Top Security News for Today
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html
GDDRHammer and GeForge: GDDR6 GPU Rowhammer to root shell (IEEE S&P 2026, exploit code available)
https://www.reddit.com/r/netsec/comments/1sd7hzh/gddrhammer_and_geforge_gddr6_gpu_rowhammer_to/
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
The Attack With No Attacker Domain: Microsoft Entra B2B Guest Invitation Phishing
https://www.reddit.com/r/netsec/comments/1sdlisb/the_attack_with_no_attacker_domain_microsoft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants
https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
https://www.trendmicro.com/en_us/research/26/c/axios-npm-package-compromised.html
GDDRHammer and GeForge: GDDR6 GPU Rowhammer to root shell (IEEE S&P 2026, exploit code available)
https://www.reddit.com/r/netsec/comments/1sd7hzh/gddrhammer_and_geforge_gddr6_gpu_rowhammer_to/
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
https://krebsonsecurity.com/2026/04/germany-doxes-unkn-head-of-ru-ransomware-gangs-revil-gandcrab/
The Attack With No Attacker Domain: Microsoft Entra B2B Guest Invitation Phishing
https://www.reddit.com/r/netsec/comments/1sdlisb/the_attack_with_no_attacker_domain_microsoft/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Trend Micro
Axios NPM Package Compromised: Supply Chain Attack Hits JavaScript HTTP Client with 100M+ Weekly Downloads
Top Security News for Today
Hackers threaten to leak data after cyberattack on German party Die Linke
https://therecord.media/hackers-threaten-to-leak-german-political-party-data
Major outage hits Russian banking apps, metro payments across regions
https://therecord.media/outage-hits-russian-banking-apps
Singapore, US warn of latest Fortinet bug being exploited in wild
https://therecord.media/singapore-us-warn-of-fortinet-bug-exploited
Inside an AI‑enabled device code phishing campaign
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
First stalkerware maker prosecuted since 2014 receives no jail time
https://therecord.media/stalkerware-maker-receives-no-jail-time
German police unmask two suspects linked to REvil ransomware gang
https://therecord.media/german-police-unmask-suspects-linked-revil-gandcrab
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Hackers threaten to leak data after cyberattack on German party Die Linke
https://therecord.media/hackers-threaten-to-leak-german-political-party-data
Major outage hits Russian banking apps, metro payments across regions
https://therecord.media/outage-hits-russian-banking-apps
Singapore, US warn of latest Fortinet bug being exploited in wild
https://therecord.media/singapore-us-warn-of-fortinet-bug-exploited
Inside an AI‑enabled device code phishing campaign
https://www.microsoft.com/en-us/security/blog/2026/04/06/ai-enabled-device-code-phishing-campaign-april-2026/
Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
First stalkerware maker prosecuted since 2014 receives no jail time
https://therecord.media/stalkerware-maker-receives-no-jail-time
German police unmask two suspects linked to REvil ransomware gang
https://therecord.media/german-police-unmask-suspects-linked-revil-gandcrab
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Hackers threaten to leak data after cyberattack on German party Die Linke
Die Linke confirmed in late March that its IT infrastructure had been hit by what it described as a “serious cyberattack.”
Top Security News for Today
Detecting CI/CD Supply Chain Attacks with Canary Credentials
https://www.reddit.com/r/netsec/comments/1sep4hy/detecting_cicd_supply_chain_attacks_with_canary/
Hong Kong Police Can Force You to Reveal Your Encryption Keys
https://www.schneier.com/blog/archives/2026/04/hong-kong-police-can-force-you-to-reveal-your-encryption-keys.html
Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands
https://therecord.media/cyberattack-hits-northern-ireland-schools
PortSwigger partners with Meta Bug Bounty to empower bug hunters with training and Pro licenses
https://portswigger.net/blog/portswigger-partners-with-meta-bug-bounty-to-empower-bug-hunters-with-training-and-pro-licenses
Cyberattack on telecom giant Rostelecom disrupts internet services across Russia
https://therecord.media/rostelecom-cyberattack-disrupts-russian-internet-access
Massachusetts hospital turning ambulances away after cyberattack
https://therecord.media/massachusetts-hospital-turning-ambulances-away-cyberattack
FBI, Pentagon warn of Iran hacking groups targeting operational technology
https://therecord.media/fbi-pentagon-warn-iran-hacking-groups-target-ot
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Detecting CI/CD Supply Chain Attacks with Canary Credentials
https://www.reddit.com/r/netsec/comments/1sep4hy/detecting_cicd_supply_chain_attacks_with_canary/
Hong Kong Police Can Force You to Reveal Your Encryption Keys
https://www.schneier.com/blog/archives/2026/04/hong-kong-police-can-force-you-to-reveal-your-encryption-keys.html
Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands
https://therecord.media/cyberattack-hits-northern-ireland-schools
PortSwigger partners with Meta Bug Bounty to empower bug hunters with training and Pro licenses
https://portswigger.net/blog/portswigger-partners-with-meta-bug-bounty-to-empower-bug-hunters-with-training-and-pro-licenses
Cyberattack on telecom giant Rostelecom disrupts internet services across Russia
https://therecord.media/rostelecom-cyberattack-disrupts-russian-internet-access
Massachusetts hospital turning ambulances away after cyberattack
https://therecord.media/massachusetts-hospital-turning-ambulances-away-cyberattack
FBI, Pentagon warn of Iran hacking groups targeting operational technology
https://therecord.media/fbi-pentagon-warn-iran-hacking-groups-target-ot
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Detecting CI/CD Supply Chain Attacks with Canary Credentials
Explore this post and more from the netsec community
Top Security News for Today
CIA director quietly elevated agency’s cyber espionage division
https://therecord.media/cia-director-elevated-agency-cyber-espionage-division
We found a path traversal in an MCP server with 7,700 stars that lets AI agents read your SSH keys. Fix merged.
https://www.reddit.com/r/netsec/comments/1sfhmaa/we_found_a_path_traversal_in_an_mcp_server_with/
From UART to Root: Vendor Shell Escape on a Uniview IP Camera
https://www.reddit.com/r/netsec/comments/1sfe68f/from_uart_to_root_vendor_shell_escape_on_a/
Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3)
https://www.reddit.com/r/netsec/comments/1sfpmg9/reading_etcpasswd_via_translation_file_upload_in/
Minnesota governor sends national guard to county after cyberattack
https://therecord.media/minnesota-sends-national-guard-after-local-cyberattack
Breach exposes sensitive LAPD files stored in city attorney system
https://therecord.media/breach-exposes-lapd-files-city-attorney-systems
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
CIA director quietly elevated agency’s cyber espionage division
https://therecord.media/cia-director-elevated-agency-cyber-espionage-division
We found a path traversal in an MCP server with 7,700 stars that lets AI agents read your SSH keys. Fix merged.
https://www.reddit.com/r/netsec/comments/1sfhmaa/we_found_a_path_traversal_in_an_mcp_server_with/
From UART to Root: Vendor Shell Escape on a Uniview IP Camera
https://www.reddit.com/r/netsec/comments/1sfe68f/from_uart_to_root_vendor_shell_escape_on_a/
Reading /etc/passwd via translation file upload in Tolgee's cloud platform (CVE-2026-32251, CVSS 9.3)
https://www.reddit.com/r/netsec/comments/1sfpmg9/reading_etcpasswd_via_translation_file_upload_in/
Minnesota governor sends national guard to county after cyberattack
https://therecord.media/minnesota-sends-national-guard-after-local-cyberattack
Breach exposes sensitive LAPD files stored in city attorney system
https://therecord.media/breach-exposes-lapd-files-city-attorney-systems
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
CIA director quietly elevated agency’s cyber espionage division
The Center for Cyber Intelligence, which had resided within the CIA's Directorate of Digital Innovation since 2015, was promoted to a full-fledged mission center last October.
Top Security News for Today
The long road to your crypto: ClipBanker and its marathon infection chain
https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/
Cybercriminals target accountants to drain Russian firms’ bank accounts
https://therecord.media/cybercriminals-hack-russian-accountants-to-steal-millions
Applying SOAR-style automation to physical perimeter security
https://www.reddit.com/r/netsec/comments/1sglba8/applying_soarstyle_automation_to_physical/
On Microsoft’s Lousy Cloud Security
https://www.schneier.com/blog/archives/2026/04/on-microsofts-lousy-cloud-security.html
Negotiating Privacy with Smart Voice Assistants: Risk-Benefit and Control-Acceptance Tensions
https://arxiv.org/abs/2604.06235
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
https://www.microsoft.com/en-us/security/blog/2026/04/09/investigating-storm-2755-payroll-pirate-attacks-targeting-canadian-employees/
Treasury Department announces crypto industry cyber threat sharing initiative
https://therecord.media/treasury-department-announces-crypto-info-sharing
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The long road to your crypto: ClipBanker and its marathon infection chain
https://securelist.com/clipbanker-malware-distributed-via-trojanized-proxifier/119341/
Cybercriminals target accountants to drain Russian firms’ bank accounts
https://therecord.media/cybercriminals-hack-russian-accountants-to-steal-millions
Applying SOAR-style automation to physical perimeter security
https://www.reddit.com/r/netsec/comments/1sglba8/applying_soarstyle_automation_to_physical/
On Microsoft’s Lousy Cloud Security
https://www.schneier.com/blog/archives/2026/04/on-microsofts-lousy-cloud-security.html
Negotiating Privacy with Smart Voice Assistants: Risk-Benefit and Control-Acceptance Tensions
https://arxiv.org/abs/2604.06235
Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk
https://www.microsoft.com/en-us/security/blog/2026/04/09/intent-redirection-vulnerability-third-party-sdk-android/
Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees
https://www.microsoft.com/en-us/security/blog/2026/04/09/investigating-storm-2755-payroll-pirate-attacks-targeting-canadian-employees/
Treasury Department announces crypto industry cyber threat sharing initiative
https://therecord.media/treasury-department-announces-crypto-info-sharing
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
ClipBanker Trojan masquerades as Proxifier software
Threat actors are distributing a Trojan disguised as Proxifier software; through a multi-stage infection chain, it delivers ClipBanker – malware that replaces cryptocurrency wallet addresses in the clipboard.
Top Security News for Today
Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft
https://therecord.media/chipsoft-ransomware-attack-disrupts-dutch-hospitals
It reads like a spy novel: $280 million theft from Drift involved North Korean fake companies, cutouts
https://therecord.media/drift-crypto-theft-post-mortem-north-korea
Senator launches inquiry into tech giants for failures to adequately report CSAM
https://therecord.media/senator-launches-inquiry-into-tech-giants-csam
UK government threatens tech bosses with jail time if they do not adequately fight nudification tools
https://therecord.media/uk-threatens-tech-bosses-with-jail-ai-nudification
Florida investigates OpenAI for role ChatGPT may have played in deadly shooting
https://therecord.media/florida-investigates-openai-chatgpt-deadly-shooting
Slipping up Slippi with spectator RCE
https://www.reddit.com/r/netsec/comments/1shcqyf/slipping_up_slippi_with_spectator_rce/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft
https://therecord.media/chipsoft-ransomware-attack-disrupts-dutch-hospitals
It reads like a spy novel: $280 million theft from Drift involved North Korean fake companies, cutouts
https://therecord.media/drift-crypto-theft-post-mortem-north-korea
Senator launches inquiry into tech giants for failures to adequately report CSAM
https://therecord.media/senator-launches-inquiry-into-tech-giants-csam
UK government threatens tech bosses with jail time if they do not adequately fight nudification tools
https://therecord.media/uk-threatens-tech-bosses-with-jail-ai-nudification
Florida investigates OpenAI for role ChatGPT may have played in deadly shooting
https://therecord.media/florida-investigates-openai-chatgpt-deadly-shooting
Slipping up Slippi with spectator RCE
https://www.reddit.com/r/netsec/comments/1shcqyf/slipping_up_slippi_with_spectator_rce/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft
A ransomware attack on Dutch healthcare software vendor ChipSoft has forced the company to disable parts of its digital services used by hospitals and patients across the Netherlands, the national cybersecurity center for the healthcare sector said.
Top Security News for Today
Reverse Engineering a Multi Stage File Format Steganography Chain of the TeamPCP Telnyx Campaign
https://www.reddit.com/r/netsec/comments/1siafhk/reverse_engineering_a_multi_stage_file_format/
Open-source cross-modal and multimodal prompt injection test suite. 38,000+ attack payloads across text, image, document, and audio modalities. Research-backed by OWASP LLM Top 10, CrossInject (ACM MM 2025), FigStep (AAAI 2025), DolphinAttack, and CSA 2026.
https://www.reddit.com/r/netsec/comments/1sii9bw/opensource_crossmodal_and_multimodal_prompt/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reverse Engineering a Multi Stage File Format Steganography Chain of the TeamPCP Telnyx Campaign
https://www.reddit.com/r/netsec/comments/1siafhk/reverse_engineering_a_multi_stage_file_format/
Open-source cross-modal and multimodal prompt injection test suite. 38,000+ attack payloads across text, image, document, and audio modalities. Research-backed by OWASP LLM Top 10, CrossInject (ACM MM 2025), FigStep (AAAI 2025), DolphinAttack, and CSA 2026.
https://www.reddit.com/r/netsec/comments/1sii9bw/opensource_crossmodal_and_multimodal_prompt/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Reverse Engineering a Multi Stage File Format Steganography Chain of the TeamPCP Telnyx Campaign
Explore this post and more from the netsec community
Top Security News for Today
Estimating Remaining Stack Space in a C Program
https://www.reddit.com/r/lowlevel/comments/1sjg88m/estimating_remaining_stack_space_in_a_c_program/
Reverse engineered SilentSDK - RAT and C2 infrastructure found on beamers, sold on Amazon/AliExpress/eBay
https://www.reddit.com/r/netsec/comments/1sjioe3/reverse_engineered_silentsdk_rat_and_c2/
We combined DRAM timing attacks, electrical grid frequency detection, and gyroscope fusion into a single bot detection stack and I think we need to talk about it
https://www.reddit.com/r/netsec/comments/1sjkuu2/we_combined_dram_timing_attacks_electrical_grid/
Paying Google to Hack macOS Users?
https://www.reddit.com/r/netsec/comments/1sjecf4/paying_google_to_hack_macos_users/
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
https://www.reddit.com/r/netsec/comments/1sk1x6r/agentic_browser_security_indirect_prompt/
CVE-2025-8061: From User-land to Ring 0
https://www.reddit.com/r/netsec/comments/1sk4j5o/cve20258061_from_userland_to_ring_0/
JanelaRAT: a financial threat targeting users in Latin America
https://securelist.com/janelarat-financial-threat-in-latin-america/119332/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Estimating Remaining Stack Space in a C Program
https://www.reddit.com/r/lowlevel/comments/1sjg88m/estimating_remaining_stack_space_in_a_c_program/
Reverse engineered SilentSDK - RAT and C2 infrastructure found on beamers, sold on Amazon/AliExpress/eBay
https://www.reddit.com/r/netsec/comments/1sjioe3/reverse_engineered_silentsdk_rat_and_c2/
We combined DRAM timing attacks, electrical grid frequency detection, and gyroscope fusion into a single bot detection stack and I think we need to talk about it
https://www.reddit.com/r/netsec/comments/1sjkuu2/we_combined_dram_timing_attacks_electrical_grid/
Paying Google to Hack macOS Users?
https://www.reddit.com/r/netsec/comments/1sjecf4/paying_google_to_hack_macos_users/
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
https://www.reddit.com/r/netsec/comments/1sk1x6r/agentic_browser_security_indirect_prompt/
CVE-2025-8061: From User-land to Ring 0
https://www.reddit.com/r/netsec/comments/1sk4j5o/cve20258061_from_userland_to_ring_0/
JanelaRAT: a financial threat targeting users in Latin America
https://securelist.com/janelarat-financial-threat-in-latin-america/119332/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the lowlevel community on Reddit: Estimating Remaining Stack Space in a C Program
Posted by Yairlenga - 0 votes and 4 comments
Top Security News for Today
CVE-2025-8061: From User-land to Ring 0
https://www.reddit.com/r/netsec/comments/1sk4j5o/cve20258061_from_userland_to_ring_0/
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
https://www.reddit.com/r/netsec/comments/1sk1x6r/agentic_browser_security_indirect_prompt/
AI Chatbots and Trust
https://www.schneier.com/blog/archives/2026/04/ai-chatbots-and-trust.html
One Uppercase Letter Breaks Every Nuxt App
https://www.reddit.com/r/netsec/comments/1sk6xc3/one_uppercase_letter_breaks_every_nuxt_app/
Hack at Dutch gym chain Basic-Fit exposes customer data in several EU countries
https://therecord.media/dutch-gym-chain-basic-fit-hit-by-hackers
The persistence of analog RF links in drone video feeds
https://www.reddit.com/r/netsec/comments/1sk83f7/the_persistence_of_analog_rf_links_in_drone_video/
CVE-2026-22666: Dolibarr 23.0.0 dol_eval() whitelist bypass -> RCE (full write-up + PoC)
https://www.reddit.com/r/netsec/comments/1skazzv/cve202622666_dolibarr_2300_dol_eval_whitelist/
YARA-X now runs in the browser - official Playground
https://www.reddit.com/r/netsec/comments/1sk96tq/yarax_now_runs_in_the_browser_official_playground/
Anatomy of an Autonomous AI Agent Risk: How Qualys ETM Connects the Dots on OpenClaw
https://blog.qualys.com/product-tech/2026/04/13/anatomy-autonomous-ai-agent-risk-qualys-etm-openclaw
FBI, Indonesia take down W3LL phishing tool
https://therecord.media/phishing-takedown-indonesia-fbi
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
CVE-2025-8061: From User-land to Ring 0
https://www.reddit.com/r/netsec/comments/1sk4j5o/cve20258061_from_userland_to_ring_0/
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
https://www.reddit.com/r/netsec/comments/1sk1x6r/agentic_browser_security_indirect_prompt/
AI Chatbots and Trust
https://www.schneier.com/blog/archives/2026/04/ai-chatbots-and-trust.html
One Uppercase Letter Breaks Every Nuxt App
https://www.reddit.com/r/netsec/comments/1sk6xc3/one_uppercase_letter_breaks_every_nuxt_app/
Hack at Dutch gym chain Basic-Fit exposes customer data in several EU countries
https://therecord.media/dutch-gym-chain-basic-fit-hit-by-hackers
The persistence of analog RF links in drone video feeds
https://www.reddit.com/r/netsec/comments/1sk83f7/the_persistence_of_analog_rf_links_in_drone_video/
CVE-2026-22666: Dolibarr 23.0.0 dol_eval() whitelist bypass -> RCE (full write-up + PoC)
https://www.reddit.com/r/netsec/comments/1skazzv/cve202622666_dolibarr_2300_dol_eval_whitelist/
YARA-X now runs in the browser - official Playground
https://www.reddit.com/r/netsec/comments/1sk96tq/yarax_now_runs_in_the_browser_official_playground/
Anatomy of an Autonomous AI Agent Risk: How Qualys ETM Connects the Dots on OpenClaw
https://blog.qualys.com/product-tech/2026/04/13/anatomy-autonomous-ai-agent-risk-qualys-etm-openclaw
FBI, Indonesia take down W3LL phishing tool
https://therecord.media/phishing-takedown-indonesia-fbi
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: CVE-2025-8061: From User-land to Ring 0
Explore this post and more from the netsec community
Top Security News for Today
New Report: Digital Exposure of European Telecoms
https://www.reddit.com/r/netsec/comments/1sl6thg/new_report_digital_exposure_of_european_telecoms/
Virginia enacts ban on precise geolocation data sales as momentum for similar prohibitions builds
https://therecord.media/virginia-enacts-ban-on-precise-geolocation-data
New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments
https://therecord.media/new-janaware-ransomware-targeting-turkey
Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2026/04/14/microsoft-and-adobe-patch-tuesday-april-2026-security-update-review
ADAM: A Systematic Data Extraction Attack on Agent Memory via Adaptive Querying
https://arxiv.org/abs/2604.09747
Improving DNS Exfiltration Detection via Transformer Pretraining
https://arxiv.org/abs/2604.09849
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
New Report: Digital Exposure of European Telecoms
https://www.reddit.com/r/netsec/comments/1sl6thg/new_report_digital_exposure_of_european_telecoms/
Virginia enacts ban on precise geolocation data sales as momentum for similar prohibitions builds
https://therecord.media/virginia-enacts-ban-on-precise-geolocation-data
New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments
https://therecord.media/new-janaware-ransomware-targeting-turkey
Microsoft and Adobe Patch Tuesday, April 2026 Security Update Review
https://blog.qualys.com/vulnerabilities-threat-research/2026/04/14/microsoft-and-adobe-patch-tuesday-april-2026-security-update-review
ADAM: A Systematic Data Extraction Attack on Agent Memory via Adaptive Querying
https://arxiv.org/abs/2604.09747
Improving DNS Exfiltration Detection via Transformer Pretraining
https://arxiv.org/abs/2604.09849
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: New Report: Digital Exposure of European Telecoms
Explore this post and more from the netsec community
Top Security News for Today
Two Admin-level API keys publicly exposed for years, both dismissed as "Out of scope" by official bug bounty programs. Case analysis + proposed NHI Exposure Severity Index
https://www.reddit.com/r/netsec/comments/1slz48l/two_adminlevel_api_keys_publicly_exposed_for/
Kerberoasting detection gaps in mixed-encryption environments and why 0x17 filtering alone isn't enough
https://www.reddit.com/r/netsec/comments/1sm0afg/kerberoasting_detection_gaps_in_mixedencryption/
Defense in Depth, Medieval Style
https://www.schneier.com/blog/archives/2026/04/defense-in-depth-medieval-style.html
Sweden says pro-Russian hackers attempted to breach thermal power plant
https://therecord.media/sweden-hackers-russia-power-plant
Educational company McGraw Hill says Salesforce misconfiguration led to data leak
https://therecord.media/mcgraw-hill-data-leak-tied-to-salesforce-misconfiguration
UK warns businesses to address cyber risks amid Anthropic AI panic
https://therecord.media/anthropic-mythos-uk-cyber-risk
Incident response for AI: Same fire, different fuel
https://www.microsoft.com/en-us/security/blog/2026/04/15/incident-response-for-ai-same-fire-different-fuel/
Teen arrested in Northern Ireland over cyberattack on school network
https://therecord.media/northern-ireland-cyberattack-arrest
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Two Admin-level API keys publicly exposed for years, both dismissed as "Out of scope" by official bug bounty programs. Case analysis + proposed NHI Exposure Severity Index
https://www.reddit.com/r/netsec/comments/1slz48l/two_adminlevel_api_keys_publicly_exposed_for/
Kerberoasting detection gaps in mixed-encryption environments and why 0x17 filtering alone isn't enough
https://www.reddit.com/r/netsec/comments/1sm0afg/kerberoasting_detection_gaps_in_mixedencryption/
Defense in Depth, Medieval Style
https://www.schneier.com/blog/archives/2026/04/defense-in-depth-medieval-style.html
Sweden says pro-Russian hackers attempted to breach thermal power plant
https://therecord.media/sweden-hackers-russia-power-plant
Educational company McGraw Hill says Salesforce misconfiguration led to data leak
https://therecord.media/mcgraw-hill-data-leak-tied-to-salesforce-misconfiguration
UK warns businesses to address cyber risks amid Anthropic AI panic
https://therecord.media/anthropic-mythos-uk-cyber-risk
Incident response for AI: Same fire, different fuel
https://www.microsoft.com/en-us/security/blog/2026/04/15/incident-response-for-ai-same-fire-different-fuel/
Teen arrested in Northern Ireland over cyberattack on school network
https://therecord.media/northern-ireland-cyberattack-arrest
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: Two Admin-level API keys publicly exposed for years, both dismissed as "Out of scope" by official…
Explore this post and more from the netsec community
Top Security News for Today
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware
https://therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services
Cargo thieving hackers running sophisticated remote access campaigns, researchers find
https://therecord.media/cargo-thieving-hackers-running-sophisticated-campaigns
Human Trust of AI Agents
https://www.schneier.com/blog/archives/2026/04/human-trust-of-ai-agents.html
Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise
https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/
New Jersey men given lengthy sentences for running North Korean laptop farms
https://therecord.media/new-jersey-men-sentenced-north-korean-laptop-farms
Building your cryptographic inventory: A customer strategy for cryptographic posture management
https://www.microsoft.com/en-us/security/blog/2026/04/16/building-your-cryptographic-inventory-a-customer-strategy-for-cryptographic-posture-management/
HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
https://www.reddit.com/r/netsec/comments/1snem8w/haproxy_http3_http1_desync_crossprotocol/
Open dataset: 100k+ multimodal prompt injection samples with per-category academic sourcing
https://www.reddit.com/r/netsec/comments/1sn2o3v/open_dataset_100k_multimodal_prompt_injection/
Taking Maestro in Stride
https://bishopfox.com/blog/taking-maestro-in-stride
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware
https://therecord.media/aging-fly-espionage-campaign-targets-ukraine-emergency-services
Cargo thieving hackers running sophisticated remote access campaigns, researchers find
https://therecord.media/cargo-thieving-hackers-running-sophisticated-campaigns
Human Trust of AI Agents
https://www.schneier.com/blog/archives/2026/04/human-trust-of-ai-agents.html
Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise
https://www.microsoft.com/en-us/security/blog/2026/04/16/dissecting-sapphire-sleets-macos-intrusion-from-lure-to-compromise/
New Jersey men given lengthy sentences for running North Korean laptop farms
https://therecord.media/new-jersey-men-sentenced-north-korean-laptop-farms
Building your cryptographic inventory: A customer strategy for cryptographic posture management
https://www.microsoft.com/en-us/security/blog/2026/04/16/building-your-cryptographic-inventory-a-customer-strategy-for-cryptographic-posture-management/
HAProxy HTTP/3 -> HTTP/1 Desync: Cross-Protocol Smuggling via a Standalone QUIC FIN (CVE-2026-33555)
https://www.reddit.com/r/netsec/comments/1snem8w/haproxy_http3_http1_desync_crossprotocol/
Open dataset: 100k+ multimodal prompt injection samples with per-category academic sourcing
https://www.reddit.com/r/netsec/comments/1sn2o3v/open_dataset_100k_multimodal_prompt_injection/
Taking Maestro in Stride
https://bishopfox.com/blog/taking-maestro-in-stride
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Ukrainian emergency services and hospitals hit by espionage campaign using new AgingFly malware
Hackers have targeted Ukrainian hospitals and local government bodies in a new espionage campaign using a malware tool dubbed AgingFly, researchers say.
Top Security News for Today
Anomaly Detection in IEC-61850 GOOSE Networks: Evaluating Unsupervised and Temporal Learning for Real-Time Intrusion Detection
https://arxiv.org/abs/2604.14233
Sovereign 2.0: Control-Plane Sovereignty for Cloud Systems Under Disruption
https://arxiv.org/abs/2604.14242
Challenges and Future Directions in Agentic Reverse Engineering Systems
https://arxiv.org/abs/2604.14317
Head Count: Privacy-Preserving Face-Based Crowd Monitoring
https://arxiv.org/abs/2604.14250
Understanding Student Experiences with TLS Client Authentication
https://arxiv.org/abs/2604.14330
From Black Box to Glass Box: Cross-Model ASR Disagreement to Prioto Review in Ambient AI Scribe Documentation
https://arxiv.org/abs/2604.14152
Compressed-Sensing-Guided, Inference-Aware Structured Reduction for Large Language Models
https://arxiv.org/abs/2604.14156
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Anomaly Detection in IEC-61850 GOOSE Networks: Evaluating Unsupervised and Temporal Learning for Real-Time Intrusion Detection
https://arxiv.org/abs/2604.14233
Sovereign 2.0: Control-Plane Sovereignty for Cloud Systems Under Disruption
https://arxiv.org/abs/2604.14242
Challenges and Future Directions in Agentic Reverse Engineering Systems
https://arxiv.org/abs/2604.14317
Head Count: Privacy-Preserving Face-Based Crowd Monitoring
https://arxiv.org/abs/2604.14250
Understanding Student Experiences with TLS Client Authentication
https://arxiv.org/abs/2604.14330
From Black Box to Glass Box: Cross-Model ASR Disagreement to Prioto Review in Ambient AI Scribe Documentation
https://arxiv.org/abs/2604.14152
Compressed-Sensing-Guided, Inference-Aware Structured Reduction for Large Language Models
https://arxiv.org/abs/2604.14156
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
arXiv.org
Anomaly Detection in IEC-61850 GOOSE Networks: Evaluating...
The IEC-61850 GOOSE protocol underpins time-critical communication in modern digital substations but lacks native security mechanisms, leaving it vulnerable to replay, masquerade, and data...
Top Security News for Today
The Smart TV in Your Living Room Is a Node in the AI Scraping Economy
https://www.reddit.com/r/netsec/comments/1sotxf6/the_smart_tv_in_your_living_room_is_a_node_in_the/
MAD Bugs: Even "cat readme.txt" is not safe
https://www.reddit.com/r/netsec/comments/1sou4zz/mad_bugs_even_cat_readmetxt_is_not_safe/
Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook
https://www.microsoft.com/en-us/security/blog/2026/04/18/crosstenant-helpdesk-impersonation-data-exfiltration-human-operated-intrusion-playbook/
TPM 2.0 is cool, actually: hardware attestation for bare-metal fleets
https://www.reddit.com/r/netsec/comments/1sozi1e/tpm_20_is_cool_actually_hardware_attestation_for/
CVE-2026-34621 PoC isn't a scanner, it's a campaign weaponizer with 62 pre-authenticated Brazilian fintech targets
https://www.reddit.com/r/netsec/comments/1sp128h/cve202634621_poc_isnt_a_scanner_its_a_campaign/
Subject: Inquiry Regarding Localized GEM Induction via High-Frequency Plasma
https://www.reddit.com/r/netsec/comments/1spgkxy/subject_inquiry_regarding_localized_gem_induction/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
The Smart TV in Your Living Room Is a Node in the AI Scraping Economy
https://www.reddit.com/r/netsec/comments/1sotxf6/the_smart_tv_in_your_living_room_is_a_node_in_the/
MAD Bugs: Even "cat readme.txt" is not safe
https://www.reddit.com/r/netsec/comments/1sou4zz/mad_bugs_even_cat_readmetxt_is_not_safe/
Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook
https://www.microsoft.com/en-us/security/blog/2026/04/18/crosstenant-helpdesk-impersonation-data-exfiltration-human-operated-intrusion-playbook/
TPM 2.0 is cool, actually: hardware attestation for bare-metal fleets
https://www.reddit.com/r/netsec/comments/1sozi1e/tpm_20_is_cool_actually_hardware_attestation_for/
CVE-2026-34621 PoC isn't a scanner, it's a campaign weaponizer with 62 pre-authenticated Brazilian fintech targets
https://www.reddit.com/r/netsec/comments/1sp128h/cve202634621_poc_isnt_a_scanner_its_a_campaign/
Subject: Inquiry Regarding Localized GEM Induction via High-Frequency Plasma
https://www.reddit.com/r/netsec/comments/1spgkxy/subject_inquiry_regarding_localized_gem_induction/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: The Smart TV in Your Living Room Is a Node in the AI Scraping Economy
Posted by AdTemporary2475 - 2 votes and 0 comments
Top Security News for Today
FakeWallet crypto stealer spreading through iOS apps in the App Store
https://securelist.com/fakewallet-cryptostealer-ios-app-store-2/119482/
Built an ARMv4 emulator in JS — write C/C++, run real ARM binaries in the browser
https://www.reddit.com/r/lowlevel/comments/1spuz4n/built-an-armv4-emulator-in-js-write-cc-run-real/
Playing with the LANL ARCS Data Sets
http://diablohorn.com/2026/04/19/playing-with-the-lanl-arcs-data-sets/
Retrocausal capacity of a quantum channel
https://arxiv.org/abs/2509.08965
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
FakeWallet crypto stealer spreading through iOS apps in the App Store
https://securelist.com/fakewallet-cryptostealer-ios-app-store-2/119482/
Built an ARMv4 emulator in JS — write C/C++, run real ARM binaries in the browser
https://www.reddit.com/r/lowlevel/comments/1spuz4n/built-an-armv4-emulator-in-js-write-cc-run-real/
Playing with the LANL ARCS Data Sets
http://diablohorn.com/2026/04/19/playing-with-the-lanl-arcs-data-sets/
Retrocausal capacity of a quantum channel
https://arxiv.org/abs/2509.08965
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Securelist
FakeWallet crypto stealer spreading through iOS apps in the App Store
In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets.
Top Security News for Today
British hacker tied to Scattered Spider campaign pleads guilty in $8M scheme
https://therecord.media/hacker-scattered-spider-guilty-plea
FakeWallet crypto stealer spreading through iOS apps in the App Store
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
Cyberattack at French identity document agency may have exposed personal data
https://therecord.media/france-cyberattack-agency-passports
Making opportunistic cyberattacks harder by design
https://www.microsoft.com/en-us/security/blog/2026/04/20/making-opportunistic-cyberattacks-harder-by-design/
Analysis of the April 2026 Booking.com Supply Chain Breach and ClickFix Tactics
https://www.reddit.com/r/netsec/comments/1sr1z4w/analysis_of_the_april_2026_bookingcom_supply/
Vercel Breach Explained: OAuth Risk in AI + SaaS Environment
https://www.reddit.com/r/netsec/comments/1sqvz0w/vercel_breach_explained_oauth_risk_in_ai_saas/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
British hacker tied to Scattered Spider campaign pleads guilty in $8M scheme
https://therecord.media/hacker-scattered-spider-guilty-plea
FakeWallet crypto stealer spreading through iOS apps in the App Store
https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/
Cyberattack at French identity document agency may have exposed personal data
https://therecord.media/france-cyberattack-agency-passports
Making opportunistic cyberattacks harder by design
https://www.microsoft.com/en-us/security/blog/2026/04/20/making-opportunistic-cyberattacks-harder-by-design/
Analysis of the April 2026 Booking.com Supply Chain Breach and ClickFix Tactics
https://www.reddit.com/r/netsec/comments/1sr1z4w/analysis_of_the_april_2026_bookingcom_supply/
Vercel Breach Explained: OAuth Risk in AI + SaaS Environment
https://www.reddit.com/r/netsec/comments/1sqvz0w/vercel_breach_explained_oauth_risk_in_ai_saas/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
British hacker tied to Scattered Spider campaign pleads guilty in $8M scheme
A British hacker pleaded guilty in U.S. federal court to participating in a sweeping cybercrime campaign that siphoned at least $8 million in cryptocurrency from companies and individuals, federal prosecutors said.
Top Security News for Today
Cloud platform Vercel says company breached through third-party AI tool
https://therecord.media/cloud-platform-vercel-says-company-breached-through-ai-tool
Command Execution via Drag-and-Drop in Terminal Emulators
https://www.reddit.com/r/netsec/comments/1sreolc/command_execution_via_draganddrop_in_terminal/
We analysed almost 100 UK charity websites and found that ~1 in 6 are running vulnerable JavaScript dependencies.
https://www.reddit.com/r/netsec/comments/1srks4e/we_analysed_almost_100_uk_charity_websites_and/
Ukraine busts ‘bot farm’ supplying thousands of fake Telegram accounts to Russian spies
https://therecord.media/ukraine-sbu-busts-bot-farm-supplying-russian-spies
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
https://www.trendmicro.com/en_us/research/26/d/void-dokkaebi-uses-fake-job-interview-lure-to-spread-malware-via-code-repositories.html
Detection strategies across cloud and identities against infiltrating IT workers
https://www.microsoft.com/en-us/security/blog/2026/04/21/detection-strategies-cloud-identities-against-infiltrating-it-workers/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Cloud platform Vercel says company breached through third-party AI tool
https://therecord.media/cloud-platform-vercel-says-company-breached-through-ai-tool
Command Execution via Drag-and-Drop in Terminal Emulators
https://www.reddit.com/r/netsec/comments/1sreolc/command_execution_via_draganddrop_in_terminal/
We analysed almost 100 UK charity websites and found that ~1 in 6 are running vulnerable JavaScript dependencies.
https://www.reddit.com/r/netsec/comments/1srks4e/we_analysed_almost_100_uk_charity_websites_and/
Ukraine busts ‘bot farm’ supplying thousands of fake Telegram accounts to Russian spies
https://therecord.media/ukraine-sbu-busts-bot-farm-supplying-russian-spies
Void Dokkaebi Uses Fake Job Interview Lure to Spread Malware via Code Repositories
https://www.trendmicro.com/en_us/research/26/d/void-dokkaebi-uses-fake-job-interview-lure-to-spread-malware-via-code-repositories.html
Detection strategies across cloud and identities against infiltrating IT workers
https://www.microsoft.com/en-us/security/blog/2026/04/21/detection-strategies-cloud-identities-against-infiltrating-it-workers/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Cloud platform Vercel says company breached through third-party AI tool
Vercel released a statement acknowledging a breach and warning a “limited subset of customers” that their Vercel credentials were compromised.
Top Security News for Today
AI-powered defense for an AI-accelerated threat landscape
https://www.microsoft.com/en-us/security/blog/2026/04/22/ai-powered-defense-for-an-ai-accelerated-threat-landscape/
Understanding the CVE Ecosystem and NIST’s Changing Role
https://bishopfox.com/blog/understanding-the-cve-ecosystem-and-nists-changing-role
Reverse-engineering a targeted npm supply chain attack with two-stage C2 — full forensic analysis
https://www.reddit.com/r/netsec/comments/1ssmyig/reverseengineering_a_targeted_npm_supply_chain/
New Defense Department cyber strategy imminent, official says
https://therecord.media/defense-cyber-strategy-warfare
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign
https://therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users
UK cyber agency handling four major incidents a week as nation-state attacks surge
https://therecord.media/UK-cyberattacks-ncsc-china
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
AI-powered defense for an AI-accelerated threat landscape
https://www.microsoft.com/en-us/security/blog/2026/04/22/ai-powered-defense-for-an-ai-accelerated-threat-landscape/
Understanding the CVE Ecosystem and NIST’s Changing Role
https://bishopfox.com/blog/understanding-the-cve-ecosystem-and-nists-changing-role
Reverse-engineering a targeted npm supply chain attack with two-stage C2 — full forensic analysis
https://www.reddit.com/r/netsec/comments/1ssmyig/reverseengineering_a_targeted_npm_supply_chain/
New Defense Department cyber strategy imminent, official says
https://therecord.media/defense-cyber-strategy-warfare
North Korean hackers siphon more than $12 million from crypto users in sprawling campaign
https://therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users
UK cyber agency handling four major incidents a week as nation-state attacks surge
https://therecord.media/UK-cyberattacks-ncsc-china
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Microsoft News
AI-powered defense for an AI-accelerated threat landscape
Read how Microsoft is partnering with Anthropic and broader industry to use leading models, paired with our platforms and expertise, to turn AI-driven discovery into protection at scale.
Top Security News for Today
FBI Extracts Deleted Signal Messages from iPhone Notification Database
https://www.schneier.com/blog/archives/2026/04/fbi-extracts-deleted-signal-messages-from-iphone-notification-database.html
Medical data on 500,000 Britons put on sale on Alibaba
https://therecord.media/medical-data-on-500000-britons-put-on-sale-alibaba
House Republicans unveil data privacy law that would override state protections
https://therecord.media/house-republicans-unveil-data-privacy-law-override-state-measures
Trump’s pick for CISA director withdraws from consideration
https://therecord.media/trump-pick-to-lead-cisa-withdraws-from-consideration
China-linked hackers target Mongolian government using Slack, Discord
https://therecord.media/china-linked-hackers-target-mongolian-gov-slack-discord
CISA: US agency breached through Cisco vulnerability
https://therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
FBI Extracts Deleted Signal Messages from iPhone Notification Database
https://www.schneier.com/blog/archives/2026/04/fbi-extracts-deleted-signal-messages-from-iphone-notification-database.html
Medical data on 500,000 Britons put on sale on Alibaba
https://therecord.media/medical-data-on-500000-britons-put-on-sale-alibaba
House Republicans unveil data privacy law that would override state protections
https://therecord.media/house-republicans-unveil-data-privacy-law-override-state-measures
Trump’s pick for CISA director withdraws from consideration
https://therecord.media/trump-pick-to-lead-cisa-withdraws-from-consideration
China-linked hackers target Mongolian government using Slack, Discord
https://therecord.media/china-linked-hackers-target-mongolian-gov-slack-discord
CISA: US agency breached through Cisco vulnerability
https://therecord.media/cisa-us-agency-breached-cisco-vulnerability-backdoor
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Schneier on Security
FBI Extracts Deleted Signal Messages from iPhone Notification Database - Schneier on Security
404 Media reports (alternate site): The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database….…
Top Security News for Today
Toronto police arrest three in Canada’s first mobile SMS blaster case
https://therecord.media/canada-sms-blaster-cybercriminals
Norway's prime minister proposes ban on social media access for young teens
https://therecord.media/norway-prime-minister-proposes-social-media-ban-for-young-teens
Pentagon grapples with securing AI as it moves toward autonomous warfare
https://therecord.media/pentagon-grapples-with-securing-ai-as-it-moves-towards-autonomous-warfare
ADT says customer data stolen in cyber intrusion
https://therecord.media/ADT-data-breach-cyberattack
What Really Happened In There? A Tamper-Evident Audit Trail for AI Agents
https://www.reddit.com/r/netsec/comments/1suaupb/what_really_happened_in_there_a_tamperevident/
Hiding Bluetooth Trackers in Mail
https://www.schneier.com/blog/archives/2026/04/hiding-bluetooth-trackers-in-mail.html
Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes
https://www.reddit.com/r/netsec/comments/1suh47t/cohere_terrarium_cve20265752_and_openai_codex_cli/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Toronto police arrest three in Canada’s first mobile SMS blaster case
https://therecord.media/canada-sms-blaster-cybercriminals
Norway's prime minister proposes ban on social media access for young teens
https://therecord.media/norway-prime-minister-proposes-social-media-ban-for-young-teens
Pentagon grapples with securing AI as it moves toward autonomous warfare
https://therecord.media/pentagon-grapples-with-securing-ai-as-it-moves-towards-autonomous-warfare
ADT says customer data stolen in cyber intrusion
https://therecord.media/ADT-data-breach-cyberattack
What Really Happened In There? A Tamper-Evident Audit Trail for AI Agents
https://www.reddit.com/r/netsec/comments/1suaupb/what_really_happened_in_there_a_tamperevident/
Hiding Bluetooth Trackers in Mail
https://www.schneier.com/blog/archives/2026/04/hiding-bluetooth-trackers-in-mail.html
Cohere Terrarium (CVE-2026-5752) and OpenAI Codex CLI (CVE-2025-59532): a cross-CVE analysis of AI code sandbox escapes
https://www.reddit.com/r/netsec/comments/1suh47t/cohere_terrarium_cve20265752_and_openai_codex_cli/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
therecord.media
Toronto police arrest three in Canada’s first mobile SMS blaster case
Canadian police arrested three men over the use of a mobile “SMS blaster,” a device capable of impersonating a cellular tower to send mass phishing messages and disrupt mobile networks.
Top Security News for Today
STIX Visualizer — Threat Intelligence Graph Explorer
https://www.reddit.com/r/netsec/comments/1sv17v2/stix_visualizer_threat_intelligence_graph_explorer/
Large-scale security audit of 1,764 "vibe-coded" apps: 7% have wide-open Supabase DBs, 15% of Bolt apps ship hardcoded API keys, plus IDOR and zero-auth APIs
https://www.reddit.com/r/netsec/comments/1sv6gty/largescale_security_audit_of_1764_vibecoded_apps/
Attempting to evade an AI SOC with offensive agents
https://www.reddit.com/r/netsec/comments/1svfqfe/attempting_to_evade_an_ai_soc_with_offensive/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
STIX Visualizer — Threat Intelligence Graph Explorer
https://www.reddit.com/r/netsec/comments/1sv17v2/stix_visualizer_threat_intelligence_graph_explorer/
Large-scale security audit of 1,764 "vibe-coded" apps: 7% have wide-open Supabase DBs, 15% of Bolt apps ship hardcoded API keys, plus IDOR and zero-auth APIs
https://www.reddit.com/r/netsec/comments/1sv6gty/largescale_security_audit_of_1764_vibecoded_apps/
Attempting to evade an AI SOC with offensive agents
https://www.reddit.com/r/netsec/comments/1svfqfe/attempting_to_evade_an_ai_soc_with_offensive/
Follow Top Cyber News at https://t.me/TopCyberTechNews Feel free to DM me at https://twitter.com/ShayaFeedman
Reddit
From the netsec community on Reddit: STIX Visualizer — Threat Intelligence Graph Explorer
Explore this post and more from the netsec community
❤1