New GhostLock tool abuses Windows API to block file access.

Apple Patches Dozens of Vulnerabilities in macOS, iOS.

Foxconn (Taiwan) confirms a cyberattack disrupting parts of its North American operations, including the U.S. An employee says outages began Friday, forcing some teams to revert to “pen and paper” as systems went offline.

Microsoft is reportedly investigating potential misuse of its Azure cloud by Israel’s Unit 8200, with several senior executives in its Israel branch stepping down.

A hacker group has claimed responsibility for a large-scale cyberattack against eBay, which caused severe disruptions for two days and damages amounting to hundreds of millions of dollars.

The group, “The Islamic Resistance in Iraq,” claims it attacked Spotify.

GemStuffer used more than 150 RubyGems packages to exfiltrate scraped U.K. council portal data, not distribute malware.

The gems collected ModernGov pages, built .gem archives, and published them to RubyGems with hardcoded credentials.

Microsoft patched 138 security flaws across its products, including 30 Critical bugs and Windows DNS, Netlogon, Azure, Dynamics 365, and Hyper-V issues.

"Mira"; Telegram's intelligent assistant for chat, image, and tool management

Telegram has introduced a new AI assistant called "Mira" that offers features such as unlimited text chat, voice-to-text conversion, text-to-speech, internet search, image analysis, and management of the TON network wallet.

Microsoft’s new MDASH AI just uncovered 16 Windows vulnerabilities, patched today in Patch Tuesday — including 4 critical RCEs in the TCP/IP kernel and IKEv2 VPN.

An army of 100+ AI agents debated, validated, and proved them exploitable.

3rd Linux kernel LPE in just ~2 weeks: Fragnesia (CVE-2026-46300) just dropped.

Attackers can now gain root by corrupting the kernel page cache through a flaw in XFRM ESP-in-TCP.

PoC is public. Major distros have already issued advisories.

YellowKey affects Windows 11 and Server 2022/2025; GreenPlasma could enable abuse of SYSTEM-writable paths.

Two new Windows zero-days expose a BitLocker bypass in WinRE and a CTFMON privilege escalation issue.

Threat actors targeted PraisonAI CVE-2026-44338, an authentication bypass vulnerability, within hours of disclosure.

The flaw affects versions 2.5.6–4.6.33 and can expose the /agents endpoint without authorization.

Three newly published node-ipc npm versions have been confirmed as malicious, with obfuscated stealer/backdoor behavior targeting developer and cloud secrets.

Limited attacks are exploiting CVE-2026-20182, a CVSS 10.0 auth bypass in Cisco Catalyst SD-WAN Controller.

Unauthenticated remote attackers can gain admin privileges and manipulate SD-WAN configurations.

Affected: on-prem, cloud, government deployments.

An 18-year-old flaw in NGINX can let unauthenticated attackers run code or crash servers using crafted HTTP requests.

Tracked as CVE-2026-42945 and named NGINX Rift, the bug affects NGINX Plus and Open Source.

Cyberattack hits fuel monitoring systems at U.S. gas stations.

OpenAI says two employees devices were affected in the TanStack supply-chain attack.

Turla has rebuilt Kazuar into a modular P2P botnet designed for stealth and persistent access.

The upgraded .NET backdoor uses Kernel, Bridge, and Worker modules to handle C2, tasking, collection, and exfiltration.

Four OpenClaw vulnerabilities dubbed Claw Chain can be chained to steal sensitive data, escalate privileges, and establish persistence.

All four flaws are fixed in OpenClaw 2026.4.22.