A week in security (April 13 - April 19) A list of topics we covered in the week of April 13 to April 19 of 2026

A week in security (April 13 – April 19) #cybersecurity #hacking #news #infosec #security #technology #privacy

Critical flaw in Protobuf library enables JavaScript code execution Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google's Protocol Buffers.

Critical flaw in Protobuf library enables JavaScript code execution #cybersecurity #hacking #news #infosec #security #technology #privacy

Vercel confirms breach as hackers claim to be selling stolen data Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data.

Vercel confirms breach as hackers claim to be selling stolen data #cybersecurity #hacking #news #infosec #security #technology #privacy

NIST to stop rating non-priority flaws due to volume increase The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes.

NIST to stop rating non-priority flaws due to volume increase #cybersecurity #hacking #news #infosec #security #technology #privacy

Microsoft Teams right-click paste broken by Edge update bug Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client.

Microsoft Teams right-click paste broken by Edge update bug #cybersecurity #hacking #news #infosec #security #technology #privacy

Every Old Vulnerability Is Now an AI Vulnerability AI's danger isn't that it's creating new bugs, it's that it's amplifying old ones.

Every Old Vulnerability Is Now an AI Vulnerability #cybersecurity #hacking #news #infosec #security #technology #privacy

CISA flags Apache ActiveMQ flaw as actively exploited in attacks CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years.

CISA flags Apache ActiveMQ flaw as actively exploited in attacks #cybersecurity #hacking #news #infosec #security #technology #privacy

It Takes 2 Minutes to Hack the EU’s New Age-Verification App Plus: Major data breaches at a gym chain and hotel giant, a disruptive DDoS attack against Bluesky, dubious ICE hires, and more.

It Takes 2 Minutes to Hack the EU’s New Age-Verification App #cybersecurity #hacking #news #infosec #security #technology #privacy

FAA Scraps Civil and Criminal Penalties for Flying Drones Near ICE Vehicles #cybersecurity #hacking #news #infosec #security #technology #privacy www.404media.co/faa-...

Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops In cybercrime markets, trust isn't assumed, it's verified. Flare reveals how underground guides teach actors to evaluate carding shops based on data quality, reputation, and survivability.

Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops #cybersecurity #hacking #news #infosec #security #technology #privacy

NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support NAKIVO Inc. announced the general availability of NAKIVO Backup & Replication v11.2, focused on fast, reliable, and proactive data protection.

NAKIVO v11.2: Ransomware Defense, Faster Replication, vSphere 9, and Proxmox VE 9.0 Support #cybersecurity #hacking #news #infosec #security #technology #privacy

Payouts King ransomware uses QEMU VMs to bypass endpoint security The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security.

Payouts King ransomware uses QEMU VMs to bypass endpoint security #cybersecurity #hacking #news #infosec #security #technology #privacy

Babies Born from Dead Parents Will Increase with New Tech. Are We Ready? #cybersecurity #hacking #news #infosec #security #technology #privacy www.404media.co/babi...

Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery Cyberattacks are evolving faster than many MSP and corporate defenses can keep up, with phishing driving much of today's cybercrime. Join our upcoming webinar to learn how to combine security and recovery strategies to reduce risk and maintain business continuity.

Webinar: From phishing to fallout — Why MSPs must rethink both security and recovery #cybersecurity #hacking #news #infosec #security #technology #privacy

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

Grinex exchange blames "Western intelligence" for $13.7M crypto hack Kyrgyzstan-based cryptocurrency exchange Grinex has suspended its operations after suffering a $13.7 million hack attributed to Western intelligence agencies.

Grinex exchange blames "Western intelligence" for $13.7M crypto hack #cybersecurity #hacking #news #infosec #security #technology #privacy

How NIST's Cutback of CVE Handling Impacts Cyber Teams Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.

How NIST's Cutback of CVE Handling Impacts Cyber Teams #cybersecurity #hacking #news #infosec #security #technology #privacy

Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs The Maritime Transportation Security Act (MTSA) requires plans to protect OT systems, audits by independent third parties, and a hybrid OT-security role.

Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs #cybersecurity #hacking #news #infosec #security #technology #privacy

Ransomware attack continues to disrupt healthcare in London nearly two years later #cybersecurity #hacking #news #infosec #security #technology #privacy therecord.media/rans...

Microsoft: Some Windows servers enter reboot loops after April patches Microsoft warns that some Windows domain controllers are entering restart loops after installing the April 2026 security updates.

Microsoft: Some Windows servers enter reboot loops after April patches #cybersecurity #hacking #news #infosec #security #technology #privacy

Microsoft's Original Windows Secure Boot Certificate Is Expiring The Secure Boot refresh is one of the largest coordinated security maintenance efforts across the Windows ecosystem, Microsoft said. Update those PCs soon.

Microsoft's Original Windows Secure Boot Certificate Is Expiring #cybersecurity #hacking #news #infosec #security #technology #privacy

Four arrested in latest ‘PowerOFF’ DDoS-for-hire takedown #cybersecurity #hacking #news #infosec #security #technology #privacy therecord.media/ddos...

Man gets 30 months for selling thousands of hacked DraftKings accounts 23-year-old Kamerin Stokes of Memphis, Tennessee, was sentenced to 30 months in prison for selling access to tens of thousands of hacked DraftKings accounts.

Man gets 30 months for selling thousands of hacked DraftKings accounts #cybersecurity #hacking #news #infosec #security #technology #privacy

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

Have I Been Pwned: Amtrak Data Breach In April 2026, the hacking group ShinyHunters claimed they had breached Amtrak. The group typically compromises organisations' Salesforce instances before demanding a ransom and later, if not paid, dumping the data publicly. They subsequently published the alleged data which contained over 2M unique email addresses along with names, physical addresses and customer support records.

Amtrak - 2,147,679 breached accounts #cybersecurity #hacking #news #infosec #security #technology #privacy

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul #cybersecurity #hacking #news #infosec #security #technology #privacy thehackernews.com/20...

Cisco says critical Webex Services flaw requires customer action Cisco has released security updates to patch four critical vulnerabilities, including a fixed improper certificate validation flaw in the company's cloud-based Webex Services platform that requires further customer action.

Cisco says critical Webex Services flaw requires customer action #cybersecurity #hacking #news #infosec #security #technology #privacy

Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance A post-midnight revolt in the House sank the White House's efforts to extend Section 702—a spy program the FBI has used to look into members of Congress, protesters, and political donors.

Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance #cybersecurity #hacking #news #infosec #security #technology #privacy

Operation PowerOFF identifies 75k DDoS users, takes down 53 domains The latest wave of "Operation PowerOFF," on April 13, 2026, targeted the distributed denial-of-service (DDoS) ecosystem and its users across 21 countries.

Operation PowerOFF identifies 75k DDoS users, takes down 53 domains #cybersecurity #hacking #news #infosec #security #technology #privacy