Latest Cybersecurity News

SecurityWeekApr 20, 20262m5

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed.

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

The Hacker News

The Hacker NewsApr 20, 20264m5

Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

ZionSiphon detected June 29, 2025 targets Israeli water OT systems, escalating geopolitical cyber risk.

Handling the CVE Flood With EPSS, (Mon, Apr 20th)

SANS ISC

Handling the CVE Flood With EPSS, (Mon, Apr 20th)

Every morning, security people around the world face the same ritual: opening their vulnerability feed to find a lot of new CVE entries that appeared overnight. Over the past decade, this flood has become a defining challenge of modern defensive security. Some numbers[1]:

SANS ISCApr 20, 20261m5

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

The Hacker News

The Hacker NewsApr 20, 20263m5

Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Context.ai breach enabled Google Workspace takeover at Vercel, exposing limited customer credentials and prompting $2M data sale claim.

ISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898, (Mon, Apr 20th)

SANS ISC

ISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898, (Mon, Apr 20th)

No description available.

SANS ISCApr 20, 20261m5

Vercel confirms breach as hackers claim to be selling stolen data

BleepingComputerApr 19, 20263m5

Vercel confirms breach as hackers claim to be selling stolen data

Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data.

Apple account change alerts abused to send phishing emails

BleepingComputerApr 19, 20264m5

Apple account change alerts abused to send phishing emails

Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters.

NIST to stop rating non-priority flaws due to volume increase

BleepingComputerApr 19, 20263m5

NIST to stop rating non-priority flaws due to volume increase

The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes.

Critical flaw in Protobuf library enables JavaScript code execution

BleepingComputerApr 18, 20263m5

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers.

Microsoft Teams right-click paste broken by Edge update bug

BleepingComputerApr 18, 20262m5

Microsoft Teams right-click paste broken by Edge update bug

Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client.

NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support

BleepingComputerApr 18, 20266m5

NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support

NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection.

Tycoon 2FA Loses Phishing Kit Crown Amid Surge in Attacks

SecurityWeek