Monthly Archives: April 2026

SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

Threat actors associated with The Gentlemen ransomware‑as‑a‑service (RaaS) operation have been observed attempting to deploy...

21
Apr
22 BRIDGE:BREAK Flaws Expose 20,000 Lantronix and Silex Serial-to-IP Converters

Cybersecurity researchers have identified 22 new vulnerabilities in popular models of serial-to-IP converters from Lantronix...

21
Apr
Ransomware Negotiator Pleads Guilty to Aiding BlackCat Attacks in 2023

A third individual who was employed as a ransomware negotiator has pleaded guilty to conducting...

21
Apr
5 Places where Mature SOCs Keep MTTR Fast and Others Waste Time

Security teams often present MTTR as an internal KPI. Leadership sees it differently: every hour...

21
Apr
Cyber chief: UK faces “perfect storm” for cyber security
April 21, 2026

As the technology landscape develops, the definition of cyber security is expanding with it....

New cross domain guidance for government, industry and the wider security community
April 21, 2026

Ensuring cross domain technologies are better understood – and more easily deployed – across sectors....

No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks

The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply...

21
Apr
NGate Campaign Targets Brazil, Trojanizes HandyPay to Steal NFC Data and PINs

Cybersecurity researchers have discovered a new iteration of an Android malware family calledNGate that has...

21
Apr
Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Cybersecurity researchers have discovered a vulnerability in Google’s agentic integrated development environment (IDE), Antigravity, that...

21
Apr
CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to...

21
Apr
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

A critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result...

20
Apr
⚡ Weekly Recap: Vercel Hack, Push Fraud, QEMU Abused, New Android RATs Emerge & More

Monday’s recap shows the same pattern in different places. A third-party tool becomes a way...

20
Apr
Preparing for severe cyber threat: Why leaders must act now
April 20, 2026

A call to action to collectively build UK resilience....

Why Most AI Deployments Stall After the Demo

The fastest way to fall in love with an AI tool is to watch the...

20
Apr
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s (MCP)...

20
Apr
Researchers Detect ZionSiphon Malware Targeting Israeli Water, Desalination OT Systems

Cybersecurity researchers have flagged a new malware called ZionSiphon that appears to be specifically designed...

20
Apr
Vercel Breach Tied to Context AI Hack Exposes Limited Customer Credentials

Web infrastructure provider Vercel has disclosed a security breach that allows bad actors to gain...

20
Apr
$13.74M Hack Shuts Down Sanctioned Grinex Exchange After Intelligence Claims

Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said...

18
Apr
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers...

18
Apr
Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft...

17
Apr
Strengthening cyber resilience across the NHS with collaboration and innovation
April 17, 2026

How the NCSC is reducing risk, improving detection, and helping to keep vital services running....

Google Blocks 8.3B Policy-Violating Ads in 2025, Launches Android 17 Privacy Overhaul

Google this week announced a new set of Play policy updates to strengthen user privacy...

17
Apr
NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

The National Institute of Standards and Technology (NIST) has announced changes to the way it...

17
Apr
Operation PowerOFF Seizes 53 DDoS Domains, Exposes 3 Million Criminal Accounts

An international law enforcement operation has taken down 53 domains and arrested four people in...

17
Apr
Apache ActiveMQ CVE-2026-34197 Added to CISA KEV Amid Active Exploitation

A recently disclosed high-severity security flaw in Apache ActiveMQ Classic has come under active exploitation in...

17
Apr
Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

Cybersecurity researchers have warned of an active malicious campaign that’s targeting the workforce in the...

16
Apr
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories

You know that feeling when you open your feed on a Thursday morning and it’s just…...

16
Apr
[Webinar] Find and Eliminate Orphaned Non-Human Identities in Your Environment

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches....

16
Apr
Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has announced patches to address four critical security flaws impacting Identity Services and Webex...

16
Apr
Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

A “novel” social engineering campaign has been observed abusing Obsidian, a cross-platform note-taking application, as...

16
Apr