Latest news as of 4/26/2026, 6:51:25 AM
Dark Reading
The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed.
The Hacker News
Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that the shortcoming has been exploited in
The Register
Lack of clear criteria risks encouraging firms to lean on state support instead of worrying about insurance The UK's cyber watchdog has warned that the government's £1.5 billion bailout of Jaguar Land Rover (JLR) risks setting a troubling precedent for how Britain handles major cyber crises.…
The Hacker News
Google on Thursday announced a new "advanced flow" for Android sideloading that requires a mandatory 24-hour wait period to install apps from unverified developers in an attempt to balance openness with safety. The new changes come against the backdrop of a developer verification mandate the tech giant announced last year that requires all Android apps to be registered by verified developers to
The Hacker News
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,
Graham Cluley
A ransomware gang that claims to be a group of "investigative journalists"? Meet LeakNet - the group using fake CAPTCHA pages to trick employees into hacking themselves. Read more in my article on the Fortra blog.
The Register
Audit trails aplenty, but no price tag – and no clue how long your data sticks around Last week's UK government consultation on its plans for digital identity had quite a few things missing. It did not include a - something it said was due to decisions yet to be taken on the scheme's scope - or how long the government would keep "audit trail" records of ID checks.… Opinion price estimate
Bleeping Computer
North Carolina musician Michael Smith has pleaded guilty to collecting over $10 million in royalty payments through a massive streaming royalty fraud scheme on Spotify, Apple Music, Amazon Music, and YouTube Music. [...]
Dark Reading
The cloud security startup's platform translates and enforces security policies across AWS, Azure, Google Cloud and Oracle using provider-native controls.
Bleeping Computer
Authorities from the United States, Germany, and Canada have taken down Command and Control (C2) infrastructure used by the Aisuru, KimWolf, JackSkid, and Mossad botnets to infect Internet of Things (IoT) devices. [...]