Tag Archives: it security

NCSC: Leave passwords in the past – passkeys are the future
April 23, 2026

Passkeys are the more secure and user-friendly login method and should be the default authentication...

Defending against China-nexus covert networks of compromised devices
April 23, 2026

Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure,...

Executive Summary: Defending against China-nexus covert networks of compromised devices
April 23, 2026

Organisations should map and baseline their edge device traffic, especially VPN and remote access connections,...

International cyber agencies share fresh advice to defend against China-linked covert networks
April 23, 2026

New advisory highlights how to defend against attacker tactics believed to be used by China-linked...

Supporting AI adoption for UK cyber defence
April 23, 2026

Adopting AI will require time, the development of new capabilities and careful oversight. ...

Project Glasswing Proved AI Can Find the Bugs. Who’s Going to Fix Them?

Last week, Anthropic announced Project Glasswing, an AI model so effective at discovering software vulnerabilities...

23
Apr
China-Linked GopherWhisper Infects 12 Mongolian Government Systems with Go Backdoors

Mongolian governmental institutions have emerged as the target of a previously undocumented China-aligned advanced persistent...

23
Apr
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach

Vercel on Wednesday revealed that it has identified an additional set of customer accounts that...

23
Apr
Apple Patches iOS Flaw That Stored Deleted Signal Notifications in FBI Forensic Case

Apple has rolled out a software fix for iOS and iPadOS to address a Notification...

23
Apr
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository....

22
Apr
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad...

22
Apr
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API

The threat actor known as Harvester has been attributed to a new Linux version of...

22
Apr
World-first NCSC-engineered device secures vulnerable display links
April 22, 2026

SilentGlass, a plug-and-play device, actively blocks any unexpected or malicious HDMI and Display Port connections....

Lotus Wiper Malware Targets Venezuelan Energy Systems in Destructive Attack

Cybersecurity researchers have discovered a previously undocumented data wiper that has been used in attacks...

22
Apr
Toxic Combinations: When Cross-App Permissions Stack into Risk

On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents,...

22
Apr
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug

Microsoft has released out-of-band updates to address a security vulnerability in ASP.NET Core that could...

22
Apr
Mustang Panda’s New LOTUSLITE Variant Targets India Banks, South Korea Policy Circles

Cybersecurity researchers have discovered a new variant of a known malware called LOTUSLITE that’s distributed...

22
Apr
Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

A critical security vulnerability has been disclosed in a Python-based sandbox called Terrarium that could...

22
Apr
SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy...

21
Apr
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters

Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix...

21
Apr
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting...

21
Apr
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour...

21
Apr
New cross domain guidance for government, industry and the wider security community
April 21, 2026

Ensuring cross domain technologies are better understood – and more easily deployed – across sectors....

Cyber chief: UK faces “perfect storm” for cyber security
April 21, 2026

As the technology landscape develops, the definition of cyber security is expanding with it....

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply...

21
Apr
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

Cybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has...

21
Apr
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Cybersecurity researchers have discovered a vulnerability in Google’s agentic integrated development environment (IDE), Antigravity, that...

21
Apr
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to...

21
Apr
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result...

20
Apr
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday’s recap shows the same pattern in different places. A third-party tool becomes a way...

20
Apr