Latest Cybersecurity News

Vercel Employee's AI Tool Access Led to Data Breach

Dark Reading

Dark ReadingApr 20, 20261m4

Vercel Employee's AI Tool Access Led to Data Breach

Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher noted.

Serial-to-IP Devices Hide Thousands of Old and New Bugs

Dark Reading

Dark ReadingApr 20, 20261m4

Serial-to-IP Devices Hide Thousands of Old and New Bugs

The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.

The Gentlemen ransomware now uses SystemBC for bot-powered attacks

BleepingComputerApr 20, 20264m3

The Gentlemen ransomware now uses SystemBC for bot-powered attacks

A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate.

Seiko USA website defaced as hacker claims customer data theft

BleepingComputerApr 20, 20262m3

Seiko USA website defaced as hacker claims customer data theft

The Seiko USA website was defaced over the weekend, displaying a message from attackers claiming they stole its Shopify customer database and threatening to leak it unless a ransom is paid.

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

The Hacker News

The Hacker NewsApr 20, 20263m4

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server compromise.

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

SecurityWeek

SecurityWeekApr 20, 20263m4

Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking

Forescout researchers discovered 20 new vulnerabilities in Lantronix and Silex products and described theoretical attack scenarios.

Microsoft: Teams increasingly abused in helpdesk impersonation attacks

BleepingComputerApr 20, 20263m3

Microsoft: Teams increasingly abused in helpdesk impersonation attacks

Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks.

WhatsApp Leaks User Metadata to Attackers

Dark Reading

Dark ReadingApr 20, 20261m5

WhatsApp Leaks User Metadata to Attackers

Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.

The backup myth that is putting businesses at risk

BleepingComputerApr 20, 20266m3

The backup myth that is putting businesses at risk

Backups protect data, but don't keep your business running during downtime. Datto shows why BCDR is essential to keep operations running during ransomware and outages.

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

The Hacker News

The Hacker NewsApr 20, 202622m4

⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday cybersecurity recap on evolving threats, trusted tool abuse, stealthy in-memory attacks, and shifting access patterns.

British Scattered Spider hacker pleads guilty to crypto theft charges

BleepingComputerApr 20, 20263m3

British Scattered Spider hacker pleads guilty to crypto theft charges

A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft.

British Scattered Spider Hacker Pleads Guilty in the US

SecurityWeek