News

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876)

Don't miss, enterprise, firewall, Hot stuff, News, OWASP, Progress, security update, vulnerability, web application security /

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) 2026-04-22 at 14:47 By Zeljka Zorz Progress Software has fixed a slew of high-severity vulnerabilities in MOVEit WAF and LoadMaster, including a flaw (CVE-2026-21876) that may allow attackers to bypass firewall detection. MOVEit WAF (web application firewall) is designed to protect Progress’s managed file transfer platform MOVEit […]

Progress Software fixes sneaky WAF bypass vulnerability (CVE-2026-21876) Read More »

Phishing reclaims the top initial access spot, attackers experiment with AI tools

Cisco, cybercrime, cybersecurity, News, phishing, report, scams /

Phishing reclaims the top initial access spot, attackers experiment with AI tools 2026-04-22 at 13:48 By Anamarija Pogorelec Phishing returned as the leading method attackers used to break into organizations in the first quarter of 2026, accounting for over a third of engagements where initial access could be determined, according to Cisco Talos. It is

Phishing reclaims the top initial access spot, attackers experiment with AI tools Read More »

Tencent’s QClaw AI agent app arrives on Windows and macOS

agentic AI, AI, News, OpenClaw, Tencent /

Tencent’s QClaw AI agent app arrives on Windows and macOS 2026-04-22 at 13:48 By Sinisa Markovic Tencent has opened an international beta of QClaw, an AI agent application aimed at consumers in Canada, Japan, Singapore, South Korea, and the United States. The first wave is capped at 20,000 users. Additional markets are scheduled to follow.

Tencent’s QClaw AI agent app arrives on Windows and macOS Read More »

OneDrive updates focus on AI, access control, and compliance

Microsoft, News, OneDrive, update /

OneDrive updates focus on AI, access control, and compliance 2026-04-22 at 13:48 By Anamarija Pogorelec Microsoft OneDrive’s recent updates focus on improving intelligence, collaboration, and administrative control. “Last year, we made a promise: your files should work for you, not the other way around. That meant reimagining OneDrive not just as a place to store

OneDrive updates focus on AI, access control, and compliance Read More »

PentAGI: Open-source autonomous AI penetration testing system

AI, automation, cybersecurity, Don't miss, GitHub, LLMs, News, open source, penetration testing, software /

PentAGI: Open-source autonomous AI penetration testing system 2026-04-22 at 10:09 By Anamarija Pogorelec Penetration testers have long relied on collections of specialized tools, manual coordination, and documented runbooks to work through a target assessment. PentAGI, an open-source project from VXControl, attempts to automate that entire workflow using a multi-agent AI system that plans, researches, and

PentAGI: Open-source autonomous AI penetration testing system Read More »

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook

Banks, CISO, cybersecurity, data, Filigran, finance, fraud, News, report, security controls /

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook 2026-04-22 at 10:09 By Anamarija Pogorelec Financially motivated attacks continued to drive the bulk of cyber incidents against banks, insurers, and payment processors in 2025. Approximately 90% of breaches affecting financial institutions carried a financial motive, with data breaches accounting for

Shadow AI, deepfakes, and supply chain compromise are rewriting the financial sector threat playbook Read More »

Apple Intelligence flaw kept stolen tokens reusable on another device

AI, apple, attack, macOS, News, research /

Apple Intelligence flaw kept stolen tokens reusable on another device 2026-04-22 at 10:09 By Sinisa Markovic Apple claims that Apple Intelligence, a GenAI service provided on its operating systems, is designed with an extra focus on user security and privacy through a two-stage authentication and authorization system using anonymous access tokens. However, researchers from The

Apple Intelligence flaw kept stolen tokens reusable on another device Read More »

Thunderbird 150 arrives with encrypted message search and OpenPGP improvements

Email, Mozilla, News, software /

Thunderbird 150 arrives with encrypted message search and OpenPGP improvements 2026-04-21 at 23:32 By Anamarija Pogorelec Released today, Thunderbird 150.0 brings eight new features, a round of bug fixes, and security patches that cover the web engine underlying the email client. Thunderbird 150.0 runs on Windows 10 or later, macOS 10.15 or later, and Linux

Thunderbird 150 arrives with encrypted message search and OpenPGP improvements Read More »

VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes

News, Oracle, software /

VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes 2026-04-21 at 21:54 By Anamarija Pogorelec Oracle shipped VirtualBox 7.2.8 on April 21, 2026, as a maintenance release covering crashes, networking problems, clipboard issues, and extended Linux kernel compatibility. The update touches the VMM layer, NAT networking, graphics, UEFI, and both Linux and

VirtualBox 7.2.8 is out with Linux kernel 7.0 support and crash fixes Read More »

Ransomware negotiator admits role in attacks he was hired to resolve

law enforcement, News, Ransomware, US DoJ, USA /

Ransomware negotiator admits role in attacks he was hired to resolve 2026-04-21 at 20:19 By Sinisa Markovic A Florida man, formerly employed as a ransomware negotiator, pleaded guilty to conspiring to carry out ransomware attacks against US companies. Prosecutors say Angelo Martino, 41, used his position at DigitalMint, a crypto broker that helps victims negotiate

Ransomware negotiator admits role in attacks he was hired to resolve Read More »

A Closer Look at the Novel and Stealthy KarstoRAT Malware

Emerging Threats, News, Reports /

A Closer Look at the Novel and Stealthy KarstoRAT Malware 2026-04-21 at 17:36 By Chen Aviani For almost three decades now, threat actors have used remote access trojans (RATs) to monitor user activity and steal sensitive information and credentials. The RAT’s surreptitious nature has cemented its spot in malicious actors’ malware arsenal, and over the

A Closer Look at the Novel and Stealthy KarstoRAT Malware Read More »

Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency

Cryptocurrency, cybercrime, law enforcement, News, phishing, US DoJ /

Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency 2026-04-21 at 17:36 By Sinisa Markovic A British national tied to the Scattered Spider cybercrime group pleaded guilty to hacking multiple companies via SMS phishing and stealing over $8 million in virtual currency from US victims. Tyler Robert Buchanan, 24, of Dundee, Scotland, pleaded

Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency Read More »

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133)

Arctic Wolf Networks, CISA, Cisco, Don't miss, Government, Hot stuff, News, VulnCheck /

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) 2026-04-21 at 15:29 By Zeljka Zorz CISA added eight new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including a Cisco Catalyst SD-WAN Manager vulnerability (CVE-2026-20133) that Cisco has yet to flag as exploited. Three Cisco Catalyst SD-WAN Manager vulnerabilities Alongside CVE-2026-20133, CISA has

CISA flags another Cisco Catalyst SD-WAN Manager bug as exploited (CVE-2026-20133) Read More »

OpenAI’s Chronicle feature lets Codex read your screen, raising privacy concerns

Artificial Intelligence, macOS, News, OpenAI, Privacy /

OpenAI’s Chronicle feature lets Codex read your screen, raising privacy concerns 2026-04-21 at 15:29 By Anamarija Pogorelec OpenAI’s Chronicle is a feature designed to help Codex, an AI-powered coding assistant, better understand what users are working on by capturing context directly from their screens. It uses recent screen activity to build memories, allowing Codex to

OpenAI’s Chronicle feature lets Codex read your screen, raising privacy concerns Read More »

A single platform powers SIM farm proxy networks across 17 countries

cybercrime, Don't miss, fraud, hardware, mobile, network, News, spoofing /

A single platform powers SIM farm proxy networks across 17 countries 2026-04-21 at 12:30 By Mirko Zorz Racks of phones and 4G modems, connected to carrier networks and rented out as commercial mobile proxy services, are operating across at least 94 locations in 17 countries. An investigation by infrastructure intelligence firm Infrawatch traced a large

A single platform powers SIM farm proxy networks across 17 countries Read More »

NGate NFC malware targets Android users through trojanized payment app

Android, cybercrime, ESET, fraud, generative AI, Malware, News, scams /

NGate NFC malware targets Android users through trojanized payment app 2026-04-21 at 12:00 By Mirko Zorz NFC-based payment fraud is expanding geographically and operationally. A campaign active since November 2025 is targeting Android users in Brazil using a new variant of the NGate malware family, this time embedded in a trojanized version of HandyPay, a

NGate NFC malware targets Android users through trojanized payment app Read More »

Researchers build an encrypted routing layer for private AI inference

Artificial Intelligence, cybersecurity, Don't miss, Encryption, LLMs, News, research /

Researchers build an encrypted routing layer for private AI inference 2026-04-21 at 07:31 By Sinisa Markovic Organizations in healthcare, finance, and other sensitive industries want to use large AI models without exposing private data to the cloud servers running those models. A cryptographic technique called Secure Multi-Party Computation (MPC) makes this possible. It splits data

Researchers build an encrypted routing layer for private AI inference Read More »

Cybersecurity jobs available right now: April 21, 2026

cybersecurity jobs, News /

Cybersecurity jobs available right now: April 21, 2026 2026-04-21 at 07:18 By Anamarija Pogorelec Application Security Engineer (DevSecOps / Azure DevOps) BEWAHARVEST | Philippines | Hybrid – View job details As an Application Security Engineer (DevSecOps / Azure DevOps), you will embed security across the SDLC by working with engineering and DevOps teams to implement

Cybersecurity jobs available right now: April 21, 2026 Read More »

Vercel breached via compromised third-party AI tool

breach, data theft, Don't miss, extension, Hot stuff, News, third party compromise, Vercel /

Vercel breached via compromised third-party AI tool 2026-04-20 at 18:12 By Zeljka Zorz Cloud deployment and hosting platform Vercel has suffered a security breach that resulted in attackers accessing some of its internal systems and compromising Vercel credentials of a “limited subset of customers”. Advice for affected customers “The incident originated with a compromise of

Vercel breached via compromised third-party AI tool Read More »

AI platform ATHR makes voice phishing a one-person job

Abnormal AI, AI, Don't miss, Hot stuff, News, phishing, vishing /

AI platform ATHR makes voice phishing a one-person job 2026-04-20 at 14:37 By Zeljka Zorz For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, and Coinbase, buries a phone number in each message, and

AI platform ATHR makes voice phishing a one-person job Read More »

Scroll to Top