Third-party AI hack triggers Vercel breach, internal environments accessed
https://securityaffairs.com/191031/data-breach/third-party-ai-hack-triggers-vercel-breach-internal-environments-accessed.html
https://securityaffairs.com/191031/data-breach/third-party-ai-hack-triggers-vercel-breach-internal-environments-accessed.html
Security Affairs
Third-party AI hack triggers Vercel breach, internal environments accessed
Vercel suffered a breach after a hacked Context.ai tool exposed an employee account, letting attackers access limited internal systems.
Indian Agency Arrests Key SIM Card Supplier of a Broader Cyber Fraud Network
https://thecyberexpress.com/indian-agency-arrests-key-sim-card-supplier/
https://thecyberexpress.com/indian-agency-arrests-key-sim-card-supplier/
The Cyber Express
CBI Arrests Key SIM Card Supplier Of A Cyber Fraud Network
India’s top intelligence agency arrested a suspected key conspirator accused of supplying fraudulently obtained SIM cards to cybercriminal networks, as part
Network ‘background noise’ may predict the next big edge-device vulnerability
https://cyberscoop.com/greynoise-traffic-surge-early-warning-system-network-edge-device-vulnerabilities/
https://cyberscoop.com/greynoise-traffic-surge-early-warning-system-network-edge-device-vulnerabilities/
CyberScoop
Network ‘background noise’ may predict the next big edge-device vulnerability
GreyNoise researchers spotted a consistent trend in forthcoming vulnerabilities affecting security tools, providing defenders an early-warning system for likely imminent attacks.
❤1
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful
https://securityaffairs.com/191040/hacking/cve-2023-33538-under-attack-for-a-year-but-exploitation-still-unsuccessful.html
https://securityaffairs.com/191040/hacking/cve-2023-33538-under-attack-for-a-year-but-exploitation-still-unsuccessful.html
Security Affairs
CVE-2023-33538 under attack for a year, but exploitation still unsuccessful
Hackers have targeted CVE-2023-33538 flaw in old TP-Link routers for a year, but no successful exploitation has been seen so far.
The Supply Chain Is the New Battlefield: How One Weak Link Compromises Entire Ecosystems
https://latesthackingnews.com/2026/04/20/the-supply-chain-is-the-new-battlefield-how-one-weak-link-compromises-entire-ecosystems/
https://latesthackingnews.com/2026/04/20/the-supply-chain-is-the-new-battlefield-how-one-weak-link-compromises-entire-ecosystems/
LHN
The Supply Chain Is the New Battlefield: How One Weak Link Compromises Entire Ecosystems
The expansion of supply chain attacks has made dark web monitoring, exposed asset monitoring, and cyber signal intelligence essential for understanding risk across interconnected environments. This aligns directly with how platforms like Lunar approach security…
Microsoft tests Windows Explorer speed, performance improvements
https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-file-explorer-speed-performance-improvements/
https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-file-explorer-speed-performance-improvements/
BleepingComputer
Microsoft tests Windows Explorer speed, performance improvements
Microsoft is rolling out multiple File Explorer changes to Windows 11 users in the Insider program, including improvements to launch speed and performance.
Why the Axios attack proves AI is mandatory for supply chain security
https://cyberscoop.com/ai-powered-security-operations-axios-supply-chain-attack/
https://cyberscoop.com/ai-powered-security-operations-axios-supply-chain-attack/
CyberScoop
Why the Axios attack proves AI is mandatory for supply chain security
The Axios library compromise reveals a stark reality: human-speed defense is no longer enough. Elastic’s Mike Nichols explains why the public sector must embrace an "agentic SOC" to counter AI-driven supply chain threats and nation-state adversaries.
British Scattered Spider hacker pleads guilty to crypto theft charges
https://www.bleepingcomputer.com/news/security/british-scattered-spider-hacker-pleads-guilty-to-crypto-theft-charges/
https://www.bleepingcomputer.com/news/security/british-scattered-spider-hacker-pleads-guilty-to-crypto-theft-charges/
BleepingComputer
British Scattered Spider hacker pleads guilty to crypto theft charges
A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft.
The backup myth that is putting businesses at risk
https://www.bleepingcomputer.com/news/security/the-backup-myth-that-is-putting-businesses-at-risk/
https://www.bleepingcomputer.com/news/security/the-backup-myth-that-is-putting-businesses-at-risk/
BleepingComputer
The backup myth that is putting businesses at risk
Backups protect data, but don't keep your business running during downtime. Datto shows why BCDR is essential to keep operations running during ransomware and outages.
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
https://www.bleepingcomputer.com/news/security/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/
https://www.bleepingcomputer.com/news/security/microsoft-teams-increasingly-abused-in-helpdesk-impersonation-attacks/
BleepingComputer
Microsoft: Teams increasingly abused in helpdesk impersonation attacks
Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks.
Making opportunistic cyberattacks harder by design
https://www.microsoft.com/en-us/security/blog/2026/04/20/making-opportunistic-cyberattacks-harder-by-design/
https://www.microsoft.com/en-us/security/blog/2026/04/20/making-opportunistic-cyberattacks-harder-by-design/
Microsoft News
Making opportunistic cyberattacks harder by design
How Microsoft secures Dynamics 365 and Power Platform by removing credentials, reducing attack surfaces, and using platform engineering to block opportunistic threats.
Poste Italiane, Postepay Fined €12.5M for Unlawful User Data Processing
https://thecyberexpress.com/italian-data-protection-authority-fine/
https://thecyberexpress.com/italian-data-protection-authority-fine/
The Cyber Express
Italian Data Protection Authority Fine Over Data Misuse
The Italian Data Protection Authority fine cases reflect a clear message to financial institutions.
Bluesky, Fast-Growing X Alternative, Hit by Sophisticated DDoS Attack
https://thecyberexpress.com/bluesky-cyberattack-ddos-outage/
https://thecyberexpress.com/bluesky-cyberattack-ddos-outage/
The Cyber Express
Bluesky Cyberattack Triggers DDoS Outage, No Data Breach
Bluesky cyberattack caused major DDoS outages disrupting feeds and search. Platform confirmed no data breach and restored stability quickly.
Seiko USA website defaced as hacker claims customer data theft
https://www.bleepingcomputer.com/news/security/seiko-usa-website-defaced-as-hacker-claims-customer-data-theft/
https://www.bleepingcomputer.com/news/security/seiko-usa-website-defaced-as-hacker-claims-customer-data-theft/
BleepingComputer
Seiko USA website defaced as hacker claims customer data theft
The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid.
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
https://www.bleepingcomputer.com/news/security/the-gentlemen-ransomware-now-uses-systembc-for-bot-powered-attacks/
https://www.bleepingcomputer.com/news/security/the-gentlemen-ransomware-now-uses-systembc-for-bot-powered-attacks/
BleepingComputer
The Gentlemen ransomware now uses SystemBC for bot-powered attacks
A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate.
Vercel’s security breach started with malware disguised as Roblox cheats
https://cyberscoop.com/vercel-security-breach-third-party-attack-context-ai-lumma-stealer/
https://cyberscoop.com/vercel-security-breach-third-party-attack-context-ai-lumma-stealer/
CyberScoop
Vercel's security breach started with malware disguised as Roblox cheats
The attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions.
The FTC’s AI portfolio is about to get bigger
https://cyberscoop.com/ftc-ai-portolio-getting-bigger-take-it-down-voice-cloning/
https://cyberscoop.com/ftc-ai-portolio-getting-bigger-take-it-down-voice-cloning/
CyberScoop
The FTC’s AI portfolio is about to get bigger
The FTC is preparing to enforce key parts of a new law against sexual deepfakes and searching for ways to block AI-driven scamming using voice clones.
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
https://cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/
https://cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/
CyberScoop
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
Google’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection.
China's Apple App Store infiltrated by crypto-stealing wallet apps
https://www.bleepingcomputer.com/news/security/chinas-apple-app-store-infiltrated-by-crypto-stealing-wallet-apps/
https://www.bleepingcomputer.com/news/security/chinas-apple-app-store-infiltrated-by-crypto-stealing-wallet-apps/
BleepingComputer
China's Apple App Store infiltrated by crypto-stealing wallet apps
A set of 26 malicious apps on Apple App Store impersonate popular wallets, such as Metamask, Coinbase, Trust Wallet, and OneKey, to steal recovery or seed phrases and drain them of cryptocurrency assets.
KelpDAO suffers $290 million heist tied to Lazarus hackers
https://www.bleepingcomputer.com/news/security/kelpdao-suffers-290-million-heist-tied-to-lazarus-hackers/
https://www.bleepingcomputer.com/news/security/kelpdao-suffers-290-million-heist-tied-to-lazarus-hackers/
BleepingComputer
KelpDAO suffers $290 million heist tied to Lazarus hackers
State-sponsored North Korean hackers are likely behind the $290 million crypto-heist that impacted the KelpDAO DeFi project on Saturday.