SecurityTicks - Security Ticks

Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950)

apple, Don't miss, FBI, Hot stuff, iOS, iPad, News, Privacy, Signal, vulnerability / SecurityTicks

Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) 2026-04-23 at 14:17 By Zeljka Zorz Apple has rolled out security updates for iPhones and iPads that fix CVE-2026-28950, a logging issue in Notification Services that made devices unexpectedly retain notifications marked for deletion. The vulnerability was patched following a recent report about the […]

Apple fixes iPhone bug that let FBI retrieve deleted Signal messages(CVE-2026-28950) Read More »

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface

email security, phishing / SecurityTicks

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface 2026-04-23 at 14:17 By Kevin Townsend New analysis from Abnormal AI reveals how attackers have abandoned technical exploits to weaponize routine workflows and internal trust. The post The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface appeared first on SecurityWeek. This article

The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface Read More »

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers

AI, Artificial Intelligence, autonomous hacking / SecurityTicks

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers 2026-04-23 at 14:17 By Eduard Kovacs Palo Alto Networks has developed Zealot, a multi-agent penetration testing PoC capable of reconnaissance, exploitation, and exfiltration. The post AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers appeared first on SecurityWeek. This article is an excerpt from

AI Can Autonomously Hack Cloud Systems With Minimal Oversight: Researchers Read More »

Luxury Cosmetics Giant Rituals Discloses Data Breach

data breach, Data Breaches, Rituals / SecurityTicks

Luxury Cosmetics Giant Rituals Discloses Data Breach 2026-04-23 at 14:17 By Ionut Arghire The company is notifying My Rituals members that hackers downloaded part of their data, including names and addresses. The post Luxury Cosmetics Giant Rituals Discloses Data Breach appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Luxury Cosmetics Giant Rituals Discloses Data Breach Read More »

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

Uncategorized / SecurityTicks

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors 2026-04-23 at 14:17 By Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent threat (APT) group tracked as GopherWhisper. “The group wields a wide array of tools mostly written in Go, using injectors and loaders to deploy and execute

China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors Read More »

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Uncategorized / SecurityTicks

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach 2026-04-23 at 14:17 By Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to

Vercel Finds More Compromised Accounts in Context.ai-Linked Breach Read More »

Stale gov.uk pages are feeding AI overviews old data and Brits are believing it

Uncategorized / SecurityTicks

Stale gov.uk pages are feeding AI overviews old data and Brits are believing it 2026-04-23 at 12:17 By SA Mathieson Whitehall content teams play whack-a-mole with zombie pages as Google hoovers up the lot AI overviews from the likes of Google are serving up false summaries of UK government information by drawing on stale GOV.UK

Stale gov.uk pages are feeding AI overviews old data and Brits are believing it Read More »

Pass the key, passwords have passed their sell-by date

Uncategorized / SecurityTicks

Pass the key, passwords have passed their sell-by date 2026-04-23 at 12:17 By Connor Jones NCSC passes judgment: passkeys pass muster, passwords fail The UK’s National Cyber Security Centre (NCSC) has officially endorsed passkeys as the default authentication standard, marking the first time the agency has told consumers to move away from passwords entirely.… This

Pass the key, passwords have passed their sell-by date Read More »

GopherWhisper APT group hides command and control traffic in Slack and Discord

APT, backdoor, cybercrime, cybersecurity, Don't miss, ESET, News / SecurityTicks

GopherWhisper APT group hides command and control traffic in Slack and Discord 2026-04-23 at 12:17 By Anamarija Pogorelec Attackers continue to lean on everyday collaboration platforms to hide command and control traffic inside normal enterprise noise. A newly identified China-aligned APT group pushes that trend further, running its operations through Slack workspaces, Discord servers, Outlook

GopherWhisper APT group hides command and control traffic in Slack and Discord Read More »

OpenAI tackles a bad habit people have when interacting with AI

AI, GitHub, News, open source, OpenAI, Privacy / SecurityTicks

OpenAI tackles a bad habit people have when interacting with AI 2026-04-23 at 12:17 By Sinisa Markovic Since people tend to paste personal data into AI tools such as ChatGPT, OpenAI has released Privacy Filter, an open-weight model designed to detect and redact personally identifiable information (PII) in text. The model is available under the

OpenAI tackles a bad habit people have when interacting with AI Read More »

Recent Microsoft Defender Vulnerability Exploited as Zero-Day

BlueHammer, exploited, Microsoft Defender, RedSun, UnDefend, Vulnerabilities, vulnerability / SecurityTicks

Recent Microsoft Defender Vulnerability Exploited as Zero-Day 2026-04-23 at 12:17 By Ionut Arghire The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Recent Microsoft Defender Vulnerability Exploited as Zero-Day Read More »

Apple Patches iOS Flaw Allowing Recovery of Deleted Chats

Data Protection, data recovery, iOS, iPhone, patch, Signal, Vulnerabilities, vulnerability / SecurityTicks

Apple Patches iOS Flaw Allowing Recovery of Deleted Chats 2026-04-23 at 12:17 By Ionut Arghire Apple rolled out the security patches for dozens of iPhone and iPad models and generations. The post Apple Patches iOS Flaw Allowing Recovery of Deleted Chats appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View Original Source

Apple Patches iOS Flaw Allowing Recovery of Deleted Chats Read More »

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

Uncategorized / SecurityTicks

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case 2026-04-23 at 12:17 By Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as

Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case Read More »

Blockchain Capital is raising $700M for 2 new funds: Report

Apple fixes bug that allowed FBI to read deleted Signal messages

Crypto sentiment index soars to a 3-month high as Bitcoin holds $77K

Scenario: Open-source framework for automated AI app red-teaming

agentic AI, automation, Don't miss, framework, GitHub, LLMs, News, open source, red team, software / SecurityTicks

Scenario: Open-source framework for automated AI app red-teaming 2026-04-23 at 09:47 By Mirko Zorz Enterprises running customer service bots, data analytics agents, and other AI-driven applications in production handle sensitive records and connect to core business systems every day. LangWatch has released Scenario, an open-source framework that runs automated red-team exercises against AI agents using

Scenario: Open-source framework for automated AI app red-teaming Read More »

A year in, Zoom’s CISO reflects on balancing security and business

CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy, tips, Zoom / SecurityTicks

A year in, Zoom’s CISO reflects on balancing security and business 2026-04-23 at 09:47 By Mirko Zorz In this Help Net Security interview, Sandra McLeod, CISO at Zoom, reflects on her first year in the role. She talks about moving from reactive firefighting to business strategy, and what she heard from engineers, the board, and

A year in, Zoom’s CISO reflects on balancing security and business Read More »

How Should Effective AI Red Teams Operate?

Uncategorized / SecurityTicks

How Should Effective AI Red Teams Operate? 2026-04-23 at 09:47 By Dr. Peter Garraghan speaks with Security magazine about AI-specific red teaming. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source

How Should Effective AI Red Teams Operate? Read More »

GDPR works, but only where someone enforces it

CCPA, Compliance, data, Don't miss, EU, Europe, Features, GDPR, News, online tracking, Privacy, regulation, research / SecurityTicks

GDPR works, but only where someone enforces it 2026-04-23 at 07:32 By Sinisa Markovic A new measurement study of web tracking across ten countries offers a reality check for anyone working on privacy compliance. Researchers crawled the same set of globally popular websites from virtual machines located in Australia, Brazil, Canada, Germany, India, Singapore, South

GDPR works, but only where someone enforces it Read More »