 Privacy and Temporary Addresses
Today our hosts discuss IPv6 Privacy and Temporary Addresses to clarify how address provisioning can potentially work for host operating systems. The discussion covers the differen…
N4N053: Well Actually 03 – Multicast, Routing Protocols, RFC 1918
We asked for follow ups and you did not disappoint! On today’s show we respond to listener comments and corrections on multicast, routing protocols, security, and more. We also hav…
Show HN: MacMind – A transformer neural network in HyperCard on a 1989 Macintosh
I trained a transformer in HyperCard. 1,216 parameters. 1989 Macintosh. And yes, it took a while.MacMind is a complete transformer neural network, embeddings, positional encodin…
D2DO300: Open Source Malware!
Malware has shifted from phishing expeditions to open source packages, domains, and repositories. Ned and Kyler welcome Jenn Gile, co-founder of Open Source Malware, to discuss how…
Amazon to acquire Globalstar and expand Amazon Leo satellite network
Article URL: https://www.businesswire.com/news/home/20260414237496/en/Amazon-to-Acquire-Globalstar-and-Expand-Amazon-Leo-Satellite-Network Comments URL: https://news.ycombinator.co…
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-d…