Vercel April 2026 security incident | Vercel Knowledge Base We’ve identified a security incident that involved unauthorized access to certain internal Vercel systems.

In other Sunday news, cloud app giant Vercel says it's been hacked that involved "unauthorized access to certain internal Vercel systems." Some customers' affected, though it's not clear if any data was taken. Doesn't say what the security incident is, though, exactly. Unclear if Vercel yet knows.

this week in security — april 19 2026 edition Lawmakers punt on FISA spy vote, Sweden blames Russia for power plant hack, Madison Square Garden's creepy surveillance, Adobe fixes PDF hack, and more.

Here's my latest this.weekinsecurity.com, with stories on Madison Square Garden's creepy surveillance, how a Norwegian telco leaked customers' location data, a giant spy tower on the Mexico-Texas border, and more. Plus: find out why someone put Doom on a toaster.

(For the record, Toby did nothing.)

my tabby cat Toby laying on a blanket looking very handsome.

Here is Toby "helping" me write this week's edition of my cybersecurity newsletter. Sign up before it goes out later this morning! this.weekinsecurity.com

How hackers are helping criminal gangs hijack truck deliveries Cargo hijackings are on the rise, as cybercriminals use remote access tools to track and divert large shipments of high-end goods from delivery trucks around the world.

For this.weekinsecurity.com, I wrote about how hackers are helping criminal gangs hijack and steal delivery trucks packed full of consumer goods — from vapes to lobster meat heists, to potentially 12 tons of KitKat bars.

It's a growing but underreported problem. I explain more for subscribers. ❤️

How hackers are helping criminal gangs hijack truck deliveries Cargo hijackings are on the rise, as cybercriminals use remote access tools to track and divert large shipments of high-end goods from delivery trucks around the world.

For this.weekinsecurity.com, I wrote about how hackers are helping criminal gangs hijack and steal delivery trucks packed full of consumer goods — from vapes to lobster meat heists, to potentially 12 tons of KitKat bars.

It's a growing but underreported problem. I explain more for subscribers. ❤️

Man who hacked US Supreme Court filing system sentenced to probation | TechCrunch Nicholas Moore hacked into three U.S. government networks using stolen credentials, and then bragged about it and posted victims' personal data on Instagram under the handle @ihackedthegovernment.

NEW: Nicholas Moore, who hacked the U.S. Supreme Court's document filing system and two other government agencies, was sentenced to one year of probation.

“I made a mistake,” Moore reportedly said during the sentencing hearing. “I am truly sorry. I respect laws, and I want to be a good citizen.”

jfc... i'm going to have to make a whole new, separate post...!

Do NOT give Sam Altman any of your personal information. You do not know wha...

I don't know who needs to hear this — anyone? everyone? — but whatever you do, do NOT give Sam Altman your eyeballs. You will never get them back and you have no idea what he'll do with them. If anyone asks you for your eyeballs, you should run away as far and as fast as you can.

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch A security researcher published details of three security vulnerabilities in Windows Defender, and the code used to exploit them. Now, hackers are taking advantage of the vulnerabilities in real-life ...

NEW: Hackers are exploiting unpatched Windows vulnerabilities that were disclosed publicly by a disgruntled researcher.

The researcher published code to exploit these bugs on GitHub. Now someone else has taken the code and used it in at least one attack in the wild, according to a security firm.

With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance | TechCrunch Some lawmakers are calling for widespread reforms following years of surveillance scandals and abuses across successive U.S. administrations. But even if the spy law known as Section 702 expires in Ap...

A weird legal quirk means that even if Section 702 expires on Monday (and at this rate, it probably will), the U.S. government can *still* carry on its surveillance programs until March 2027, unless Congress actively intervenes before then.

With US spy laws set to expire, lawmakers are split over protecting Americans from warrantless surveillance | TechCrunch Some lawmakers are calling for widespread reforms following years of surveillance scandals and abuses across successive U.S. administrations. But even if the spy law known as Section 702 expires in Ap...

I wrote some words for TechCrunch about Section 702, the U.S. government's warrantless surveillance law that is set to expire on Monday.

A bipartisan pro-privacy group of lawmakers are calling for passing major reforms that they say are “essential” for protecting the privacy rights of Americans.

The Shocking Secrets of Madison Square Garden's Surveillance Machine Famously vengeful Knicks owner Jim Dolan has long spied on people at his iconic arenas. WIRED goes deep inside the operation that allegedly tracked a trans woman, lawyers, protesters, and more.

NEW: @noahshachtman.bsky.social and @robertsilverman.bsky.social take a deep dive for @wired.com into Knicks owner Jim Dolan's invasive surveillance machine that has allegedly tracked a trans woman, lawyers, protesters, and more at Madison Square Garden: www.wired.com/story/madiso...

Brussels launched an age checking app. Hackers say it takes 2 minutes to break it. Cyber experts say they have found holes in Brussels’ age verification app, despite claims by the EU executive that it is “technically ready.”

Embarrassing times for the European Commission after security researchers found flaws within minutes of using its age verification app. www.politico.eu/article/eu-b...

(ICYMI: I have a blog post on why age verification laws are a bad idea to begin with: this.weekinsecurity.com/papers-pleas...)

European police email 75,000 people asking them to stop DDoS attacks | TechCrunch Europol coordinated an operation against for-hire distributed denial-of-service (DDoS) services, including the arrest of four people and the takedown of 53 domains.

NEW: Cops send emails and letters to hackers: please stop hackin'.

techcrunch.com/2026/04/16/e...

Exclusive: Fashion retailer Express left customers' personal data and order details exposed to the internet Retail giant Express was publicly spilling customer information to the open web. The bug is now fixed after TechCrunch alerted Express, but the company would not say if it plans to notify customers.

NEW, by me: Fashion retailer Express exposed customers' personal information and order details to the web for anyone to view. Some customer order pages had already been listed in search engine results.

The bug is now fixed after we alerted the company, but wouldn't say if it would notify customers.

Where the DOGE Operatives Are Now WIRED tracked down some of the most prominent figures of last year’s DOGE invasion. Here's where they are now—in government and beyond.

WIRED tracked down some of the most prominent figures of last year’s DOGE invasion. Here's where they are now—in government and beyond. www.wired.com/story/where-...

Sweden blames Russian hackers for attempting 'destructive' cyberattack on thermal plant | TechCrunch Sweden's minister for civil defense said Russian hackers are "now attempting destructive cyber attacks against organizations in Europe."

NEW, by me: Sweden has blamed Russian government-linked hackers for attempting a destructive cyber attack on a thermal plant in western Sweden in 2025.

The cyberattack failed, but it's the latest in a string of Russia-linked incidents targeting critical infrastructure in Europe in recent years.

here's how the FBI extracted deleted Signal messages from an iPhone:

Watch more about this, and subscribe, here: www.youtube.com/watch?v=qNUO...

The FCC just saved Netgear from its router ban for no obvious reason How did Netgear do it? Nobody’s saying.

The US router ban has only gotten more ridiculous now that Netgear is suddenly, inexplicably exempt.

Here's why:
www.theverge.com/tech/911888/...

Microsoft drops its second-largest monthly batch of defects on record The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information.

The vendor disclosed one actively exploited zero-day vulnerability in Microsoft Office SharePoint that allows attackers to view information and make changes to disclosed information. via @mattkapko.com cyberscoop.com/microsoft-pa...

Someone planted backdoors in dozens of WordPress plugins used in thousands of websites | TechCrunch Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

Notifications for deleted shouldn't remain in any OS notification database, and we've asked Apple to address this.

In the meantime, you can prevent any preview text from your Signal messages from appearing in your notifications.

Signal Settings > Notifications > Show “No Name or Content”

Robert J. Hansen thoughts on post quantum crypto (really more on the state of quantum computing): lists.gnupg.org/pipermail/gn...

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch It's not clear how many people were compromised by this hacking campaign, but a security researcher said the hackers were targeting victims since at least November 2025.

New, by me: Adobe has fixed a bug in its flagship PDF readers that hackers have been abusing for at least four months to break into people's Windows and macOS computers and steal data.

A security researcher who discovered the hacks said it works by tricking victims into opening a malicious PDF.

Booking.com confirms hackers accessed customers' data | TechCrunch The travel giant notified customers that their personal data, including names, emails, physical addresses, phone numbers may have been accessed in a security incident.

NEW: Booking says hackers accessed customers’ personal data, including names, emails, physical addresses, phone numbers, and booking details.

The company refused to say how many customers' were affected by this incident.

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch The data breach at Anodot, which affects customers like Rockstar Games, is the latest hack aimed at stealing data from a large number of corporate giants.

New, by me: Rockstar Games has confirmed it is one of the companies affected by a hack at Anodot.

My weekly cybersecurity news fix from the inimitable @zackwhittaker.com .

thank you!

What Procrastination Really Feels Like GIF Alt: an animated GIF of Moss on the IT Crowd typing at a computer while a fire burns in the foreground.

Cue to a live shot me of me sending out my casual weekly newsletter while news chaos breaks in the actual world.

this week in security — april 12 2026 edition Russia mass-hacking routers, Iran hacking critical infrastructure, Microsoft locked out developers from accounts, U.S. spyware maker sentenced, and more.

Today in this.weekinsecurity.com: FBI nukes Russia's router botnet, Iran hackers targeting US critical infrastructure, a major hack hits Anadot customers, and a health records giant ransomware'd. Plus: stick around for a raccoon hacker stealing outsourced data, and a new reader-submitted cybercat.