Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads A packaging error in Anthropic’s Claude Code npm release briefly exposed internal source code. This entry examines how threat actors rapidly weaponized the resulting attention, pivoting an existing…

Weaponizing Trust Signals: Claude Code Lures and GitHub Release Payloads www.trendmicro.com/en_us/resear...

Scientists Gave a Bunch of Salmon Cocaine. This Is What Happened Next. Salmon exposed to cocaine and its byproduct swam farther than unexposed fish, raising alarms about drug pollution in aquatic ecosystems.

Scientists Gave a Bunch of Salmon Cocaine. This Is What Happened Next. www.404media.co/scientists-g...

DIY Weather Stations Report In From Chernobyl You’re probably not going to hang out around Chernobyl any time soon. Still, knowing the conditions there can both satisfy your curiosity and provide scientific value. To that end, [Yury Ilyi…

DIY Weather Stations Report In From Chernobyl hackaday.com/2026/04/20/d...

Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution Google’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection.

Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution cyberscoop.com/google-antig...

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities CISA expanded the KEV catalog with eight flaws, but five of them have been flagged as exploited before.

Organizations Warned of Exploited Cisco, Kentico, Zimbra Vulnerabilities www.securityweek.com/organization...

Italian regulator fines national postal service orgs $15 million for data privacy violations The regulator fined Poste Italiane SpA, the postal service provider, €6.6 million ($7.8 million) and Postepay SpA, a digital payments subsidiary, €5.9 million ($7 million) for allegedly illegally…

Italian regulator fines national postal service orgs $15 million for data privacy violations therecord.media/italian-regu...

I tried to wipe my digital footprint without paying for a data removal service - 5 free ways It may take a while, but it's possible to remove your personal data from the internet via deletion tools and helpful government resources.

Wipe your digital footprint without paying for a data removal service - 5 free ways www.zdnet.com/article/free...

CISA warns organizations of supply chain compromise in Axios npm package delivering remote access trojan - Industrial Cyber CISA issues alert warning organizations of supply chain compromise in Axios npm package delivering remote access trojan.

CISA warns organizations of supply chain compromise in Axios npm package delivering remote access trojan - Industrial Cyber industrialcyber.co/cisa/cisa-wa...

Mythos can find the vulnerability. It can't tell you what to do about it. Anthropic’s Mythos model marks a leap in AI-assisted vulnerability discovery, but is it a security game-changer? Andesite CTO Alex Thaman breaks down the real enterprise challenge: operationalizing…

Mythos can find the vulnerability. It can't tell you what to do about it. cyberscoop.com/anthropic-my...

The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops Iran is playing a game of "cyber hide-and-seek" by using radical personas to mask state-level attacks, allowing them to hit US infrastructure without starting an official war.

The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops www.csoonline.com/article/4160...

Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility Bluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption.

Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility securityaffairs.com/191059/secur...

Trellix researchers analyse PureRAT, a multi-stage fileless RAT utilizing steganography & process hollowing. The modular architecture allows operators to deploy specialized plugins for environmental monitoring, keylogging, or remote desktop access on demand. www.trellix.com/blogs/resear...

Chinese tech workers are starting to train their AI doubles–and pushing back A viral GitHub project that claims to clone coworkers into a reusable AI skill is forcing Chinese tech workers to confront deeper fears.

Chinese tech workers are starting to train their AI doubles–and pushing back www.technologyreview.com/2026/04/20/1...

Context – AI agents that get smarter every week Context deploys agents inside your enterprise systems. They execute real workflows, learn from your team's corrections, and measurably improve.

Vercel Breach Linked to Context.ai, ShinyHunters Says It’s Not Involved hackread.com/vercel-breac...

France’s ANTS ID System website hit by cyberattack, possible data breach A cyberattack hit France’s ANTS website, possibly exposing personal data from users applying for IDs, passports, and driver’s licenses.

France’s ANTS ID System website hit by cyberattack, possible data breach securityaffairs.com/191069/data-...

Lovable denies data leak, cites 'intentional behavior' UPDATED: A lesson in how not to respond to vulnerability reports

Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus www.theregister.com/2026/04/20/l...

Musk snubs Paris prosecutors in Grok child sexual images investigation as US DOJ refuses to assist Musk failed to appear before Paris prosecutors investigating Grok's estimated 23,000 child sexual images, as the US DOJ refused to cooperate with the French probe.

Musk fails to appear before Paris prosecutors investigating Grok’s generation of child sexual images thenextweb.com/news/musk-gr...

Iran claims US used backdoors in networking equipment : And China is loving it

Iran claims US used backdoors to knock out networking equipment during war www.theregister.com/2026/04/21/i...

NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience The National Cyber Security Centre has shared an update of its resilience-building efforts for the NHS

NCSC Outlines Coordinated Plan to Boost NHS Cyber Resilience www.infosecurity-magazine.com/news/ncsc-pl...

How Engineers Kick-Started the Scientific Method Francis Bacon was inspired by the inventors of his day

How Engineers Kick-Started the Scientific Method spectrum.ieee.org/francis-baco...

Beyond IT: Cybersecurity is a strategic business risk Why cybersecurity now demands C-suite attention and accountability.

Beyond IT: Cybersecurity is a strategic business risk www.cybersecuritydive.com/spons/beyond...

DIY UPS Keeps Home Assistant Running If you put a bunch of computers in charge of your house, it’s generally desirable to ensure their up-time is as close to 100% as possible. An uninterruptible power supply can help in this reg…

DIY UPS Keeps Home Assistant Running hackaday.com/2026/04/19/d...

Modded Server PSU Provides Plenty Of Current Most makers find themselves in need of a benchtop power supply at some point or another. Basic models can be had relatively cheaply, but as your current demands go higher, so does the price. [Danil…

Modded Server PSU Provides Plenty of Current hackaday.com/2026/04/19/m...

Apple account change alerts abused to send phishing emails Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them…

Apple account change alerts abused to send phishing emails www.bleepingcomputer.com/news/securit...

Securing Packaged Systems www.listennotes.com/e/5bdc2f3432...

AI vendors' response to security flaws: It wasn't me OPINION: Passing the buck, and the blame, down the road shows lack of AI companies' maturity

I meant to do that! AI vendors shrug off responsibility for vulns www.theregister.com/2026/04/19/a...

Prompt injection proves AI models are gullible like humans kettle: Aren't we all just prompting tokens of linguistic meaning and hoping the other person isn't bullshitting us?

Just like phishing for gullible humans, prompt injecting AIs is here to stay www.theregister.com/2026/04/19/j...

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed.

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers www.securityweek.com/hackers-fail...

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption The continued use of the half-century-old protocol exposes enterprises and end users to various types of attacks.

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption www.securityweek.com/half-of-the-...

Eight Years In, the Industry is Catching Up to the Threat: The 2026 Buyers’ Guide - Industrial Cyber Eight years in, the industry is finally beginning to catch up with evolving threat landscape, as highlighted in 2026 Buyers’ Guide.

Eight Years In, the Industry is Catching Up to the Threat: The 2026 Buyers’ Guide industrialcyber.co/features/eig...