Latest Cybersecurity News and Articles
20 April 2026
Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex products and described theoretical attack scenarios.
The post Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking appeared first on SecurityWeek.
20 April 2026
A recent report by Cloudsmith found that 31% of organizations using AI-generated code spend 10 hours or less per month validating, auditing, or securing it.
20 April 2026
Monday’s recap shows the same pattern in different places. A third-party tool becomes a way in, then leads to internal access. A trusted download path is briefly swapped to deliver malware. Browser extensions act normally while pulling data and running code. Even update channels are used to push payloads. It’s not breaking systems—it’s bending trust.
There’s also a shift in how attacks run.
20 April 2026
Tyler Buchanan admitted in court to hacking into various companies, defrauding them, and stealing cryptocurrency from multiple individuals.
The post British Scattered Spider Hacker Pleads Guilty in the US appeared first on SecurityWeek.
20 April 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Apr. 20, 2026 – Listen to the podcast The Cybercrime Magazine Podcast tops Million Podcast’s curated list of the best 60 cybercrime podcasts to listen to in 2026. These podcasts are ranked based on their Apple
The post Best Cybercrime and Cybersecurity Podcasts for CISOs In 2026 appeared first on Cybercrime Magazine.
20 April 2026
The machine emulator has been abused in at least two different campaigns distributing ransomware and remote access tools.
The post Hackers Abuse QEMU for Defense Evasion appeared first on SecurityWeek.
20 April 2026
The fastest way to fall in love with an AI tool is to watch the demo.
Everything moves quickly. Prompts land cleanly. The system produces impressive outputs in seconds. It feels like the beginning of a new era for your team.
But most AI initiatives don't fail because of bad technology. They stall because what worked in the demo doesn't survive contact with real operations. The gap between a
20 April 2026
A pro-Iran hacker group has taken credit for the attack on Bluesky, which appears to have lasted 24 hours.
The post Bluesky Disrupted by Sophisticated DDoS Attack appeared first on SecurityWeek.
20 April 2026
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.
"This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to
20 April 2026
The Senate approved a short-term renewal until April 30 of a controversial surveillance program used by U.S. spy agencies.
The post Senate Extends Surveillance Powers Until April 30 After Chaotic Votes in House appeared first on SecurityWeek.
20 April 2026
The continued use of the half-century-old protocol exposes enterprises and end users to various types of attacks.
The post Half of the 6 Million Internet-Facing FTP Servers Lack Encryption appeared first on SecurityWeek.
20 April 2026
Vercel confirmed suffering a breach after a hacker claiming to be part of ShinyHunters offered to sell stolen data for $2 million.
The post Next.js Creator Vercel Hacked appeared first on SecurityWeek.
20 April 2026
In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed.
The post Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers appeared first on SecurityWeek.
20 April 2026
Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed to target Israeli water treatment and desalination systems.
The malware has been codenamed ZionSiphon by Darktrace, highlighting its ability to set up persistence, tamper with local configuration files, and scan for operational technology (OT)-relevant services on the local subnet.
20 April 2026
A new report reveals the top three cyber incidents that account for a majority of reported claims.
19 April 2026
Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain unauthorized access to "certain" internal Vercel systems.
The incident stemmed from the compromise of Context.ai, a third-party artificial intelligence (AI) tool, that was used by an employee at the company.
"The attacker used that access to take over the employee's Vercel Google Workspace account,
18 April 2026
Threat actors are reusing Tycoon 2FA tools across other phishing kits following the platform’s disruption.
The post Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks appeared first on SecurityWeek.
18 April 2026
Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack.
The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to the theft of over 1
18 April 2026
Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42.
The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting
17 April 2026
A White House official said the administration is engaging with advanced AI labs about their models and the security of software.
The post White House Chief of Staff to Meet With Anthropic CEO Over Its New AI Technology appeared first on SecurityWeek.