Cursor AI Agent Wipes PocketOS Database and Backups in 9 Seconds

PocketOS founder says Cursor AI agent deleted its production database in 9 seconds after misusing a root API token, exposing major Railway security flaws...

New AI-Powered Bluekit Phishing Kit Targets Major Platforms with MFA Bypass Attacks

Bluekit Phishing Kit is a new PhaaS tool that targets major platforms, using AiTM techniques to steal session data and bypass MFA protections...

Polymarket Rejects Data Breach Claims as Hacker Alleges 300K Records Stolen

A hacker using the alias "Xorcat" claims to have breached Polymarket using API flaws, but research suggests the leak could be just data scraping incident...

Brinker Introduces a Novel Approach to Deepfake Detection

WILMINGTON, Delaware, 29th April 2026, CyberNewswire...

US-Estonian Suspect Arrested Over Alleged Scattered Spider Cyberattacks

US-Estonian suspect Peter Stokes arrested in Finland over alleged ties to Scattered Spider, facing US charges for cyberattacks, fraud, and data breaches...

Cursor AI IDE vulnerability allows code execution via hidden Git hooks

Novee researchers find high-severity CVE-2026-26268 flaw in Cursor AI, allowing hackers to run malicious code when developers clone repositories...

Top AI-Powered Vendor Risk Management Platforms for SaaS Companies in 2026

Top AI-powered vendor risk platforms for SaaS companies in 2026, compare tools, features, and how to choose the…...

New DHL Phishing Scam Uses 11-Step Attack Chain to Steal Passwords

Forcepoint’s X-Labs reports an 11-step DHL phishing scam that uses fake OTP codes and EmailJS to harvest user credentials and device telemetry...

Decoding Q1 2026’s $152.9 Billion Crypto Custody Concentration

Crypto Custody Concentration hits $152.9B as institutions shift to derivatives, consolidating capital on top exchanges amid Q1 market slowdown...

Pack2TheRoot: 12-Year-Old Linux PackageKit Flaw Enables Full Compromise

Security experts have found a high-severity flaw named Pack2TheRoot in PackageKit that allows hackers to gain full root access on multiple Linux distributions...

Stablecoins: Always-On Money Needs Always-On Controls

Stablecoins are becoming the money layer for the always-on economy...

New Linux FIRESTARTER Backdoor Targets Cisco Firepower Devices

CISA and NCSC warn that FIRESTARTER, a Linux-based backdoor, targets Cisco Firepower devices, evades patches, and enables persistent access even after firmware updates...

Why Unofficial Download Sources Are Still a Security Risk in 2026

Security Risk in 2026: why unofficial download sources still put users at risk, and how to verify safe, official install paths before installing software...

The Role of Aggregated Liquidity in Modern Crypto Markets

Aggregated liquidity improves crypto trading by combining multiple sources, offering better rates, deeper markets, and more reliable execution across assets...

82 Chrome Extensions Found Selling User Data, 6.5 Million Users Affected

LayerX research finds 82 Chrome extensions collecting and selling user data, affecting at least 6.5 million users through disclosed but concerning practices...

ShinyHunters Leaks Data of Udemy, Zara, 7-Eleven in Salesforce Linked Breach

ShinyHunters has leaked data linked to Udemy, Zara, and 7-Eleven, with claims of exposed Salesforce records and cloud-based systems...

UNC6692 Hackers Exploit Microsoft Teams to Deploy SNOW Malware

UNC6692 hackers exploit Microsoft Teams with fake IT alerts to deploy SNOW malware, steal credentials, and breach corporate networks in advanced attacks...

Vidar Infostealer Spreads via Fake CAPTCHAs, Hides in JPEG and TXT Files

New version of Vidar infostealer spreads via fake CAPTCHAs, hides in JPEG and TXT files, uses fileless attacks and steals browser, crypto wallet data...

Microsoft Entra Agent ID Flaw Enabled Tenant Takeover via Privilege Escalation

Microsoft Entra Agent ID flaw allowed privilege escalation and tenant takeover via Service Principal abuse, now fully patched by Microsoft...

Fake CAPTCHA Scam Abuses Verification Clicks to Send Costly International Texts

Research from Infoblox reveals a massive Click2SMS fraud scheme using fake CAPTCHAs and back button hijacking to trick victims into sending costly international texts...

New ClickFix attack Hides in Native Windows Tools to Reduce Detection Risk

Fake CAPTCHA ClickFix attack tricks users into running malicious commands, using cmdkey and regsvr32 to maintain persistence and avoid detection on Windows...

TeamPCP Hijacks Bitwarden CLI, Uses Dependabot to Deploy Shai-Hulud Malware

GitGuardian uncovers TeamPCP attack on Bitwarden CLI, abusing GitHub Dependabot to spread Shai-Hulud and poison AI coding tools...

French Police Arrest HexDex Hacker Over Mass Data Theft and Leaks

French police arrest HexDex hacker, a 20-year-old suspect accused of mass data theft and leaks targeting government, sports groups, and firms...

Harvester APT Expands Spying Operations with New GoGra Linux Malware

New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control...

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot...

Discord-Linked Group Accessed Anthropic’s Claude Mythos AI in Vendor Breach

Anthropic is investigating a vendor breach after a Discord-linked group accessed its Claude Mythos AI model, with no evidence of impact on core systems...

K2view vs Broadcom For Test Data Management

Compare Broadcom TDM and K2view across architecture, integration, masking, and scalability to find the right test data management solution for your needs...

Mustang Panda Hits India and S. Korea with Updated LOTUSLITE Backdoor

Acronis reveals Mustang Panda is using an updated version of LOTUSLITE backdoor to target Indian banks and Korean diplomats. Learn how this DLL sideloading attack works...

Bluesky Back Online After DDoS Attack, as Iran-Linked 313 Team Takes Credit

Bluesky is back online after a roughly 24-hour DDoS attack disrupted services, with the Iran-linked 313 Team claiming responsibility and no data breach reported...

Microsoft Vulnerabilities Drop, But Critical Flaws Double, Report Warns

Microsoft vulnerabilities fall, but critical flaws double, BeyondTrust report highlights rising risk in Microsoft Office, Azure, and cloud systems...

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation

New York, United States, 21st April 2026, CyberNewswire...

The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities

Washington D.C., USA, 21st April 2026, CyberNewswire...

Threat Intel Scraping Without Burning Your Cover or Your Stack

Threat Intel Scraping sounds simple until it isn’t, here’s how cybersecurity teams avoid blocks, bad data, and unnecessary risk...

Grinex crypto exchange shuts down, blames Western agencies for $13.7M breach

Grinex exchange collapses after $13.7M breach, blames Western spies as Chainalysis flags possible exit scam and sanctions evasion network links claims...

Vercel Breach Linked to Context.ai, ShinyHunters Says It’s Not Involved

Vercel confirms a breach linked to Context.ai as a hacker lists alleged data for $2M. ShinyHunters denies involvement and flags imposters...

Fake TikTok Downloaders on Chrome and Edge Spying on 130,000 Users

Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data...

How to Remove Objects from Video: AI Tools & Pro Tips (2026)

Remove unwanted objects from video effortlessly with AI in 2026. Learn step-by-step methods, best tools, and pro tips to clean up your footage like a professional...

British Hacker Tyler Buchanan Pleads Guilty to $8M Hacking Scheme in US

Tyler Robert Buchanan, a 24-year-old British hacker linked to Scattered Spider, admits to a multi-year US hacking scheme involving at least $8M in crypto theft...

52M-Download protobuf.js Library Hit by RCE in Schema Handling

Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it...

ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers

Hackers are exploiting a 5-year-old ShowDoc vulnerability CVE-2025-0520 to deploy web shells, enabling RCE and full server takeover worldwide...

Operation PowerOFF: 75K Users of DDoS-for-Hire Services Identified and Warned

Operation PowerOFF identifies and warns 75K users of DDoS-for-hire services, nets 4 arrests, and seizes 53 domains in a Europol-led crackdown...

Founder Liquidity Without Compromising on Growth

Founders can access liquidity without exiting by selling shares via secondary deals, reducing financial pressure while staying focused on long-term growth...

New RecruitRat, SaferRat, Astrinox, Massiv Android Malware Found Targeting 800 Apps

New research from Zimperium reveals four active Android malware campaigns, RecruitRat, SaferRat, Astrinox, and Massiv, targeting over 800 banking apps globally...

The Race to Quantum-Proof the Internet Has Already Begun

The race to quantum-proof the internet is underway as experts warn of “harvest now, decrypt later” risks and slow migration to post-quantum security...

New Mirai Variant Nexcorium Hijacks DVR Devices for DDoS Attacks

Cybersecurity researchers at Fortinet have discovered Nexcorium, a new Mirai-based malware targeting TBK DVR systems to turn them into a botnet for DDoS attacks...

New ZionSiphon Malware Discovered Targeting Israeli Water Systems

Researchers at Darktrace have identified ZionSiphon, a new malware targeting Israeli water treatment plants. Learn how this OT-focused…...

New CGrabber and Direct-Sys Malware Spread Through GitHub ZIP Files

Hackers spread CGrabber and Direct-Sys malware through GitHub ZIP files, bypassing security tools to steal passwords, crypto wallets, and user data...

OpenAI Launches GPT-5.4-Cyber to Boost Defensive Cybersecurity

OpenAI unveils GPT-5.4-Cyber, a cybersecurity-focused model built to help defenders analyze malware and fix software bugs. The company is also expanding its Trusted Access for Cyber TAC program to thousands of verified experts...

Cybersecurity Risks of Hiring a Virtual Assistant and How to Protect Your Business

Virtual assistants boost productivity but add cybersecurity risks. Poor access control, weak devices, and credential sharing can expose sensitive business data...

Researchers Say Fiverr Left User Files Open to Google Search

Private Fiverr user documents, including tax records and IDs, were reportedly found in Google search results due to a storage configuration issue. Read more about the findings and the company’s response to the data exposure...