Latest Cybersecurity News and Articles
28 April 2026
Threat hunters are warning that the cybercriminal operation known as VECT 2.0 acts more like a wiper than a ransomware due to a critical flaw in its encryption implementation across Windows, Linux, and ESXi variants that renders recovery impossible even for the threat actors.
The fact that VECT's locker permanently destroys large files rather than encrypting them means even victims who opt to
28 April 2026
A member of Silk Typhoon, Xu Zewei is accused of launching cyberattacks against universities in the US.
The post Alleged Chinese State Hacker Extradited to US appeared first on SecurityWeek.
28 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 28, 2026 – Read the report Media outlets globally have been covering the 2026 CISO Report from Cybersecurity Ventures in collaboration with Sophos, and the main message is around the chief information
The post CISO Gap: SMBs Exposed; MSSPs To The Rescue appeared first on Cybercrime Magazine.
28 April 2026
Over 70 cloned Open VSX extensions are likely sleeper extensions designed to distribute malware.
The post Dozens of Open VSX Extension Clones Linked to GlassWorm Malware appeared first on SecurityWeek.
28 April 2026
Agentic AI can be expensive to use, causing further and unpredictable pressure on tight budgets.
The post Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable appeared first on SecurityWeek.
28 April 2026
Every security program is betting on the same assumption: once a system is connected, the problem is solved. Open a ticket, stand up a gateway, push the data through. Done.
That assumption is wrong. It is also a major reason Zero Trust programs stall.
New research my team just published puts numbers on it. The Cyber360: Defending the Digital Battlespace report, based on a survey of 500 security
28 April 2026
Vulnerabilities in Zero Motorcycles electric motorcycles and Yadea electric scooters can pose physical security and safety risks.
The post Electric Motorcycles and Scooters Face Hacking Risks to Security and Rider Safety appeared first on SecurityWeek.
28 April 2026
A fake RPC server can be used to listen for RPC requests and impersonate the target service to elevate privileges to System.
The post No Patch for New PhantomRPC Privilege Escalation Technique in Windows appeared first on SecurityWeek.
28 April 2026
Cybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face's open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.
The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of the
28 April 2026
Federal prosecutors have been conducting a preliminary investigation since mid-February 2026 into alleged cyberattacks on Signal accounts.
The post Germany Suspects Russia Is Behind Signal Phishing That Targeted Top Officials appeared first on SecurityWeek.
28 April 2026
When patching isn’t fast enough, NDR helps contain the next era of threats.
If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast.
Anthropic’s new model, Claude Mythos, and its Project Glasswing, showed that finding exploitable vulnerabilities and subtle cracks
28 April 2026
The threat detection startup will invest in accelerating its engineering and go-to-market efforts.
The post Spectrum Security Emerges From Stealth Mode With $19 Million appeared first on SecurityWeek.
28 April 2026
A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.
Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between February 2020 and June 2021, including
28 April 2026
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort.
Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent's identity lifecycle operations in a
28 April 2026
The ShinyHunters cybercrime group claimed to have stolen 9 million records containing personal information from Medtronic.
The post Medtronic Hack Confirmed After ShinyHunters Threatens Data Leak appeared first on SecurityWeek.
28 April 2026
Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild.
The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday update for this
27 April 2026
Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web.
"Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026,
27 April 2026
Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are.
Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds. Remote tools are getting abused. Malware hides in places people trust. Same
27 April 2026
The initial vulnerability was exploited by Russia-linked APT28 in attacks against Ukraine and EU countries.
The post Incomplete Windows Patch Opens Door to Zero-Click Attacks appeared first on SecurityWeek.
27 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 27, 2026 – Cybercrime Magazine YouTube Shorts The award-winning Cybercrime Magazine YouTube Channel, which has more than 1.2 million subscribers and many more viewers globally, released its first Short last month, and the
The post Cybercrime Magazine YouTube Shorts On The History of Hacking appeared first on Cybercrime Magazine.