Latest news as of 4/25/2026, 12:46:26 AM
The Hacker News
Some weeks are loud. This one was quieter but not in a good way. Long-running operations are finally hitting courtrooms, old attack methods are showing up in new places, and research that stopped being theoretical right around the time defenders stopped paying attention. There's a bit of everything this week. Persistence plays, legal wins, influence ops, and at least one thing that looks boring
Bleeping Computer
AI SOC agents can reduce alert fatigue, but most teams fail to measure real outcomes. Prophet Security breaks down Gartner's questions for evaluating AI SOC agents and separating real impact from hype. [...]
The Register
Researchers say attackers are already looting vulnerable boxes In-the-wild exploitation of a critical Citrix NetScaler bug has begun less than a week after disclosure, with researchers warning that attackers are already poking and pillaging vulnerable boxes.…
Check Point Research
Key Takeaways What Happened AI assistants now handle some of the most sensitive data people own. Users discuss symptoms and medical history. They ask questions about taxes, debts, and personal finances, upload PDFs, contracts, lab results, and identity-rich documents that contain names, addresses, account details, and private records. That trust depends on a simple expectation: […] The post appeared first on . ChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime Check Point Research
Check Point Research
For the latest discoveries in cyber research for the week of 30th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Iranian state-affiliated threat group Handala Hack has breached FBI director’s Patel’s personal Gmail account and leaked many personal photos and documents. This follows the FBI’s seizure of domains related to Handala Hack’s […] The post appeared first on . 30th March – Threat Intelligence Report Check Point Research
The Hacker News
Secrets sprawl isn't slowing down: in 2025, it accelerated faster than most security teams anticipated. GitGuardian's State of Secrets Sprawl 2026 report analyzed billions of commits across public GitHub and uncovered 29 million new hardcoded secrets in 2025 alone, a 34% increase year over year and the largest single-year jump ever recorded. This year's findings reveal three core trends: AI has
Bleeping Computer
F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on unpatched devices. [...]
The Register
Brussels notifying 'Union entities' whose data may've been snatched in websites breach The European Commission has admitted that attackers broke into its public-facing web infrastructure and siphoned off data in a that answers the what but ducks most of the how.… bare-bones disclosure
The Hacker News
Cybersecurity researchers have discovered a remote access toolkit of Russian-origin that's distributed via malicious Windows shortcut (LNK) files that are disguised as private key folders. The CTRL toolkit, according to Censys, is custom-built using .NET and includes various executables" to facilitate credential phishing, keylogging, Remote Desktop Protocol (RDP) hijacking, and reverse tunneling
Bleeping Computer
Microsoft has pulled a buggy Windows 11 non-security preview update to investigate a known issue that triggers 0x80073712 errors during installation. [...]