SecurityTicks

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories 2026-04-09 at 17:32 By Thursday. Another week, another batch of things that probably should’ve been caught sooner but weren’t. This one’s got some range — old vulnerabilities getting new life, a few “why was that even possible” moments, attackers leaning on platforms and tools you’d […]

Security researchers tricked Apple Intelligence into cursing at users. It could have been a lot worse 2026-04-09 at 16:17 By Jessica Lyons Wash your mouth out with digital soap Apple Intelligence, the personal AI system integrated into newer Macs, iPhones, and other iThings, can be hijacked using prompt injection, forcing the model into producing an

Microsoft developer chief Julia Liuson is logging off 2026-04-09 at 15:44 By Tim Anderson Departure may accelerate further AI-centric moves for programming tools Julia Liuson, president of Microsoft’s developer division (DevDiv), will resign at the end of June, though she will continue in an advisory role.… This article is an excerpt from The Register View

Zephyr Energy loses £700K in cyber hit that rerouted contractor payment 2026-04-09 at 15:44 By Carly Page Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash UK-listed oil and gas outfit Zephyr Energy plc has admitted a cyber incident siphoned off roughly £700,000 after a single payment to

Amazon put a filesystem on S3; I showed up with a test suite and bad intentions 2026-04-09 at 15:44 By Corey Quinn The core product is solid and priced fairly I’ve spent over a decade telling anyone who’d listen that S3 is not a filesystem, which in retrospect was a really weird way to start

The Hidden Security Risks of Shadow AI in Enterprises 2026-04-09 at 15:44 By As AI tools become more accessible, employees are adopting them without formal approval from IT and security teams. While these tools may boost productivity, automate tasks, or fill gaps in existing workflows, they also operate outside the visibility of security teams, bypassing controls and

Bitter-Linked Hack-for-Hire Campaign Targets Journalists Across MENA Region 2026-04-09 at 15:44 By An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now, Lookout, and SMEX. Two of the targets included prominent Egyptian journalists

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 2026-04-09 at 15:44 By Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December 2025. The finding, detailed by EXPMON’s Haifei Li, has been described as a highly-sophisticated PDF exploit. The artifact (“Invoice540.pdf”) first appeared on