Top Security News for Today
Agent skill marketplace supply chain attack: 121 skills across 7 repos vulnerable to GitHub username hijacking, 5 scanners disagree by 10x on malicious skill rates (arXiv:2603.16572)
https://www.reddit.com/r/netsec/comments/1s0dmuv/agent_skill_marketplace_supply_chain_attack_121/
CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran
https://www.reddit.com/r/netsec/comments/1s0lvk9/canisterworm_gets_teeth_teampcps_kubernetes_wiper/
Observations on AI generated Remote DuckDB via HTTP with mTLS
http://diablohorn.com/2026/03/22/observations-on-ai-generated-remote-duckdb-via-http-with-mtls/
No Zero-Day Needed: Russian Phishers Swipe Signal & WhatsApp Accounts with Plain Old Lies
https://www.reddit.com/r/netsec/comments/1s0ouoe/no_zeroday_needed_russian_phishers_swipe_signal/
A YC-Backed Startup Left Production AWS Keys Public for 5 Months.
https://www.reddit.com/r/netsec/comments/1s1ab3n/a_ycbacked_startup_left_production_aws_keys/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Agent skill marketplace supply chain attack: 121 skills across 7 repos vulnerable to GitHub username hijacking, 5 scanners disagree by 10x on malicious skill rates (arXiv:2603.16572)
https://www.reddit.com/r/netsec/comments/1s0dmuv/agent_skill_marketplace_supply_chain_attack_121/
CanisterWorm Gets Teeth: TeamPCP's Kubernetes Wiper Targets Iran
https://www.reddit.com/r/netsec/comments/1s0lvk9/canisterworm_gets_teeth_teampcps_kubernetes_wiper/
Observations on AI generated Remote DuckDB via HTTP with mTLS
http://diablohorn.com/2026/03/22/observations-on-ai-generated-remote-duckdb-via-http-with-mtls/
No Zero-Day Needed: Russian Phishers Swipe Signal & WhatsApp Accounts with Plain Old Lies
https://www.reddit.com/r/netsec/comments/1s0ouoe/no_zeroday_needed_russian_phishers_swipe_signal/
A YC-Backed Startup Left Production AWS Keys Public for 5 Months.
https://www.reddit.com/r/netsec/comments/1s1ab3n/a_ycbacked_startup_left_production_aws_keys/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Agent skill marketplace supply chain attack: 121 skills across 7 repos vulnerable to GitHub…
Explore this post and more from the netsec community
Top Security News for Today
A YC-Backed Startup Left Production AWS Keys Public for 5 Months.
https://www.reddit.com/r/netsec/comments/1s1ab3n/a_ycbacked_startup_left_production_aws_keys/
US soldier sentenced for helping North Korean IT workers
https://therecord.media/us-soldier-sentencer-for-helping-nk-it-workers
Microsoft Xbox One Hacked
https://www.schneier.com/blog/archives/2026/03/microsoft-xbox-hacked.html
The Verifier Tax: Horizon Dependent Safety Success Tradeoffs in Tool Using LLM Agents
https://arxiv.org/abs/2603.19328
Benchmarking Post-Quantum Cryptography on Resource-Constrained IoT Devices: ML-KEM and ML-DSA on ARM Cortex-M0+
https://arxiv.org/abs/2603.19340
A Novel Solution for Zero-Day Attack Detection in IDS using Self-Attention and Jensen-Shannon Divergence in WGAN-GP
https://arxiv.org/abs/2603.19350
The Broken Physics of Remediation
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/23/the-broken-physics-of-remediation
California-based semiconductor testing company reports ransomware attack to SEC
https://therecord.media/ransomware-trio-tech-semiconductor-sec
Education company Kaplan reports data breach impacting more than 230,000
https://therecord.media/kaplan-data-breach-hack-notification
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
A YC-Backed Startup Left Production AWS Keys Public for 5 Months.
https://www.reddit.com/r/netsec/comments/1s1ab3n/a_ycbacked_startup_left_production_aws_keys/
US soldier sentenced for helping North Korean IT workers
https://therecord.media/us-soldier-sentencer-for-helping-nk-it-workers
Microsoft Xbox One Hacked
https://www.schneier.com/blog/archives/2026/03/microsoft-xbox-hacked.html
The Verifier Tax: Horizon Dependent Safety Success Tradeoffs in Tool Using LLM Agents
https://arxiv.org/abs/2603.19328
Benchmarking Post-Quantum Cryptography on Resource-Constrained IoT Devices: ML-KEM and ML-DSA on ARM Cortex-M0+
https://arxiv.org/abs/2603.19340
A Novel Solution for Zero-Day Attack Detection in IDS using Self-Attention and Jensen-Shannon Divergence in WGAN-GP
https://arxiv.org/abs/2603.19350
The Broken Physics of Remediation
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/23/the-broken-physics-of-remediation
California-based semiconductor testing company reports ransomware attack to SEC
https://therecord.media/ransomware-trio-tech-semiconductor-sec
Education company Kaplan reports data breach impacting more than 230,000
https://therecord.media/kaplan-data-breach-hack-notification
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: A YC-Backed Startup Left Production AWS Keys Public for 5 Months.
Explore this post and more from the netsec community
Top Security News for Today
Russian hacker who helped Yanluowang ransomware gang gets nearly 7-year prison sentence
https://therecord.media/hacker-russian-ransomware-sentenced-doj
Alleged OVHcloud data of 1.6M customers and 5.9M websites posted on popular forum for sale. CEO Comments
https://www.reddit.com/r/netsec/comments/1s2awo7/alleged_ovhcloud_data_of_16m_customers_and_59m/
Forensic Readiness Is Becoming a Strategic Security Discipline
https://www.reddit.com/r/netsec/comments/1s2alc9/forensic_readiness_is_becoming_a_strategic/
Anime streaming giant Crunchyroll says hacker stole data related to customer service tickets
https://therecord.media/crunchyroll-hacker-anime-data-theft
Dutch Finance Ministry probing cyber breach affecting internal systems
https://therecord.media/netherlands-finance-ministry-cyberattack-breach
Iran-linked ransomware gang targeted US healthcare org amid military conflict
https://therecord.media/iran-linked-ransomware-gang-targeted-us-healthcare-org
We rewrote SoftHSMv2 (the default PKCS#11 software HSM) in Rust — 617+ tests, PQC support, memory-safe key handling
https://www.reddit.com/r/netsec/comments/1s2f3le/we_rewrote_softhsmv2_the_default_pkcs11_software/
With the rise of SaaS and cloud applications, the browser has become the new workplace. That's where net-security comes in.
https://www.reddit.com/r/netsec/comments/1s2cryp/with_the_rise_of_saas_and_cloud_applications_the/
We scanned 900 MCP configs on GitHub. 75% had security problems.
https://www.reddit.com/r/netsec/comments/1s2j0zl/we_scanned_900_mcp_configs_on_github_75_had/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Russian hacker who helped Yanluowang ransomware gang gets nearly 7-year prison sentence
https://therecord.media/hacker-russian-ransomware-sentenced-doj
Alleged OVHcloud data of 1.6M customers and 5.9M websites posted on popular forum for sale. CEO Comments
https://www.reddit.com/r/netsec/comments/1s2awo7/alleged_ovhcloud_data_of_16m_customers_and_59m/
Forensic Readiness Is Becoming a Strategic Security Discipline
https://www.reddit.com/r/netsec/comments/1s2alc9/forensic_readiness_is_becoming_a_strategic/
Anime streaming giant Crunchyroll says hacker stole data related to customer service tickets
https://therecord.media/crunchyroll-hacker-anime-data-theft
Dutch Finance Ministry probing cyber breach affecting internal systems
https://therecord.media/netherlands-finance-ministry-cyberattack-breach
Iran-linked ransomware gang targeted US healthcare org amid military conflict
https://therecord.media/iran-linked-ransomware-gang-targeted-us-healthcare-org
We rewrote SoftHSMv2 (the default PKCS#11 software HSM) in Rust — 617+ tests, PQC support, memory-safe key handling
https://www.reddit.com/r/netsec/comments/1s2f3le/we_rewrote_softhsmv2_the_default_pkcs11_software/
With the rise of SaaS and cloud applications, the browser has become the new workplace. That's where net-security comes in.
https://www.reddit.com/r/netsec/comments/1s2cryp/with_the_rise_of_saas_and_cloud_applications_the/
We scanned 900 MCP configs on GitHub. 75% had security problems.
https://www.reddit.com/r/netsec/comments/1s2j0zl/we_scanned_900_mcp_configs_on_github_75_had/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Russian hacker who helped Yanluowang ransomware gang gets nearly 7-year prison sentence
A Russian hacker who helped the notorious Yanluowang ransomware gang break into U.S. companies and demand millions of dollars in ransom payments was sentenced to nearly seven years in prison.
Top Security News for Today
UK cyber chief urges ‘full court press’ to counter rising cyber threats
https://therecord.media/uk-cyber-chief-urges-full-court-press-to-counter-risks
Russian botnet operator linked to major ransomware attacks sentenced in US
https://therecord.media/russian-botnet-operator-sentenced-ransomware
Navia breach exposed HackerOne employee PII due to a BOLA-style access in third-party system
https://therecord.media/navia-breach-exposed-hackerone-employee-pii-due-to-a-bola-style-access-in-third-party-system
Puerto Rico government agency cancels driver’s license appointments after cyberattack
https://therecord.media/puerto-rico-gov-agency-cancels-driver-license-appointments-cyber-incident
Ransomware attack disrupts operation at major Spanish fishing port
https://therecord.media/port-of-vigo-ransomware
Identity security is the new pressure point for modern cyberattacks
https://www.microsoft.com/en-us/security/blog/2026/03/25/identity-security-is-the-new-pressure-point-for-modern-cyberattacks/
Supply chain attack hits widely-used AI package, risks impacting thousands of companies
https://therecord.media/supply-chain-attack-hits-widely-used-ai-package
CISA's acting chief warns shutdown is increasing cyber risks, causing resignations
https://therecord.media/cisa-acting-chief-warns-shutdown-increasing-risks-leading-to-retention-issues
Weaponizing Windows Toast Notifications for Social Engineering
https://www.reddit.com/r/netsec/comments/1s3edze/weaponizing_windows_toast_notifications_for/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
UK cyber chief urges ‘full court press’ to counter rising cyber threats
https://therecord.media/uk-cyber-chief-urges-full-court-press-to-counter-risks
Russian botnet operator linked to major ransomware attacks sentenced in US
https://therecord.media/russian-botnet-operator-sentenced-ransomware
Navia breach exposed HackerOne employee PII due to a BOLA-style access in third-party system
https://therecord.media/navia-breach-exposed-hackerone-employee-pii-due-to-a-bola-style-access-in-third-party-system
Puerto Rico government agency cancels driver’s license appointments after cyberattack
https://therecord.media/puerto-rico-gov-agency-cancels-driver-license-appointments-cyber-incident
Ransomware attack disrupts operation at major Spanish fishing port
https://therecord.media/port-of-vigo-ransomware
Identity security is the new pressure point for modern cyberattacks
https://www.microsoft.com/en-us/security/blog/2026/03/25/identity-security-is-the-new-pressure-point-for-modern-cyberattacks/
Supply chain attack hits widely-used AI package, risks impacting thousands of companies
https://therecord.media/supply-chain-attack-hits-widely-used-ai-package
CISA's acting chief warns shutdown is increasing cyber risks, causing resignations
https://therecord.media/cisa-acting-chief-warns-shutdown-increasing-risks-leading-to-retention-issues
Weaponizing Windows Toast Notifications for Social Engineering
https://www.reddit.com/r/netsec/comments/1s3edze/weaponizing_windows_toast_notifications_for/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK cyber chief urges ‘full court press’ to counter rising cyber threats
In a keynote speech at the RSA Conference, National Cyber Security Centre (NCSC) CEO Richard Horne said cyber risks are now “of greater consequence than ever before."
Top Security News for Today
UK sanctions Chinese crypto marketplace tied to scam compounds
https://therecord.media/xinbi-crypto-marketplace-sanctioned
Magento PolyShell – Unauthenticated File Upload to RCE in Magento (APSB25-94)
https://www.reddit.com/r/netsec/comments/1s42kqx/magento_polyshell_unauthenticated_file_upload_to/
As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters
https://www.schneier.com/blog/archives/2026/03/as-the-us-midterms-approach-ai-is-going-to-emerge-as-a-key-issue-concerning-voters.html
RedLine malware developer extradited to US, faces up to 30 years
https://therecord.media/redline-malware-developer-extradited-to-us-faces-30-years
Apple rolls out age verification to UK iPhone users
https://therecord.media/apple-rolls-out-age-verification-uk-iphone-users
Russia detains alleged admin of LeakBase cybercrime forum weeks after global crackdown
https://therecord.media/leakbase-russia-admin-arrest-cyber
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
UK sanctions Chinese crypto marketplace tied to scam compounds
https://therecord.media/xinbi-crypto-marketplace-sanctioned
Magento PolyShell – Unauthenticated File Upload to RCE in Magento (APSB25-94)
https://www.reddit.com/r/netsec/comments/1s42kqx/magento_polyshell_unauthenticated_file_upload_to/
As the US Midterms Approach, AI Is Going to Emerge as a Key Issue Concerning Voters
https://www.schneier.com/blog/archives/2026/03/as-the-us-midterms-approach-ai-is-going-to-emerge-as-a-key-issue-concerning-voters.html
RedLine malware developer extradited to US, faces up to 30 years
https://therecord.media/redline-malware-developer-extradited-to-us-faces-30-years
Apple rolls out age verification to UK iPhone users
https://therecord.media/apple-rolls-out-age-verification-uk-iphone-users
Russia detains alleged admin of LeakBase cybercrime forum weeks after global crackdown
https://therecord.media/leakbase-russia-admin-arrest-cyber
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
UK sanctions Chinese crypto marketplace tied to scam compounds
The British government sanctioned Xinbi, a Chinese-language cryptocurrency marketplace accused of enabling large-scale online fraud and human exploitation, in a move targeting the financial infrastructure behind global scam networks.
Top Security News for Today
China-linked Red Menshen using BPFdoor kernel backdoor in telecom networks
https://www.reddit.com/r/netsec/comments/1s4uxxq/chinalinked_red_menshen_using_bpfdoor_kernel/
Abusing Modern Browser Features for Phishing
https://www.reddit.com/r/netsec/comments/1s4zk4v/abusing_modern_browser_features_for_phishing/
DVRTC: intentionally vulnerable VoIP/WebRTC lab with SIP enumeration, RTP bleed, TURN abuse, and credential cracking exercises
https://www.reddit.com/r/netsec/comments/1s506og/dvrtc_intentionally_vulnerable_voipwebrtc_lab/
Testing AprielGuard Against 1,500 Adversarial Attacks
https://www.reddit.com/r/netsec/comments/1s51ac8/testing_aprielguard_against_1500_adversarial/
TeamPCP strikes again - telnyx popular PyPI library compromised
https://www.reddit.com/r/netsec/comments/1s52kq7/teampcp_strikes_again_telnyx_popular_pypi_library/
Latvia accuses Russia of disinformation campaign targeting Baltic states
https://therecord.media/latvia-accuses-russia-of-disinformation-campaign-ukraine-war
FBI confirms theft of director’s personal emails by Iran-linked hacking group
https://therecord.media/fbi-confirms-theft-of-directors-personal-emails-iran-group
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
China-linked Red Menshen using BPFdoor kernel backdoor in telecom networks
https://www.reddit.com/r/netsec/comments/1s4uxxq/chinalinked_red_menshen_using_bpfdoor_kernel/
Abusing Modern Browser Features for Phishing
https://www.reddit.com/r/netsec/comments/1s4zk4v/abusing_modern_browser_features_for_phishing/
DVRTC: intentionally vulnerable VoIP/WebRTC lab with SIP enumeration, RTP bleed, TURN abuse, and credential cracking exercises
https://www.reddit.com/r/netsec/comments/1s506og/dvrtc_intentionally_vulnerable_voipwebrtc_lab/
Testing AprielGuard Against 1,500 Adversarial Attacks
https://www.reddit.com/r/netsec/comments/1s51ac8/testing_aprielguard_against_1500_adversarial/
TeamPCP strikes again - telnyx popular PyPI library compromised
https://www.reddit.com/r/netsec/comments/1s52kq7/teampcp_strikes_again_telnyx_popular_pypi_library/
Latvia accuses Russia of disinformation campaign targeting Baltic states
https://therecord.media/latvia-accuses-russia-of-disinformation-campaign-ukraine-war
FBI confirms theft of director’s personal emails by Iran-linked hacking group
https://therecord.media/fbi-confirms-theft-of-directors-personal-emails-iran-group
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: China-linked Red Menshen using BPFdoor kernel backdoor in telecom networks
Explore this post and more from the netsec community
Top Security News for Today
Chaining file upload bypass and stored XSS to create admin accounts: walkthrough with Docker PoC lab
https://www.reddit.com/r/netsec/comments/1s5zzw1/chaining_file_upload_bypass_and_stored_xss_to/
The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1s6bdxi/the_sequels_are_never_as_good_but_were_still_in/
OAuth Consent and Device Code Phishing for Red Teams
https://www.reddit.com/r/netsec/comments/1s6ig2y/oauth_consent_and_device_code_phishing_for_red/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Chaining file upload bypass and stored XSS to create admin accounts: walkthrough with Docker PoC lab
https://www.reddit.com/r/netsec/comments/1s5zzw1/chaining_file_upload_bypass_and_stored_xss_to/
The Sequels Are Never As Good, But We're Still In Pain (Citrix NetScaler CVE-2026-3055 Memory Overread) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1s6bdxi/the_sequels_are_never_as_good_but_were_still_in/
OAuth Consent and Device Code Phishing for Red Teams
https://www.reddit.com/r/netsec/comments/1s6ig2y/oauth_consent_and_device_code_phishing_for_red/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Chaining file upload bypass and stored XSS to create admin accounts: walkthrough with Docker…
Explore this post and more from the netsec community
Top Security News for Today
Breakdown: How TeamPCP hid malware inside WAV files using audio steganography
https://www.reddit.com/r/netsec/comments/1s6weca/breakdown_how_teampcp_hid_malware_inside_wav/
Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1s75kb9/please_we_beg_just_one_weekend_free_of_appliances/
LangDrained: Path traversal, SQL injection, and Deserialization of untrusted data in LangChain
https://www.reddit.com/r/netsec/comments/1s7jexg/langdrained_path_traversal_sql_injection_and/
The Team PCP Snowball Effect: A Quantitative Analysis
https://www.reddit.com/r/netsec/comments/1s7ko65/the_team_pcp_snowball_effect_a_quantitative/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Breakdown: How TeamPCP hid malware inside WAV files using audio steganography
https://www.reddit.com/r/netsec/comments/1s6weca/breakdown_how_teampcp_hid_malware_inside_wav/
Please, We Beg, Just One Weekend Free Of Appliances (Citrix NetScaler CVE-2026-3055 Memory Overread Part 2) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1s75kb9/please_we_beg_just_one_weekend_free_of_appliances/
LangDrained: Path traversal, SQL injection, and Deserialization of untrusted data in LangChain
https://www.reddit.com/r/netsec/comments/1s7jexg/langdrained_path_traversal_sql_injection_and/
The Team PCP Snowball Effect: A Quantitative Analysis
https://www.reddit.com/r/netsec/comments/1s7ko65/the_team_pcp_snowball_effect_a_quantitative/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Breakdown: How TeamPCP hid malware inside WAV files using audio steganography
Explore this post and more from the netsec community
Top Security News for Today
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
https://www.trendmicro.com/en_us/research/26/c/teampcp-telnyx-attack-marks-a-shift-in-tactics.html
Healthcare software firm CareCloud informs SEC of potential patient data leak
https://therecord.media/carecloud-hack-data-breach-sec
State Department reissues $10 million reward for info on Iranian hackers
https://therecord.media/iran-hackers-state-department-reward
30th March – Threat Intelligence Report
https://research.checkpoint.com/2026/30th-march-threat-intelligence-report/
Russian court jails notorious card fraud ringleader ‘Flint’ and 25 associates
https://therecord.media/russia-flint-conviction-payment-fraud
Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio
https://www.microsoft.com/en-us/security/blog/2026/03/30/addressing-the-owasp-top-10-risks-in-agentic-ai-with-microsoft-copilot-studio/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
https://www.trendmicro.com/en_us/research/26/c/teampcp-telnyx-attack-marks-a-shift-in-tactics.html
Healthcare software firm CareCloud informs SEC of potential patient data leak
https://therecord.media/carecloud-hack-data-breach-sec
State Department reissues $10 million reward for info on Iranian hackers
https://therecord.media/iran-hackers-state-department-reward
30th March – Threat Intelligence Report
https://research.checkpoint.com/2026/30th-march-threat-intelligence-report/
Russian court jails notorious card fraud ringleader ‘Flint’ and 25 associates
https://therecord.media/russia-flint-conviction-payment-fraud
Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio
https://www.microsoft.com/en-us/security/blog/2026/03/30/addressing-the-owasp-top-10-risks-in-agentic-ai-with-microsoft-copilot-studio/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Trend Micro
TeamPCP’s Telnyx Attack Marks a Shift in Tactics Beyond LiteLLM
Moving beyond their LiteLLM campaign, TeamPCP weaponizes the Telnyx Python SDK with stealthy WAV‑based payloads to steal credentials across Linux, macOS, and Windows.
Top Security News for Today
CISA tells federal agencies to patch Citrix NetScaler bug by Thursday
https://therecord.media/cisa-tells-federal-agencies-to-patch-citrix-netscaler-bug
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets
https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/
WhatsApp malware campaign delivers VBS payloads and MSI backdoors
https://www.microsoft.com/en-us/security/blog/2026/03/31/whatsapp-malware-campaign-delivers-vbs-payloads-msi-backdoors/
Pro-Russian hackers pose as Ukraine's cyber agency to target government, businesses
https://therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
Inventors of Quantum Cryptography Win Turing Award
https://www.schneier.com/blog/archives/2026/03/inventors-of-quantum-cryptography-win-turing-award.html
New criminal service plans to monetize data stolen by ransomware gangs
https://therecord.media/new-criminal-service-plans-to-monetize-ransomware-data
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
CISA tells federal agencies to patch Citrix NetScaler bug by Thursday
https://therecord.media/cisa-tells-federal-agencies-to-patch-citrix-netscaler-bug
Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets
https://research.checkpoint.com/2026/operation-truechaos-0-day-exploitation-against-southeast-asian-government-targets/
WhatsApp malware campaign delivers VBS payloads and MSI backdoors
https://www.microsoft.com/en-us/security/blog/2026/03/31/whatsapp-malware-campaign-delivers-vbs-payloads-msi-backdoors/
Pro-Russian hackers pose as Ukraine's cyber agency to target government, businesses
https://therecord.media/pro-russian-hackers-posing-as-ukrainian-cyber-agency
Inventors of Quantum Cryptography Win Turing Award
https://www.schneier.com/blog/archives/2026/03/inventors-of-quantum-cryptography-win-turing-award.html
New criminal service plans to monetize data stolen by ransomware gangs
https://therecord.media/new-criminal-service-plans-to-monetize-ransomware-data
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
CISA tells federal agencies to patch Citrix NetScaler bug by Thursday
The bug enables threat actors to send requests that disclose sensitive information and carries a severity score of 9.3 out of 10, indicating a critical risk.
Top Security News for Today
Romania under daily barrage of cyberattacks, defense minister says
https://therecord.media/romania-cyberattacks-russia-defense-minister
Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise
https://www.trendmicro.com/en_us/research/26/c/inside-litellm-supply-chain-compromise.html
Hasbro takes some systems offline after cybersecurity incident
https://therecord.media/hasbro-takes-some-systems-offline-after-cyber-incident
Cambodia extradites alleged cyber scam linchpin to China as crackdown intensifies
https://therecord.media/cambodia-extradites-alleged-cyber-scam-linchpin-to-china
North Dakota water treatment plant reports March ransomware attack
https://therecord.media/north-dakota-ransomware-water-plant
Nissan says stolen data came from third-party vendor after hacking group claims breach
https://therecord.media/nissan-hackers-data-breach
Mitigating the Axios npm supply chain compromise
https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Romania under daily barrage of cyberattacks, defense minister says
https://therecord.media/romania-cyberattacks-russia-defense-minister
Your AI Gateway Was a Backdoor: Inside the LiteLLM Supply Chain Compromise
https://www.trendmicro.com/en_us/research/26/c/inside-litellm-supply-chain-compromise.html
Hasbro takes some systems offline after cybersecurity incident
https://therecord.media/hasbro-takes-some-systems-offline-after-cyber-incident
Cambodia extradites alleged cyber scam linchpin to China as crackdown intensifies
https://therecord.media/cambodia-extradites-alleged-cyber-scam-linchpin-to-china
North Dakota water treatment plant reports March ransomware attack
https://therecord.media/north-dakota-ransomware-water-plant
Nissan says stolen data came from third-party vendor after hacking group claims breach
https://therecord.media/nissan-hackers-data-breach
Mitigating the Axios npm supply chain compromise
https://www.microsoft.com/en-us/security/blog/2026/04/01/mitigating-the-axios-npm-supply-chain-compromise/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Romania under daily barrage of cyberattacks, defense minister says
Romanian government institutions are facing thousands of cyberattack attempts every day targeting a wide range of public institutions, Defense Minister Radu Miruta said.
Top Security News for Today
Possible US Government iPhone Hacking Tool Leaked
https://www.schneier.com/blog/archives/2026/04/possible-us-government-iphone-hacking-tool-leaked.html
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1saebwi/youre_not_supposed_to_sharefile_with_everyone/
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1saebwi/youre_not_supposed_to_sharefile_with_everyone/
Cybercrime as a Service: A Scoping Review
https://arxiv.org/abs/2604.00063
When Labels Are Scarce: A Systematic Mapping of Label-Efficient Code Vulnerability Detection
https://arxiv.org/abs/2604.00079
Efficient Software Vulnerability Detection Using Transformer-based Models
https://arxiv.org/abs/2604.00112
Beyond Latency: A System-Level Characterization of MPC and FHE for PPML
https://arxiv.org/abs/2604.00169
NFC based inventory control system for secure and efficient communication
https://arxiv.org/abs/2604.00181
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Possible US Government iPhone Hacking Tool Leaked
https://www.schneier.com/blog/archives/2026/04/possible-us-government-iphone-hacking-tool-leaked.html
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1saebwi/youre_not_supposed_to_sharefile_with_everyone/
You’re Not Supposed To ShareFile With Everyone (Progress ShareFile Pre-Auth RCE Chain CVE-2026-2699 & CVE-2026-2701) - watchTowr Labs
https://www.reddit.com/r/netsec/comments/1saebwi/youre_not_supposed_to_sharefile_with_everyone/
Cybercrime as a Service: A Scoping Review
https://arxiv.org/abs/2604.00063
When Labels Are Scarce: A Systematic Mapping of Label-Efficient Code Vulnerability Detection
https://arxiv.org/abs/2604.00079
Efficient Software Vulnerability Detection Using Transformer-based Models
https://arxiv.org/abs/2604.00112
Beyond Latency: A System-Level Characterization of MPC and FHE for PPML
https://arxiv.org/abs/2604.00169
NFC based inventory control system for secure and efficient communication
https://arxiv.org/abs/2604.00181
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Possible US Government iPhone Hacking Tool Leaked - Schneier on Security
Wired writes (alternate source): Security researchers at Google on Tuesday released a report describing what they’re calling “Coruna,” a highly sophisticated iPhone hacking toolkit that includes five complete hacking techniques capable of bypassing all the…
Top Security News for Today
Company that Secretly Records and Publishes Zoom Meetings
https://www.schneier.com/blog/archives/2026/04/company-that-secretly-records-and-publishes-zoom-meetings.html
A threat actor who goes by the name "Mr. Raccoon" has claimed to hack Adobe support via 3rd party Indian BPO firm
https://www.reddit.com/r/netsec/comments/1sb7man/a_threat_actor_who_goes_by_the_name_mr_raccoon/
New RCE in Control Web Panel (CVE-2025-70951)
https://www.reddit.com/r/netsec/comments/1sb7pr4/new_rce_in_control_web_panel_cve202570951/
Ukraine warns Russian hackers are revisiting past breaches to prepare new attacks
https://therecord.media/ukraine-warns-russian-hackers-revisiting-old-attacks
Massachusetts emergency communications system impacted by cyberattack
https://therecord.media/massachusetts-emergency-alert-cyberattack
FCC proposes $4.5 million fine for voice service provider hosting ‘suspicious’ foreign call traffic
https://therecord.media/fcc-proposes-5-million-fine-robocall
CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers
https://therecord.media/trueconf-cyberattack-cisa-hackers
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Company that Secretly Records and Publishes Zoom Meetings
https://www.schneier.com/blog/archives/2026/04/company-that-secretly-records-and-publishes-zoom-meetings.html
A threat actor who goes by the name "Mr. Raccoon" has claimed to hack Adobe support via 3rd party Indian BPO firm
https://www.reddit.com/r/netsec/comments/1sb7man/a_threat_actor_who_goes_by_the_name_mr_raccoon/
New RCE in Control Web Panel (CVE-2025-70951)
https://www.reddit.com/r/netsec/comments/1sb7pr4/new_rce_in_control_web_panel_cve202570951/
Ukraine warns Russian hackers are revisiting past breaches to prepare new attacks
https://therecord.media/ukraine-warns-russian-hackers-revisiting-old-attacks
Massachusetts emergency communications system impacted by cyberattack
https://therecord.media/massachusetts-emergency-alert-cyberattack
FCC proposes $4.5 million fine for voice service provider hosting ‘suspicious’ foreign call traffic
https://therecord.media/fcc-proposes-5-million-fine-robocall
CISA gives agencies two weeks to patch video conferencing bug exploited by Chinese hackers
https://therecord.media/trueconf-cyberattack-cisa-hackers
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
Company that Secretly Records and Publishes Zoom Meetings - Schneier on Security
WebinarTV searches the internet for public Zoom invites, joins the meetings, secretly records them, and publishes (alternate link) the recordings. It doesn’t use the Zoom record feature, so Zoom can’t do anything about it.
Top Security News for Today
Proof-of-Personhood Without Biometrics: The IRLid Protocol
https://www.reddit.com/r/netsec/comments/1sc3fju/proofofpersonhood_without_biometrics_the_irlid/
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
https://www.reddit.com/r/netsec/comments/1sc5xhj/researchers_uncover_mining_operation_using_iso/
Apple's Spotlight Search Results Come With Engagement Metrics. No One Knew.
https://www.reddit.com/r/netsec/comments/1scak6p/apples_spotlight_search_results_come_with/
BrowserGate: LinkedIn/Microsoft allegedly scans 6,000+ browser extensions & links them to real identities, all without user consent
https://www.reddit.com/r/netsec/comments/1sccnjb/browsergate_linkedinmicrosoft_allegedly_scans/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Proof-of-Personhood Without Biometrics: The IRLid Protocol
https://www.reddit.com/r/netsec/comments/1sc3fju/proofofpersonhood_without_biometrics_the_irlid/
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
https://www.reddit.com/r/netsec/comments/1sc5xhj/researchers_uncover_mining_operation_using_iso/
Apple's Spotlight Search Results Come With Engagement Metrics. No One Knew.
https://www.reddit.com/r/netsec/comments/1scak6p/apples_spotlight_search_results_come_with/
BrowserGate: LinkedIn/Microsoft allegedly scans 6,000+ browser extensions & links them to real identities, all without user consent
https://www.reddit.com/r/netsec/comments/1sccnjb/browsergate_linkedinmicrosoft_allegedly_scans/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Proof-of-Personhood Without Biometrics: The IRLid Protocol
Posted by Scary-Stomach8855 - 4 votes and 23 comments
Top Security News for Today
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html
GDDRHammer and GeForge: GDDR6 GPU Rowhammer to root shell (IEEE S&P 2026, exploit code available)
https://www.reddit.com/r/netsec/comments/1sd7hzh/gddrhammer_and_geforge_gddr6_gpu_rowhammer_to/
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
The Attack With No Attacker Domain: Microsoft Entra B2B Guest Invitation Phishing
https://www.reddit.com/r/netsec/comments/1sdlisb/the_attack_with_no_attacker_domain_microsoft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html
GDDRHammer and GeForge: GDDR6 GPU Rowhammer to root shell (IEEE S&P 2026, exploit code available)
https://www.reddit.com/r/netsec/comments/1sd7hzh/gddrhammer_and_geforge_gddr6_gpu_rowhammer_to/
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
The Attack With No Attacker Domain: Microsoft Entra B2B Guest Invitation Phishing
https://www.reddit.com/r/netsec/comments/1sdlisb/the_attack_with_no_attacker_domain_microsoft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Trend Micro
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
Top Security News for Today
Hackers threaten to leak data after cyberattack on German party Die Linke
https://therecord.media/hackers-threaten-to-leak-german-political-party-data
Major outage hits Russian banking apps, metro payments across regions
https://therecord.media/outage-hits-russian-banking-apps
Singapore, US warn of latest Fortinet bug being exploited in wild
https://therecord.media/singapore-us-warn-of-fortinet-bug-exploited
Inside an AI‑enabled device code phishing campaign
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
First stalkerware maker prosecuted since 2014 receives no jail time
https://therecord.media/stalkerware-maker-receives-no-jail-time
German police unmask two suspects linked to REvil ransomware gang
https://therecord.media/german-police-unmask-suspects-linked-revil-gandcrab
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hackers threaten to leak data after cyberattack on German party Die Linke
https://therecord.media/hackers-threaten-to-leak-german-political-party-data
Major outage hits Russian banking apps, metro payments across regions
https://therecord.media/outage-hits-russian-banking-apps
Singapore, US warn of latest Fortinet bug being exploited in wild
https://therecord.media/singapore-us-warn-of-fortinet-bug-exploited
Inside an AI‑enabled device code phishing campaign
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
First stalkerware maker prosecuted since 2014 receives no jail time
https://therecord.media/stalkerware-maker-receives-no-jail-time
German police unmask two suspects linked to REvil ransomware gang
https://therecord.media/german-police-unmask-suspects-linked-revil-gandcrab
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Hackers threaten to leak data after cyberattack on German party Die Linke
Die Linke confirmed in late March that its IT infrastructure had been hit by what it described as a “serious cyberattack.”
Top Security News for Today
Detecting CI/CD Supply Chain Attacks with Canary Credentials
https://www.reddit.com/r/netsec/comments/1sep4hy/detecting_cicd_supply_chain_attacks_with_canary/
Hong Kong Police Can Force You to Reveal Your Encryption Keys
https://www.schneier.com/blog/archives/2026/04/hong-kong-police-can-force-you-to-reveal-your-encryption-keys.html
Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands
https://therecord.media/cyberattack-hits-northern-ireland-schools
PortSwigger partners with Meta Bug Bounty to empower bug hunters with training and Pro licenses
https://portswigger.net/blog/portswigger-partners-with-meta-bug-bounty-to-empower-bug-hunters-with-training-and-pro-licenses
Cyberattack on telecom giant Rostelecom disrupts internet services across Russia
https://therecord.media/rostelecom-cyberattack-disrupts-russian-internet-access
Massachusetts hospital turning ambulances away after cyberattack
https://therecord.media/massachusetts-hospital-turning-ambulances-away-cyberattack
FBI, Pentagon warn of Iran hacking groups targeting operational technology
https://therecord.media/fbi-pentagon-warn-iran-hacking-groups-target-ot
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Detecting CI/CD Supply Chain Attacks with Canary Credentials
https://www.reddit.com/r/netsec/comments/1sep4hy/detecting_cicd_supply_chain_attacks_with_canary/
Hong Kong Police Can Force You to Reveal Your Encryption Keys
https://www.schneier.com/blog/archives/2026/04/hong-kong-police-can-force-you-to-reveal-your-encryption-keys.html
Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands
https://therecord.media/cyberattack-hits-northern-ireland-schools
PortSwigger partners with Meta Bug Bounty to empower bug hunters with training and Pro licenses
https://portswigger.net/blog/portswigger-partners-with-meta-bug-bounty-to-empower-bug-hunters-with-training-and-pro-licenses
Cyberattack on telecom giant Rostelecom disrupts internet services across Russia
https://therecord.media/rostelecom-cyberattack-disrupts-russian-internet-access
Massachusetts hospital turning ambulances away after cyberattack
https://therecord.media/massachusetts-hospital-turning-ambulances-away-cyberattack
FBI, Pentagon warn of Iran hacking groups targeting operational technology
https://therecord.media/fbi-pentagon-warn-iran-hacking-groups-target-ot
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Detecting CI/CD Supply Chain Attacks with Canary Credentials
Explore this post and more from the netsec community
Top Security News for Today
CIA director quietly elevated agency’s cyber espionage division
https://therecord.media/cia-director-elevated-agency-cyber-espionage-division
We found a path traversal in an MCP server with 7,700 stars that lets AI agents read your SSH keys. Fix merged.
https://www.reddit.com/r/netsec/comments/1sfhmaa/we_found_a_path_traversal_in_an_mcp_server_with/
From UART to Root: Vendor Shell Escape on a Uniview IP Camera
https://www.reddit.com/r/netsec/comments/1sfe68f/from_uart_to_root_vendor_shell_escape_on_a/
Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3)
https://www.reddit.com/r/netsec/comments/1sfpmg9/reading_etcpasswd_via_translation_file_upload_in/
Minnesota governor sends national guard to county after cyberattack
https://therecord.media/minnesota-sends-national-guard-after-local-cyberattack
Breach exposes sensitive LAPD files stored in city attorney system
https://therecord.media/breach-exposes-lapd-files-city-attorney-systems
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
CIA director quietly elevated agency’s cyber espionage division
https://therecord.media/cia-director-elevated-agency-cyber-espionage-division
We found a path traversal in an MCP server with 7,700 stars that lets AI agents read your SSH keys. Fix merged.
https://www.reddit.com/r/netsec/comments/1sfhmaa/we_found_a_path_traversal_in_an_mcp_server_with/
From UART to Root: Vendor Shell Escape on a Uniview IP Camera
https://www.reddit.com/r/netsec/comments/1sfe68f/from_uart_to_root_vendor_shell_escape_on_a/
Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3)
https://www.reddit.com/r/netsec/comments/1sfpmg9/reading_etcpasswd_via_translation_file_upload_in/
Minnesota governor sends national guard to county after cyberattack
https://therecord.media/minnesota-sends-national-guard-after-local-cyberattack
Breach exposes sensitive LAPD files stored in city attorney system
https://therecord.media/breach-exposes-lapd-files-city-attorney-systems
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
CIA director quietly elevated agency’s cyber espionage division
The Center for Cyber Intelligence, which had resided within the CIA's Directorate of Digital Innovation since 2015, was promoted to a full-fledged mission center last October.
Top Security News for Today
The long road to your crypto: ClipBanker and its marathon infection chain
https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/
Cybercriminals target accountants to drain Russian firms’ bank accounts
https://therecord.media/cybercriminals-hack-russian-accountants-to-steal-millions
Applying SOAR-style automation to physical perimeter security
https://www.reddit.com/r/netsec/comments/1sglba8/applying_soarstyle_automation_to_physical/
On Microsoft’s Lousy Cloud Security
https://www.schneier.com/blog/archives/2026/04/on-microsofts-lousy-cloud-security.html
Negotiating Privacy with Smart Voice Assistants: Risk-Benefit and Control-Acceptance Tensions
https://arxiv.org/abs/2604.06235
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
https://www.microsoft.com/en-us/security/blog/2026/04/09/investigating-storm-2755-payroll-pirate-attacks-targeting-canadian-employees/
Treasury Department announces crypto industry cyber threat sharing initiative
https://therecord.media/treasury-department-announces-crypto-info-sharing
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The long road to your crypto: ClipBanker and its marathon infection chain
https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/
Cybercriminals target accountants to drain Russian firms’ bank accounts
https://therecord.media/cybercriminals-hack-russian-accountants-to-steal-millions
Applying SOAR-style automation to physical perimeter security
https://www.reddit.com/r/netsec/comments/1sglba8/applying_soarstyle_automation_to_physical/
On Microsoft’s Lousy Cloud Security
https://www.schneier.com/blog/archives/2026/04/on-microsofts-lousy-cloud-security.html
Negotiating Privacy with Smart Voice Assistants: Risk-Benefit and Control-Acceptance Tensions
https://arxiv.org/abs/2604.06235
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
https://www.microsoft.com/en-us/security/blog/2026/04/09/investigating-storm-2755-payroll-pirate-attacks-targeting-canadian-employees/
Treasury Department announces crypto industry cyber threat sharing initiative
https://therecord.media/treasury-department-announces-crypto-info-sharing
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
ClipBanker Trojan masquerades as Proxifier software
Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard.
Top Security News for Today
Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft
https://therecord.media/chipsoft-ransomware-attack-disrupts-dutch-hospitals
It reads like a spy novel: $280 million theft from Drift involved North Korean fake companies, cutouts
https://therecord.media/drift-crypto-theft-post-mortem-north-korea
Senator launches inquiry into tech giants for failures to adequately report CSAM
https://therecord.media/senator-launches-inquiry-into-tech-giants-csam
UK government threatens tech bosses with jail time if they do not adequately fight nudification tools
https://therecord.media/uk-threatens-tech-bosses-with-jail-ai-nudification
Florida investigates OpenAI for role ChatGPT may have played in deadly shooting
https://therecord.media/florida-investigates-openai-chatgpt-deadly-shooting
Slipping up Slippi with spectator RCE
https://www.reddit.com/r/netsec/comments/1shcqyf/slipping_up_slippi_with_spectator_rce/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft
https://therecord.media/chipsoft-ransomware-attack-disrupts-dutch-hospitals
It reads like a spy novel: $280 million theft from Drift involved North Korean fake companies, cutouts
https://therecord.media/drift-crypto-theft-post-mortem-north-korea
Senator launches inquiry into tech giants for failures to adequately report CSAM
https://therecord.media/senator-launches-inquiry-into-tech-giants-csam
UK government threatens tech bosses with jail time if they do not adequately fight nudification tools
https://therecord.media/uk-threatens-tech-bosses-with-jail-ai-nudification
Florida investigates OpenAI for role ChatGPT may have played in deadly shooting
https://therecord.media/florida-investigates-openai-chatgpt-deadly-shooting
Slipping up Slippi with spectator RCE
https://www.reddit.com/r/netsec/comments/1shcqyf/slipping_up_slippi_with_spectator_rce/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft
A ransomware attack on Dutch healthcare software vendor ChipSoft has forced the company to disable parts of its digital services used by hospitals and patients across the Netherlands, the national cybersecurity center for the healthcare sector said.
Top Security News for Today
Reverse Engineering a Multi Stage File Format Steganography Chain of the TeamPCP Telnyx Campaign
https://www.reddit.com/r/netsec/comments/1siafhk/reverse_engineering_a_multi_stage_file_format/
Open-source cross-modal and multimodal prompt injection test suite. 38,000+ attack payloads across text, image, document, and audio modalities. Research-backed by OWASP LLM Top 10, CrossInject (ACM MM 2025), FigStep (AAAI 2025), DolphinAttack, and CSA 2026.
https://www.reddit.com/r/netsec/comments/1sii9bw/opensource_crossmodal_and_multimodal_prompt/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reverse Engineering a Multi Stage File Format Steganography Chain of the TeamPCP Telnyx Campaign
https://www.reddit.com/r/netsec/comments/1siafhk/reverse_engineering_a_multi_stage_file_format/
Open-source cross-modal and multimodal prompt injection test suite. 38,000+ attack payloads across text, image, document, and audio modalities. Research-backed by OWASP LLM Top 10, CrossInject (ACM MM 2025), FigStep (AAAI 2025), DolphinAttack, and CSA 2026.
https://www.reddit.com/r/netsec/comments/1sii9bw/opensource_crossmodal_and_multimodal_prompt/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Reverse Engineering a Multi Stage File Format Steganography Chain of the TeamPCP Telnyx Campaign
Explore this post and more from the netsec community