Cybernews

Checkmarx hit again, popular tools spreading credential-stealing malware

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...
Security Boulevard

Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener

IntroductionOn March 12, 2026, Zscaler ThreatLabz discovered a malicious ZIP archive containing military-themed document ...
Taarifa Rwanda

Inside the Equity Bank Heist — Part 3: The Inside Job, the Erased Logs, and Four Hundred People Still Holding the Money

They did not stumble into this. Every move was planned, every wallet pre-selected, every transfer timed to the second. As ...
The Next Web

Lovable left thousands of projects exposed for 48 days, and the vibe coding security crisis is only getting worse

Lovable's API exposed source code and database credentials for 48 days after the company closed a bug report. Up to 62% of AI ...

Wall Street regulators jointly propose to trim Biden-era private fund reporting rules

The U.S. Securities and Exchange Commission and Commodity Futures Trading Commission on Monday jointly proposed ​reforms to ...
SecurityWeek

Half of the 6 Million Internet-Facing FTP Servers Lack Encryption

Half of the roughly 6 million FTP servers accessible from the internet today lack encryption, exposing enterprises to ...

Daployi Launches Self-Hosted Edge Device Management Platform to Streamline Distributed Docker Fleets

April 16, 2026) - Daployi announced the official launch of its self-hosted edge device management platform, providing DevOps and operations teams with a centralized solution for managing distributed ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
The Hacker News

Newly Discovered PowMix Botnet Hits Czech Workers Using Randomized C2 Traffic

PowMix targets Czech workforce since Dec 2025 using jittered C2 and ZIP phishing, enabling stealthy remote access and ...

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...

New AgingFly malware used in attacks on Ukraine govt, hospitals

A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal ...
CSO Online

Critical nginx UI tool vulnerability opens web servers to full compromise

The vulnerability, with a CVSS score of 9.8, relates to the software’s support for Model Context Protocol (MCP) servers, ...