A new wave of cyber attacks is hitting trucking carriers and freight brokers, and the goal is not just data theft. Criminals are breaking into logistics companies digitally to steal physical cargo shipments worth millions of dollars in the real…
Microsoft has officially acknowledged a known issue affecting Windows 11 users following the release of its April 2026 Patch Tuesday cumulative updates. Devices running certain BitLocker Group Policy configurations may unexpectedly prompt users to enter their BitLocker recovery key after…
A newly disclosed zero-day vulnerability in Microsoft Defender, dubbed “RedSun,” allows an unprivileged user to escalate privileges to full SYSTEM-level access on fully patched Windows 10, Windows 11, and Windows Server 2019 and later systems, and as of now, remains…
The European Commission’s newly launched Digital Age Verification App, unveiled on April 14, 2026, to protect minors from harmful online content, has already been compromised, with UK-based security consultant Paul Moore demonstrating a full authentication bypass in under two minutes.…
A newly identified two-component Remote Access Trojan (RAT) toolkit built in Rust, dubbed SpankRAT, is being used by threat actors to abuse legitimate Windows processes, bypass reputation-based security controls, and maintain persistent access to compromised environments while largely evading detection…
You know that feeling when you open your feed on a Thursday morning and it's just... a lot? Yeah. This week delivered. We've got hackers getting creative in ways that are almost impressive if you ignore the whole "crime" part, ancient vulnerabilities somehow still ruining people's days, and enough supply chain drama to fill a season of television nobody asked for.
Not all bad though. Some
Microsoft is actively investigating a widespread authentication issue affecting users attempting to access Microsoft 365 web-based services through Google Chrome version 147. The problem, first reported on April 16, 2026, has left a significant number of users unable to properly…
![From The Hacker News – [Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6vJpO9kksCQDpSksNkqDFNUCbXD70dMGYqI6P9S_XPMY5d8BR8PVdrsVQP1ZJO_-nzL6eQShM3Cap9heQ5kAglsPjfxwIcXPSsf_cfgUVnGQ2XzIWVOuo7JhxMjnHYDN6r9KlQ6LqZJisRZkjatnWChuzUkSlXRa1hFseUPq28PZ5gjGR7L2WzTFdZ3fM/s1600/ghost.jpg)
In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching.
For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, andOAuth grants. When projects end or employees leave, most
Two American nationals have been sentenced to federal prison for operating a sophisticated “laptop farm” scheme. The operation successfully infiltrated over 100 U.S. companies, generating more than $5 million in illicit revenue to fund the Democratic People’s Republic of Korea…
A threat cluster tracked as UAC-0247 has been running an active campaign since early 2026, targeting local governments and municipal healthcare institutions across Ukraine, including clinical hospitals and emergency ambulance services. The attackers are not only stealing sensitive data from…
Cisco has issued an urgent security advisory warning of multiple vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). According to the official Cisco security advisory published on April 15, 2026, these flaws could allow an…
Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex Services that could result in arbitrary code execution and allow an attacker to impersonate any user within the service.
The details of the vulnerabilities are below -
CVE-2026-20184 (CVSS score: 9.8) - An improper certificate validation in the integration of single sign-on (SSO)
Education publishing giant McGraw-Hill has confirmed a data breach following an extortion attempt, with more than 100GB of stolen data now publicly distributed online, exposing the personal information of approximately 13.5 million users. The breach, disclosed in April 2026, stems…
A "novel" social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as an initial access vector to distribute a previously undocumented Windows remote access trojan called PHANTOMPULSE in attacks targeting individuals in the financial and cryptocurrency sectors.
Dubbed REF6598 by Elastic Security Labs, the activity has been found to leverage
A newly identified information-stealing malware called NWHStealer is quietly making its way onto Windows systems through a well-disguised campaign that uses fake VPN websites, gaming mods, and hardware utility tools as bait. The attackers are not relying on spam emails…
